--- /dev/null
+# Microsoft Developer Studio Project File - Name="BuildBin" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) External Target" 0x0106
+
+CFG=BuildBin - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "BuildBin.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "BuildBin.mak" CFG="BuildBin - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "BuildBin - Win32 Release" (based on "Win32 (x86) External Target")
+!MESSAGE "BuildBin - Win32 Debug" (based on "Win32 (x86) External Target")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+
+!IF "$(CFG)" == "BuildBin - Win32 Release"
+
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir ""
+# PROP BASE Intermediate_Dir ""
+# PROP BASE Cmd_Line "NMAKE /f makefile.win"
+# PROP BASE Rebuild_Opt "/a"
+# PROP BASE Target_File "\Apache2.0\bin\Apache.exe"
+# PROP BASE Bsc_Name ".\Browse\BuildBin.bsc"
+# PROP BASE Target_Dir ""
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir ""
+# PROP Intermediate_Dir ""
+# PROP Cmd_Line "NMAKE /f makefile.win INSTDIR="\Apache2" _dummy"
+# PROP Rebuild_Opt ""
+# PROP Target_File "\Apache2\bin\Apache.exe"
+# PROP Bsc_Name ".\Browse\Apache.bsc"
+# PROP Target_Dir ""
+
+!ELSEIF "$(CFG)" == "BuildBin - Win32 Debug"
+
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir ""
+# PROP BASE Intermediate_Dir ""
+# PROP BASE Cmd_Line "NMAKE /f makefile.win"
+# PROP BASE Rebuild_Opt "/a"
+# PROP BASE Target_File "\Apache2.0\bin\Apache.exe"
+# PROP BASE Bsc_Name ".\Browse\BuildBin.bsc"
+# PROP BASE Target_Dir ""
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir ""
+# PROP Intermediate_Dir ""
+# PROP Cmd_Line "NMAKE /f makefile.win INSTDIR="\Apache2" _dummy"
+# PROP Rebuild_Opt ""
+# PROP Target_File "\Apache2\bin\Apache.exe"
+# PROP Bsc_Name ".\Browse\Apache.bsc"
+# PROP Target_Dir ""
+
+!ENDIF
+
+# Begin Target
+
+# Name "BuildBin - Win32 Release"
+# Name "BuildBin - Win32 Debug"
+
+!IF "$(CFG)" == "BuildBin - Win32 Release"
+
+!ELSEIF "$(CFG)" == "BuildBin - Win32 Debug"
+
+!ENDIF
+
+# Begin Source File
+
+SOURCE=.\os\win32\BaseAddr.ref
+# End Source File
+# Begin Source File
+
+SOURCE=.\CHANGES
+# End Source File
+# Begin Source File
+
+SOURCE=.\Makefile.win
+# End Source File
+# Begin Source File
+
+SOURCE=.\STATUS
+# End Source File
+# End Target
+# End Project
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ srclib\apr \
+ build \
+ support \
+ modules \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/include/arch/NetWare \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/include \
+ $(AP_WORK)/modules/filters/ \
+ $(AP_WORK)/modules/generators/ \
+ $(AP_WORK)/modules/http/ \
+ $(AP_WORK)/modules/loggers/ \
+ $(AP_WORK)/modules/mappers/ \
+ $(AP_WORK)/modules/proxy/ \
+ $(AP_WORK)/os/NetWare \
+ $(AP_WORK)/server/mpm/NetWare \
+ $(AP_WORK)/srclib/pcre \
+ $(NWOS) \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = Apache2
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Apache Web Server
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Apache
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 65536
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM = _LibCCheckUnload
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/Apache2.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/buildmark.o \
+ $(OBJDIR)/config.o \
+ $(OBJDIR)/connection.o \
+ $(OBJDIR)/core.o \
+ $(OBJDIR)/error_bucket.o \
+ $(OBJDIR)/http_core.o \
+ $(OBJDIR)/http_protocol.o \
+ $(OBJDIR)/http_request.o \
+ $(OBJDIR)/listen.o \
+ $(OBJDIR)/log.o \
+ $(OBJDIR)/main.o \
+ $(OBJDIR)/mod_access.o \
+ $(OBJDIR)/mod_actions.o \
+ $(OBJDIR)/mod_alias.o \
+ $(OBJDIR)/mod_asis.o \
+ $(OBJDIR)/mod_auth.o \
+ $(OBJDIR)/mod_autoindex.o \
+ $(OBJDIR)/mod_dir.o \
+ $(OBJDIR)/mod_env.o \
+ $(OBJDIR)/mod_imap.o \
+ $(OBJDIR)/mod_include.o \
+ $(OBJDIR)/mod_log_config.o \
+ $(OBJDIR)/mod_mime.o \
+ $(OBJDIR)/mod_negotiation.o \
+ $(OBJDIR)/mod_nw_ssl.o \
+ $(OBJDIR)/mod_setenvif.o \
+ $(OBJDIR)/mod_so.o \
+ $(OBJDIR)/mod_userdir.o \
+ $(OBJDIR)/modules.o \
+ $(OBJDIR)/mpm_common.o \
+ $(OBJDIR)/mpm_netware.o \
+ $(OBJDIR)/pcre.o \
+ $(OBJDIR)/pcreposix.o \
+ $(OBJDIR)/protocol.o \
+ $(OBJDIR)/request.o \
+ $(OBJDIR)/rfc1413.o \
+ $(OBJDIR)/scoreboard.o \
+ $(OBJDIR)/util.o \
+ $(OBJDIR)/util_cfgtree.o \
+ $(OBJDIR)/util_charset.o \
+ $(OBJDIR)/util_filter.o \
+ $(OBJDIR)/util_md5.o \
+ $(OBJDIR)/util_nw.o \
+ $(OBJDIR)/util_script.o \
+ $(OBJDIR)/util_time.o \
+ $(OBJDIR)/util_xml.o \
+ $(OBJDIR)/vhost.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ Libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @netware.imp \
+ @$(APR)/aprlib.imp \
+ @libc.imp \
+ @ws2nlm.imp \
+ GetCurrentAddressSpace \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ @$(NWOS)/httpd.imp \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\Apache2.nlm $(INSTALL)\Apache2\*.*
+ -copy ABOUT_APACHE $(INSTALL)\Apache2\*.*
+ -copy README $(INSTALL)\Apache2\*.*
+ -copy STATUS $(INSTALL)\Apache2\*.*
+ -copy LICENSE $(INSTALL)\Apache2\*.*
+ -copy docs\cgi-examples\*. $(INSTALL)\Apache2\cgi-examples\*.*
+ -copy docs\conf\httpd-std.conf $(INSTALL)\Apache2\conf\httpd.conf
+ -copy docs\conf\magic $(INSTALL)\Apache2\conf\magic
+ -copy docs\conf\mime.types $(INSTALL)\Apache2\conf\mime.types
+ -copy docs\error\*.* $(INSTALL)\Apache2\error\*.*
+ -copy docs\error\include\*.* $(INSTALL)\Apache2\error\include\*.*
+ -copy docs\docroot\*.* $(INSTALL)\Apache2\htdocs\*.*
+ -copy docs\icons\*.* $(INSTALL)\Apache2\icons\*.*
+ -copy docs\icons\small\*.* $(INSTALL)\Apache2\icons\small\*.*
+ -copy docs\man\*.* $(INSTALL)\Apache2\man\*.*
+ -copy docs\manual\*.* $(INSTALL)\Apache2\manual\*.*
+ -copy docs\manual\developer\*.* $(INSTALL)\Apache2\manual\developer
+ -copy docs\manual\faq\*.* $(INSTALL)\Apache2\manual\faq
+ -copy docs\manual\howto\*.* $(INSTALL)\Apache2\manual\howto
+ -copy docs\manual\images\*.* $(INSTALL)\Apache2\manual\images
+ -copy docs\manual\misc\*.* $(INSTALL)\Apache2\manual\misc
+ -copy docs\manual\mod\*.* $(INSTALL)\Apache2\manual\mod
+ -copy docs\manual\platform\*.* $(INSTALL)\Apache2\manual\platform
+ -copy docs\manual\programs\*.* $(INSTALL)\Apache2\manual\programs
+ -copy docs\manual\search\*.* $(INSTALL)\Apache2\manual\search
+ -copy docs\manual\vhosts\*.* $(INSTALL)\Apache2\manual\vhosts
+
+installdev :: FORCE
+ -copy $(subst /,\,$(AP_WORK))\include\*.h $(INSTALL)\Apache2\include\*.*
+ -copy $(subst /,\,$(AP_WORK))\os\netware\*.h $(INSTALL)\Apache2\include\*.*
+ -copy $(subst /,\,$(NWOS))\include\*.h $(INSTALL)\Apache2\include\*.*
+ -copy $(subst /,\,$(NWOS))\*.imp $(INSTALL)\Apache2\lib\*.*
+ -copy $(subst /,\,$(APR))\include\*.h $(INSTALL)\Apache2\include\*.*
+ -copy $(subst /,\,$(APR))\arch\netware\include\*.h $(INSTALL)\Apache2\include\*.*
+ -copy $(subst /,\,$(APRUTIL))\include\*.h $(INSTALL)\Apache2\include\*.*
+ -copy $(subst /,\,$(APR))\*.imp $(INSTALL)\Apache2\lib\*.*
+
+#
+# Any specialized rules here
+#
+
+$(OBJDIR)/%.o: server/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: modules/arch/netware/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: modules/http/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: modules/aaa/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: modules/mappers/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: modules/generators/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: modules/metadata/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: modules/filters/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: modules/loggers/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: os/netware/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: server/mpm/netware/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)/%.o: srclib/pcre/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+APACHE 2.1+ ROADMAP:
+
+Last modified at [$Date: 2001/11/27 05:19:39 $]
+
+DEFERRRED FOR APACHE 2.1
+
+ * Source code should follow style guidelines.
+ OK, we all agree pretty code is good. Probably best to clean this
+ up by hand immediately upon branching a 2.1 tree.
+ Justin's voulenteered to hand-edit the entire source tree ;)
+
+ * revamp the input filter syntax to provide for ordering of
+ filters created with the Set{Input|Output}Filter and the
+ Add{Input|Output}Filter directives. A 'relative to filterx'
+ syntax is definately preferable, but not realistic for 2.0.
+
+ * Platforms that do not support fork (primarily Win32 and AS/400)
+ Architect start-up code that avoids initializing all the modules
+ in the parent process on platforms that do not support fork.
+ Better yet - not only inform the startup of which phase it's in,
+ but allow the parent 'process' to initialize shared memory, etc,
+ and create a module-by-module stream to pass to the child, so the
+ parent can actually arbitrate the important stuff.
+
+ * Replace stat [deferred open] with open/fstat in directory_walk.
+ Justin, Ian, OtherBill all interested in this. Implies setting up
+ the apr_file_t member in request_rec, and having all modules use
+ that file, and allow the cleanup to close it [if it isn't a shared,
+ cached file handle.]
+
+ * Refactor auth into auth protocols and auth database stores.
+ Many interested hackers, too destabilizing for 2.0 inclusion.
+
+DEFERRRED FOR APACHE 3.0
+
+ * The Async Apache Server implemented in terms of APR.
+ [Bill Stoddard's pet project.]
+
+
--- /dev/null
+#
+# Setup needed Tools and Libraries
+#
+
+ifeq "$(wildcard $(AP_WORK)\NWGNUcustom.ini)" "$(AP_WORK)\NWGNUcustom.ini"
+include $(AP_WORK)\NWGNUcustom.ini
+CUSTOM_INI = $(AP_WORK)\NWGNUcustom.ini
+endif
+
+ifndef VERBOSE
+.SILENT:
+endif
+
+#
+# Treat like an include
+#
+ifndef EnvironmentDefined
+
+#
+# simple macros for parsing makefiles
+#
+EOLIST:=
+EMPTY :=
+COMMA := ,
+SPACE := $(EMPTY) $(EMPTY)
+
+#
+# Base environment
+#
+
+# Try and handle case issues
+ifndef NOVELLLIBC
+ifdef NovellLibC
+NOVELLLIBC = $(NovellLibC)
+endif
+endif
+
+ifndef NOVELLLIBC
+NOVELLLIBC = C:/novell/ndk/libc
+endif
+
+# This is a placeholder
+# ifndef LDAPSDK
+# LDAPSDK = C:/novell/ndk/cldapsdk
+# endif
+
+ifndef METROWERKS
+METROWERKS = C:\Program Files\Metrowerks\CodeWarrior
+endif
+
+# If LM_LICENSE_FILE isn't defined, define a variable that can be used to
+# restart make with it defined
+ifndef LM_LICENSE_FILE
+NO_LICENSE_FILE = NO_LICENSE_FILE
+endif
+
+#
+# Set the Release type that you want to build, possible values are:
+#
+# debug - full debug switches are set
+# noopt - normal switches are set (default)
+# optimized - optimization switches are set
+
+ifdef reltype
+RELEASE=$(reltype)
+endif
+
+ifdef RELTYPE
+RELEASE=$(RELTYPE)
+endif
+
+ifdef debug
+RELEASE=debug
+endif
+
+ifdef DEBUG
+RELEASE=debug
+endif
+
+ifdef optimized
+RELEASE=optimized
+endif
+
+ifdef OPTIMIZED
+RELEASE=optimized
+endif
+
+ifndef RELEASE
+RELEASE = optimized
+endif
+
+ifeq "$(RELEASE)" "debug"
+OBJDIR = Debug
+endif
+
+ifeq "$(RELEASE)" "noopt"
+OBJDIR = Noopt
+endif
+
+ifeq "$(RELEASE)" "optimized"
+OBJDIR = Release
+endif
+
+#
+# Setup compiler information
+#
+
+# MetroWerks NLM tools
+CC = mwccnlm
+CPP = mwccnlm
+LINK = mwldnlm
+LIB = mwldnlm -type library -w nocmdline
+
+NOVI = $(NOVELLLIBC)\imports
+
+INCDIRS = $(NOVELLLIBC)\include;$(NOVELLLIBC)\include\nks;$(NOVELLLIBC)\include\winsock;
+
+DEFINES = -DNETWARE
+
+#
+# MetroWerks static Libraries
+
+CLIB3S = $(METROWERKS)\Novell Support\Metrowerks Support\Libraries\Runtime\mwcrtl.lib
+MATH3S =
+PLIB3S = $(METROWERKS)\Novell Support\Metrowerks Support\Libraries\MSL C++\MWCPP.lib
+
+# Base compile flags
+# and prefix or precompiled header added here.
+
+# The default flags are as follows:
+#
+# -c compile only, no link
+# -nosyspath treat #include <...> like #include "..."
+# -Cpp_exceptions off disable C++ exceptions
+# -RTTI off disable C++ run-time typing information
+# -align 4 align on 4 byte bounderies
+# -w nocmdline disable command-line driver/parser warnings
+# -proc PII generate code base on Pentium II instruction set
+# -inst mmx use MMX extensions
+
+CFLAGS = -c -nosyspath -Cpp_exceptions off -RTTI off -align 4 -w nocmdline -proc PII -inst mmx
+
+# -g generate debugging information
+# -O1 level 1 optimizations
+
+ifeq "$(RELEASE)" "debug"
+CFLAGS += -g -O1
+endif
+
+# -O4,p level 4 optimizations, optimize for speed
+ifeq "$(RELEASE)" "optimized"
+CFLAGS += -O4,p
+endif
+
+# -prefix pre_nw.h #include pre_nw.h for all files
+
+CFLAGS += -prefix pre_nw.h
+
+
+PATH:=$(PATH);$(METROWERKS)\bin;$(METROWERKS)\Other Metrowerks Tools\Command Line Tools
+
+#
+# Declare major project deliverables output directories here
+#
+
+ifdef DEST
+INSTALL = $(DEST)
+ifeq (\, $(findstring \,$(INSTALL)))
+INSTDIRS = $(DEST)
+endif
+endif
+
+ifdef dest
+INSTALL = $(dest)
+ifeq (\, $(findstring \,$(INSTALL)))
+INSTDIRS = $(dest)
+endif
+endif
+
+ifndef INSTALL
+INSTALL = $(AP_WORK)\..\Dist
+INSTDIRS = $(AP_WORK)\..\Dist
+endif
+
+INSTDEVDIRS := \
+ $(INSTDIRS) \
+ $(INSTALL)\Apache2\include \
+ $(INSTALL)\Apache2\lib \
+
+INSTDIRS += \
+ $(INSTALL)\Apache2 \
+ $(INSTALL)\Apache2\cgi-examples \
+ $(INSTALL)\Apache2\conf \
+ $(INSTALL)\Apache2\error \
+ $(INSTALL)\Apache2\error\include \
+ $(INSTALL)\Apache2\htdocs \
+ $(INSTALL)\Apache2\icons \
+ $(INSTALL)\Apache2\icons\small \
+ $(INSTALL)\Apache2\logs \
+ $(INSTALL)\Apache2\man \
+ $(INSTALL)\Apache2\manual \
+ $(INSTALL)\Apache2\manual\developer \
+ $(INSTALL)\Apache2\manual\faq \
+ $(INSTALL)\Apache2\manual\howto \
+ $(INSTALL)\Apache2\manual\images \
+ $(INSTALL)\Apache2\manual\misc \
+ $(INSTALL)\Apache2\manual\mod \
+ $(INSTALL)\Apache2\manual\platform \
+ $(INSTALL)\Apache2\manual\programs \
+ $(INSTALL)\Apache2\manual\search \
+ $(INSTALL)\Apache2\manual\ssl \
+ $(INSTALL)\Apache2\manual\vhosts \
+ $(INSTALL)\Apache2\modules \
+
+#
+# Declare Command and tool macros here
+#
+
+# Os2LibPath is an extra check to see if we are on NT
+ifdef Os2LibPath
+OS = Windows_NT
+endif
+
+ifeq "$(OS)" "Windows_NT"
+CMD=cmd /C
+CHK=cmd /C if exist
+CHKNOT=cmd /C if not exist
+DEL = del /F
+DELTREE = cmd /C rd /s/q
+WINNT=1
+else
+CMD=command /C
+CHK=command /C if exist
+CHKNOT=command /C if not exist
+DEL = del
+DELTREE = deltree /y
+endif
+
+
+#
+# Setup base C compiler flags
+#
+
+#
+# Common directories
+#
+
+STDMOD = $(AP_WORK)/modules
+NWOS = $(AP_WORK)/os/netware
+SERVER = $(AP_WORK)/server
+SRC = $(AP_WORK)
+APR = $(AP_WORK)/srclib/apr
+APRUTIL = $(AP_WORK)/srclib/apr-util
+SUPMOD = $(AP_WORK)/support
+PCRE = $(AP_WORK)/srclib/pcre
+APRTEST = $(AP_WORK)/srclib/apr/test
+HTTPD = $(AP_WORK)/modules/http
+XML = $(AP_WORK)/srclib/apr-util/xml
+
+#
+# Internal Libraries
+#
+
+APRLIB = $(APR)/$(OBJDIR)/aprlib.lib
+APRUTLIB = $(APRUTIL)/$(OBJDIR)/aprutil.lib
+STMODLIB = $(STDMOD)/$(OBJDIR)/stdmod.lib
+PCRELIB = $(PCRE/$(OBJDIR)/pcre.lib
+NWOSLIB = $(NWOS)/$(OBJDIR)/netware.lib
+SERVLIB = $(SERVER)/$(OBJDIR)/server.lib
+HTTPDLIB = $(HTTPD)/$(OBJDIR)/httpd.lib
+XMLLIB = $(XML)/$(OBJDIR)/xmllib.lib
+
+#
+# Additional general defines
+#
+VERSION = 2,0,0
+
+EnvironmentDefined = 1
+endif # ifndef EnvironmentDefined
+
+# This is always set so that it will show up in lower directories
+
+ifdef Path
+Path = $(PATH)
+endif
+
--- /dev/null
+#
+# Obtain the global build environment
+#
+
+include $(AP_WORK)\build\NWGNUenvironment.inc
+
+#
+# Define base targets and rules
+#
+
+TARGETS = libs nlms install clobber_libs clobber_nlms clean installdev
+
+.PHONY : $(TARGETS) default all help $(NO_LICENSE_FILE)
+
+# Here is where we will use the NO_LICENSE_FILE variable to see if we need to
+# restart the make with it defined
+
+ifdef NO_LICENSE_FILE
+
+default: NO_LICENSE_FILE
+
+all: NO_LICENSE_FILE
+
+install :: NO_LICENSE_FILE
+
+installdev :: NO_LICENSE_FILE
+
+NO_LICENSE_FILE :
+ $(MAKE) $(MAKECMDGOALS) -f NWGNUmakefile RELEASE=$(RELEASE) DEST="$(INSTALL)" LM_LICENSE_FILE="$(METROWERKS)\license.dat"
+
+else # LM_LICENSE_FILE must be defined so use the real targets
+
+default: $(SUBDIRS) libs nlms
+
+all: $(SUBDIRS) libs nlms install
+
+$(TARGETS) :: $(SUBDIRS)
+
+install :: nlms $(INSTDIRS)
+
+installdev :: $(INSTDEVDIRS)
+
+$(INSTDIRS) ::
+ $(CHKNOT) $@\NUL mkdir $@
+
+$(INSTDEVDIRS) ::
+ $(CHKNOT) $@\NUL mkdir $@
+
+endif #NO_LICENSE_FILE check
+
+help :
+ @echo targets for RELEASE=$(RELEASE):
+ @echo (default) . . . . libs nlms
+ @echo all . . . . . . . does everything (libs nlms install)
+ @echo libs. . . . . . . builds all libs
+ @echo nlms. . . . . . . builds all nlms
+ @echo install . . . . . builds libs and nlms and copies install files to
+ @echo "$(INSTALL)"
+ @echo clean . . . . . . deletes $(OBJDIR) dirs, *.err, and *.map
+ @echo clobber_all . . . deletes all possible output from the make
+ @echo clobber_install . deletes all files in $(INSTALL)
+ @$(CMD) echo.
+ @echo Multiple targets can be used on a single nmake command line -
+ @echo (i.e. $(MAKE) clean all)
+ @$(CMD) echo.
+ @echo You can also specify RELEASE=debug, RELEASE=noopt, or RELEASE=optimized
+ @echo The default is RELEASE=optimized
+
+clobber_all :: clean clobber_install
+
+clobber_install ::
+ -$(DELTREE) $(INSTALL) 2>NUL
+
+#
+# build recursive targets
+#
+
+$(SUBDIRS) : FORCE
+ifneq "$(MAKECMDGOALS)" "clean"
+ $(CMD) echo.
+ @echo Building $(CURDIR)/$@
+endif
+ $(MAKE) -C $@ $(MAKECMDGOALS) -f NWGNUmakefile RELEASE=$(RELEASE) DEST="$(INSTALL)" LM_LICENSE_FILE="$(LM_LICENSE_FILE)"
+ $(CMD) echo.
+
+FORCE:
+
+#
+# Standard targets
+#
+
+clean :: $(SUBDIRS)
+ @echo Cleaning up $(CURDIR)
+ -$(DELTREE) $(OBJDIR) 2> NUL
+ $(CHK) *.err $(DEL) *.err
+ $(CHK) *.map $(DEL) *.map
+ $(CHK) *.d $(DEL) *.d
+ $(CHK) *.tmp $(DEL) *.tmp
+ -$(DELTREE) $(OBJDIR) 2> NUL
+
+$(OBJDIR) ::
+ $(CHKNOT) $(OBJDIR)\nul mkdir $(OBJDIR)
+
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+FILES_prebuild_headers = \
+ $(APR)/include/apr.h \
+ $(APRUTIL)/include/apu.h \
+ $(APRUTIL)/include/apr_ldap.h \
+ $(PCRE)/config.h \
+ $(PCRE)/pcre.h \
+ $(EOLIST)
+
+nlms :: $(NWOS)/httpd.imp
+
+$(NWOS)/httpd.imp : make_nw_export.awk nw_export.i
+ @echo Generating $(subst /,\,$@)
+ awk -f make_nw_export.awk nw_export.i | sort >$(NWOS)/httpd.imp
+
+nw_export.i : nw_export.inc $(FILES_prebuild_headers) cc.opt
+ @echo Generating $(subst /,\,$@)
+ $(CC) $< @cc.opt
+
+cc.opt : NWGNUmakefile $(AP_WORK)\build\NWGNUenvironment.inc $(AP_WORK)\build\NWGNUtail.inc $(AP_WORK)\build\NWGNUhead.inc
+ $(CHK) $@ $(DEL) $@
+ @echo -P >> $@
+ @echo -EP >> $@
+ @echo -nosyspath >> $@
+ @echo -w nocmdline >> $@
+ @echo -DNETWARE >> $@
+ @echo -DCORE_PRIVATE >> $@
+ @echo -I..\include >> $@
+ @echo -I..\modules\http >> $@
+ @echo -I..\os\netware >> $@
+ @echo -I..\server\mpm\netware >> $@
+ @echo -I..\srclib\apr\include >> $@
+ @echo -I..\srclib\apr-util\include >> $@
+ @echo -ir $(NOVELLLIBC) >> $@
+
+$(APR)/include/%.h: $(subst /,\,$(APR))\include\%.hnw
+ @echo Creating $(subst /,\,$@)
+ copy $< $(subst /,\,$(APR))\include\$(@F)
+
+$(APRUTIL)/include/%.h: $(subst /,\,$(APRUTIL))\include\%.hnw
+ @echo Creating $(subst /,\,$@)
+ copy $< $(subst /,\,$(APRUTIL))\include\$(@F)
+
+$(PCRE)/%.h: $(subst /,\,$(PCRE))\%.hw
+ @echo Creating $(subst /,\,$@)
+ copy $< $(subst /,\,$(PCRE))\$(@F)
+
+#
+# You can use this target if all that is needed is to copy files to the
+# installation area
+#
+install :: nlms FORCE
+
+
+clean ::
+ $(CHK) nw_export.i $(DEL) nw_export.i
+ $(CHK) cc.opt $(DEL) cc.opt
+ $(CHK) $(subst /,\,$(APR))\include\apr.h $(DEL) $(subst /,\,$(APR))\include\apr.h
+ $(CHK) $(subst /,\,$(APRUTIL))\include\apu.h $(DEL) $(subst /,\,$(APRUTIL))\include\apu.h
+ $(CHK) $(subst /,\,$(APRUTIL))\include\apr_ldap.h $(DEL) $(subst /,\,$(APRUTIL))\include\apr_ldap.h
+ $(CHK) $(subst /,\,$(PCRE))\config.h $(DEL) $(subst /,\,$(PCRE))\config.h
+ $(CHK) $(subst /,\,$(PCRE))\pcre.h $(DEL) $(subst /,\,$(PCRE))\pcre.h
+ $(CHK) $(subst /,\,$(NWOS))\httpd.imp $(DEL) $(subst /,\,$(NWOS))\httpd.imp
+
--- /dev/null
+#
+# This contains final targets and should be included at the end of any
+# NWGNUmakefile file
+#
+
+#
+# If we are going to create an nlm, make sure we have assigned variables to
+# use during the link.
+#
+echo NLM_NAME=$(NLM_NAME)
+ifndef NLM_NAME
+NLM_NAME = $(TARGET_nlm)
+endif
+
+ifndef NLM_DESCRIPTION
+NLM_DESCRIPTION = $(NLM_NAME)
+endif
+
+ifndef NLM_THREAD_NAME
+NLM_THREAD_NAME = $(NLM_NAME) Thread
+endif
+
+#
+# Create dependency lists based on the files available
+#
+
+CCOPT_DEPENDS = \
+ $(AP_WORK)\build\NWGNUhead.inc \
+ $(AP_WORK)\build\NWGNUenvironment.inc \
+ $(AP_WORK)\build\NWGNUtail.inc \
+ NWGNUmakefile \
+ $(CUSTOM_INI) \
+ $(EOLIST)
+
+CPPOPT_DEPENDS = \
+ $(AP_WORK)\build\NWGNUhead.inc \
+ $(AP_WORK)\build\NWGNUenvironment.inc \
+ $(AP_WORK)\build\NWGNUtail.inc \
+ NWGNUmakefile \
+ $(CUSTOM_INI) \
+ $(EOLIST)
+
+$(NLM_NAME)_LINKOPT_DEPENDS = \
+ $(TARGET_lib) \
+ $(AP_WORK)\build\NWGNUenvironment.inc \
+ NWGNUmakefile \
+ $(AP_WORK)\build\NWGNUtail.inc \
+ $(CUSTOM_INI) \
+ $(EOLIST)
+
+ifeq "$(words $(strip $(TARGET_lib)))" "1"
+LIB_NAME = $(basename $(notdir $(TARGET_lib)))
+$(LIB_NAME)_LIBLST_DEPENDS = \
+ $(FILES_lib_objs) \
+ $(AP_WORK)\build\NWGNUenvironment.inc \
+ NWGNUmakefile \
+ $(AP_WORK)\build\NWGNUtail.inc \
+ $(CUSTOM_INI) \
+ $(EOLIST)
+endif
+
+ifeq "$(wildcard NWGNU$(LIB_NAME))" "NWGNU$(LIB_NAME)"
+$(LIB_NAME)_LIBLST_DEPENDS += NWGNU$(LIB_NAME)
+endif
+
+ifeq "$(wildcard NWGNU$(NLM_NAME))" "NWGNU$(NLM_NAME)"
+$(NLM_NAME)_LINKOPT_DEPENDS += NWGNU$(NLM_NAME)
+CCOPT_DEPENDS += NWGNU$(NLM_NAME)
+CPPOPT_DEPENDS += NWGNU$(NLM_NAME)
+endif
+
+#
+# Generic compiler rules
+#
+
+$(OBJDIR)/%.o: %.c $(OBJDIR)\cc.opt
+ @echo Compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+$(OBJDIR)\cc.opt: $(CCOPT_DEPENDS)
+ $(CHK) $@ $(DEL) $@
+ @echo Generating $@
+ifneq "$(strip $(CFLAGS))" ""
+ @echo $(CFLAGS) >> $@
+endif
+ifneq "$(strip $(XCFLAGS))" ""
+ @echo $(XCFLAGS) >> $@
+endif
+ifneq "$(strip $(XINCDIRS))" ""
+ @echo $(foreach xincdir,$(strip $(subst ;,$(SPACE),$(XINCDIRS))),-I$(xincdir)) >> $@
+endif
+ifneq "$(strip $(INCDIRS))" ""
+ @echo $(foreach incdir,$(strip $(subst ;,$(SPACE),$(INCDIRS))),-I$(incdir)) >> $@
+endif
+ifneq "$(strip $(DEFINES))" ""
+ @echo $(DEFINES) >> $@
+endif
+ifneq "$(strip $(XDEFINES))" ""
+ @echo $(XDEFINES) >> $@
+endif
+
+$(OBJDIR)/%.o: %.cpp $(OBJDIR)\cpp.opt
+ @echo Compiling $<
+ $(CPP) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cpp.opt
+
+$(OBJDIR)\cpp.opt: $(CPPOPT_DEPENDS)
+ $(CHK) $@ $(DEL) $@
+ @echo Generating $@
+ifneq "$(strip $(CFLAGS))" ""
+ @echo $(CFLAGS) >> $@
+endif
+ifneq "$(strip $(XCFLAGS))" ""
+ @echo $(XCFLAGS) >> $@
+endif
+ifneq "$(strip $(XINCDIRS))" ""
+ @echo $(foreach xincdir,$(strip $(subst ;,$(SPACE),$(XINCDIRS))),-I$(xincdir)) >> $@
+endif
+ifneq "$(strip $(INCDIRS))" ""
+ @echo $(foreach incdir,$(strip $(subst ;,$(SPACE),$(INCDIRS))),-I$(incdir)) >> $@
+endif
+ifneq "$(strip $(DEFINES))" ""
+ @echo $(DEFINES) >> $@
+endif
+ifneq "$(strip $(XDEFINES))" ""
+ @echo $(XDEFINES) >> $@
+endif
+
+#
+# Rules to build libraries
+#
+
+# If we only have one target library then build it
+
+ifeq "$(words $(strip $(TARGET_lib)))" "1"
+
+$(TARGET_lib) : $(OBJDIR)\$(LIB_NAME)_lib.lst
+ @echo Generating $@
+ $(CHK) $(OBJDIR)\$(@F) $(DEL) $(OBJDIR)\$(@F)
+ $(LIB) -o $(OBJDIR)\$(@F) @$?
+
+$(OBJDIR)\$(LIB_NAME)_lib.lst: $($(LIB_NAME)_LIBLST_DEPENDS)
+ $(CHK) $@ $(DEL) $@
+ @echo Generating $@
+ifneq "$(strip $(FILES_lib_objs))" ""
+ @echo $(foreach objfile,$(FILES_lib_objs),$(subst /,\,$(objfile)) ) >> $@
+endif
+
+else # We must have more than one target library so load the individual makefiles
+
+$(OBJDIR)/%.lib: NWGNU% $(AP_WORK)\build\NWGNUhead.inc $(AP_WORK)\build\NWGNUtail.inc $(AP_WORK)\build\NWGNUenvironment.inc FORCE
+ @echo Calling $<
+ $(MAKE) -f $< $(MAKECMDGOALS) RELEASE=$(RELEASE)
+
+endif
+
+#
+# Rules to build nlms.
+#
+
+vpath libcpre.o $(NOVELLLIBC)\imports
+
+# If we only have one target NLM then build it
+ifeq "$(words $(strip $(TARGET_nlm)))" "1"
+
+$(TARGET_nlm) : $(FILES_nlm_objs) $(FILES_nlm_libs) $(OBJDIR)\$(NLM_NAME)_link.opt
+ @echo Linking $@
+ $(LINK) @$(OBJDIR)\$(NLM_NAME)_link.opt
+
+# This will force the link option file to be rebuilt if we change the
+# corresponding makefile
+
+$(OBJDIR)\$(NLM_NAME)_link.opt : $($(NLM_NAME)_LINKOPT_DEPENDS)
+ $(CHK) $(OBJDIR)\$(@F) $(DEL) $(OBJDIR)\$(@F)
+ $(CHK) $(OBJDIR)\$(NLM_NAME)_link.def $(DEL) $(OBJDIR)\$(NLM_NAME)_link.def
+ @echo Generating $@
+ @echo -warnings off >> $@
+ @echo -zerobss >> $@
+ @echo -desc "$(NLM_DESCRIPTION)" >> $@
+ @echo -o $(TARGET_nlm) >> $@
+ifneq "$(FILE_nlm_copyright)" ""
+ @-type $(FILE_nlm_copyright) >> $@
+endif
+ifeq "$(RELEASE)" "debug"
+ @echo -g >> $@
+ @echo -sym internal >> $@
+ @echo -sym codeview4 >> $@
+ @echo -osym $(OBJDIR)\$(NLM_NAME).sym >> $@
+else
+ @echo -sym internal >> $@
+endif
+ @echo -screenname "Apache for NetWare" >> $@
+ifneq "$(NLM_VERSION)" ""
+ @echo -nlmversion=$(NLM_VERSION) >> $@
+else
+ @echo -nlmversion=$(VERSION) >> $@
+endif
+ @echo -l $(NWOS) >> $@
+ @echo -l $(AP)/$(OBJDIR) >> $@
+ @echo -l $(APR)/$(OBJDIR) >> $@
+ @echo -l $(APRUTIL)/$(OBJDIR) >> $@
+ @echo -l $(PCRE)/$(OBJDIR) >> $@
+ @echo -l $(HTTPD)/$(OBJDIR) >> $@
+ @echo -l $(SERVER)/$(OBJDIR) >> $@
+ @echo -l $(STDMOD)/$(OBJDIR) >> $@
+ @echo -l $(NWOS)/$(OBJDIR) >> $@
+ @echo -l "$(METROWERKS)/Novell Support/Metrowerks Support/Libraries/Runtime" >> $@
+ @echo -l "$(METROWERKS)/Novell Support/Metrowerks Support/Libraries/MSL C++" >> $@
+ @echo -l $(NOVELLLIBC)/imports >> $@
+ifneq "$(LDAPSDK)" ""
+ @echo -l $(LDAPSDK)/lib/nlm >> $@
+endif
+ @echo -l $(XML)/$(OBJDIR) >> $@
+ @echo -nodefaults >> $@
+ @echo -map $(OBJDIR)\$(NLM_NAME).map>> $@
+ @echo -threadname "$(NLM_THREAD_NAME)" >> $@
+ifneq "$(NLM_STACK_SIZE)" ""
+ @echo -stacksize $(subst K,000,$(subst k,K,$(strip $(NLM_STACK_SIZE)))) >> $@
+else
+ @echo -stacksize 64000 >> $@
+endif
+ifneq "$(NLM_ENTRY_SYM)" ""
+ @echo -entry $(NLM_ENTRY_SYM) >> $@
+endif
+ifneq "$(NLM_EXIT_SYM)" ""
+ @echo -exit $(NLM_EXIT_SYM) >> $@
+endif
+ifneq "$(NLM_CHECK_SYM)" ""
+ @echo -check $(NLM_CHECK_SYM) >> $@
+endif
+ifneq "$(NLM_FLAGS)" ""
+ @echo -flags $(NLM_FLAGS) >> $@
+endif
+ifneq "$(strip $(FILES_nlm_objs))" ""
+ @echo $(foreach objfile,$(strip $(FILES_nlm_objs)),$(subst /,\,$(objfile))) >> $@
+endif
+ifneq "$(FILES_nlm_libs)" ""
+ @echo $(foreach libfile, $(notdir $(strip $(FILES_nlm_libs))),-l$(subst /,\,$(libfile))) >> $@
+endif
+ @echo -commandfile $(OBJDIR)\$(NLM_NAME)_link.def >> $@
+ifneq "$(FILE_nlm_msg)" ""
+ @echo Messages $(FILE_nlm_msg) >> $(OBJDIR)\$(NLM_NAME)_link.def
+endif
+ifneq "$(FILE_nlm_hlp)" ""
+ @echo Help $(FILE_nlm_hlp) >> $(OBJDIR)\$(NLM_NAME)_link.def
+endif
+ifneq "$(FILES_nlm_modules)" ""
+ @echo module $(foreach module,$(subst $(SPACE),$(COMMA),$(strip $(FILES_nlm_modules))),$(subst /,\,$(module))) >> $(OBJDIR)\$(NLM_NAME)_link.def
+endif
+ifneq "$(FILES_nlm_Ximports)" ""
+ @echo Import $(foreach import,$(subst $(SPACE),$(COMMA),$(strip $(FILES_nlm_Ximports))),$(subst /,\,$(import))) >> $(OBJDIR)\$(NLM_NAME)_link.def
+endif
+ifneq "$(FILES_nlm_exports)" ""
+ @echo Export $(foreach export,$(subst $(SPACE),$(COMMA),$(strip $(FILES_nlm_exports))),$(subst /,\,$(export))) >> $(OBJDIR)\$(NLM_NAME)_link.def
+endif
+ifneq "$(strip $(XLFLAGS))" ""
+ @echo $(XLFLAGS) >> $(OBJDIR)\$(NLM_NAME)_link.def
+endif
+
+# if APACHE_UNIPROC is defined, don't include XDCData
+ifndef APACHE_UNIPROC
+ifneq "$(string $(XDCDATA))" ""
+ @echo XDCData $(XDCDATA) >> $(OBJDIR)\$(NLM_NAME)_link.def
+else
+ @echo XDCData $(NWOS)\apache.xdc >> $(OBJDIR)\$(NLM_NAME)_link.def
+endif
+endif
+
+else # more than one target so look for individual makefiles.
+
+# Only include these if NO_LICENSE_FILE isn't set to prevent excessive
+# recursion
+
+ifndef NO_LICENSE_FILE
+
+$(OBJDIR)/%.nlm: NWGNU% $(AP_WORK)\build\NWGNUhead.inc $(AP_WORK)\build\NWGNUtail.inc $(AP_WORK)\build\NWGNUenvironment.inc $(CUSTOM_INI) FORCE
+ @echo Calling $<
+ $(MAKE) -f $< $(MAKECMDGOALS) RELEASE=$(RELEASE)
+ $(CMD) echo.
+
+else
+
+$(TARGET_nlm):
+
+endif # NO_LICENSE_FILE
+
+endif
+
--- /dev/null
+#!/bin/sh
+#
+# Usage: install-bindist.sh [ServerRoot]
+# This script installs the Apache binary distribution and
+# was automatically created by binbuild.sh.
+
+lmkdir()
+{
+ path=""
+ dirs=`echo $1 | sed -e 's%/% %g'`
+ mode=$2
+
+ set -- ${dirs}
+
+ for d in ${dirs}
+ do
+ path="${path}/$d"
+ if test ! -d "${path}" ; then
+ mkdir ${path}
+ if test $? -ne 0 ; then
+ echo "Failed to create directory: ${path}"
+ exit 1
+ fi
+ chmod ${mode} ${path}
+ fi
+ done
+}
+
+lcopy()
+{
+ from=$1
+ to=$2
+ dmode=$3
+ fmode=$4
+
+ test -d ${to} || lmkdir ${to} ${dmode}
+ (cd ${from} && tar -cf - *) | (cd ${to} && tar -xf -)
+
+ if test "X${fmode}" != X ; then
+ find ${to} -type f -print | xargs chmod ${fmode}
+ fi
+ if test "X${dmode}" != X ; then
+ find ${to} -type d -print | xargs chmod ${dmode}
+ fi
+}
+
+##
+## determine path to (optional) Perl interpreter
+##
+PERL=no-perl5-on-this-system
+perls='perl5 perl'
+path=`echo $PATH | sed -e 's/:/ /g'`
+
+for dir in ${path} ; do
+ for pperl in ${perls} ; do
+ if test -f "${dir}/${pperl}" ; then
+ if `${dir}/${pperl} -v | grep 'version 5\.' >/dev/null 2>&1` ; then
+ PERL="${dir}/${pperl}"
+ break
+ fi
+ fi
+ done
+done
+
+if [ .$1 = . ]
+then
+ SR=@default_dir@
+else
+ SR=$1
+fi
+echo "Installing binary distribution for platform i686-pc-linux"
+echo "into directory $SR ..."
+lmkdir $SR 755
+lmkdir $SR/proxy 750
+lmkdir $SR/logs 750
+lcopy bindist/man $SR/man 755 644
+if [ -d bindist/modules ]
+then
+ lcopy bindist/modules $SR/modules 750 750
+fi
+lcopy bindist/include $SR/include 755 644
+lcopy bindist/icons $SR/icons 755 644
+lcopy bindist/cgi-bin $SR/cgi-bin 750 750
+lcopy bindist/bin $SR/bin 750 750
+if [ -d $SR/conf ]
+then
+ echo "[Preserving existing configuration files.]"
+ cp bindist/conf/*-std.conf $SR/conf/
+else
+ lcopy bindist/conf $SR/conf 750 640
+ sed -e "s%@default_dir@%$SR%" $SR/conf/httpd-std.conf > $SR/conf/httpd.conf
+fi
+if [ -d $SR/htdocs ]
+then
+ echo "[Preserving existing htdocs directory.]"
+else
+ lcopy bindist/htdocs $SR/htdocs 755 644
+fi
+if [ -d $SR/error ]
+then
+ echo "[Preserving existing error documents directory.]"
+else
+ lcopy bindist/error $SR/error 755 644
+fi
+
+sed -e "s;^#!/.*;#!$PERL;" -e "s;\@prefix\@;$SR;" -e "s;\@sbindir\@;$SR/bin;" \
+ -e "s;\@libexecdir\@;$SR/libexec;" -e "s;\@includedir\@;$SR/include;" \
+ -e "s;\@sysconfdir\@;$SR/conf;" bindist/bin/apxs > $SR/bin/apxs
+sed -e "s;^#!/.*;#!$PERL;" bindist/bin/dbmmanage > $SR/bin/dbmmanage
+sed -e "s%@default_dir@%$SR%" \
+ -e "s%^HTTPD=.*$%HTTPD=\"$SR/bin/httpd -d $SR\"%" bindist/bin/apachectl > $SR/bin/apachectl
+
+echo "Ready."
+echo " +--------------------------------------------------------+"
+echo " | You now have successfully installed the Apache @ver@ |"
+echo " | HTTP server. To verify that Apache actually works |"
+echo " | correctly you should first check the (initially |"
+echo " | created or preserved) configuration files: |"
+echo " | |"
+echo " | $SR/conf/httpd.conf"
+echo " | |"
+echo " | You should then be able to immediately fire up |"
+echo " | Apache the first time by running: |"
+echo " | |"
+echo " | $SR/bin/apachectl start "
+echo " | |"
+echo " | Thanks for using Apache. The Apache Group |"
+echo " | http://www.apache.org/ |"
+echo " +--------------------------------------------------------+"
+echo " "
--- /dev/null
+#!/bin/sh
+#
+# instdso.sh - install Apache DSO modules
+#
+# usually this just passes through to libtool but on a few
+# platforms libtool doesn't install DSOs exactly like we'd
+# want so more effort is required
+
+if test "$#" != "3"; then
+ echo "wrong number of arguments to instdso.sh"
+ echo "Usage: instdso.sh SH_LIBTOOL-value dso-name path-to-modules"
+ exit 1
+fi
+
+SH_LIBTOOL=`echo $1 | sed -e 's/^SH_LIBTOOL=//'`
+DSOARCHIVE=$2
+TARGETDIR=$3
+DSOBASE=`echo $DSOARCHIVE | sed -e 's/\.la$//'`
+TARGET_NAME="$DSOBASE.so"
+
+# special logic for systems where libtool doesn't install
+# the DSO exactly like we'd want
+
+SYS=`uname -s`
+case $SYS in
+ AIX)
+ # on AIX, shared libraries remain in storage even when
+ # all processes using them have exited; standard practice
+ # prior to installing a shared library is to rm -f first
+ CMD="rm -f $TARGETDIR/$TARGET_NAME"
+ echo $CMD
+ $CMD || exit $?
+ CMD="cp .libs/lib$DSOBASE.so.0 $TARGETDIR/$TARGET_NAME"
+ echo $CMD
+ $CMD || exit $?
+ ;;
+ HP-UX)
+ CMD="cp .libs/$DSOBASE.sl $TARGETDIR/$TARGET_NAME"
+ echo $CMD
+ $CMD || exit $?
+ ;;
+ OSF1)
+ CMD="cp .libs/lib$DSOBASE.so $TARGETDIR/$TARGET_NAME"
+ echo $CMD
+ $CMD || exit $?
+ ;;
+ *)
+ CMD="$SH_LIBTOOL --mode=install cp $DSOARCHIVE $TARGETDIR"
+ echo $CMD
+ $CMD || exit $?
+ ;;
+esac
+
+exit 0
--- /dev/null
+# Based on apr's make_export.awk, which is
+# based on Ryan Bloom's make_export.pl
+
+# List of functions that we don't support, yet??
+/apr_##name##_set_inherit/{next}
+/apr_##name##_unset_inherit/{next}
+/apr_compare_groups/{next}
+/apr_compare_users/{next}
+/apr_find_pool/{next}
+/apr_generate_random_bytes/{next}
+/apr_lock_create_np/{next}
+/apr_md5_set_xlate/{next}
+/apr_mmap_create/{next}
+/apr_mmap_delete/{next}
+/apr_mmap_offset/{next}
+/apr_os_thread_get/{next}
+/apr_os_thread_put/{next}
+/apr_pool_free_blocks_num_bytes/{next}
+/apr_pool_join/{next}
+/apr_pool_num_bytes/{next}
+/apr_proc_mutex_child_init/{next}
+/apr_proc_mutex_create/{next}
+/apr_proc_mutex_create_np/{next}
+/apr_proc_mutex_destroy/{next}
+/apr_proc_mutex_lock/{next}
+/apr_proc_mutex_trylock/{next}
+/apr_proc_mutex_unlock/{next}
+/apr_proc_other_child_check/{next}
+/apr_proc_other_child_read/{next}
+/apr_proc_other_child_register/{next}
+/apr_proc_other_child_unregister/{next}
+/apr_sendfile/{next}
+/apr_shm_avail/{next}
+/apr_shm_calloc/{next}
+/apr_shm_destroy/{next}
+/apr_shm_free/{next}
+/apr_shm_init/{next}
+/apr_shm_malloc/{next}
+/apr_shm_name_get/{next}
+/apr_shm_name_set/{next}
+/apr_shm_open/{next}
+/apr_signal/{next}
+/apr_signal_thread/{next}
+/apr_socket_from_file/{next}
+/apr_thread_once/{next}
+/apr_thread_once_init/{next}
+/apr_xlate_close/{next}
+/apr_xlate_conv_buffer/{next}
+/apr_xlate_conv_byte/{next}
+/apr_xlate_conv_char/{next}
+/apr_xlate_get_sb/{next}
+/apr_xlate_open/{next}
+/apr_brigade_consume/{next}
+/apr_bucket_mmap_create/{next}
+/apr_bucket_mmap_make/{next}
+/apr_bucket_type_mmap/{next}
+/apr_md4_set_xlate/{next}
+#/XML_ParserFree/{next}
+#/XML_ParserCreate/{next}
+#/XML_SetUserData/{next}
+#/XML_SetElementHandler/{next}
+#/XML_SetCharacterDataHandler/{next}
+#/XML_Parse/{next}
+#/XML_GetErrorCode/{next}
+#/XML_ErrorString/{next}
+
+
+function add_symbol (sym_name) {
+ if (count) {
+ found++
+ }
+# for (i = 0; i < count; i++) {
+# line = line "\t"
+# }
+ line = line sym_name ",\n"
+
+ if (count == 0) {
+ printf(" %s", line)
+ line = ""
+ }
+}
+
+/^[ \t]*AP[RU]?_DECLARE[^(]*[(][^)]*[)]([^ ]* )*[^(]+[(]/ {
+ sub("[ \t]*AP[RU]?_DECLARE[^(]*[(][^)]*[)][ \t]*", "")
+ sub("[(].*", "")
+ sub("([^ ]* (^([ \t]*[(])))+", "")
+
+ add_symbol($0)
+ next
+}
+
+/^[ \t]*AP_DECLARE_HOOK[^(]*[(][^)]*[)]/ {
+ split($0, args, ",")
+ symbol = args[2]
+ sub("^[ \t]+", "", symbol)
+ sub("[ \t]+$", "", symbol)
+
+ add_symbol("ap_hook_" symbol)
+ add_symbol("ap_hook_get_" symbol)
+ add_symbol("ap_run_" symbol)
+ next
+}
+
+/^[ \t]*AP[RU]?_DECLARE_DATA .*;$/ {
+ varname = $NF;
+ gsub( /[*;]/, "", varname);
+ gsub( /\[.*\]/, "", varname);
+ add_symbol(varname);
+}
+
+#END {
+# printf(" %s", line)
+#}
--- /dev/null
+
+
+BEGIN {
+
+ A["ServerRoot"] = "SYS:\APACHE2"
+ A["Port"] = "80"
+
+}
+
+/@@LoadModule@@/ {
+ print "#LoadModule auth_anon_module modules/authanon.nlm"
+ print "#LoadModule auth_dbm_module modules/authdbm.nlm"
+ print "#LoadModule auth_digest_module modules/digest.nlm"
+ print "#LoadModule cern_meta_module modules/cernmeta.nlm"
+ print "#LoadModule dav_module modules/mod_dav.nlm"
+ print "#LoadModule dav_fs_module modules/moddavfs.nlm"
+ print "#LoadModule expires_module modules/expires.nlm"
+ print "#LoadModule file_cache_module modules/filecach.nlm"
+ print "#LoadModule headers_module modules/headers.nlm"
+ print "#LoadModule info_module modules/info.nlm"
+ print "#LoadModule mime_magic_module modules/mimemagi.nlm"
+ print "#LoadModule proxy_module modules/proxy.nlm"
+ print "#LoadModule proxy_connect_module modules/proxy_connect.nlm"
+ print "#LoadModule proxy_http_module modules/proxy_http.nlm"
+ print "#LoadModule proxy_ftp_module modules/proxy_ftp.nlm"
+ print "#LoadModule rewrite_module modules/rewrite.nlm"
+ print "#LoadModule speling_module modules/speling.nlm"
+ print "#LoadModule status_module modules/status.nlm"
+ print "#LoadModule unique_id_module modules/uniqueid.nlm"
+ print "#LoadModule usertrack_module modules/usertrk.nlm"
+ print "#LoadModule vhost_alias_module modules/vhost.nlm"
+ print ""
+ next
+}
+
+match ($0,/@@.*@@/) {
+ s=substr($0,RSTART+2,RLENGTH-4)
+# substr($0,RSTART,RLENGTH) = A[s]
+ sub(/@@.*@@/,A[s],$0)
+# print
+}
+
+
+{
+ print
+}
+
+
+END {
+ print
+ print "#"
+ print "# SecureListen: Allows you to securely bind Apache to specific IP addresses "
+ print "# and/or ports."
+ print "#"
+ print "# Change this to SecureListen on specific IP addresses as shown below to "
+ print "# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)"
+ print "#"
+ print "#SecureListen 443 \"SSL CertificateIP\""
+}
--- /dev/null
+/* Must include ap_config.h first so that we can redefine
+ the standard prototypes macros after it messes with
+ them. */
+#include "ap_config.h"
+
+/* Define all of the standard prototype macros as themselves
+ so that httpd.h will not mess with them. This allows
+ them to pass untouched so that the AWK script can pick
+ them out of the preprocessed result file. */
+#define AP_DECLARE AP_DECLARE
+#define AP_CORE_DECLARE AP_CORE_DECLARE
+#define AP_DECLARE_NONSTD AP_DECLARE_NONSTD
+#define AP_CORE_DECLARE_NONSTD AP_CORE_DECLARE_NONSTD
+#define AP_DECLARE_HOOK AP_DECLARE_HOOK
+#define AP_DECLARE_DATA AP_DECLARE_DATA
+
+#include "httpd.h"
+
+/* Preprocess all of the standard HTTPD headers. */
+#include "ap_compat.h"
+#include "ap_listen.h"
+#include "ap_mmn.h"
+#include "ap_mpm.h"
+#include "ap_release.h"
+#include "http_config.h"
+#include "http_connection.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_main.h"
+#include "http_protocol.h"
+#include "http_request.h"
+#include "http_vhost.h"
+#include "mpm_common.h"
+#include "pcreposix.h"
+#include "rfc1413.h"
+#include "scoreboard.h"
+#include "util_cfgtree.h"
+#include "util_charset.h"
+#include "util_ebcdic.h"
+#include "util_filter.h"
+/*#include "util_ldap.h"*/
+#include "util_md5.h"
+#include "util_script.h"
+#include "util_time.h"
+#include "util_xml.h"
+
+#include "mod_core.h"
--- /dev/null
+@echo off
+rem # As part of the pre-build process, the utilities GenChars.NLM
+rem # (Gen Test Chars) and DFTables.NLM (dftables) must be built,
+rem # copied to a NetWare server and run using the following commands:
+rem #
+rem # genchars >test_char.h
+rem # dftables >chartables.c
+rem #
+rem # The files "sys:\test_chars.h" and "sys:\chartables.c" must be
+rem # copied to "httpd\os\netware" on the build machine.
+
+@echo Fixing up the APR headers
+copy ..\srclib\apr\include\apr.hnw ..\srclib\apr\include\apr.h
+
+@echo Fixing up the APR-Util headers
+copy ..\srclib\apr-util\include\apu.h.in ..\srclib\apr-util\include\apu.h
+
+@echo Fixing up the pcre headers
+copy ..\srclib\pcre\config.hw ..\srclib\pcre\config.h
+copy ..\srclib\pcre\pcre.hw ..\srclib\pcre\pcre.h
+
+@echo Generating the import lists...
+awk95 -f make_nw_export.awk ..\srclib\apr\include\*.h |sort > ..\os\netware\aprlib.imp
+awk95 -f make_nw_export.awk ..\srclib\apr-util\include\*.h |sort > ..\os\netware\aprutil.imp
\ No newline at end of file
--- /dev/null
+
+ Multi Language Custom Error Documents
+ -------------------------------------
+
+ The 'error' directory in the document root directory contains HTTP error
+ messages in multiple languages. If the preferred language of client is
+ available it is selected automatically via the MultiViews feature.
+ You may configure the design and markup of the documents by modifying
+ the HTML files in the directory '/error/includes', especially the
+ file 'config.html'.
+
+
+ Supported Languages:
+
+ +------------------+------------------------------------------+
+ | Language | Contributed by |
+ +------------------+------------------------------------------+
+ | English (en) | Lars Eilebrecht |
+ | German (de) | Lars Eilebrecht |
+ | Spanish (es) | Karla Quintero |
+ | French (fr) | Cecile de Crecy |
+ +------------------+------------------------------------------+
+ (Please see http://httpd.apache.org/docs-project/ if you would
+ like to contribute the pages in an additional language.)
+
+
+ Copyright (c) 2001 The Apache Software Foundation. All rights reserved.
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta name="generator" content="HTML Tidy, see www.w3.org" />
+
+ <title>Request Processing in Apache 2.0</title>
+ </head>
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+
+ <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
+ vlink="#000080" alink="#FF0000">
+ <!--#include virtual="header.html" -->
+
+ <h1>How filters work in Apache 2.0</h1>
+
+ <p>Warning - this is a cut 'n paste job from an email:
+ <022501c1c529$f63a9550$7f00000a@KOJ></p>
+
+<pre>
+There are three basic filter types (each of these is actually broken
+down into two categories, but that comes later).
+
+CONNECTION: Filters of this type are valid for the lifetime of this
+ connection.
+
+PROTOCOL: Filters of this type are valid for the lifetime of this
+ request from the point of view of the client, this means
+ that the request is valid from the time that the request
+ is sent until the time that the response is received.
+
+RESOURCE: Filters of this type are valid for the time that this
+ content is used to satisfy a request. For simple
+ requests, this is identical to PROTOCOL, but internal redirects
+ and sub-requests can change the content without ending
+ the request.
+
+It is important to make the distinction between a protocol and a
+resource filter. A resource filter is tied to a specific resource, it
+may also be tied to header information, but the main binding is to a
+resource. If you are writing a filter and you want to know if it is
+resource or protocol, the correct question to ask is: "Can this filter
+be removed if the request is redirected to a different resource?" If
+the answer is yes, then it is a resource filter. If it is no, then it
+is most likely a protocol or connection filter. I won't go into
+connection filters, because they seem to be well understood.
+
+With this definition, a few examples might help:
+Byterange: We have coded it to be inserted for all
+requests, and it is removed if not used. Because this filter is active
+at the beginning of all requests, it can not be removed if it is
+redirected, so this is a protocol filter.
+
+http_header: This filter actually writes the headers to the
+network. This is obviously a required filter (except in the asis case
+which is special and will be dealt with below) and so it is a protocol
+filter.
+
+Deflate: The administrator configures this filter based on
+which file has been requested. If we do an internal redirect from an
+autoindex page to an index.html page, the deflate filter may be added or
+removed based on config, so this is a resource filter.
+
+The further breakdown of each category into two more filter types is
+strictly for ordering. We could remove it, and only allow for one
+filter type, but the order would tend to be wrong, and we would need to
+hack things to make it work. Currently, the RESOURCE filters only have
+one filter type, but that should change.
+
+How are filters inserted?
+This is actually rather simple in theory, but the code is
+complex. First of all, it is important that everybody realize that
+there are three filter lists for each request, but they are all
+concatenated together. So, the first list is r->output_filters, then
+r->proto_output_filters, and finally r->connection->output_filters.
+These correspond to the RESOURCE, PROTOCOL, and CONNECTION filters
+respectively. The problem previously, was that we used a singly linked
+list to create the filter stack, and we started from the "correct"
+location. This means that if I had a RESOURCE filter on the stack, and
+I added a CONNECTION filter, the CONNECTION filter would be ignored.
+This should make sense, because we would insert the connection filter at
+the top of the c->output_filters list, but the end of r->output_filters
+pointed to the filter that used to be at the front of c->output_filters.
+This is obviously wrong. The new insertion code uses a doubly linked
+list. This has the advantage that we never lose a filter that has been
+inserted. Unfortunately, it comes with a separate set of headaches.
+
+The problem is that we have two different cases were we use subrequests.
+The first is to insert more data into a response. The second is to
+replace the existing response with an internal redirect. These are two
+different cases and need to be treated as such.
+
+In the first case, we are creating the subrequest from within a handler
+or filter. This means that the next filter should be passed to
+make_sub_request function, and the last resource filter in the
+sub-request will point to the next filter in the main request. This
+makes sense, because the sub-request's data needs to flow through the
+same set of filters as the main request. A graphical representation
+might help:
+
+Default_handler --> includes_filter --> byterange --> content_length ->
+etc
+
+If the includes filter creates a sub request, then we don't want the
+data from that sub-request to go through the includes filter, because it
+might not be SSI data. So, the subrequest adds the following:
+
+Default_handler --> includes_filter -/-> byterange --> content_length -> etc
+ /
+Default_handler --> sub_request_core
+
+What happens if the subrequest is SSI data? Well, that's easy, the
+includes_filter is a resource filter, so it will be added to the sub
+request in between the Default_handler and the sub_request_core filter.
+
+The second case for sub-requests is when one sub-request is going to
+become the real request. This happens whenever a sub-request is created
+outside of a handler or filter, and NULL is passed as the next filter to
+the make_sub_request function.
+
+In this case, the resource filters no longer make sense for the new
+request, because the resource has changed. So, instead of starting from
+scratch, we simply point the front of the resource filters for the
+sub-request to the front of the protocol filters for the old request.
+This means that we won't lose any of the protocol filters, neither will
+we try to send this data through a filter that shouldn't see it.
+
+The problem is that we are using a doubly-linked list for our filter
+stacks now. But, you should notice that it is possible for two lists to
+intersect in this model. So, you do you handle the previous pointer?
+This is a very difficult question to answer, because there is no "right"
+answer, either method is equally valid. I looked at why we use the
+previous pointer. The only reason for it is to allow for easier
+addition of new servers. With that being said, the solution I chose was
+to make the previous pointer always stay on the original request.
+
+This causes some more complex logic, but it works for all cases. My
+concern in having it move to the sub-request, is that for the more
+common case (where a sub-request is used to add data to a response), the
+main filter chain would be wrong. That didn't seem like a good idea to
+me.
+
+asis:
+The final topic. :-) Mod_Asis is a bit of a hack, but the
+handler needs to remove all filters except for connection filters, and
+send the data. If you are using mod_asis, all other bets are off.
+
+The absolutely last point is that the reason this code was so hard to
+get right, was because we had hacked so much to force it to work. I
+wrote most of the hacks originally, so I am very much to blame.
+However, now that the code is right, I have started to remove some
+hacks. Most people should have seen that the reset_filters and
+add_required_filters functions are gone. Those inserted protocol level
+filters for error conditions, in fact, both functions did the same
+thing, one after the other, it was really strange. Because we don't
+lose protocol filters for error cases any more, those hacks went away.
+The HTTP_HEADER, Content-length, and Byterange filters are all added in
+the insert_filters phase, because if they were added earlier, we had
+some interesting interactions. Now, those could all be moved to be
+inserted with the HTTP_IN, CORE, and CORE_IN filters. That would make
+the code easier to follow.
+</pre>
+
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
+
--- /dev/null
+<modulelist>
+<modulefile>core.xml</modulefile>
+<modulefile>mod_access.xml</modulefile>
+<modulefile>mod_actions.xml</modulefile>
+<modulefile>mod_alias.xml</modulefile>
+<modulefile>mod_asis.xml</modulefile>
+<modulefile>mod_auth.xml</modulefile>
+<modulefile>mod_auth_anon.xml</modulefile>
+<modulefile>mod_auth_dbm.xml</modulefile>
+<modulefile>mod_auth_digest.xml</modulefile>
+<modulefile>mod_autoindex.xml</modulefile>
+<modulefile>mod_cern_meta.xml</modulefile>
+<modulefile>mod_cgi.xml</modulefile>
+<modulefile>mod_cgid.xml</modulefile>
+<modulefile>mod_charset_lite.xml</modulefile>
+<modulefile>mod_dav.xml</modulefile>
+<modulefile>mod_deflate.xml</modulefile>
+<modulefile>mod_dir.xml</modulefile>
+<modulefile>mod_env.xml</modulefile>
+<modulefile>mod_example.xml</modulefile>
+<modulefile>mod_ext_filter.xml</modulefile>
+<modulefile>mod_file_cache.xml</modulefile>
+<modulefile>mod_headers.xml</modulefile>
+<modulefile>mod_imap.xml</modulefile>
+<modulefile>mod_include.xml</modulefile>
+<modulefile>mod_info.xml</modulefile>
+<modulefile>mod_isapi.xml</modulefile>
+<modulefile>mod_log_config.xml</modulefile>
+<modulefile>mod_mime.xml</modulefile>
+<modulefile>mod_mime_magic.xml</modulefile>
+<modulefile>mod_negotiation.xml</modulefile>
+<modulefile>mod_proxy.xml</modulefile>
+<modulefile>mod_rewrite.xml</modulefile>
+<modulefile>mod_setenvif.xml</modulefile>
+<modulefile>mod_so.xml</modulefile>
+<modulefile>mod_speling.xml</modulefile>
+<modulefile>mod_status.xml</modulefile>
+<modulefile>mod_suexec.xml</modulefile>
+<modulefile>mod_unique_id.xml</modulefile>
+<modulefile>mod_userdir.xml</modulefile>
+<modulefile>mod_usertrack.xml</modulefile>
+<modulefile>mod_vhost_alias.xml</modulefile>
+<modulefile>mpm_common.xml</modulefile>
+<modulefile>mpm_winnt.xml</modulefile>
+<modulefile>prefork.xml</modulefile>
+</modulelist>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>core</name>
+<status>Core</status>
+<description>Core Apache HTTP Server features that are always
+available</description>
+
+<directivesynopsis>
+<name>AcceptPathInfo</name>
+<description>Controls whether requests can contain trailing pathname information</description>
+<syntax>AcceptPathInfo On|Off|Default</syntax>
+<default>AcceptPathInfo Default</default>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context></contextlist>
+<compatibility>Available in Apache 2.0.30 and later</compatibility>
+
+<usage>
+
+ <p>This directive controls whether requests that contain trailing
+ pathname information that follows an actual filename (or
+ non-existent file in an existing directory) will be accepted or
+ rejected. The trailing pathname information can be made
+ available to scripts in the PATH_INFO environment variable.</p>
+
+ <p>For example, assume the location <code>/test/</code> points to
+ a directory that contains only the single file
+ <code>here.html</code>. Then requests for
+ <code>/test/here.html/more</code> and
+ <code>/test/nothere.html/more</code> both collect
+ <code>/more</code> as PATH_INFO.</p>
+
+ <p>The three possible arguments for the
+ <directive>AcceptPathInfo</directive> directive are:</p>
+ <dl>
+ <dt><code>off</code></dt><dd>A request will only be accepted if it
+ maps to a literal path that exists. Therefore a request with
+ trailing pathname information after the true filename such as
+ <code>/test/here.html/more</code> in the above example will return
+ a 404 NOT FOUND error.</dd>
+
+ <dt><code>on</code></dt><dd>A request will be accepted if a
+ leading path component maps to a file that exists. The above
+ example <code>/test/here.html/more</code> will be accepted if
+ <code>/test/here.html</code> maps to a valid file.</dd>
+
+ <dt><code>default</code></dt><dd>The treatment of requests with
+ trailing pathname information is determined by the <a
+ href="../handler.html">handler</a> responsible for the request.
+ The core handler for normal files defaults to rejecting PATH_INFO.
+ Handlers that serve scripts, such as <a
+ href="mod_cgi.html">cgi-script</a> and <a
+ href="mod_isapi.html">isapi-isa</a>, generally accept PATH_INFO by
+ default.</dd>
+ </dl>
+
+ <p>The primary purpose of the <code>AcceptPathInfo</code>
+ directive is to allow you to override the handler's choice of
+ accepting or rejecting PATH_INFO. This override is required, for
+ example, when you use a <a href="../filter.html">filter</a>, such
+ as <a href="mod_include.html">INCLUDES</a>, to generate content
+ based on PATH_INFO. The core handler would usually reject the
+ request, so you can use the following configuration to enable
+ such a script:</p>
+<example>
+<Files "mypaths.shtml"><br />
+ Options +Includes<br />
+ SetOutputFilter INCLUDES<br />
+ AcceptPathInfo on<br />
+</Files>
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AccessFileName</name>
+<description>Sets the name of the .htaccess file</description>
+<syntax>AccessFileName <em>filename</em> [<em>filename</em>] ...</syntax>
+<default>AccessFileName .htaccess</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>When returning a document to the client the server looks for
+ the first existing access control file from this list of names
+ in every directory of the path to the document, if access
+ control files are enabled for that directory. For example:</p>
+
+<example>
+AccessFileName .acl
+</example>
+
+ <p>before returning the document
+ <code>/usr/local/web/index.html</code>, the server will read
+ <code>/.acl</code>, <code>/usr/.acl</code>,
+ <code>/usr/local/.acl</code> and <code>/usr/local/web/.acl</code>
+ for directives, unless they have been disabled with</p>
+
+<example>
+<Directory /><br />
+ AllowOverride None<br />
+</Directory>
+</example>
+</usage>
+<seealso><directive module="core">AllowOverride</directive></seealso>
+<seealso><a href="../configuring.html">Configuration Files</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddDefaultCharset</name>
+<description>Specifies the default character set to be added for a
+response without an explicit character set</description>
+<syntax>AddDefaultCharset On|Off|<em>charset</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context></contextlist>
+<default>AddDefaultCharset Off</default>
+
+<usage>
+
+ <p>This directive specifies the name of the character set that
+ will be added to any response that does not have any parameter on
+ the content type in the HTTP headers. This will override any
+ character set specified in the body of the document via a
+ <code>META</code> tag. A setting of <code>AddDefaultCharset
+ Off</code> disables this
+ functionality. <code>AddDefaultCharset On</code> enables
+ Apache's internal default charset of <code>iso-8859-1</code> as
+ required by the directive. You can also specify an alternate
+ <em>charset</em> to be used. For example:</p>
+
+<example>
+ AddDefaultCharset utf-8
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddModule</name>
+<syntax>AddModule <em>module</em> [<em>module</em>] ...</syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The server can have modules compiled in which are not
+ actively in use. This directive can be used to enable the use
+ of those modules. The server comes with a pre-loaded list of
+ active modules; this list can be cleared with the <directive
+ module="core">ClearModuleList</directive> directive.</p>
+
+ <p>For example:</p>
+<example>
+AddDefaultCharset utf-8
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AllowOverride</name>
+<description>Sets the types of directives that are allowed in
+.htaccess files</description>
+<syntax>AllowOverride All|None|<em>directive-type</em> [<em>directive-type</em>] ...</syntax>
+<default>AllowOverride All</default>
+<contextlist><context>directory</context></contextlist>
+
+<usage>
+ <p>When the server finds an .htaccess file (as specified by <directive
+ module="core">AccessFileName</directive>) it needs to know
+ which directives declared in that file can override earlier
+ access information.</p>
+
+ <p>When this directive is set to <code>None</code>, then
+ .htaccess files are completely ignored. In this case, the
+ server will not even attempt to read .htaccess files in the
+ filesystem.</p>
+
+ <p>When this directive is set to <code>All</code>, then any
+ directive which has the .htaccess <a
+ href="directive-dict.html#Context">Context</a> is allowed in
+ .htaccess files.</p>
+
+ <p>The <em>directive-type</em> can be one of the following
+ groupings of directives.</p>
+
+ <dl>
+ <dt>AuthConfig</dt>
+
+ <dd>
+
+ Allow use of the authorization directives (<directive
+ module="mod_auth_dbm">AuthDBMGroupFile</directive>,
+ <directive module="mod_auth_dbm">AuthDBMUserFile</directive>,
+ <directive module="mod_auth">AuthGroupFile</directive>,
+ <directive module="core">AuthName</directive>,
+ <directive module="core">AuthType</directive>, <directive
+ module="mod_auth">AuthUserFile</directive>, <directive
+ module="core">Require</directive>, <em>etc.</em>).</dd>
+
+ <dt>FileInfo</dt>
+
+ <dd>
+ Allow use of the directives controlling document types (<directive
+ module="core">DefaultType</directive>, <directive
+ module="core">ErrorDocument</directive>, <directive
+ module="core">ForceType</directive>, <directive
+ module="mod_negotiation">LanguagePriority</directive>,
+ <directive module="core">SetHandler</directive>, <directive
+ module="core">SetInputFilter</directive>, <directive
+ module="core">SetOutputFilter</directive>, and
+ <module>mod_mime</module> Add* and Remove*
+ directives, <em>etc.</em>).</dd>
+
+ <dt>Indexes</dt>
+
+ <dd>
+ Allow use of the directives controlling directory indexing
+ (<directive
+ module="mod_autoindex">AddDescription</directive>,
+ <directive module="mod_autoindex">AddIcon</directive>, <directive
+ module="mod_autoindex">AddIconByEncoding</directive>,
+ <directive module="mod_autoindex">AddIconByType</directive>,
+ <directive module="mod_autoindex">DefaultIcon</directive>, <directive
+ module="mod_dir">DirectoryIndex</directive>, <directive
+ module="mod_autoindex">FancyIndexing</directive>, <directive
+ module="mod_autoindex">HeaderName</directive>, <directive
+ module="mod_autoindex">IndexIgnore</directive>, <directive
+ module="mod_autoindex">IndexOptions</directive>, <directive
+ module="mod_autoindex">ReadmeName</directive>,
+ <em>etc.</em>).</dd>
+
+ <dt>Limit</dt>
+
+ <dd>
+ Allow use of the directives controlling host access (<directive
+ module="mod_access">Allow</directive>, <directive
+ module="mod_access">Deny</directive> and <directive
+ module="mod_access">Order</directive>).</dd>
+
+ <dt>Options</dt>
+
+ <dd>
+ Allow use of the directives controlling specific directory
+ features (<directive module="core">Options</directive> and
+ <directive module="mod_include">XBitHack</directive>).</dd>
+ </dl>
+
+ <p>Example:</p>
+
+ <example>AllowOverride AuthConfig Indexes</example>
+</usage>
+
+<seealso><directive module="core">AccessFileName</directive></seealso>
+<seealso><a href="../configuring.html">Configuration Files</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthName</name>
+<description>Sets the authorization realm for use in HTTP
+authentication</description>
+<syntax>AuthName <em>auth-domain</em></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>This directive sets the name of the authorization realm for a
+ directory. This realm is given to the client so that the user
+ knows which username and password to send.
+ <directive>AuthName</directive> takes a single argument; if the
+ realm name contains spaces, it must be enclosed in quotation
+ marks. It must be accompanied by <directive
+ module="core">AuthType</directive> and <directive
+ module="core">Require</directive> directives, and directives such
+ as <directive module="mod_auth">AuthUserFile</directive> and
+ <directive module="mod_auth">AuthGroupFile</directive> to
+ work.</p>
+
+ <p>For example:</p>
+
+ <example>AuthName "Top Secret"</example>
+
+ <p>The string provided for the <code>AuthRealm</code> is what will
+ appear in the password dialog provided by most browsers.</p>
+</usage>
+<seealso><a
+ href="../howto/auth.html">Authentication, Authorization, and
+ Access Control</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthType</name>
+<description>Selects the type of user authentication</description>
+<syntax>AuthType Basic|Digest</syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+<override>AuthConfig</override></contextlist>
+
+<usage>
+ <p>This directive selects the type of user authentication for a
+ directory. Only <code>Basic</code> and <code>Digest</code> are
+ currently implemented.
+
+ It must be accompanied by <directive
+ module="core">AuthName</directive> and <directive
+ module="core">Require</directive> directives, and directives such
+ as <directive module="mod_auth">AuthUserFile</directive> and
+ <directive module="mod_auth">AuthGroupFile</directive> to
+ work.</p>
+</usage>
+<seealso><a href="../howto/auth.html">Authentication, Authorization,
+and Access Control</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ContentDigest</name>
+<description>Enables the generation of Content-MD5 HTTP Response
+headers</description>
+<syntax>ContentDigest on|off</syntax>
+<default>ContentDigest off</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Options</override>
+<status>Experimental</status>
+<compatibility>Available in Apache 1.1 and later</compatibility>
+
+<usage>
+ <p>This directive enables the generation of
+ <code>Content-MD5</code> headers as defined in RFC1864
+ respectively RFC2068.</p>
+
+ <p>MD5 is an algorithm for computing a "message digest"
+ (sometimes called "fingerprint") of arbitrary-length data, with
+ a high degree of confidence that any alterations in the data
+ will be reflected in alterations in the message digest.</p>
+
+ <p>The <code>Content-MD5</code> header provides an end-to-end
+ message integrity check (MIC) of the entity-body. A proxy or
+ client may check this header for detecting accidental
+ modification of the entity-body in transit. Example header:</p>
+<example>
+ Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
+</example>
+
+ <p>Note that this can cause performance problems on your server
+ since the message digest is computed on every request (the
+ values are not cached).</p>
+
+ <p><code>Content-MD5</code> is only sent for documents served
+ by the core, and not by any module. For example, SSI documents,
+ output from CGI scripts, and byte range responses do not have
+ this header.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>DefaultType</name>
+<description>Sets the MIME content-type that will be sent if the
+server cannot determine a type in any other way</description>
+<syntax>DefaultType <em>MIME-type</em></syntax>
+<default>DefaultType text/html</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>There will be times when the server is asked to provide a
+ document whose type cannot be determined by its MIME types
+ mappings.</p>
+
+ <p>The server must inform the client of the content-type of the
+ document, so in the event of an unknown type it uses the
+ <code>DefaultType</code>. For example:</p>
+
+<example>
+ <code>DefaultType image/gif</code>
+</example>
+ would be appropriate for a directory which contained many gif
+ images with filenames missing the .gif extension.
+
+ <p>Note that unlike <directive
+ module="core">ForceType</directive>, this directive is only
+ provides the default mime-type. All other mime-type definitions,
+ including filename extensions, that might identify the media type
+ will override this default.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>Directory</name>
+<description>Enclose a group of directives that apply only to the
+named file-system directory and sub-directories</description>
+<syntax><Directory <em>directory-path</em>>
+... </Directory></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p><directive type="section">Directory</directive> and
+ <code></Directory></code> are used to enclose a group of
+ directives which will apply only to the named directory and
+ sub-directories of that directory. Any directive which is allowed
+ in a directory context may be used. <em>Directory-path</em> is
+ either the full path to a directory, or a wild-card string. In a
+ wild-card string, `?' matches any single character, and `*'
+ matches any sequences of characters. You may
+ also use `[]' character ranges like in the shell. Also as of
+ Apache 1.3 none of the wildcards match a `/' character, which more
+ closely mimics the behavior of Unix shells. Example:</p>
+<example>
+ <Directory /usr/local/httpd/htdocs><br />
+ Options Indexes FollowSymLinks<br />
+ </Directory><br />
+</example>
+
+ <p>Extended regular
+ expressions can also be used, with the addition of the
+ <code>~</code> character. For example:</p>
+<example>
+ <Directory ~ "^/www/.*/[0-9]{3}">
+</example>
+ would match directories in /www/ that consisted of three
+ numbers.
+
+ <p>If multiple (non-regular expression) directory sections
+ match the directory (or its parents) containing a document,
+ then the directives are applied in the order of shortest match
+ first, interspersed with the directives from the <a
+ href="#accessfilename">.htaccess</a> files. For example,
+ with</p>
+
+<example>
+ <Directory /><br />
+ AllowOverride None<br />
+ </Directory><br />
+ <br />
+ <Directory /home/*><br />
+ AllowOverride FileInfo<br />
+ </Directory>
+</example>
+ <p>for access to the document <code>/home/web/dir/doc.html</code>
+ the steps are:</p>
+
+ <ul>
+ <li>Apply directive <code>AllowOverride None</code>
+ (disabling <code>.htaccess</code> files).</li>
+
+ <li>Apply directive <code>AllowOverride FileInfo</code> (for
+ directory <code>/home/web</code>).</li>
+
+ <li>Apply any FileInfo directives in
+ <code>/home/web/.htaccess</code></li>
+ </ul>
+
+ <p>Regular expressions are not considered until after all of the
+ normal sections have been applied. Then all of the regular
+ expressions are tested in the order they appeared in the
+ configuration file. For example, with</p>
+
+<example><Directory ~ abc$><br />
+ ... directives here ...<br />
+ </Directory><br />
+</example>
+
+ <p>The regular expression section won't be considered until after
+ all normal <Directory>s and <code>.htaccess</code> files
+ have been applied. Then the regular expression will match on
+ <code>/home/abc/public_html/abc</code> and be applied.</p>
+
+ <p><strong>Note that the default Apache access for
+ <Directory /> is <samp>Allow from All</samp>. This means
+ that Apache will serve any file mapped from an URL. It is
+ recommended that you change this with a block such
+ as</strong></p>
+
+<example>
+ <Directory /><br />
+ Order Deny,Allow<br />
+ Deny from All<br />
+ </Directory>
+</example>
+
+ <p><strong>and then override this for directories you
+ <em>want</em> accessible. See the <a
+ href="../misc/security_tips.html">Security Tips</a> page for more
+ details.</strong></p>
+
+ <p>The directory sections typically occur in
+ the access.conf file, but they may appear in any configuration
+ file. <directive type="section">Directory</directive> directives
+ cannot nest, and cannot appear in a <directive module="core"
+ type="section">Limit</directive> or <directive module="core"
+ type="section">LimitExcept</directive> section.</p>
+</usage>
+<seealso><a href="../sections.html">How
+ Directory, Location and Files sections work</a> for an
+ explanation of how these different sections are combined when a
+ request is received</seealso>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>DirectoryMatch</name>
+<description>Enclose a group of directives that apply only to
+file-system directories that match a regular expression and their
+subdirectories</description>
+<syntax><Directory <em>regex</em>>
+... </Directory></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p><directive type="section">DirectoryMatch</directive> and
+ <code></DirectoryMatch></code> are used to enclose a group
+ of directives which will apply only to the named directory and
+ sub-directories of that directory, the same as <directive
+ module="core" type="section">Directory</directive>. However, it
+ takes as an argument a regular expression. For example:</p>
+<example>
+ <DirectoryMatch "^/www/.*/[0-9]{3}">
+</example>
+
+ <p>would match directories in <code>/www/</code> that consisted of three
+ numbers.</p>
+</usage>
+<seealso><directive type="section" module="core">Directory</directive> for
+a description of how regular expressions are mixed in with normal
+<code><Directory></code>s</seealso>
+<seealso><a
+href="../sections.html">How Directory, Location and Files sections
+work</a> for an explanation of how these different sections are
+combined when a request is received</seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>DocumentRoot</name>
+<description>Sets the directory that forms the main document tree visible
+from the web</description>
+<syntax>DocumentRoot <em>directory-path</em></syntax>
+<default>DocumentRoot /usr/local/apache/htdocs</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>This directive sets the directory from which httpd will
+ serve files. Unless matched by a directive like Alias, the
+ server appends the path from the requested URL to the document
+ root to make the path to the document. Example:</p>
+<example>
+ DocumentRoot /usr/web
+</example>
+ <p>then an access to
+ <code>http://www.my.host.com/index.html</code> refers to
+ <code>/usr/web/index.html</code>.</p>
+
+ <p>The <directive>DocumentRoot</directive> should be specified without
+ a trailing slash.</p>
+</usage>
+<seealso><a href="../urlmapping.html">Mapping URLs to Filesystem
+Location</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ErrorDocument</name>
+<description>Specifies what the server will return to the client
+in case of an error</description>
+<syntax>ErrorDocument <em>error-code document</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>Quoting syntax for text messages is different in Apache
+2.0</compatibility>
+
+<usage>
+ <p>In the event of a problem or error, Apache can be configured
+ to do one of four things,</p>
+
+ <ol>
+ <li>output a simple hardcoded error message</li>
+
+ <li>output a customized message</li>
+
+ <li>redirect to a local <em>URL-path</em> to handle the
+ problem/error</li>
+
+ <li>redirect to an external <em>URL</em> to handle the
+ problem/error</li>
+ </ol>
+
+ <p>The first option is the default, while options 2-4 are
+ configured using the <directive>ErrorDocument</directive>
+ directive, which is followed by the HTTP response code and a URL
+ or a message. Apache will sometimes offer additional information
+ regarding the problem/error.</p>
+
+ <p>URLs can begin with a slash (/) for local URLs, or be a full
+ URL which the client can resolve. Alternatively, a message can
+ be provided to be displayed by the browser. Examples:</p>
+
+<example>
+ ErrorDocument 500
+ http://foo.example.com/cgi-bin/tester<br />
+ ErrorDocument 404 /cgi-bin/bad_urls.pl<br />
+ ErrorDocument 401 /subscription_info.html<br />
+ ErrorDocument 403 "Sorry can't allow you access
+ today"
+</example>
+
+ <p>Note that when you specify an <directive>ErrorDocument</directive>
+ that points to a remote URL (ie. anything with a method such as
+ "http" in front of it), Apache will send a redirect to the
+ client to tell it where to find the document, even if the
+ document ends up being on the same server. This has several
+ implications, the most important being that the client will not
+ receive the original error status code, but instead will
+ receive a redirect status code. This in turn can confuse web
+ robots and other clients which try to determine if a URL is
+ valid using the status code. In addition, if you use a remote
+ URL in an <code>ErrorDocument 401</code>, the client will not
+ know to prompt the user for a password since it will not
+ receive the 401 status code. Therefore, <strong>if you use an
+ "ErrorDocument 401" directive then it must refer to a local
+ document.</strong></p>
+
+ <p>Prior to version 2.0, messages were indicated by prefixing
+ them with a single unmatched double quote character.</p>
+</usage>
+
+<seealso><a href="../custom-error.html">documentation of
+ customizable responses</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ErrorLog</name>
+<description>Sets the name of the file to which the server
+will log errors</description>
+<syntax> ErrorLog <em>file-path</em>|syslog[:<em>facility</em>]</syntax>
+<default>ErrorLog logs/error_log (Unix)
+ErrorLog logs/error.log (Windows and OS/2)</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>ErrorLog</directive> directive sets the name of
+ the file to which the server will log any errors it encounters. If
+ the <em>file-path</em> does not begin with a slash (/) then it is
+ assumed to be relative to the <directive
+ module="core">ServerRoot</directive>. If the <em>file-path</em>
+ begins with a pipe (|) then it is assumed to be a command to spawn
+ to handle the error log.</p>
+
+ <p>Using <code>syslog</code> instead of a filename enables logging
+ via syslogd(8) if the system supports it. The default is to use
+ syslog facility <code>local7</code>, but you can override this by
+ using the <code>syslog:</code><em>facility</em> syntax where
+ <em>facility</em> can be one of the names usually documented in
+ syslog(1).</p>
+
+ <p>SECURITY: See the <a
+ href="../misc/security_tips.html#serverroot">security tips</a>
+ document for details on why your security could be compromised
+ if the directory where logfiles are stored is writable by
+ anyone other than the user that starts the server.</p>
+</usage>
+<seealso><directive module="core">LogLevel</directive></seealso>
+<seealso><a href="../logs.html">Apache Log Files</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>FileETag</name>
+<description>Configures the file attributes used to create the ETag
+HTTP response header</description>
+<syntax>FileETag <em>component</em> ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>
+ The <directive>FileETag</directive> directive configures the file
+ attributes that are used to create the ETag (entity tag) response
+ header field when the document is based on a file. (The ETag
+ value is used in cache management to save network bandwidth.) In
+ Apache 1.3.22 and earlier, the ETag value was <em>always</em> formed
+ from the file's inode, size, and last-modified time (mtime). The
+ FileETag directive allows you to choose which of these -- if any
+ -- should be used. The recognized keywords are:
+ </p>
+ <dl compact="compact">
+ <dt><b>INode</b></dt>
+ <dd>The file's i-node number will be included in the calculation</dd>
+ <dt><b>MTime</b></dt>
+ <dd>The date and time the file was last modified will be included</dd>
+ <dt><b>Size</b></dt>
+ <dd>The number of bytes in the file will be included</dd>
+ <dt><b>All</b></dt>
+ <dd>All available fields will be used (equivalent to
+ '<code>FileETag INode MTime Size</code>')</dd>
+ <dt><b>None</b></dt>
+ <dd>If a document is file-based, no ETag field will be included in the
+ response</dd>
+ </dl>
+ <p>
+ The INode, MTime, and Size keywords may be prefixed with either '+'
+ or '-', which allow changes to be made to the default setting
+ inherited from a broader scope. Any keyword appearing without
+ such a prefix immediately and completely cancels the inherited
+ setting.
+ </p>
+ <p>
+ If a directory's configuration includes
+ '<code>FileETag INode MTime Size</code>', and a
+ subdirectory's includes '<code>FileETag -INode</code>',
+ the setting for that subdirectory (which will be inherited by
+ any sub-subdirectories that don't override it) will be equivalent to
+ '<code>FileETag MTime Size</code>'.
+ </p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>Files</name>
+<description>Contains that directives that apply to matched
+filenames</description>
+<syntax><Files <em>filename</em>> ... </Files></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>The <directive type="section">Files</directive> directive
+ provides for access control by filename. It is comparable to the
+ <directive module="core" type="directive">Directory</directive>
+ directive and <directive module="core"
+ type="directive">Location</directive> directives. It should be
+ matched with a <code></Files></code> directive. The
+ directives given within this section will be applied to any object
+ with a basename (last component of filename) matching the
+ specified filename. <directive type="section">Files</directive>
+ sections are processed in the order they appear in the
+ configuration file, after the <directive module="core"
+ type="section">Directory</directive> sections and
+ <code>.htaccess</code> files are read, but before <directive
+ type="section" module="core">Location</directive> sections. Note
+ that <directive type="section">Files</directive> can be nested
+ inside <directive type="section"
+ module="core">Directory</directive> sections to restrict the
+ portion of the filesystem they apply to.</p>
+
+ <p>The <em>filename</em> argument should include a filename, or
+ a wild-card string, where `?' matches any single character, and
+ `*' matches any sequences of characters. Extended regular
+ expressions can also be used, with the addition of the
+ <code>~</code> character. For example:</p>
+<example>
+ <Files ~ "\.(gif|jpe?g|png)$">
+</example>
+ <p>would match most common Internet graphics formats. In Apache 1.3
+ and later, <directive module="core"
+ type="section">FilesMatch</directive> is preferred, however.</p>
+
+ <p>Note that unlike <directive type="section"
+ module="core">Directory</directive> and <directive type="section"
+ module="core">Location</directive> sections, <directive
+ type="section">Files</directive> sections can be used inside
+ .htaccess files. This allows users to control access to their own
+ files, at a file-by-file level.</p>
+
+</usage>
+<seealso><a href="../sections.html">How
+ Directory, Location and Files sections work</a> for an
+ explanation of how these different sections are combined when a
+ request is received</seealso>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>FilesMatch</name>
+<description>Contains that directives that apply to regular-expression matched
+filenames</description>
+<syntax><FilesMatch <em>regex</em>> ... </FilesMatch></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>The <directive type="section">FilesMatch</directive> directive
+ provides for access control by filename, just as the <directive
+ module="core" type="section">Files</directive> directive
+ does. However, it accepts a regular expression. For example:</p>
+<example>
+ <FilesMatch "\.(gif|jpe?g|png)$">
+</example>
+
+ <p>would match most common Internet graphics formats.</p>
+</usage>
+
+<seealso><a href="../sections.html">How
+ Directory, Location and Files sections work</a> for an
+ explanation of how these different sections are combined when a
+ request is received</seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ForceType</name>
+<description>Forces all matching files to be served with the specified
+MIME content-type</description>
+<syntax>ForceType <em>mime-type</em></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<compatibility>Moved to the core in Apache 2.0</compatibility>
+
+<usage>
+ <p>When placed into an <code>.htaccess</code> file or a
+ <directive type="section" module="core">Directory</directive>, or
+ <directive type="section" module="core">Location</directive> or
+ <directive type="section" module="core">Files</directive>
+ section, this directive forces all matching files to be served
+ with the content type identification given by
+ <em>mime-type</em>. For example, if you had a directory full of
+ GIF files, but did not want to label them all with ".gif", you
+ might want to use:</p>
+<example>
+ ForceType image/gif
+</example>
+
+ <p>Note that unlike <directive module="core">DefaultType</directive>,
+ this directive overrides all mime-type associations, including
+ filename extensions, that might identify the media type.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>HostnameLookups</name>
+<description>Enables DNS lookups on client IP addresses</description>
+<syntax>HostnameLookups on|off|double</syntax>
+<default>HostnameLookups off</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context></contextlist>
+
+<usage>
+ <p>This directive enables DNS lookups so that host names can be
+ logged (and passed to CGIs/SSIs in <code>REMOTE_HOST</code>).
+ The value <code>double</code> refers to doing double-reverse
+ DNS. That is, after a reverse lookup is performed, a forward
+ lookup is then performed on that result. At least one of the ip
+ addresses in the forward lookup must match the original
+ address. (In "tcpwrappers" terminology this is called
+ <code>PARANOID</code>.)</p>
+
+ <p>Regardless of the setting, when <module>mod_access</module> is
+ used for controlling access by hostname, a double reverse lookup
+ will be performed. This is necessary for security. Note that the
+ result of this double-reverse isn't generally available unless you
+ set <code>HostnameLookups double</code>. For example, if only
+ <code>HostnameLookups on</code> and a request is made to an object
+ that is protected by hostname restrictions, regardless of whether
+ the double-reverse fails or not, CGIs will still be passed the
+ single-reverse result in <code>REMOTE_HOST</code>.</p>
+
+ <p>The default is off in order to save the network
+ traffic for those sites that don't truly need the reverse
+ lookups done. It is also better for the end users because they
+ don't have to suffer the extra latency that a lookup entails.
+ Heavily loaded sites should leave this directive
+ <code>off</code>, since DNS lookups can take considerable
+ amounts of time. The utility <a
+ href="../programs/logresolve.html">logresolve</a>, provided in
+ the <em>/support</em> directory, can be used to look up host
+ names from logged IP addresses offline.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>IdentityCheck</name>
+<description>Enables logging of the RFC1413 identity of the remote
+user</description>
+<syntax>IdentityCheck on|off</syntax>
+<default>IdentityCheck off</default>
+
+<usage>
+ <p>This directive enables RFC1413-compliant logging of the
+ remote user name for each connection, where the client machine
+ runs identd or something similar. This information is logged in
+ the access log.</p>
+
+ <p>The information should not be trusted in any way except for
+ rudimentary usage tracking.</p>
+
+ <p>Note that this can cause serious latency problems accessing
+ your server since every request requires one of these lookups
+ to be performed. When firewalls are involved each lookup might
+ possibly fail and add 30 seconds of latency to each hit. So in
+ general this is not very useful on public servers accessible
+ from the Internet.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>IfDefine</name>
+<description>Encloses directives that will be processed only
+if a test is true at startup</description>
+<syntax><IfDefine [!]<em>parameter-name</em>> <em>...</em>
+ </IfDefine></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>The <code><IfDefine
+ <em>test</em>>...</IfDefine></code> section is used to
+ mark directives that are conditional. The directives within an
+ <directive type="section">IfDefine</directive> section are only
+ processed if the <em>test</em> is true. If <em>test</em> is false,
+ everything between the start and end markers is ignored.</p>
+
+ <p>The <em>test</em> in the <directive
+ type="section">IfDefine</directive> section directive can be one
+ of two forms:</p>
+
+ <ul>
+ <li><em>parameter-name</em></li>
+
+ <li><code>!</code><em>parameter-name</em></li>
+ </ul>
+
+ <p>In the former case, the directives between the start and end
+ markers are only processed if the parameter named
+ <em>parameter-name</em> is defined. The second format reverses
+ the test, and only processes the directives if
+ <em>parameter-name</em> is <strong>not</strong> defined.</p>
+
+ <p>The <em>parameter-name</em> argument is a define as given on
+ the <code>httpd</code> command line via
+ <code>-D</code><em>parameter-</em>, at the time the server was
+ started.</p>
+
+ <p><directive type="section">IfDefine</directive> sections are
+ nest-able, which can be used to implement simple
+ multiple-parameter tests. Example:</p>
+<example><pre>
+ $ httpd -DReverseProxy ...
+
+ # httpd.conf
+ <IfDefine ReverseProxy>
+ LoadModule rewrite_module modules/mod_rewrite.so
+ LoadModule proxy_module modules/libproxy.so
+ </IfDefine>
+</pre></example>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>IfModule</name>
+<description>Encloses directives that are processed conditional on the
+presence of absence of a specific module</description>
+<syntax><IfModule [!]<em>module-name</em>> <em>...</em>
+ </IfModule></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>The <code><IfModule
+ <em>test</em>>...</IfModule></code> section is used to
+ mark directives that are conditional. The directives within an
+ <directive type="section">IfModule</directive> section are only
+ processed if the <em>test</em> is true. If <em>test</em> is false,
+ everything between the start and end markers is ignored.</p>
+
+ <p>The <em>test</em> in the <directive
+ type="section">IfModule</directive> section directive can be one
+ of two forms:</p>
+
+ <ul>
+ <li><em>module name</em></li>
+
+ <li>!<em>module name</em></li>
+ </ul>
+
+ <p>In the former case, the directives between the start and end
+ markers are only processed if the module named <em>module
+ name</em> is included in Apache -- either compiled in or
+ dynamically loaded using <directive module="mod_so"
+ >LoadModule</directive>. The second format
+ reverses the test, and only processes the directives if <em>module
+ name</em> is <strong>not</strong> included.</p>
+
+ <p>The <em>module name</em> argument is the file name of the
+ module, at the time it was compiled.
+ For example, <code>mod_rewrite.c</code>.</p>
+
+ <p><directive type="section">IfModule</directive> sections are
+ nest-able, which can be used to implement simple multiple-module
+ tests.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>Include</name>
+<description>Includes other configuration files from within
+the server configuration files</description>
+<syntax>Include <em>file-path</em>|<em>directory-path</em></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>This directive allows inclusion of other configuration files
+ from within the server configuration files.</p>
+
+ <p>If <directive>Include</directive> points to a directory, rather than a
+ file, Apache will read all files in that directory, and any
+ subdirectory, and parse those as configuration files.</p>
+
+ <p>The file path specified may be a fully qualified path (i.e.
+ starting with a slash), or may be relative to the
+ <directive module="core">ServerRoot</directive> directory.</p>
+
+ <p>Examples:</p>
+
+<example>
+ Include /usr/local/apache/conf/ssl.conf<br />
+ Include /usr/local/apache/conf/vhosts/
+</example>
+
+ <p>Or, providing paths relative to your <code>ServerRoot</code>
+ directory:</p>
+
+<example>
+ Include conf/ssl.conf<br />
+ Include conf/vhosts/
+</example>
+
+ <p>Make sure that an included directory does not contain any stray
+ files, such as editor temporary files, for example, as Apache will
+ attempt to read them in and use the contents as configuration
+ directives, which may cause the server to fail on start up.
+ Running <code>apachectl configtest</code> will give you a list of
+ the files that are being processed during the configuration
+ check:</p>
+
+<example><pre>
+ root@host# apachectl configtest
+ Processing config directory: /usr/local/apache/conf/vhosts
+ Processing config file: /usr/local/apache/conf/vhosts/vhost1
+ Processing config file: /usr/local/apache/conf/vhosts/vhost2
+ Syntax OK
+</pre></example>
+
+ <p>This will help in verifying that you are getting only the files
+ that you intended as part of your configuration.</p>
+</usage>
+
+<seealso><a href="../programs/apachectl.html">apachectl</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>KeepAlive</name>
+<description>Turns on or off HTTP persistent connections.</description>
+<syntax>KeepAlive on|off</syntax>
+<default>KeepAlive On</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The Keep-Alive extension to HTTP/1.0 and the persistent
+ connection feature of HTTP/1.1 provide long-lived HTTP sessions
+ which allow multiple requests to be sent over the same TCP
+ connection. In some cases this has been shown to result in an
+ almost 50% speedup in latency times for HTML documents with
+ many images. To enable Keep-Alive connections in Apache 1.2 and
+ later, set <code>KeepAlive On</code>.</p>
+
+ <p>For HTTP/1.0 clients, Keep-Alive connections will only be
+ used if they are specifically requested by a client. In
+ addition, a Keep-Alive connection with an HTTP/1.0 client can
+ only be used when the length of the content is known in
+ advance. This implies that dynamic content such as CGI output,
+ SSI pages, and server-generated directory listings will
+ generally not use Keep-Alive connections to HTTP/1.0 clients.
+ For HTTP/1.1 clients, persistent connections are the default
+ unless otherwise specified. If the client requests it, chunked
+ encoding will be used in order to send content of unknown
+ length over persistent connections.</p>
+</usage>
+
+<seealso><directive module="core">MaxKeepAliveRequests</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>KeepAliveTimeout</name>
+<description>Sets the amount of time the server will wait for subsequent
+requests on a persistent connection</description>
+<syntax>KeepAliveTimeout <em>seconds</em></syntax>
+<default>KeepAliveTimeout 15</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The number of seconds Apache will wait for a subsequent
+ request before closing the connection. Once a request has been
+ received, the timeout value specified by the
+ <directive module="core">Timeout</directive> directive applies.</p>
+
+ <p>Setting <directive>KeepAliveTimeout</directive> to a high value
+ may cause performance problems in heavily loaded servers. The
+ higher the timeout, the more server processes will be kept
+ occupied waiting on connections with idle clients.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>Limit</name>
+<description>Restrict access controls to only certain HTTP
+methods</description>
+<syntax><Limit <em>method</em> [<em>method</em>] ... > ...
+ </Limit></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>Access controls are normally effective for
+ <strong>all</strong> access methods, and this is the usual
+ desired behavior. <strong>In the general case, access control
+ directives should not be placed within a
+ <directive type="section">limit</directive> section.</strong></p>
+
+ <p>The purpose of the <directive type="section">Limit</directive>
+ directive is to restrict the effect of the access controls to the
+ nominated HTTP methods. For all other methods, the access
+ restrictions that are enclosed in the <code><Limit></code>
+ bracket <strong>will have no effect</strong>. The following
+ example applies the access control only to the methods POST, PUT,
+ and DELETE, leaving all other methods unprotected:</p>
+
+<example>
+ <code><Limit POST PUT DELETE><br />
+ Require valid-user<br />
+ </Limit></code>
+</example>
+ <p>The method names listed can be one or more of: GET, POST, PUT,
+ DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH,
+ MKCOL, COPY, MOVE, LOCK, and UNLOCK. <strong>The method name is
+ case-sensitive.</strong> If GET is used it will also restrict
+ HEAD requests.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>LimitExcept</name>
+<description>Restrict access controls to all HTTP methods
+except the named ones</description>
+<syntax><LimitExcept <em>method</em> [<em>method</em>] ... > ...
+ </LimitExcept></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p><directive type="section">LimitExcept</directive> and
+ <code></LimitExcept></code> are used to enclose a group of
+ access control directives which will then apply to any HTTP access
+ method <strong>not</strong> listed in the arguments; i.e., it is
+ the opposite of a <directive type="section"
+ module="core">Limit</directive> section and can be used to control
+ both standard and nonstandard/unrecognized methods. See the
+ documentation for <directive module="core"
+ type="section">Limit</directive> for more details.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LimitRequestBody</name>
+<description>Restricts the total size of the HTTP request body sent
+from the client</description>
+<syntax>LimitRequestBody <em>bytes</em></syntax>
+<default>LimitRequestBody 0</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>This directive specifies the number of <em>bytes</em> from 0
+ (meaning unlimited) to 2147483647 (2GB) that are allowed in a
+ request body. The default value is defined by the compile-time
+ constant <code>DEFAULT_LIMIT_REQUEST_BODY</code> (0 as
+ distributed).</p>
+
+ <p>The <directive>LimitRequestBody</directive> directive allows
+ the user to set a limit on the allowed size of an HTTP request
+ message body within the context in which the directive is given
+ (server, per-directory, per-file or per-location). If the client
+ request exceeds that limit, the server will return an error
+ response instead of servicing the request. The size of a normal
+ request message body will vary greatly depending on the nature of
+ the resource and the methods allowed on that resource. CGI scripts
+ typically use the message body for passing form information to the
+ server. Implementations of the PUT method will require a value at
+ least as large as any representation that the server wishes to
+ accept for that resource.</p>
+
+ <p>This directive gives the server administrator greater
+ control over abnormal client request behavior, which may be
+ useful for avoiding some forms of denial-of-service
+ attacks.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LimitRequestFields</name>
+<description>Limits the number of HTTP request header fields that
+will be accepted from the client</description>
+<syntax>LimitRequestFields <em>number</em></syntax>
+<default>LimitRequestFields 100</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p><em>Number</em> is an integer from 0 (meaning unlimited) to
+ 32767. The default value is defined by the compile-time
+ constant <code>DEFAULT_LIMIT_REQUEST_FIELDS</code> (100 as
+ distributed).</p>
+
+ <p>The <directive>LimitRequestFields</directive> directive allows
+ the server administrator to modify the limit on the number of
+ request header fields allowed in an HTTP request. A server needs
+ this value to be larger than the number of fields that a normal
+ client request might include. The number of request header fields
+ used by a client rarely exceeds 20, but this may vary among
+ different client implementations, often depending upon the extent
+ to which a user has configured their browser to support detailed
+ content negotiation. Optional HTTP extensions are often expressed
+ using request header fields.</p>
+
+ <p>This directive gives the server administrator greater
+ control over abnormal client request behavior, which may be
+ useful for avoiding some forms of denial-of-service attacks.
+ The value should be increased if normal clients see an error
+ response from the server that indicates too many fields were
+ sent in the request.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LimitRequestFieldSize</name>
+<description>Limits the size of the HTTP request header allowed from the
+client</description>
+<syntax>LimitRequestFieldsize <em>bytes</em></syntax>
+<default>LimitRequestFieldsize 8190</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>This directive specifies the number of <em>bytes</em> from 0
+ to the value of the compile-time constant
+ <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (8190 as
+ distributed) that will be allowed in an HTTP request
+ header.</p>
+
+ <p>The <directive>LimitRequestFieldsize</directive> directive
+ allows the server administrator to reduce the limit on the allowed
+ size of an HTTP request header field below the normal input buffer
+ size compiled with the server. A server needs this value to be
+ large enough to hold any one header field from a normal client
+ request. The size of a normal request header field will vary
+ greatly among different client implementations, often depending
+ upon the extent to which a user has configured their browser to
+ support detailed content negotiation.</p>
+
+ <p>This directive gives the server administrator greater
+ control over abnormal client request behavior, which may be
+ useful for avoiding some forms of denial-of-service attacks.
+ Under normal conditions, the value should not be changed from
+ the default.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LimitRequestLine</name>
+<description>Limit the size of the HTTP request line that will be accepted
+from the client</description>
+<syntax>LimitRequestLine <em>bytes</em></syntax>
+<default>LimitRequestLine 8190</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>This directive sets the number of <em>bytes</em> from 0 to
+ the value of the compile-time constant
+ <code>DEFAULT_LIMIT_REQUEST_LINE</code> (8190 as distributed)
+ that will be allowed on the HTTP request-line.</p>
+
+ <p>The <directive>LimitRequestLine</directive> directive allows
+ the server administrator to reduce the limit on the allowed size
+ of a client's HTTP request-line below the normal input buffer size
+ compiled with the server. Since the request-line consists of the
+ HTTP method, URI, and protocol version, the
+ <directive>LimitRequestLine</directive> directive places a
+ restriction on the length of a request-URI allowed for a request
+ on the server. A server needs this value to be large enough to
+ hold any of its resource names, including any information that
+ might be passed in the query part of a GET request.</p>
+
+ <p>This directive gives the server administrator greater
+ control over abnormal client request behavior, which may be
+ useful for avoiding some forms of denial-of-service attacks.
+ Under normal conditions, the value should not be changed from
+ the default.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LimitXMLRequestBody</name>
+<description>Limits the size of an XML-based request body</description>
+<syntax>LimitXMLRequestBody <em>number</em></syntax>
+<default>LimitXMLRequestBody 1000000</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Limit (in bytes) on maximum size of an XML-based request
+ body. A value of <code>0</code> will disable any checking.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>Location</name>
+<description>Applies the enclosed directives only to matching
+URLs</description>
+<syntax><Location
+ <em>URL-path</em>|<em>URL</em>> ... </Location></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>The <directive type="section">Location</directive> directive
+ provides for access control by URL. It is similar to the
+ <directive type="section" module="core">Directory</directive>
+ directive, and starts a subsection which is terminated with a
+ <code></Location></code> directive. <directive
+ type="section">Location</directive> sections are processed in the
+ order they appear in the configuration file, after the <directive
+ type="section" module="core">Directory</directive> sections and
+ <code>.htaccess</code> files are read, and after the <directive
+ type="section" module="core">Files</directive> sections.</p>
+
+ <p>Note that URLs do not have to line up with the filesystem at
+ all, it should be emphasized that <Location> operates
+ completely outside the filesystem.</p>
+
+ <p>For all origin (non-proxy) requests, the URL to be matched
+ is of the form <code>/path/</code>, and you should not include
+ any <code>http://servername</code> prefix. For proxy requests,
+ the URL to be matched is of the form
+ <code>scheme://servername/path</code>, and you must include the
+ prefix.</p>
+
+ <p>The URL may use wildcards In a wild-card string, `?' matches
+ any single character, and `*' matches any sequences of
+ characters.</p>
+
+ <p>Extended regular
+ expressions can also be used, with the addition of the
+ <code>~</code> character. For example:</p>
+<example>
+ <Location ~ "/(extra|special)/data">
+</example>
+
+ <p>would match URLs that contained the substring "/extra/data" or
+ "/special/data". In Apache 1.3 and above, a new directive
+ <directive type="section" module="core">LocationMatch</directive>
+ exists which behaves identical to the regex version of
+ <directive type="section">Location</directive>.</p>
+
+ <p>The <directive type="section">Location</directive>
+ functionality is especially useful when combined with the
+ <directive module="core">SetHandler</directive>
+ directive. For example, to enable status requests, but allow them
+ only from browsers at foo.com, you might use:</p>
+<example>
+ <Location /status><br />
+ SetHandler server-status<br />
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from .foo.com<br />
+ </Location>
+</example>
+
+<note><title>Note about / (slash)</title> <p>The slash character has
+special meaning depending on where in a URL it appears. People may be
+used to its behavior in the filesystem where multiple adjacent slashes
+are frequently collapsed to a single slash (<em>i.e.</em>,
+<code>/home///foo</code> is the same as <code>/home/foo</code>). In
+URL-space this is not necessarily true. The <directive type="section"
+module="core">LocationMatch</directive> directive and the regex
+version of <directive type="section">Location</directive> require you
+to explicitly specify multiple slashes if that is your intention. For
+example, <code><LocationMatch ^/abc></code> would match the
+request URL <code>/abc</code> but not the request URL
+<code>//abc</code>. The (non-regex) <directive
+type="section">Location</directive> directive behaves similarly when
+used for proxy requests. But when (non-regex) <directive
+type="section">Location</directive> is used for non-proxy requests it
+will implicitly match multiple slashes with a single slash. For
+example, if you specify <code><Location /abc/def></code> and the
+request is to <code>/abc//def</code> then it will match.</p>
+</note>
+</usage>
+<seealso><a href="../sections.html">How
+ Directory, Location and Files sections work</a> for an
+ explanation of how these different sections are combined when a
+ request is received</seealso>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>LocationMatch</name>
+<description>Applies the enclosed directives only to regular-expression
+matching URLs</description>
+<syntax><LocationMatch
+ <em>regex</em>> ... </Location></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>The <directive type="section">LocationMatch</directive> directive
+ provides for access control by URL, in an identical manner to
+ <directive module="core"
+ type="section">Location</directive>. However, it takes a regular
+ expression as an argument instead of a simple string. For
+ example:</p>
+<example>
+ <LocationMatch "/(extra|special)/data">
+</example>
+
+ <p>would match URLs that contained the substring "/extra/data"
+ or "/special/data".</p>
+</usage>
+
+<seealso><a href="../sections.html">How
+ Directory, Location and Files sections work</a> for an
+ explanation of how these different sections are combined when a
+ request is received</seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LogLevel</name>
+<description>Controls the verbosity of the ErrorLog</description>
+<syntax>LogLevel <em>level</em></syntax>
+<default>LogLevel warn</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p><directive>LogLevel</directive> adjusts the verbosity of the
+ messages recorded in the error logs (see <directive
+ module="core">ErrorLog</directive> directive). The following
+ <em>level</em>s are available, in order of decreasing
+ significance:</p>
+
+ <table>
+ <tr>
+ <th align="LEFT"><strong>Level</strong> </th>
+
+ <th align="LEFT"><strong>Description</strong> </th>
+ </tr>
+
+ <tr>
+ <th>
+ </th>
+
+ <th align="LEFT"><strong>Example</strong> </th>
+ </tr>
+
+ <tr>
+ <td><code>emerg</code> </td>
+
+ <td>Emergencies - system is unusable.</td>
+ </tr>
+
+ <tr>
+ <td>
+ </td>
+
+ <td>"Child cannot open lock file. Exiting"</td>
+ </tr>
+
+ <tr>
+ <td><code>alert</code> </td>
+
+ <td>Action must be taken immediately.</td>
+ </tr>
+
+ <tr>
+ <td>
+ </td>
+
+ <td>"getpwuid: couldn't determine user name from uid"</td>
+ </tr>
+
+ <tr>
+ <td><code>crit</code> </td>
+
+ <td>Critical Conditions.</td>
+ </tr>
+
+ <tr>
+ <td>
+ </td>
+
+ <td>"socket: Failed to get a socket, exiting child"</td>
+ </tr>
+
+ <tr>
+ <td><code>error</code> </td>
+
+ <td>Error conditions.</td>
+ </tr>
+
+ <tr>
+ <td>
+ </td>
+
+ <td>"Premature end of script headers"</td>
+ </tr>
+
+ <tr>
+ <td><code>warn</code> </td>
+
+ <td>Warning conditions.</td>
+ </tr>
+
+ <tr>
+ <td>
+ </td>
+
+ <td>"child process 1234 did not exit, sending another
+ SIGHUP"</td>
+ </tr>
+
+ <tr>
+ <td><code>notice</code> </td>
+
+ <td>Normal but significant condition.</td>
+ </tr>
+
+ <tr>
+ <td>
+ </td>
+
+ <td>"httpd: caught SIGBUS, attempting to dump core in
+ ..."</td>
+ </tr>
+
+ <tr>
+ <td><code>info</code> </td>
+
+ <td>Informational.</td>
+ </tr>
+
+ <tr>
+ <td>
+ </td>
+
+ <td>"Server seems busy, (you may need to increase
+ StartServers, or Min/MaxSpareServers)..."</td>
+ </tr>
+
+ <tr>
+ <td><code>debug</code> </td>
+
+ <td>Debug-level messages</td>
+ </tr>
+
+ <tr>
+ <td>
+ </td>
+
+ <td>"Opening config file ..."</td>
+ </tr>
+ </table>
+
+ <p>When a particular level is specified, messages from all
+ other levels of higher significance will be reported as well.
+ <em>E.g.</em>, when <code>LogLevel info</code> is specified,
+ then messages with log levels of <code>notice</code> and
+ <code>warn</code> will also be posted.</p>
+
+ <p>Using a level of at least <code>crit</code> is
+ recommended.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MaxKeepAliveRequests</name>
+<description>Sets the number of requests allowed on a persistent
+connection</description>
+<syntax>MaxKeepAliveRequests <em>number</em></syntax>
+<default>MaxKeepAliveRequests 100</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>MaxKeepAliveRequests</directive> directive
+ limits the number of requests allowed per connection when
+ <directive module="core" >KeepAlive</directive> is on. If it is
+ set to "<code>0</code>", unlimited requests will be allowed. We
+ recommend that this setting be kept to a high value for maximum
+ server performance.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>NameVirtualHost</name>
+<description>Configures an IP address for name-virtual
+hosting</description>
+<syntax>NameVirtualHost <em>addr</em>[:<em>port</em>]</syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>NameVirtualHost</directive> directive is a
+ required directive if you want to configure <a
+ href="../vhosts/">name-based virtual hosts</a>.</p>
+
+ <p>Although <em>addr</em> can be hostname it is recommended
+ that you always use an IP address, <em>e.g.</em></p>
+
+<example>NameVirtualHost 111.22.33.44</example>
+
+ <p>With the <directive>NameVirtualHost</directive> directive you
+ specify the IP address on which the server will receive requests
+ for the name-based virtual hosts. This will usually be the address
+ to which your name-based virtual host names resolve. In cases
+ where a firewall or other proxy receives the requests and forwards
+ them on a different IP address to the server, you must specify the
+ IP address of the physical interface on the machine which will be
+ servicing the requests. If you have multiple name-based hosts on
+ multiple addresses, repeat the directive for each address.</p>
+
+ <p>Note: the "main server" and any _default_ servers will
+ <strong>never</strong> be served for a request to a
+ <directive>NameVirtualHost</directive> IP Address (unless for some
+ reason you specify <directive>NameVirtualHost</directive> but then
+ don't define any VirtualHosts for that address).</p>
+
+ <p>Optionally you can specify a port number on which the
+ name-based virtual hosts should be used, <em>e.g.</em></p>
+
+<example>NameVirtualHost 111.22.33.44:8080</example>
+
+ <p>IPv6 addresses must be enclosed in square brackets, as shown
+ in the following example:</p>
+
+<example>NameVirtualHost [fe80::a00:20ff:fea7:ccea]:8080</example>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>Options</name>
+<description>Configures what features are available in a particular
+directory</description>
+<syntax>Options
+ [+|-]<em>option</em> [[+|-]<em>option</em>] ...</syntax>
+<default>Options All</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Options</override>
+
+<usage>
+ <p>The <directive>Options</directive> directive controls which
+ server features are available in a particular directory.</p>
+
+ <p><em>option</em> can be set to <code>None</code>, in which
+ case none of the extra features are enabled, or one or more of
+ the following:</p>
+
+ <dl>
+ <dt>All</dt>
+
+ <dd>All options except for MultiViews. This is the default
+ setting.</dd>
+
+ <dt>ExecCGI</dt>
+
+ <dd>
+ Execution of CGI scripts is permitted.</dd>
+
+ <dt>FollowSymLinks</dt>
+
+ <dd>
+
+ The server will follow symbolic links in this directory.<br />
+ <strong>Note</strong>: even though the server follows the
+ symlink it does <em>not</em> change the pathname used to match
+ against <directive type="section"
+ module="core">Directory</directive> sections.<br />
+ <strong>Note</strong>: this option gets ignored if set inside a
+ <directive type="section" module="core">Location</directive>
+ section.</dd>
+
+ <dt>Includes</dt>
+
+ <dd>
+ Server-side includes are permitted.</dd>
+
+ <dt>IncludesNOEXEC</dt>
+
+ <dd>
+
+ Server-side includes are permitted, but the #exec command and
+ #exec CGI are disabled. It is still possible to #include
+ virtual CGI scripts from ScriptAliase'd directories.</dd>
+
+ <dt>Indexes</dt>
+
+ <dd>
+ If a URL which maps to a directory is requested, and the
+ there is no DirectoryIndex (<em>e.g.</em>, index.html) in
+ that directory, then the server will return a formatted
+ listing of the directory.</dd>
+
+ <dt>MultiViews</dt>
+
+ <dd>
+ <a href="../content-negotiation.html">Content negotiated</a>
+ MultiViews are allowed.</dd>
+
+ <dt>SymLinksIfOwnerMatch</dt>
+
+ <dd>
+
+ The server will only follow symbolic links for which the target
+ file or directory is owned by the same user id as the link.<br
+ /> <strong>Note</strong>: this option gets ignored if set inside
+ a <directive module="core" type="section">Location</directive>
+ section.</dd>
+ </dl>
+ <p>Normally, if multiple <directive>Options</directive> could apply to a
+ directory, then the most specific one is taken complete; the
+ options are not merged. However if <em>all</em> the options on
+ the <directive>Options</directive> directive are preceded by a + or -
+ symbol, the options are merged. Any options preceded by a + are
+ added to the options currently in force, and any options
+ preceded by a - are removed from the options currently in
+ force. </p>
+
+ <p>For example, without any + and - symbols:</p>
+
+
+<example><Directory /web/docs><br />
+ Options Indexes FollowSymLinks<br />
+ </Directory><br />
+ <Directory /web/docs/spec><br />
+ Options Includes<br />
+ </Directory>
+</example>
+ <p>then only <code>Includes</code> will be set for the
+ /web/docs/spec directory. However if the second
+ <directive>Options</directive> directive uses the + and - symbols:</p>
+
+<example>
+ <Directory /web/docs><br />
+ Options Indexes FollowSymLinks<br />
+ </Directory><br />
+ <Directory /web/docs/spec><br />
+ Options +Includes -Indexes<br />
+ </Directory>
+</example>
+ <p>then the options <code>FollowSymLinks</code> and
+ <code>Includes</code> are set for the /web/docs/spec directory.</p>
+
+
+ <p><strong>Note:</strong> Using <code>-IncludesNOEXEC</code> or
+ <code>-Includes</code> disables server-side includes completely
+ regardless of the previous setting.</p>
+
+ <p>The default in the absence of any other settings is
+ <code>All</code>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>Require</name>
+<description>Selects which authenticated users can access
+a resource</description>
+<syntax>Require <em>entity-name</em> [<em>entity-name</em>] ...</syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>This directive selects which authenticated users can access
+ a directory. The allowed syntaxes are:</p>
+
+ <ul>
+ <li>
+ Require user <em>userid</em> [<em>userid</em>] ...
+
+ <p>Only the named users can access the directory.</p>
+ </li>
+
+ <li>
+ Require group <em>group-name</em> [<em>group-name</em>] ...
+
+
+ <p>Only users in the named groups can access the
+ directory.</p>
+ </li>
+
+ <li>
+ Require valid-user
+
+ <p>All valid users can access the directory.</p>
+ </li>
+ </ul>
+
+ <p><directive>Require</directive> must be accompanied by
+ <directive module="core">AuthName</directive> and <directive
+ module="core">AuthType</directive> directives, and directives such
+ as <directive module="mod_auth">AuthUserFile</directive>
+ and <directive module="mod_auth">AuthGroupFile</directive> (to
+ define users and groups) in order to work correctly. Example:</p>
+
+<example>
+ AuthType Basic<br />
+ AuthName "Restricted Directory"<br />
+ AuthUserFile /web/users<br />
+ AuthGroupFile /web/groups<br />
+ Require group admin<br />
+</example>
+
+ <p>Access controls which are applied in this way are effective for
+ <strong>all</strong> methods. <strong>This is what is normally
+ desired.</strong> If you wish to apply access controls only to
+ specific methods, while leaving other methods unprotected, then
+ place the <directive>Require</directive> statement into a
+ <directive module="core" type="section">Limit</directive>
+ section.</p>
+</usage>
+<seealso><directive module="core">Satisfy</directive></seealso>
+<seealso><module>mod_access</module></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RLimitCPU</name>
+<description>Limits the CPU consumption of processes launched
+by Apache children</description>
+<syntax>RLimitCPU <em>number</em>|max [<em>number</em>|max]</syntax>
+<default>Unset; uses operating system defaults</default>
+<contextlist>><context>server config</context><context>virtual host</context>
+</contextlist>
+<compatibility>Moved in version 2.0 to
+ the <a href="../mpm.html">MPMs</a></compatibility>
+
+<usage>
+ <p>Takes 1 or 2 parameters. The first parameter sets the soft
+ resource limit for all processes and the second parameter sets
+ the maximum resource limit. Either parameter can be a number,
+ or <em>max</em> to indicate to the server that the limit should
+ be set to the maximum allowed by the operating system
+ configuration. Raising the maximum resource limit requires that
+ the server is running as root, or in the initial startup
+ phase.</p>
+
+ <p>This applies to processes forked off from Apache children
+ servicing requests, not the Apache children themselves. This
+ includes CGI scripts and SSI exec commands, but not any
+ processes forked off from the Apache parent such as piped
+ logs.</p>
+
+ <p>CPU resource limits are expressed in seconds per
+ process.</p>
+</usage>
+<seealso><directive module="core">RLimitMEM</directive></seealso>
+<seealso><directive module="core">RLimitNPROC</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RLimitMEM</name>
+<description>Limits the memory consumption of processes launched
+by Apache children</description>
+<syntax>RLimitMEM <em>number</em>|max [<em>number</em>|max]</syntax>
+<default>Unset; uses operating system defaults</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+<compatibility>Moved in version 2.0 to the <a
+href="../mpm.html">MPMs</a>.</compatibility>
+
+<usage>
+ <p>Takes 1 or 2 parameters. The first parameter sets the soft
+ resource limit for all processes and the second parameter sets
+ the maximum resource limit. Either parameter can be a number,
+ or <em>max</em> to indicate to the server that the limit should
+ be set to the maximum allowed by the operating system
+ configuration. Raising the maximum resource limit requires that
+ the server is running as root, or in the initial startup
+ phase.</p>
+
+ <p>This applies to processes forked off from Apache children
+ servicing requests, not the Apache children themselves. This
+ includes CGI scripts and SSI exec commands, but not any
+ processes forked off from the Apache parent such as piped
+ logs.</p>
+
+ <p>Memory resource limits are expressed in bytes per
+ process.</p>
+</usage>
+<seealso><directive module="core">RLimitCPU</directive></seealso>
+<seealso><directive module="core">RLimitNPROC</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RLimitNPROC</name>
+<description>Limits the number of processes that can be launched by
+processes launched by Apache children</description>
+<syntax>RLimitNPROC <em>number</em>|max [<em>number</em>|max]</syntax>
+<default>Unset; uses operating system defaults</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+<compatibility>Moved in version 2.0 to the <a
+href="../mpm.html">MPMs</a>.</compatibility>
+
+<usage>
+ <p>Takes 1 or 2 parameters. The first parameter sets the soft
+ resource limit for all processes and the second parameter sets
+ the maximum resource limit. Either parameter can be a number,
+ or <code>max</code> to indicate to the server that the limit
+ should be set to the maximum allowed by the operating system
+ configuration. Raising the maximum resource limit requires that
+ the server is running as root, or in the initial startup
+ phase.</p>
+
+ <p>This applies to processes forked off from Apache children
+ servicing requests, not the Apache children themselves. This
+ includes CGI scripts and SSI exec commands, but not any
+ processes forked off from the Apache parent such as piped
+ logs.</p>
+
+ <p>Process limits control the number of processes per user.</p>
+
+ <p>Note: If CGI processes are <strong>not</strong> running
+ under userids other than the web server userid, this directive
+ will limit the number of processes that the server itself can
+ create. Evidence of this situation will be indicated by
+ <strong><em>cannot fork</em></strong> messages in the
+ error_log.</p>
+</usage>
+<seealso><directive module="core">RLimitMEM</directive></seealso>
+<seealso><directive module="core">RLimitCPU</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>Satisfy</name>
+<description>Configures how host-level access control and user authentication
+interact</description>
+<syntax>Satisfy any|all</syntax>
+<default>Satisfy all</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>Access policy if both <directive
+ module="core">Allow</directive> and <directive
+ module="core">Require</directive> used. The parameter can be
+ either <em>'all'</em> or <em>'any'</em>. This directive is only
+ useful if access to a particular area is being restricted by both
+ username/password <em>and</em> client host address. In this case
+ the default behavior ("all") is to require that the client passes
+ the address access restriction <em>and</em> enters a valid
+ username and password. With the "any" option the client will be
+ granted access if they either pass the host restriction or enter a
+ valid username and password. This can be used to password restrict
+ an area, but to let clients from particular addresses in without
+ prompting for a password.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ScriptInterpreterSource</name>
+<description>Controls how the interpreter for CGI scripts is
+located</description>
+<syntax>ScriptInterpreterSource registry|script</syntax>
+<default>ScriptInterpreterSource script</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<compatibility>Win32 only</compatibility>
+
+<usage>
+ <p>This directive is used to control how Apache finds the
+ interpreter used to run CGI scripts. The default technique is to
+ use the interpreter pointed to by the #! line in the
+ script. Setting <code>ScriptInterpreterSource registry</code> will
+ cause the Windows Registry to be searched using the script file
+ extension (e.g., .pl) as a search key.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ServerAdmin</name>
+<description>Sets the email address that the server includes in error
+messages sent to the client</description>
+<syntax>ServerAdmin <em>email-address</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>ServerAdmin</directive> sets the e-mail address
+ that the server includes in any error messages it returns to the
+ client.</p>
+
+ <p>It may be worth setting up a dedicated address for this,
+ <em>e.g.</em></p>
+<example>ServerAdmin www-admin@foo.bar.com</example>
+ <p>as users do not always mention that they are talking about the
+ server!</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ServerAlias</name>
+<description>Sets alternate names for a host used when matching requests
+to name-virtual hosts</description>
+<syntax>ServerAlias <em>hostname</em> [<em>hostname</em>] ...</syntax>
+<contextlist><context>virtual host</context></contextlist>
+
+<usage>
+ <p>The <directive>ServerAlias</directive> directive sets the
+ alternate names for a host, for use with <a
+ href="../vhosts/name-based.html">name-based virtual hosts</a>.</p>
+
+<example>
+ <VirtualHost *><br />
+ ServerName server.domain.com<br />
+ ServerAlias server server2.domain.com server2<br />
+ ...<br />
+ </VirtualHost>
+</example>
+</usage>
+<seealso><a href="../vhosts/">Apache Virtual Host documentation</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ServerName</name>
+<description>Sets the hostname and port that the server uses to identify
+itself</description>
+<syntax>ServerName <em>fully-qualified-domain-name[:port]</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+<compatibility>In version 2.0, this
+ directive supersedes the functionality of the <directive>Port</directive>
+ directive from version 1.3.</compatibility>
+
+<usage>
+ <p>The <directive>ServerName</directive> directive sets the hostname and
+ port that the server uses to identify itself. This is used when
+ creating redirection URLs. For example, if the name of the
+ machine hosting the webserver is <code>simple.example.com</code>,
+ but the machine also has the DNS alias <code>www.example.com</code>
+ and you wish the webserver to be so identified, the following
+ directive should be used:</p>
+
+<example>ServerName www.example.com:80</example>
+
+ <p>If no <directive>ServerName</directive> is specified, then the
+ server attempts to deduce the hostname by performing a reverse
+ lookup on the IP address. If no port is specified in the
+ servername, then the server will use the port from the incoming
+ request. For optimal reliability and predictability, you should
+ specify an explicit hostname and port using the
+ <directive>ServerName</directive> directive.</p>
+
+ <p>If you are using <a
+ href="../vhosts/name-based.html">name-based virtual hosts</a>,
+ the <directive>ServerName</directive> inside a
+ <directive type="section" module="core">VirtualHost</directive>
+ section specifies what hostname must appear in the request's
+ <code>Host:</code> header to match this virtual host.</p>
+
+ <p>See the description of the
+ <directive module="core">UseCanonicalName</directive> directive for
+ settings which determine whether self-referential URL's (e.g., by the
+ <module>mod_dir</module> module) will refer to the
+ specified port, or to the port number given in the client's request.
+ </p>
+</usage>
+
+<seealso><a href="../dns-caveats.html">DNS Issues</a></seealso>
+<seealso><a href="../vhosts/">Apache virtual host
+ documentation</a></seealso>
+<seealso><directive module="core">UseCanonicalName</directive></seealso>
+<seealso><directive module="core">NameVirtualHost</directive></seealso>
+<seealso><directive module="core">ServerAlias</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ServerPath</name>
+<description>Sets the legacy URL pathname for a name-virtual host that
+is accessed by an incompatible browser</description>
+<syntax>ServerPath <em>directory-path</em></syntax>
+<contextlist><context>virtual host</context></contextlist>
+
+<usage>
+ <p>The <directive>ServerPath</directive> directive sets the legacy
+ URL pathname for a host, for use with <a
+ href="../vhosts/">name-based virtual hosts</a>.</p>
+</usage>
+<seealso><a href="../vhosts/">Apache Virtual Host documentation</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ServerRoot</name>
+<description>Sets the base directory for the server installation</description>
+<syntax>ServerRoot <em>directory-path</em></syntax>
+<default>ServerRoot /usr/local/apache</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>ServerRoot</directive> directive sets the
+ directory in which the server lives. Typically it will contain the
+ subdirectories <code>conf/</code> and <code>logs/</code>. Relative
+ paths for other configuration files are taken as relative to this
+ directory.</p>
+</usage>
+<seealso><a href="../invoking.html">the <code>-d</code>
+ option to <code>httpd</code></a></seealso>
+<seealso><a href="../misc/security_tips.html#serverroot">the
+ security tips</a> for information on how to properly set
+ permissions on the ServerRoot</seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ServerSignature</name>
+<description>Configures the footer on server-generated documents</description>
+<syntax>ServerSignature On|Off|EMail</syntax>
+<default>ServerSignature Off</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>ServerSignature</directive> directive allows the
+ configuration of a trailing footer line under server-generated
+ documents (error messages, mod_proxy ftp directory listings,
+ mod_info output, ...). The reason why you would want to enable
+ such a footer line is that in a chain of proxies, the user often
+ has no possibility to tell which of the chained servers actually
+ produced a returned error message.<br /> The <samp>Off</samp>
+ setting, which is the default, suppresses the error line (and is
+ therefore compatible with the behavior of Apache-1.2 and
+ below). The <samp>On</samp> setting simply adds a line with the
+ server version number and <directive
+ module="core">ServerName</directive> of the serving virtual host,
+ and the <samp>EMail</samp> setting additionally creates a
+ "mailto:" reference to the <directive
+ module="core">ServerAdmin</directive> of the referenced
+ document.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ServerTokens</name>
+<description>Configures the Server HTTP response header</description>
+<syntax>ServerTokens Minimal|ProductOnly|OS|Full</syntax>
+<default>ServerTokens Full</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>This directive controls whether <samp>Server</samp> response
+ header field which is sent back to clients includes a
+ description of the generic OS-type of the server as well as
+ information about compiled-in modules.</p>
+
+ <dl>
+ <dt><code>ServerTokens Prod[uctOnly]</code></dt>
+
+ <dd>Server sends (<em>e.g.</em>): <samp>Server:
+ Apache</samp></dd>
+
+ <dt><code>ServerTokens Min[imal]</code></dt>
+
+ <dd>Server sends (<em>e.g.</em>): <samp>Server:
+ Apache/1.3.0</samp></dd>
+
+ <dt><code>ServerTokens OS</code></dt>
+
+ <dd>Server sends (<em>e.g.</em>): <samp>Server: Apache/1.3.0
+ (Unix)</samp></dd>
+
+ <dt><code>ServerTokens Full</code> (or not specified)</dt>
+
+ <dd>Server sends (<em>e.g.</em>): <samp>Server: Apache/1.3.0
+ (Unix) PHP/3.0 MyMod/1.2</samp></dd>
+ </dl>
+
+ <p>This setting applies to the entire server, and cannot be
+ enabled or disabled on a virtualhost-by-virtualhost basis.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SetHandler</name>
+<description>Forces all matching files to be processed by a
+handler</description>
+<syntax>SetHandler <em>handler-name</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<compatibility>Moved into the core in Apache 2.0</compatibility>
+
+<usage>
+ <p>When placed into an <code>.htaccess</code> file or a
+ <directive type="section" module="core">Directory</directive> or
+ <directive type="section" module="core">Location</directive>
+ section, this directive forces all matching files to be parsed
+ through the <a href="../handler.html">handler</a> given by
+ <em>handler-name</em>. For example, if you had a directory you
+ wanted to be parsed entirely as imagemap rule files, regardless
+ of extension, you might put the following into an
+ <code>.htaccess</code> file in that directory:</p>
+<example>
+ SetHandler imap-file
+</example>
+
+ <p>Another example: if you wanted to have the server display a
+ status report whenever a URL of
+ <code>http://servername/status</code> was called, you might put
+ the following into httpd.conf:</p>
+<example>
+ <Location /status><br />
+ SetHandler server-status<br />
+ </Location>
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SetInputFilter</name>
+<description>Sets the filters that will process client requests and POST
+input</description>
+<syntax>SetInputFilter <em>filter</em>[<em>;filter</em>...]</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>SetInputFilter</directive> directive sets the
+ filter or filters which will process client requests and POST
+ input when they are received by the server. This is in addition to
+ any filters defined elsewhere, including the
+ <directive module="mod_mime">AddInputFilter</directive>
+ directive.</p>
+
+ <p>If more than one filter is specified, they must be separated
+ by semicolons in the order in which they should process the
+ content.</p>
+</usage>
+<seealso><a href="../filter.html">Filters</a> documentation</seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SetOutputFilter</name>
+<description>Sets the filters that will process responses from the
+server</description>
+<syntax>SetOutputFilter <em>filter</em> [<em>filter</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>SetOutputFilter</directive> directive sets the filters
+ which will process responses from the server before they are
+ sent to the client. This is in addition to any filters defined
+ elsewhere, including the
+ <directive module="mod_mime">AddOutputFilter</directive>
+ directive.</p>
+
+ <p>For example, the following configuration will process all files
+ in the <code>/www/data/</code> directory for server-side
+ includes.</p>
+<example>
+<Directory /www/data/><br />
+ SetOutputFilter INCLUDES<br />
+</Directory>
+</example>
+
+ <p>If more than one filter is specified, they must be separated
+ by semicolons in the order in which they should process the
+ content.</p>
+</usage>
+<seealso><a href="../filter.html">Filters</a> documentation</seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>TimeOut</name>
+<description>Defines the amount of time the server will wait for
+certain events before failing a request</description>
+<syntax>TimeOut <em>number</em></syntax>
+<default>TimeOut 300</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>TimeOut</directive> directive currently defines
+ the amount of time Apache will wait for three things:</p>
+
+ <ol>
+ <li>The total amount of time it takes to receive a GET
+ request.</li>
+
+ <li>The amount of time between receipt of TCP packets on a
+ POST or PUT request.</li>
+
+ <li>The amount of time between ACKs on transmissions of TCP
+ packets in responses.</li>
+ </ol>
+
+ <p>We plan on making these separately configurable at some point
+ down the road. The timer used to default to 1200 before 1.2,
+ but has been lowered to 300 which is still far more than
+ necessary in most situations. It is not set any lower by
+ default because there may still be odd places in the code where
+ the timer is not reset when a packet is sent. </p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>UseCanonicalName</name>
+<description>Configures how the server determines its own name and
+port</description>
+<syntax>UseCanonicalName on|off|dns</syntax>
+<default>UseCanonicalName on</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+<override>Options</override>
+
+<usage>
+ <p>In many situations Apache has to construct a
+ <em>self-referential</em> URL. That is, a URL which refers back to
+ the same server. With <code>UseCanonicalName on</code> Apache will
+ use the hostname and port specified in the <directive
+ module="core">ServerName</directive> directive to construct a canonical
+ name for the server. This name is used in all self-referential
+ URLs, and for the values of <code>SERVER_NAME</code> and
+ <code>SERVER_PORT</code> in CGIs.</p>
+
+ <p>With <code>UseCanonicalName off</code> Apache will form
+ self-referential URLs using the hostname and port supplied by
+ the client if any are supplied (otherwise it will use the
+ canonical name). These values are the same that are used to
+ implement <a href="../vhosts/name-based.html">name based
+ virtual hosts</a>, and are available with the same clients. The
+ CGI variables <code>SERVER_NAME</code> and
+ <code>SERVER_PORT</code> will be constructed from the client
+ supplied values as well.</p>
+
+ <p>An example where this may be useful is on an intranet server
+ where you have users connecting to the machine using short
+ names such as <code>www</code>. You'll notice that if the users
+ type a shortname, and a URL which is a directory, such as
+ <code>http://www/splat</code>, <em>without the trailing
+ slash</em> then Apache will redirect them to
+ <code>http://www.domain.com/splat/</code>. If you have
+ authentication enabled, this will cause the user to have to
+ reauthenticate twice (once for <code>www</code> and once again
+ for <code>www.domain.com</code>). But if
+ <directive>UseCanonicalName</directive> is set off, then Apache will
+ redirect to <code>http://www/splat/</code>.</p>
+
+ <p>There is a third option, <code>UseCanonicalName DNS</code>,
+ which is intended for use with mass IP-based virtual hosting to
+ support ancient clients that do not provide a
+ <code>Host:</code> header. With this option Apache does a
+ reverse DNS lookup on the server IP address that the client
+ connected to in order to work out self-referential URLs.</p>
+
+ <p><strong>Warning:</strong> if CGIs make assumptions about the
+ values of <code>SERVER_NAME</code> they may be broken by this
+ option. The client is essentially free to give whatever value
+ they want as a hostname. But if the CGI is only using
+ <code>SERVER_NAME</code> to construct self-referential URLs
+ then it should be just fine.</p>
+</usage>
+<seealso><directive module="core">ServerName</directive></seealso>
+<seealso><directive module="mpm_common">Listen</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>VirtualHost</name>
+<description>Contains directives that apply only to a specific
+hostname or IP address</description>
+<syntax><VirtualHost
+ <em>addr</em>[:<em>port</em>] [<em>addr</em>[:<em>port</em>]]
+ ...> ... </VirtualHost></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p><directive type="section">VirtualHost</directive> and
+ <code></VirtualHost></code> are used to enclose a group of
+ directives which will apply only to a particular virtual host. Any
+ directive which is allowed in a virtual host context may be
+ used. When the server receives a request for a document on a
+ particular virtual host, it uses the configuration directives
+ enclosed in the <directive type="section">VirtualHost</directive>
+ section. <em>Addr</em> can be</p>
+
+ <ul>
+ <li>The IP address of the virtual host</li>
+
+ <li>A fully qualified domain name for the IP address of the
+ virtual host.</li>
+ </ul>
+ Example:
+
+<example><VirtualHost 10.1.2.3><br />
+ ServerAdmin webmaster@host.foo.com<br />
+ DocumentRoot /www/docs/host.foo.com<br />
+ ServerName host.foo.com<br />
+ ErrorLog logs/host.foo.com-error_log<br />
+ TransferLog logs/host.foo.com-access_log<br />
+ </VirtualHost>
+</example>
+
+
+ <p>IPv6 addresses must be specified in square brackets because
+ the optional port number could not be determined otherwise. An
+ IPv6 example is shown below:</p>
+
+<example>
+<VirtualHost [fe80::a00:20ff:fea7:ccea]><br />
+ ServerAdmin webmaster@host.foo.com<br />
+ DocumentRoot /www/docs/host.foo.com<br />
+ ServerName host.foo.com<br />
+ ErrorLog logs/host.foo.com-error_log<br />
+ TransferLog logs/host.foo.com-access_log<br />
+ </VirtualHost>
+</example>
+
+ <p>Each Virtual Host must correspond to a different IP address,
+ different port number or a different host name for the server,
+ in the former case the server machine must be configured to
+ accept IP packets for multiple addresses. (If the machine does
+ not have multiple network interfaces, then this can be
+ accomplished with the <code>ifconfig alias</code> command (if
+ your OS supports it), or with kernel patches like <a
+ href="../misc/vif-info.html">VIF</a> (for SunOS(TM) 4.1.x)).</p>
+
+ <p>The special name <code>_default_</code> can be specified in
+ which case this virtual host will match any IP address that is
+ not explicitly listed in another virtual host. In the absence
+ of any _default_ virtual host the "main" server config,
+ consisting of all those definitions outside any VirtualHost
+ section, is used when no match occurs.</p>
+
+ <p>You can specify a <code>:port</code> to change the port that is
+ matched. If unspecified then it defaults to the same port as the
+ most recent <directive module="mpm_common">Listen</directive>
+ statement of the main server. You may also specify <code>:*</code>
+ to match all ports on that address. (This is recommended when used
+ with <code>_default_</code>.)</p>
+
+ <p><strong>SECURITY</strong>: See the <a
+ href="../misc/security_tips.html">security tips</a> document
+ for details on why your security could be compromised if the
+ directory where logfiles are stored is writable by anyone other
+ than the user that starts the server.</p>
+
+ <p><strong>NOTE</strong>: The use of <directive
+ type="section">VirtualHost</directive> does <strong>not</strong>
+ affect what addresses Apache listens on. You may need to ensure
+ that Apache is listening on the correct addresses using <directive
+ module="mpm_common">Listen</directive>.</p>
+</usage>
+<seealso><a href="../vhosts/">Apache Virtual Host documentation</a></seealso>
+<seealso><a href="../dns-caveats.html">Warnings about DNS and
+ Apache</a></seealso>
+<seealso><a href="../bind.html">Setting
+ which addresses and ports Apache uses</a></seealso>
+<seealso><a href="../sections.html">How
+ Directory, Location and Files sections work</a> for an
+ explanation of how these different sections are combined when a
+ request is received</seealso>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE directiveindex [
+ <!ENTITY allmodules SYSTEM "allmodules.xml">
+]>
+
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<directiveindex>
+<title>Directive Index</title>
+<summary>
+ <p>Each Apache directive available in the standard Apache
+ distribution is listed here. They are described using a
+ consistent format, and there is <a href="directive-dict.html"
+ rel="Glossary">a dictionary</a> of the terms used in their
+ descriptions available.</p>
+</summary>
+&allmodules;
+</directiveindex>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE directiveindex [
+ <!ENTITY allmodules SYSTEM "allmodules.xml">
+]>
+
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<moduleindex>
+<title>Module Index</title>
+<summary>
+
+ <p>Below is a list of all of the modules that come as part of
+ the Apache distribution. See also the complete
+ alphabetical list of <a href="directives.html">all Apache
+ directives</a>.</p>
+
+</summary>
+&allmodules;
+</moduleindex>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_actions</name>
+
+<description>This module provides for executing CGI scripts based on
+media type or request method.</description>
+
+<status>Base</status>
+<sourcefile>mod_actions.c</sourcefile>
+<identifier>actions_module</identifier>
+
+<summary>
+ <p>This module has two directives. The <directive
+ module="mod_actions">Action</directive> directive lets you run CGI
+ scripts whenever a file of a certain type is requested. The
+ <directive module="mod_actions">Script</directive> directive lets
+ you run CGI scripts whenever a particular method is used in a
+ request. This makes it much easier to execute scripts that process
+ files.</p>
+</summary>
+
+<directivesynopsis>
+
+<name>Action</name>
+
+<description>Activates a CGI script for a particular handler or
+content-type</description>
+
+<syntax>Action <em>action-type cgi-script</em></syntax>
+<contextlist>
+<context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>This directive adds an action, which will activate
+ <em>cgi-script</em> when <em>action-type</em> is triggered by
+ the request. The <em>action-type</em> can be either a <a
+ href="../handler.html">handler</a> or a MIME content type. It
+ sends the URL and file path of the requested document using the
+ standard CGI PATH_INFO and PATH_TRANSLATED environment
+ variables.</p>
+
+<example>
+<title>Examples</title>
+
+ # Requests for files of a particular type:<br />
+ Action image/gif /cgi-bin/images.cgi<br />
+<br />
+ # Files of a particular file extension<br />
+ AddHandler my-file-type .xyz<br />
+ Action my-file-type /cgi-bin/program.cgi<br />
+</example>
+
+ <p>In the first example, requests for files with a MIME content
+ type of <code>image/gif</code> will instead be handled by the
+ specified cgi script <code>/cgi-bin/images.cgi</code>.</p>
+
+ <p>In the second example, requests for files with a file extension of
+ <code>.xyz</code> are handled instead by the specified cgi script
+ <code>/cgi-bin/program.cgi</code>.</p>
+</usage>
+
+<seealso><directive module="mod_mime">AddHandler</directive></seealso>
+
+</directivesynopsis>
+
+<directivesynopsis>
+
+<name>Script</name>
+
+<description>Activates a CGI script for a particular request
+method.</description>
+<syntax> Script <em>method cgi-script</em></syntax>
+<contextlist>
+<context>server config</context><context>virtual host</context>
+<context>directory</context></contextlist>
+<usage>
+ <p>This directive adds an action, which will activate
+ <em>cgi-script</em> when a file is requested using the method of
+ <em>method</em>. It sends the URL and file path of the requested
+ document using the standard CGI PATH_INFO and PATH_TRANSLATED
+ environment variables.</p>
+
+<note>
+ Any arbitrary method name may be used. <strong>Method names are
+ case-sensitive</strong>, so <code>Script PUT</code> and
+ <code>Script put</code> have two entirely different
+ effects.
+</note>
+
+ <p>Note that the Script command defines default actions only.
+ If a CGI script is called, or some other resource that is
+ capable of handling the requested method internally, it will do
+ so. Also note that Script with a method of <code>GET</code>
+ will only be called if there are query arguments present
+ (<em>e.g.</em>, foo.html?hi). Otherwise, the request will
+ proceed normally.</p>
+
+<example>
+<title>Examples</title>
+ # For <ISINDEX>-style searching<br />
+ Script GET /cgi-bin/search<br />
+ # A CGI PUT handler<br />
+ Script PUT /~bob/put.cgi<br />
+</example>
+</usage>
+
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_alias</name>
+<description>Provides for mapping different parts of the host
+ filesystem in the document tree and for URL redirection</description>
+<status>Base</status>
+<sourcefile>mod_alias.c</sourcefile>
+<identifier>alias_module</identifier>
+
+<summary>
+ <p>The directives contained in this module allow for manipulation
+ and control of URLs as requests arrive at the server. The
+ <directive module="mod_alias">Alias</directive> and <directive
+ module="mod_alias">ScriptAlias</directive> directives are used to
+ map between URLs and filesystem paths. This allows for content
+ which is not directly under the <directive
+ module="core">DocumentRoot</directive> served as part of the web
+ document tree. The <directive
+ module="mod_alias">ScriptAlias</directive> directive has the
+ additional effect of marking the target directory as containing
+ only CGI scripts.</p>
+
+ <p>The <directive module="mod_alias">Redirect</directive>
+ directives are used to instruct clients to make a new request with
+ a different URL. They are often used when a resource has moved to
+ a new location.</p>
+
+ <p>A more powerful and flexible set of directives for
+ manipulating URLs is contained in the <module>mod_rewrite</module>
+ module.</p>
+</summary>
+
+<directivesynopsis>
+<name>Alias</name>
+<description>Maps URLs to filesystem locations</description>
+<syntax> Alias <em>URL-path
+ file-path</em>|<em>directory-path</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+
+ <p>The <directive>Alias</directive> directive allows documents to
+ be stored in the local filesystem other than under the
+ <directive module="core">DocumentRoot</directive>. URLs with a
+ (%-decoded) path beginning with <em>url-path</em> will be mapped
+ to local files beginning with <em>directory-filename</em>.</p>
+
+ <p>Example:</p>
+
+<example>Alias /image /ftp/pub/image</example>
+
+ <p>A request for http://myserver/image/foo.gif would cause the
+ server to return the file /ftp/pub/image/foo.gif.</p>
+
+ <p>Note that if you include a trailing / on the
+ <em>url-path</em> then the server will require a trailing / in
+ order to expand the alias. That is, if you use <code>Alias
+ /icons/ /usr/local/apache/icons/</code> then the url
+ <code>/icons</code> will not be aliased.</p>
+
+ <p>Note that you may need to specify additional <directive
+ module="core"><Directory></directive> sections which cover
+ the <em>destination</em> of aliases. Aliasing occurs before
+ <directive module="core"><Directory></directive> sections
+ are checked, so only the destination of aliases are affected.
+ (Note however <directive module="core"><Location></directive>
+ sections are run through once before aliases are performed, so
+ they will apply.)</p>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AliasMatch</name>
+<description>Maps URLs to filesystem locations using regular
+expressions</description>
+<syntax>AliasMatch <em>regex
+ file-path</em>|<em>directory-path</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>This directive is equivalent to <directive
+ module="mod_alias">Alias</directive>, but makes use of standard
+ regular expressions, instead of simple prefix matching. The
+ supplied regular expression is matched against the URL-path, and
+ if it matches, the server will substitute any parenthesized
+ matches into the given string and use it as a filename. For
+ example, to activate the <code>/icons</code> directory, one might
+ use:</p>
+<example>
+ AliasMatch ^/icons(.*) /usr/local/apache/icons$1
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>Redirect</name>
+<description>Sends an external redirect asking the client to fetch
+a different URL</description>
+<syntax>Redirect [<em>status</em>] <em>URL-path URL</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>The Redirect directive maps an old URL into a new one. The
+ new URL is returned to the client which attempts to fetch it
+ again with the new address. <em>URL-path</em> a (%-decoded)
+ path; any requests for documents beginning with this path will
+ be returned a redirect error to a new (%-encoded) URL beginning
+ with <em>URL</em>.</p>
+
+ <p>Example:</p>
+
+<example>Redirect /service http://foo2.bar.com/service</example>
+
+ <p>If the client requests http://myserver/service/foo.txt, it
+ will be told to access http://foo2.bar.com/service/foo.txt
+ instead.</p>
+
+<note><title>Note</title> <p>Redirect directives take precedence over
+Alias and ScriptAlias directives, irrespective of their ordering in
+the configuration file. Also, <em>URL-path</em> must be an absolute
+path, not a relative path, even when used with .htaccess files or
+inside of <directive module="core"><Directory></directive>
+sections.</p></note>
+
+ <p>If no <em>status</em> argument is given, the redirect will
+ be "temporary" (HTTP status 302). This indicates to the client
+ that the resource has moved temporarily. The <em>status</em>
+ argument can be used to return other HTTP status codes:</p>
+
+ <dl>
+ <dt>permanent</dt>
+
+ <dd>Returns a permanent redirect status (301) indicating that
+ the resource has moved permanently.</dd>
+
+ <dt>temp</dt>
+
+ <dd>Returns a temporary redirect status (302). This is the
+ default.</dd>
+
+ <dt>seeother</dt>
+
+ <dd>Returns a "See Other" status (303) indicating that the
+ resource has been replaced.</dd>
+
+ <dt>gone</dt>
+
+ <dd>Returns a "Gone" status (410) indicating that the
+ resource has been permanently removed. When this status is
+ used the <em>url</em> argument should be omitted.</dd>
+ </dl>
+
+ <p>Other status codes can be returned by giving the numeric
+ status code as the value of <em>status</em>. If the status is
+ between 300 and 399, the <em>url</em> argument must be present,
+ otherwise it must be omitted. Note that the status must be
+ known to the Apache code (see the function
+ <code>send_error_response</code> in http_protocol.c).</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RedirectMatch</name>
+<description>Sends an external redirect asking the client to fetch
+a different URL based on a regular expression match of the
+current URL</description>
+<syntax>RedirectMatch [<em>status</em>] <em>regex URL</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>This directive is equivalent to <directive
+ module="mod_alias">Redirect</directive>, but makes use of standard
+ regular expressions, instead of simple prefix matching. The
+ supplied regular expression is matched against the URL-path, and
+ if it matches, the server will substitute any parenthesized
+ matches into the given string and use it as a filename. For
+ example, to redirect all GIF files to like-named JPEG files on
+ another server, one might use:</p>
+<example>
+ RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RedirectTemp</name>
+<description>Sends an external temporary redirect asking the client to fetch
+a different URL</description>
+<syntax>RedirectTemp <em>URL-path URL</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>This directive makes the client know that the Redirect is
+ only temporary (status 302). Exactly equivalent to
+ <code>Redirect temp</code>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RedirectPermanent</name>
+<description>Sends an external permanent redirect asking the client to fetch
+a different URL</description>
+<syntax>RedirectPermanent <em>URL-path URL</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>This directive makes the client know that the Redirect is
+ permanent (status 301). Exactly equivalent to <code>Redirect
+ permanent</code>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ScriptAlias</name>
+<description>Maps a URL to a filesystem location and designates the
+target as a CGI script</description>
+<syntax>ScriptAlias
+<em>URL-path file-path</em>|<em>directory-path</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>ScriptAlias</directive> directive has the same
+ behavior as the <directive module="mod_alias">Alias</directive>
+ directive, except that in addition it marks the target directory
+ as containing CGI scripts that will be processed by <module
+ >mod_cgi</module>'s cgi-script handler. URLs with a
+ (%-decoded) path beginning with <em>URL-path</em> will be mapped
+ to scripts beginning with the second argument which is a full
+ pathname in the local filesystem.</p>
+
+ <p>Example:</p>
+
+<example>ScriptAlias /cgi-bin/ /web/cgi-bin/</example>
+
+ <p>A request for <code>http://myserver/cgi-bin/foo</code> would cause the
+ server to run the script <code>/web/cgi-bin/foo</code>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ScriptAliasMatch</name>
+<description>Maps a URL to a filesystem location using a regular expression
+and designates the target as a CGI script</description>
+<syntax>ScriptAliasMatch
+<em>regex file-path</em>|<em>directory-path</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>This directive is equivalent to <directive module="mod_alias"
+ >ScriptAlias</directive>, but makes use of standard
+ regular expressions, instead of simple prefix matching. The
+ supplied regular expression is matched against the URL-path,
+ and if it matches, the server will substitute any parenthesized
+ matches into the given string and use it as a filename. For
+ example, to activate the standard <code>/cgi-bin</code>, one
+ might use:</p>
+<example>
+ ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1
+</example>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_asis</name>
+<description>Sends files that contain their own
+HTTP headers</description>
+<status>Base</status>
+<sourcefile>mod_asis.c</sourcefile>
+<identifier>asis_module</identifier>
+
+<summary>
+ <p>This module provides the handler <code>send-as-is</code>
+ which causes Apache to send the document without adding most of
+ the usual HTTP headers.</p>
+
+ <p>This can be used to send any kind of data from the server,
+ including redirects and other special HTTP responses, without
+ requiring a cgi-script or an nph script.</p>
+
+ <p>For historical reasons, this module will also process any
+ file with the mime type <code>httpd/send-as-is</code>.</p>
+</summary>
+
+<section><title>Usage</title>
+
+ <p>In the server configuration file, associate files with the
+ <code>send-as-is</code> handler <em>e.g.</em></p>
+
+<example>AddHandler send-as-is asis</example>
+
+ <p>The contents of any file with a <code>.asis</code> extension
+ will then be sent by Apache to the client with almost no
+ changes. Clients will need HTTP headers to be attached, so do
+ not forget them. A Status: header is also required; the data
+ should be the 3-digit HTTP response code, followed by a textual
+ message.</p>
+
+ <p>Here's an example of a file whose contents are sent <em>as
+ is</em> so as to tell the client that a file has
+ redirected.</p>
+
+
+<example>Status: 301 Now where did I leave that URL<br />
+ Location: http://xyz.abc.com/foo/bar.html<br />
+ Content-type: text/html<br />
+ <br />
+ <HTML><br />
+ <HEAD><br />
+ <TITLE>Lame excuses'R'us</TITLE><br />
+ </HEAD><br />
+ <BODY><br />
+ <H1>Fred's exceptionally wonderful page has moved
+ to<br />
+ <A
+ HREF="http://xyz.abc.com/foo/bar.html">Joe's</A>
+ site.<br />
+ </H1><br />
+ </BODY><br />
+ </HTML>
+</example>
+
+ <p>Notes: the server always adds a Date: and Server: header to
+ the data returned to the client, so these should not be
+ included in the file. The server does <em>not</em> add a
+ Last-Modified header; it probably should. </p>
+</section>
+
+</modulesynopsis>
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+<name>mod_auth_digest</name>
+<description>User authentication using MD5
+ Digest Authentication.</description>
+<status>Experimental</status>
+<sourcefile>mod_auth_digest.c</sourcefile>
+<identifier>auth_digest_module</identifier>
+
+<summary>
+ <p>This module implements HTTP Digest Authentication. However, it
+ has not been extensively tested and is therefore marked
+ experimental.</p>
+</summary>
+
+<seealso><directive module="core">AuthName</directive></seealso>
+<seealso><directive module="core">AuthType</directive></seealso>
+<seealso><directive module="core">Require</directive></seealso>
+<seealso><directive module="core">Satisfy</directive></seealso>
+
+<section><title>Using Digest Authentication</title>
+
+ <p>Using MD5 Digest authentication is very simple. Simply set
+ up authentication normally, using "AuthType Digest" and
+ "AuthDigestFile" instead of the normal "AuthType Basic" and
+ "AuthUserFile"; also, replace any "AuthGroupFile" with
+ "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
+ containing at least the root URI(s) for this protection space.
+ Example:</p>
+<example>
+ <Location /private/><br />
+ AuthType Digest<br />
+ AuthName "private area"<br />
+ AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
+ AuthDigestFile /web/auth/.digest_pw<br />
+ Require valid-user<br />
+ </Location>
+</example>
+
+<note><title>Note</title>
+ <p>MD5 authentication provides a more
+ secure password system than Basic authentication, but only
+ works with supporting browsers. As of this writing (October 2001),
+ the only major browsers which support digest authentication are
+ <a href="http://www.opera.com/">Opera 4.0</a>,
+ <a href="http://www.microsoft.com/windows/ie/">MS Internet
+ Explorer 5.0</a> and <a href="http://www.w3.org/Amaya/">Amaya</a>.
+ Therefore, we do not yet recommend using this feature on a large
+ Internet site. However, for personal and intra-net use, where
+ browser users can be controlled, it is ideal.</p>
+</note>
+</section>
+
+<directivesynopsis>
+<name>AuthDigestFile</name>
+<description>Location of the text file containing the list
+of users and encoded passwords for digest authentication</description>
+<syntax>AuthDigestFile <em>file-path</em></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>The <directive>AuthDigestFile</directive> directive sets the
+ name of a textual file containing the list of users and encoded
+ passwords for digest authentication. <em>File-path</em> is the
+ absolute path to the user file.</p>
+
+ <p>The digest file uses a special format. Files in this format
+ can be created using the <a
+ href="../programs/htdigest.html">htdigest</a> utility found in
+ the support/ subdirectory of the Apache distribution.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDigestGroupFile</name>
+<description>Name of the text file containing the list of groups
+for digest authentication</description>
+<syntax>AuthDigestGroupFile <em>file-path</em></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>The <directive>AuthDigestGroupFile</directive> directive sets
+ the name of a textual file containing the list of groups and their
+ members (user names). <em>File-path</em> is the absolute path to
+ the group file.</p>
+
+ <p>Each line of the group file contains a groupname followed by
+ a colon, followed by the member usernames separated by spaces.
+ Example:</p>
+
+<example>mygroup: bob joe anne</example>
+
+ <p>Note that searching large text files is <em>very</em>
+ inefficient.</p>
+
+ <p>Security: make sure that the AuthGroupFile is stored outside
+ the document tree of the web-server; do <em>not</em> put it in
+ the directory that it protects. Otherwise, clients will be able
+ to download the AuthGroupFile.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDigestQop</name>
+<description>Determines the quality-of-protection to use in digest
+authentication</description>
+<syntax>AuthDigestQop none|auth|auth-int [auth|auth-int]</syntax>
+<default>AuthDigestQop auth</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>The <directive>AuthDigestQop</directive> directive determines
+ the quality-of-protection to use. <em>auth</em> will only do
+ authentication (username/password); <em>auth-int</em> is
+ authentication plus integrity checking (an MD5 hash of the entity
+ is also computed and checked); <em>none</em> will cause the module
+ to use the old RFC-2069 digest algorithm (which does not include
+ integrity checking). Both <em>auth</em> and <em>auth-int</em> may
+ be specified, in which the case the browser will choose which of
+ these to use. <em>none</em> should only be used if the browser for
+ some reason does not like the challenge it receives otherwise.</p>
+
+ <p><strong><em>auth-int</em> is not implemented
+ yet</strong>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDigestNonceLifetime</name>
+<description>How long the server nonce is valid</description>
+<syntax>AuthDigestNonceLifetime <em>seconds</em></syntax>
+<default>AuthDigestNonceLifetime 300</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>The <directive>AuthDigestNonceLifetime</directive> directive
+ controls how long the server nonce is valid. When the client
+ contacts the server using an expired nonce the server will send
+ back a 401 with <code>stale=true</code>. If <em>seconds</em> is
+ greater than 0 then it specifies the amount of time for which the
+ nonce is valid; this should probably never be set to less than 10
+ seconds. If <em>seconds</em> is less than 0 then the nonce never
+ expires. <!-- Not implemented yet If <EM>seconds</EM> is 0 then
+ the nonce may be used exactly once by the client. Note that while
+ one-time-nonces provide higher security against replay attacks,
+ they also have significant performance implications, as the
+ browser cannot pipeline or multiple connections for the
+ requests. Because browsers cannot easily detect that
+ one-time-nonces are being used, this may lead to browsers trying
+ to pipeline requests and receiving 401 responses for all but the
+ first request, requiring the browser to resend the requests. Note
+ also that the protection against reply attacks only makes sense
+ for dynamically generated content and things like POST requests;
+ for static content the attacker may already have the complete
+ response, so one-time-nonces do not make sense here. -->
+ </p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDigestNonceFormat</name>
+<description>Determines how the nonce is generated</description>
+<syntax>???</syntax>
+<default>???</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p><strong>Not implemented yet.</strong> <!--
+ <P>The AuthDigestNonceFormat directive determines how the nonce is
+ generated.
+ -->
+ </p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDigestNcCheck</name>
+<description>Enables or disables checking of the nonce-count sent by the
+server</description>
+<syntax>AuthDigestNcCheck On|Off</syntax>
+<default>AuthDigestNcCheck Off</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p><strong>Not implemented yet.</strong> <!--
+ <P>The AuthDigestNcCheck directive enables or disables the checking of the
+ nonce-count sent by the server.
+
+ <P>While recommended from a security standpoint, turning this directive
+ On has one important performance implication. To check the nonce-count
+ *all* requests (which have an Authorization header, irrespective of
+ whether they require digest authentication) must be serialized through
+ a critical section. If the server is handling a large number of
+ requests which contain the Authorization header then this may noticeably
+ impact performance.
+ -->
+ </p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDigestAlgorithm</name>
+<description>Selects the algorithm used to calculate the challenge and
+response hases in digest authentication</description>
+<syntax>AuthDigestAlgorithm MD5|MD5-sess</syntax>
+<default>AuthDigestAlgorithm MD5</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>The <directive>AuthDigestAlgorithm</directive> directive
+ selects the algorithm used to calculate the challenge and response
+ hashes.</p>
+
+ <p><strong><em>MD5-sess</em> is not correctly implemented
+ yet</strong>. <!--
+ <P>To use <EM>MD5-sess</EM> you must first code up the
+ <VAR>get_userpw_hash()</VAR> function in <VAR>mod_auth_digest.c</VAR> .
+ -->
+ </p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDigestDomain</name>
+<description>URIs that are in the same protection space for digest
+authentication</description>
+<syntax>AuthDigestDomain <em>URI</em> [<em>URI</em>] ...</syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>The <directive>AuthDigestDomain</directive> directive allows
+ you to specify one or more URIs which are in the same protection
+ space (i.e. use the same realm and username/password info). The
+ specified URIs are prefixes, i.e. the client will assume that all
+ URIs "below" these are also protected by the same
+ username/password. The URIs may be either absolute URIs
+ (i.e. inluding a scheme, host, port, etc) or relative URIs.</p>
+
+ <p>This directive <em>should</em> always be specified and
+ contain at least the (set of) root URI(s) for this space.
+ Omitting to do so will cause the client to send the
+ Authorization header for <em>every request</em> sent to this
+ server. Apart from increasing the size of the request, it may
+ also have a detrimental effect on performance if
+ "AuthDigestNcCheck" is on.</p>
+
+ <p>The URIs specified can also point to different servers, in
+ which case clients (which understand this) will then share
+ username/password info across multiple servers without
+ prompting the user each time. </p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+<name>mod_autoindex</name>
+
+<description>Generates directory indexes,
+ automatically, similar to the Unix <em>ls</em> command or the
+ Win32 <em>dir</em> shell command</description>
+<status>Base</status>
+<sourcefile>mod_autoindex.c</sourcefile>
+<identifier>autoindex_module</identifier>
+
+<summary>
+ <p>The index of a directory can come from one of two
+ sources:</p>
+
+ <ul>
+ <li>A file written by the user, typically called
+ <code>index.html</code>. The <directive
+ module="mod_dir">DirectoryIndex</directive> directive sets the
+ name of this file. This is controlled by
+ <module>mod_dir</module>.</li>
+
+ <li>Otherwise, a listing generated by the server. The other
+ directives control the format of this listing. The <directive
+ module="mod_autoindex">AddIcon</directive>, <directive
+ module="mod_autoindex">AddIconByEncoding</directive> and
+ <directive module="mod_autoindex">AddIconByType</directive> are
+ used to set a list of icons to display for various file types;
+ for each file listed, the first icon listed that matches the
+ file is displayed. These are controlled by
+ <module>mod_autoindex</module>.</li>
+ </ul>
+ <p>The two functions are separated so that you can completely
+ remove (or replace) automatic index generation should you want
+ to.</p>
+
+ <p>Automatic index generation is enabled with using
+ <code>Options +Indexes</code>. See the
+ <directive module="core">Options</directive> directive for
+ more details.</p>
+
+ <p>If the <directive module="autoindex">FancyIndexing</directive>
+ option is given with the <directive module="autoindex"
+ >IndexOptions</directive> directive,
+ the column headers are links that control the order of the
+ display. If you select a header link, the listing will be
+ regenerated, sorted by the values in that column. Selecting the
+ same header repeatedly toggles between ascending and descending
+ order. These column header links are suppressed with
+ <directive module="autoindex">IndexOptions</directive> directive's
+ <samp>SuppressColumnSorting</samp> option.</p>
+
+ <p>Note that when the display is sorted by "Size", it's the
+ <em>actual</em> size of the files that's used, not the
+ displayed value - so a 1010-byte file will always be displayed
+ before a 1011-byte file (if in ascending order) even though
+ they both are shown as "1K".</p>
+</summary>
+
+<section><title>Autoindex Request Query Arguments</title>
+
+ <p>Apache 2.0.23 reorganized the Query Arguments for Column
+ Sorting, and introduced an entire group of new query options.
+ To effectively eliminate all client control over the output,
+ the <code><a href="#indexoptions:ignoreclient">IndexOptions
+ IgnoreClient</a></code> option was introduced.</p>
+
+ <p>The column sorting headers themselves are self-referencing
+ hyperlinks that add the sort query options shown below. Any
+ option below may be added to any request for the directory
+ resource.</p>
+
+ <ul>
+ <li><samp>C=N</samp> sorts the directory by file name</li>
+
+ <li><samp>C=M</samp> sorts the directory by last-modified
+ date, then file name</li>
+
+ <li><samp>C=S</samp> sorts the directory by size, then file
+ name</li>
+
+ <li><samp>C=D</samp> sorts the directory by description, then
+ file name<br />
+ </li>
+
+ <li><samp>O=A</samp> sorts the listing in Ascending
+ Order</li>
+
+ <li><samp>O=D</samp> sorts the listing in Descending
+ Order<br />
+ </li>
+
+ <li><samp>F=0</samp> formats the listing as a simple list
+ (not FancyIndexed)</li>
+
+ <li><samp>F=1</samp> formats the listing as a FancyIndexed
+ list</li>
+
+ <li><samp>F=2</samp> formats the listing as an HTMLTable
+ FancyIndexed list<br />
+ </li>
+
+ <li><samp>V=0</samp> disables version sorting</li>
+
+ <li><samp>V=1</samp> enables version sorting<br />
+ </li>
+
+ <li><samp>P=<em>pattern</em></samp> lists only files matching
+ the given <em>pattern</em></li>
+ </ul>
+
+ <p>Note that the 'P'attern query argument is tested
+ <em>after</em> the usual IndexIgnore directives are processed,
+ and all file names are still subjected to the same criteria as
+ any other autoindex listing. The Query Arguments parser in
+ mod_autoindex will stop abruptly when an unrecognized option is
+ encountered. The Query Arguments must be well formed, according
+ to the table above.</p>
+
+ <p>The simple example below, which can be clipped and saved in
+ a header.html file, illustrates these query options. Note that
+ the unknown "X" argument, for the submit button, is listed last
+ to assure the arguments are all parsed before mod_autoindex
+ encounters the X=Go input.</p>
+
+<example>
+<FORM METHOD="GET"><br />
+ Show me a <SELECT NAME="F"><br />
+ <OPTION VALUE="0"> Plain list <br />
+ <OPTION VALUE="1" SELECTED> Fancy list<br />
+ <OPTION VALUE="2"> Table list<br />
+ </SELECT><br />
+ Sorted by <SELECT NAME="C"><br />
+ <OPTION VALUE="N" SELECTED> Name<br />
+ <OPTION VALUE="M"> Date Modified<br />
+ <OPTION VALUE="S"> Size<br />
+ <OPTION VALUE="D"> Description<br />
+ </SELECT><br />
+ <SELECT NAME="O"><br />
+ <OPTION VALUE="A" SELECTED> Ascending<br />
+ <OPTION VALUE="D"> Descending<br />
+ </SELECT><br />
+ <SELECT NAME="V"><br />
+ <OPTION VALUE="0" SELECTED> in Normal order<br />
+ <OPTION VALUE="1"> in Version order<br />
+ </SELECT><br />
+ Matching <INPUT TYPE="text" NAME="P" VALUE="*"><br />
+ <INPUT TYPE="submit" NAME="X" VALUE="Go"><br />
+</FORM>
+</example>
+
+</section>
+
+<directivesynopsis>
+<name>AddAlt</name>
+<description>Alternate text to display for a file, instead of an
+icon selected by filename</description>
+<syntax>AddAlt <em>string file</em> [<em>file</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p><directive>AddAlt</directive> provides the alternate text to
+ display for a file, instead of an icon, for <code><a
+ href="#indexoptions:fancyindexing">FancyIndexing</a></code>.
+ <em>File</em> is a file extension, partial filename, wild-card
+ expression or full filename for files to describe.
+ <em>String</em> is enclosed in double quotes (<code>"</code>).
+ This alternate text is displayed if the client is image-incapable,
+ has image loading disabled, or fails to retrieve the icon.</p>
+
+ <p>Examples:</p>
+<example>
+ AddAlt "PDF" *.pdf<br />
+ AddAlt "Compressed" *.gz *.zip *.Z
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddAltByEncoding</name>
+<description>Alternate text to display for a file instead of an icon
+selected by MIME-encoding</description>
+<syntax>AddAltByEncoding <em>string MIME-encoding</em>
+[<em>MIME-encoding</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p><directive>AddAltByEncoding</directive> provides the alternate
+ text to display for a file, instead of an icon, for <code><a
+ href="#indexoptions:fancyindexing">FancyIndexing</a></code>.
+ <em>MIME-encoding</em> is a valid content-encoding, such as
+ <code>x-compress</code>. <em>String</em> is enclosed in double
+ quotes (<code>"</code>). This alternate text is displayed if the
+ client is image-incapable, has image loading disabled, or fails to
+ retrieve the icon.</p>
+
+ <p>Example:</p>
+<example>
+ AddAltByEncoding "gzip" x-gzip
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddAltByType</name>
+<description>Alternate text to display for a file, instead of an
+icon selected by MIME content-type</description>
+<syntax>AddAltByType <em>string
+ MIME-type</em> [<em>MIME-type</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p><directive>AddAltByType</directive> sets the alternate text to
+ display for a file, instead of an icon, for <code><a
+ href="#indexoptions:fancyindexing">FancyIndexing</a></code>.
+ <em>MIME-type</em> is a valid content-type, such as
+ <code>text/html</code>. <em>String</em> is enclosed in double
+ quotes (<code>"</code>). This alternate text is displayed if the
+ client is image-incapable, has image loading disabled, or fails to
+ retrieve the icon.</p>
+
+ <p>Example:</p>
+<example>
+ AddAltByType "TXT" text/plain
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddDescription</name>
+<syntax>AddDescription
+ <em>string file</em> [<em>file</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>This sets the description to display for a file, for
+ <code><a
+ href="#indexoptions:fancyindexing">FancyIndexing</a></code>.
+ <em>File</em> is a file extension, partial filename, wild-card
+ expression or full filename for files to describe.
+ <em>String</em> is enclosed in double quotes (<code>"</code>).
+ Example:</p>
+
+<example>AddDescription "The planet Mars"
+ /web/pics/mars.gif</example>
+
+ <p>The typical, default description field is 23 bytes wide. 6
+ more bytes are added by the
+ <code>IndexOptions SuppressIcon</code> option, 7 bytes are
+ added by the <code>IndexOptions SuppressSize</code>
+ option, and 19 bytes are added by the
+ <code>IndexOptions SuppressLastModified</code> option.
+ Therefore, the widest default the description column is ever
+ assigned is 55 bytes.</p>
+
+ <p>See the <a
+ href="#indexoptions:descriptionwidth">DescriptionWidth</a>
+ <directive module="mod_autoindex">IndexOptions</directive> keyword
+ for details on overriding the size of this column, or allowing
+ descriptions of unlimited length.</p>
+
+<note><title>Caution</title> <p>Descriptive text defined with
+ <directive>AddDescription</directive> may contain HTML markup, such as
+ tags and character entities. If the width of the description
+ column should happen to truncate a tagged element (such as
+ cutting off the end of a bolded phrase), the results may
+ affect the rest of the directory listing.</p>
+</note>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddIcon</name>
+<description>Icon to display for a file selected by name</description>
+<syntax>AddIcon <em>icon
+ name</em> [<em>name</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>This sets the icon to display next to a file ending in
+ <em>name</em> for <code><a
+ href="#indexoptions:fancyindexing">FancyIndexing</a></code>.
+ <em>Icon</em> is either a (%-escaped) relative URL to the icon,
+ or of the format (<em>alttext</em>,<em>url</em>) where
+ <em>alttext</em> is the text tag given for an icon for
+ non-graphical browsers.</p>
+
+ <p><em>Name</em> is either ^^DIRECTORY^^ for directories,
+ ^^BLANKICON^^ for blank lines (to format the list correctly), a
+ file extension, a wildcard expression, a partial filename or a
+ complete filename. Examples:</p>
+
+<example>
+ AddIcon (IMG,/icons/image.xbm) .gif .jpg .xbm<br />
+ AddIcon /icons/dir.xbm ^^DIRECTORY^^<br />
+ AddIcon /icons/backup.xbm *~
+</example>
+
+ <p><directive module="mod_autoindex">AddIconByType</directive>
+ should be used in preference to <directive>AddIcon</directive>,
+ when possible.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddIconByEncoding</name>
+<description>Icon to display next to files selected by MIME
+content-encoding</description>
+<syntax>AddIconByEncoding
+ <em>icon MIME-encoding</em> [<em>MIME-encoding</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>This sets the icon to display next to files with <code><a
+ href="#indexoptions:fancyindexing">FancyIndexing</a></code>.
+ <em>Icon</em> is either a (%-escaped) relative URL to the icon,
+ or of the format (<em>alttext</em>,<em>url</em>) where
+ <em>alttext</em> is the text tag given for an icon for
+ non-graphical browsers.</p>
+
+ <p><em>Mime-encoding</em> is a wildcard expression matching
+ required the content-encoding. Examples:</p>
+
+<example>AddIconByEncoding /icons/compress.xbm x-compress</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddIconByType</name>
+<description>Icon to display next to files selected by MIME
+content-type</description>
+<syntax>AddIconByType
+ <em>icon MIME-type</em> [<em>MIME-type</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>This sets the icon to display next to files of type
+ <em>MIME-type</em> for <code><a
+ href="#indexoptions:fancyindexing">FancyIndexing</a></code>.
+ <em>Icon</em> is either a (%-escaped) relative URL to the icon,
+ or of the format (<em>alttext</em>,<em>url</em>) where
+ <em>alttext</em> is the text tag given for an icon for
+ non-graphical browsers.</p>
+
+ <p><em>Mime-type</em> is a wildcard expression matching
+ required the mime types. Examples:</p>
+
+<example>AddIconByType (IMG,/icons/image.xbm) image/*</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>DefaultIcon</name>
+<description>Icon to display for files when no specific icon is
+configured</description>
+<syntax>DefaultIcon <em>url-path</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>DefaultIcon</directive> directive sets the icon
+ to display for files when no specific icon is known, for <code><a
+ href="#indexoptions:fancyindexing">FancyIndexing</a></code>.
+ <em>Url</em> is a (%-escaped) relative URL to the icon.
+ Examples:</p>
+<example>DefaultIcon /icon/unknown.xbm</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>HeaderName</name>
+<description>Name of the file that will be inserted at the top
+of the index listing</description>
+<syntax>HeaderName <em>filename</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>HeaderName</directive> directive sets the name
+ of the file that will be inserted at the top of the index
+ listing. <em>Filename</em> is the name of the file to include.</p>
+
+<note>
+ <p>Both HeaderName and <directive
+ module="mod_autoindex">ReadmeName</directive> now treat
+ <em>Filename</em> as a URI path relative to the one used to
+ access the directory being indexed. <em>Filename</em> must
+ resolve to a document with a major content type of
+ "<code>text/*</code>" (<em>e.g.</em>, <code>text/html</code>,
+ <code>text/plain</code>, <em>etc.</em>). This means that
+ <em>filename</em> may refer to a CGI script if the script's
+ actual file type (as opposed to its output) is marked as
+ <code>text/html</code> such as with a directive like:</p>
+<example>
+ AddType text/html .cgi
+</example>
+ <p><a href="../content-negotiation.html">Content negotiation</a>
+ will be performed if the <code>MultiViews</code> <directive
+ module="core">Option</directive> is enabled. If
+ <em>filename</em> resolves to a static <code>text/html</code>
+ document (not a CGI script) and the <code>Includes</code>
+ <directive module="core">option</directive> is enabled, the file
+ will be processed for server-side includes (see the
+ <module>mod_include</module> documentation).</p>
+</note>
+
+ <p>If the file specified by <directive>HeaderName</directive> contains
+ the beginnings of an HTML document (<HTML>, <HEAD>,
+ etc) then you will probably want to set <a
+ href="#indexoptions:suppresshtmlpreamble"><code>IndexOptions
+ +SuppressHTMLPreamble</code></a>, so that these tags are not
+ repeated.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>IndexIgnore</name>
+<description>Adds to the list of files to hide when listing
+a directory</description>
+<syntax>IndexIgnore <em>file</em> [<em>file</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>IndexIgnore</directive> directive adds to the
+ list of files to hide when listing a directory. <em>File</em> is a
+ file extension, partial filename, wildcard expression or full
+ filename for files to ignore. Multiple IndexIgnore directives add
+ to the list, rather than the replacing the list of ignored
+ files. By default, the list contains
+ `<code>.</code>'. Example:</p>
+
+<example>IndexIgnore README .htaccess *~</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>IndexOptions</name>
+<description>Various configuration settings for directory
+indexing</description>
+<syntax>IndexOptions [+|-]<em>option</em> [[+|-]<em>option</em>] ...</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>IndexOptions</directive> directive specifies the
+ behavior of the directory indexing. <em>Option</em> can be one
+ of</p>
+
+ <dl>
+ <dt><a id="indexoptions:descriptionwidth"
+ name="indexoptions:descriptionwidth">DescriptionWidth=[<em>n</em>
+ | *] (<em>Apache 1.3.10 or 2.0.23 and later</em>)</a></dt>
+
+ <dd>The <code>DescriptionWidth</code> keyword allows you to
+ specify the width of the description column in
+ characters.</dd>
+
+ <dd><code>-DescriptionWidth</code> (or unset) allows
+ mod_autoindex to calculate the best width.</dd>
+
+ <dd><code>DescriptionWidth=n</code> fixes the column width to
+ n bytes wide.</dd>
+
+ <dd><code>DescriptionWidth=*</code> grows the column to the
+ width necessary to accommodate the longest description
+ string.</dd>
+
+ <dd><b>See the section on <directive
+ module="mod_autoindex">AddDescription</directive> for dangers
+ inherent in truncating descriptions.</b></dd>
+
+ <dt><a id="indexoptions:fancyindexing"
+ name="indexoptions:fancyindexing">FancyIndexing</a></dt>
+
+ <dd>
+ This turns on fancy indexing of directories.</dd>
+
+ <dt><a id="indexoptions:foldersfirst"
+ name="indexoptions:foldersfirst">FoldersFirst (<i>Apache
+ 1.3.10 or 2.0.23 and later</i>)</a></dt>
+
+ <dd>If this option is enabled, subdirectory listings will
+ <i>always</i> appear first, followed by normal files in the
+ directory. The listing is basically broken into two
+ components, the files and the subdirectories, and each is
+ sorted separately and then displayed subdirectories-first.
+ For instance, if the sort order is descending by name, and
+ <code>FoldersFirst</code> is enabled, subdirectory
+ <code>Zed</code> will be listed before subdirectory
+ <code>Beta</code>, which will be listed before normal files
+ <code>Gamma</code> and <code>Alpha</code>. <b>This option
+ only has an effect if <a
+ href="#indexoptions:fancyindexing"><code>FancyIndexing</code></a>
+ is also enabled.</b></dd>
+
+ <dt><a id="indexoptions:htmltable"
+ name="indexoptions:htmltable">HTMLTable</a> <i>(Experimental,
+ Apache 2.0.23 and later)</i></dt>
+
+ <dd>
+ This experimental option with FancyIndexing constructs a
+ simple table for the fancy directory listing. Note this will
+ confuse older browsers. It is particularly necessary if file
+ names or description text will alternate between
+ left-to-right and right-to-left reading order, as can happen
+ on WinNT or other utf-8 enabled platforms.</dd>
+
+ <dt><a id="indexoptions:iconsarelinks"
+ name="indexoptions:iconsarelinks">IconsAreLinks</a></dt>
+
+ <dd>
+ This makes the icons part of the anchor for the filename, for
+ fancy indexing.</dd>
+
+ <dt><a id="indexoptions:iconheight"
+ name="indexoptions:iconheight">IconHeight[=pixels]
+ (<em>Apache 1.3 and later</em>)</a></dt>
+
+ <dd>
+ Presence of this option, when used with IconWidth, will cause
+ the server to include <code>HEIGHT</code> and
+ <code>WIDTH</code> attributes in the <code>IMG</code> tag for
+ the file icon. This allows browser to precalculate the page
+ layout without having to wait until all the images have been
+ loaded. If no value is given for the option, it defaults to
+ the standard height of the icons supplied with the Apache
+ software.</dd>
+
+ <dt><a id="indexoptions:iconwidth"
+ name="indexoptions:iconwidth">IconWidth[=pixels] (<em>Apache
+ 1.3 and later</em>)</a></dt>
+
+ <dd>
+ Presence of this option, when used with IconHeight, will
+ cause the server to include <code>HEIGHT</code> and
+ <code>WIDTH</code> attributes in the <code>IMG</code> tag for
+ the file icon. This allows browser to precalculate the page
+ layout without having to wait until all the images have been
+ loaded. If no value is given for the option, it defaults to
+ the standard width of the icons supplied with the Apache
+ software.</dd>
+
+ <dt><a id="indexoptions:ignoreclient"
+ name="indexoptions:ignoreclient">IgnoreClient</a></dt>
+
+ <dd>
+ This option causes mod_autoindex to ignore all query
+ variables from the client, including sort order (implies
+ <code><a
+ href="#indexoptions:suppresscolumnsorting">SuppressColumnSorting</a></code>.)</dd>
+
+ <dt><a id="indexoptions:namewidth"
+ name="indexoptions:namewidth">NameWidth=[<em>n</em> | *]
+ (<em>Apache 1.3.2 and later</em>)</a></dt>
+
+ <dd>The NameWidth keyword allows you to specify the width of
+ the filename column in bytes.</dd>
+
+ <dd><code>-NameWidth</code> (or unset) allows mod_autoindex
+ to calculate the best width.</dd>
+
+ <dd><code>NameWidth=n</code> fixes the column width to n
+ bytes wide.</dd>
+
+ <dd><code>NameWidth=*</code> grows the column to the
+ necessary width.</dd>
+
+ <dt><a id="indexoptions:scanhtmltitles"
+ name="indexoptions:scanhtmltitles">ScanHTMLTitles</a></dt>
+
+ <dd>
+ This enables the extraction of the title from HTML documents
+ for fancy indexing. If the file does not have a description
+ given by <a href="#adddescription">AddDescription</a> then
+ httpd will read the document for the value of the TITLE tag.
+ This is CPU and disk intensive.</dd>
+
+ <dt><a id="indexoptions:suppresscolumnsorting"
+ name="indexoptions:suppresscolumnsorting">SuppressColumnSorting</a>
+ (<em>Apache 1.3 and later</em>)</dt>
+
+ <dd>
+ If specified, Apache will not make the column headings in a
+ FancyIndexed directory listing into links for sorting. The
+ default behavior is for them to be links; selecting the
+ column heading will sort the directory listing by the values
+ in that column. <strong>Prior to Apache 2.0.23, this also
+ disabled parsing the Query Arguments for the sort
+ string.</strong> That behavior is now controlled by <a
+ href="#indexoptions:ignoreclient">IndexOptions
+ IgnoreClient</a> in Apache 2.0.23.</dd>
+
+ <dt><a id="indexoptions:suppressdescription"
+ name="indexoptions:suppressdescription">SuppressDescription</a></dt>
+
+ <dd>
+ This will suppress the file description in fancy indexing
+ listings. By default, no file descriptions are defined, and
+ so the use of this option will regain 23 characters of screen
+ space to use for something else. See <a
+ href="#adddescription"><code>AddDescription</code></a> for
+ information about setting the file description. See also the
+ <a
+ href="#indexoptions:descriptionwidth"><code>DescriptionWidth</code></a>
+ index option to limit the size of the description
+ column.</dd>
+
+ <dt><a id="indexoptions:suppresshtmlpreamble"
+ name="indexoptions:suppresshtmlpreamble">SuppressHTMLPreamble</a>
+ (<em>Apache 1.3 and later</em>)</dt>
+
+ <dd>
+ If the directory actually contains a file specified by the
+ <directive module="mod_autoindex">HeaderName</directive>
+ directive, the module usually includes the contents of the file
+ after a standard HTML preamble (<HTML>, <HEAD>,
+ <em>et cetera</em>). The SuppressHTMLPreamble option disables
+ this behaviour, causing the module to start the display with the
+ header file contents. The header file must contain appropriate
+ HTML instructions in this case. If there is no header file, the
+ preamble is generated as usual.</dd>
+
+ <dt><a id="indexoptions:suppressicon"
+ name="indexoptions:suppressicon">SuppressIcon</a> (<em>Apache
+ 2.0.23 and later</em>)</dt>
+
+ <dd>
+ This will suppress the icon in fancy indexing listings.
+ Combining both <em>SuppressIcon</em> and
+ <em>SuppressRules</em> yields proper HTML 3.2 output, which
+ by the final specification prohibits IMG and HR tags from the
+ PRE block (used to format FancyIndexed listings.)</dd>
+
+ <dt><a id="indexoptions:suppresslastmodified"
+ name="indexoptions:suppresslastmodified">SuppressLastModified</a></dt>
+
+ <dd>
+ This will suppress the display of the last modification date,
+ in fancy indexing listings.</dd>
+
+ <dt><a id="indexoptions:suppressrules"
+ name="indexoptions:suppressrules">SuppressRules</a>
+ (<em>Apache 2.0.23 and later</em>)</dt>
+
+ <dd>
+ This will suppress the horizontal rule lines (HR tags) in
+ directory listings. Combining both <em>SuppressIcon</em> and
+ <em>SuppressRules</em> yeilds proper HTML 3.2 output, which
+ by the final specification prohibits IMG and HR tags from the
+ PRE block (used to format FancyIndexed listings.)</dd>
+
+ <dt><a id="indexoptions:suppresssize"
+ name="indexoptions:suppresssize">SuppressSize</a></dt>
+
+ <dd>
+ This will suppress the file size in fancy indexing
+ listings.</dd>
+
+ <dt><a id="indexoptions:trackmodified"
+ name="indexoptions:trackmodified">TrackModified (<em>Apache
+ 1.3.15 or 2.0.23 and later</em>)</a></dt>
+
+ <dd>
+ This returns the Last-Modified and ETag values for the listed
+ directory in the HTTP header. It is only valid if the
+ operating system and file system return appropriate stat()
+ results. Some Unix systems do so, as do OS2's JFS and Win32's
+ NTFS volumes. OS2 and Win32 FAT volumes, for example, do not.
+ Once this feature is enabled, the client or proxy can track
+ changes to the list of files when they perform a HEAD
+ request. Note some operating systems correctly track new and
+ removed files, but do not track changes for sizes or dates of
+ the files within the directory. <strong>Changes to the size
+ or date stamp of an existing file will not update the
+ Last-Modified header on all Unix platforms.</strong> If this
+ is a concern, leave this option disabled.</dd>
+
+ <dt><a id="indexoptions:versionsort"
+ name="indexoptions:versionsort">VersionSort (<em>Apache 2.0a3
+ and later</em>)</a></dt>
+
+ <dd>
+ The VersionSort keyword causes files containing version
+ numbers to sort in a natural way. Strings are sorted as
+ usual, except that substrings of digits in the name and
+ description are compared according to their numeric value.
+ For example:
+
+<example>
+foo-1.7<br />
+foo-1.7.2<br />
+foo-1.7.12<br />
+foo-1.8.2<br />
+foo-1.8.2a<br />
+foo-1.12<br />
+</example>
+ If the number starts with a zero, then it is considered to
+ be a fraction:
+
+<example>
+foo-1.001<br />
+foo-1.002<br />
+foo-1.030<br />
+foo-1.04
+</example>
+ </dd>
+
+ <dd>
+ <h3>Incremental IndexOptions</h3>
+ </dd>
+
+ <dd>
+ Apache 1.3.3 introduced some significant changes in the
+ handling of <directive>IndexOptions</directive> directives. In
+ particular,<br />
+ <br />
+
+
+ <ul>
+ <li>Multiple <directive>IndexOptions</directive> directives for a
+ single directory are now merged together. The result of
+ the example above will now be the equivalent of
+ <code>IndexOptions FancyIndexing ScanHTMLTitles</code>.</li>
+
+ <li>The addition of the incremental syntax
+ (<em>i.e.</em>, prefixing keywords with '+' or '-').</li>
+ </ul>
+ <br />
+ Whenever a '+' or '-' prefixed keyword is encountered, it
+ is applied to the current <directive>IndexOptions</directive>
+ settings (which may have been inherited from an upper-level
+ directory). However, whenever an unprefixed keyword is
+ processed, it clears all inherited options and any
+ incremental settings encountered so far. Consider the
+ following example:
+
+<example>IndexOptions +ScanHTMLTitles -IconsAreLinks
+ FancyIndexing<br />
+ IndexOptions +SuppressSize<br />
+</example>
+ The net effect is equivalent to
+ <code>IndexOptions FancyIndexing +SuppressSize</code>,
+ because the unprefixed <code>FancyIndexing</code> discarded
+ the incremental keywords before it, but allowed them to
+ start accumulating again afterward.<br />
+ <br />
+ To unconditionally set the <directive>IndexOptions</directive> for a
+ particular directory, clearing the inherited settings,
+ specify keywords without any '+' or '-' prefixes.
+ </dd>
+ </dl>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>IndexOrderDefault</name>
+<description>Sets the default ordering of the directory index</description>
+<syntax>IndexOrderDefault
+Ascending|Descending Name|Date|Size|Description</syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>IndexOrderDefault</directive> directive is used
+ in combination with the <a
+ href="#indexoptions:fancyindexing"><code>FancyIndexing</code></a>
+ index option. By default, fancyindexed directory listings are
+ displayed in ascending order by filename; the
+ <directive>IndexOrderDefault</directive> allows you to change this initial
+ display order.</p>
+
+ <p><directive>IndexOrderDefault</directive> takes two
+ arguments. The first must be either <code>Ascending</code> or
+ <code>Descending</code>, indicating the direction of the sort.
+ The second argument must be one of the keywords <code>Name</code>,
+ <code>Date</code>, <code>Size</code>, or <code>Description</code>,
+ and identifies the primary key. The secondary key is
+ <em>always</em> the ascending filename.</p>
+
+ <p>You can force a directory listing to only be displayed in a
+ particular order by combining this directive with the <a
+ href="#indexoptions:suppresscolumnsorting"><code>SuppressColumnSorting</code></a>
+ index option; this will prevent the client from requesting the
+ directory listing in a different order.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ReadmeName</name>
+<syntax>ReadmeName <em>filename</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>ReadmeName</directive> directive sets the name
+ of the file that will be appended to the end of the index
+ listing. <em>Filename</em> is the name of the file to include, and
+ is taken to be relative to the location being indexed.</p>
+
+ <p>See also <directive
+ module="mod_autoindex">HeaderName</directive>, where this behavior
+ is described in greater detail.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_cern_meta</name>
+<description>CERN httpd metafile semantics</description>
+<status>Extension</status>
+<sourcefile>mod_cern_meta.c</sourcefile>
+<identifier>cern_meta_module</identifier>
+
+<summary>
+ <!-- XXX: Should mention other possibilities in Apache: mod_header -->
+ <p>Emulate the CERN HTTPD Meta file semantics. Meta files are HTTP
+ headers that can be output in addition to the normal range of
+ headers for each file accessed. They appear rather like the
+ Apache .asis files, and are able to provide a crude way of
+ influencing the Expires: header, as well as providing other
+ curiosities. There are many ways to manage meta information,
+ this one was chosen because there is already a large number of
+ CERN users who can exploit this module.</p>
+
+ <p>More information on the <a
+ href="http://www.w3.org/pub/WWW/Daemon/User/Config/General.html#MetaDir">
+ CERN metafile semantics</a> is available.</p>
+</summary>
+
+<directivesynopsis>
+<name>MetaFiles</name>
+<description>Activates CERN meta-file processing</description>
+<syntax>MetaFiles on|off</syntax>
+<default>MetaFiles off</default>
+<contextlist><context>directory</context></contextlist>
+
+<usage>
+ <p>Turns on/off Meta file processing on a per-directory basis.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MetaDir</name>
+<description>Name of the directory to find CERN-style meta information
+files</description>
+<syntax>MetaDir <em>directory</em></syntax>
+<default>MetaDir .web</default>
+<contextlist><context>directory</context></contextlist>
+
+<usage>
+ <p>Specifies the name of the directory in which Apache can find
+ meta information files. The directory is usually a 'hidden'
+ subdirectory of the directory that contains the file being
+ accessed. Set to "<code>.</code>" to look in the same directory
+ as the file.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MetaSuffix</name>
+<description>File name suffix for the file containg CERN-style
+meta information</description>
+<syntax>MetaSuffix <em>suffix</em></syntax>
+<default>MetaSuffix .meta</default>
+<contextlist><context>directory</context></contextlist>
+
+<usage>
+ <p>Specifies the file name suffix for the file containing the
+ meta information. For example, the default values for the two
+ directives will cause a request to
+ <code>DOCUMENT_ROOT/somedir/index.html</code> to look in
+ <code>DOCUMENT_ROOT/somedir/.web/index.html.meta</code> and
+ will use its contents to generate additional MIME header
+ information.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_cgi</name>
+<description>Execution of CGI scripts</description>
+<status>Base</status>
+<sourcefile>mod_cgi.c</sourcefile>
+<identifier>cgi_module</identifier>
+
+<summary>
+ <!-- XXX: Should have references to CGI definition/RFC -->
+ <!-- XXX: Should mention Options ExecCGI -->
+ <!-- XXX: Should mention AcceptPathInfo -->
+
+ <p>Any file that has the mime type
+ <code>application/x-httpd-cgi</code> or handler
+ <code>cgi-script</code> (Apache 1.1 or later) will be treated
+ as a CGI script, and run by the server, with its output being
+ returned to the client. Files acquire this type either by
+ having a name containing an extension defined by the
+ <directive module="mod_mime">AddType</directive> directive, or by being
+ in a <directive module="mod_alias">ScriptAlias</directive>
+ directory.</p>
+
+ <p>When the server invokes a CGI script, it will add a variable
+ called <code>DOCUMENT_ROOT</code> to the environment. This
+ variable will contain the value of the
+ <directive module="core.html">DocumentRoot</directive> configuration
+ variable.</p>
+
+ <p>For an introduction to using CGI scripts with Apache, see
+ our tutorial on <a href="../howto/cgi.html">Dynamic Content
+ With CGI</a>.</p>
+
+ <p>When using a multi-threaded MPM under unix, the module
+ <module>mod_cgid</module> should be used in place of
+ this module. At the user level, the two modules are essentially
+ identical.</p>
+</summary>
+
+<seealso><directive module="core">Options</directive></seealso>
+<seealso><directive module="mod_alias">ScriptAlias</directive></seealso>
+<seealso><directive module="mod_mime">AddHandler</directive></seealso>
+
+<section><title>CGI Environment variables</title>
+ <p>The server will set the CGI environment variables as described
+ in the <a href="http://hoohoo.ncsa.uiuc.edu/cgi/">CGI
+ specification</a>, with the following provisions:</p>
+
+ <dl>
+ <dt>PATH_INFO</dt>
+
+ <dd>This will not be available if the <directive module="core"
+ >AcceptPathInfo</directive> directive is explicitly set to
+ <code>off</code>. The default behavior, if AcceptPathInfo is
+ not given, is that mod_cgi will accept path info (trailing
+ /more/path/info following the script filename in the URI), while
+ the core server will return a 404 NOT FOUND error for requests
+ with additional path info. Omitting the AcceptPathInfo
+ directive has the same effect as setting it <code>on</code> for
+ mod_cgi requests.</dd>
+
+ <dt>REMOTE_HOST</dt>
+
+ <dd>This will only be set if <directive module="core"
+ >HostnameLookups</directive> is set to <code>on</code> (it
+ is off by default), and if a reverse DNS lookup of the accessing
+ host's address indeed finds a host name.</dd>
+
+ <dt>REMOTE_IDENT</dt>
+
+ <dd>This will only be set if <directive module="core"
+ >IdentityCheck</directive> is set to
+ <code>on</code> and the accessing host supports the ident
+ protocol. Note that the contents of this variable cannot be
+ relied upon because it can easily be faked, and if there is a
+ proxy between the client and the server, it is usually
+ totally useless.</dd>
+
+ <dt>REMOTE_USER</dt>
+
+ <dd>This will only be set if the CGI script is subject to
+ authentication.</dd>
+ </dl>
+</section>
+
+<section id="cgi_debug"><title>CGI Debugging</title>
+ <p>Debugging CGI scripts has traditionally been difficult, mainly
+ because it has not been possible to study the output (standard
+ output and error) for scripts which are failing to run
+ properly. These directives, included in Apache 1.2 and later,
+ provide more detailed logging of errors when they occur. </p>
+
+<section><title>CGI Logfile Format</title>
+ <p>When configured, the CGI error log logs any CGI which does not
+ execute properly. Each CGI script which fails to operate causes
+ several lines of information to be logged. The first two lines
+ are always of the format:</p>
+<example>
+ %% [<em>time</em>] <em>request-line</em><br />
+ %% <em>HTTP-status</em> <em>CGI-script-filename</em>
+</example>
+ <p>If the error is that CGI script cannot be run, the log file
+ will contain an extra two lines:</p>
+<example>
+ %%error<br />
+ <em>error-message</em>
+</example>
+ <p>Alternatively, if the error is the result of the script
+ returning incorrect header information (often due to a bug in
+ the script), the following information is logged: </p>
+<example>
+ %request<br />
+ <em>All HTTP request headers received</em><br />
+ <em>POST or PUT entity (if any)</em><br />
+ %response<br />
+ <em>All headers output by the CGI script</em><br />
+ %stdout<br />
+ <em>CGI standard output</em><br />
+ %stderr<br />
+ <em>CGI standard error</em><br />
+</example>
+ <p>(The %stdout and %stderr parts may be missing if the script did
+ not output anything on standard output or standard error). </p>
+</section>
+</section>
+
+<directivesynopsis>
+<name>ScriptLog</name>
+<description>Location of the CGI script error logfile</description>
+<syntax>ScriptLog <em>file-path</em></syntax>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>mod_cgi</module><module>mod_cgid</module>
+</modulelist>
+
+<usage>
+ <p>The <directive>ScriptLog</directive> directive sets the CGI
+ script error logfile. If no ScriptLog is given, no error log is
+ created. If given, any CGI errors are logged into the filename
+ given as argument. If this is a relative file or path it is taken
+ relative to the server root.</p>
+
+ <p>This log will be opened as the user the child processes run
+ as, ie. the user specified in the main <directive module="mpm_common"
+ >User</directive> directive. This means that
+ either the directory the script log is in needs to be writable
+ by that user or the file needs to be manually created and set
+ to be writable by that user. If you place the script log in
+ your main logs directory, do <strong>NOT</strong> change the
+ directory permissions to make it writable by the user the child
+ processes run as.</p>
+
+ <p>Note that script logging is meant to be a debugging feature
+ when writing CGI scripts, and is not meant to be activated
+ continuously on running servers. It is not optimized for speed
+ or efficiency, and may have security problems if used in a
+ manner other than that for which it was designed.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ScriptLogLength</name>
+<description>Size limit of the CGI script logfile</description>
+<syntax>ScriptLogLength <em>bytes</em></syntax>
+<default>ScriptLogLength 10385760</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>mod_cgi</module><module>mod_cgid</module>
+</modulelist>
+
+<usage>
+ <p><directive>ScriptLogLength</directive> can be used to limit the
+ size of the CGI script logfile. Since the logfile logs a lot of
+ information per CGI error (all request headers, all script output)
+ it can grow to be a big file. To prevent problems due to unbounded
+ growth, this directive can be used to set an maximum file-size for
+ the CGI logfile. If the file exceeds this size, no more
+ information will be written to it.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ScriptLogBuffer</name>
+<description>Maximum amount of PUT or POST requests that will be recorded
+in the scriptlog</description>
+<syntax>ScriptLogBuffer <em>bytes</em></syntax>
+<default>ScriptLogBuffer 1024</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>mod_cgi</module><module>mod_cgid</module>
+</modulelist>
+
+<usage>
+ <p>The size of any PUT or POST entity body that is logged to
+ the file is limited, to prevent the log file growing too big
+ too quickly if large bodies are being received. By default, up
+ to 1024 bytes are logged, but this can be changed with this
+ directive.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_cgid</name>
+<description>Execution of CGI scripts using an
+ external CGI daemon</description>
+<status>Base</status>
+<sourcefile>mod_cgid.c</sourcefile>
+<identifier>cgid_module</identifier>
+<compatibility>Unix threaded MPMs only</compatibility>
+
+<summary>
+ <p>Except for the optimizations and the additional <directive
+ module="mod_cgid">ScriptSock</directive> directive noted below,
+ mod_cgid behaves similarly to mod_cgi. <strong>See the
+ <module>mod_cgi</module> Summary for additional details about
+ Apache and CGI.</strong></p>
+
+ <p>On certain unix operating systems, forking a process from a
+ multi-threaded server is a very expensive operation because the
+ new process will replicate all the threads of the parent
+ process. In order to avoid incurring this expense on each CGI
+ invocation, mod_cgid creates an external daemon that is
+ responsible for forking child processes to run CGI scripts. The
+ main server communicates with this daemon using a unix domain
+ socket.</p>
+
+ <p>This module is used by default whenever a multi-threaded MPM
+ is selected during the compilation process. At the user level,
+ this module is identical in configuration and operation to
+ <module>mod_cgi</module>. The only exception is the
+ additional directive <code>ScriptSock</code> which gives the
+ name of the socket to use for communication with the cgi
+ daemon.</p>
+</summary>
+
+<directivesynopsis location="mod_cgi">
+<name>ScriptLog</name>
+</directivesynopsis>
+
+<directivesynopsis location="mod_cgi">
+<name>ScriptLogLength</name>
+</directivesynopsis>
+
+<directivesynopsis location="mod_cgi">
+<name>ScriptLogBuffer</name>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ScriptSock</name>
+<syntax>ScriptSock <em>file-path</em></syntax>
+<default>ScriptSock logs/cgisock</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>This directive sets the name of the socket to use for
+ communication with the CGI daemon. The socket will be opened
+ using the permissions of the user who starts Apache (usually
+ root). To maintain the security of communications with CGI
+ scripts, it is important that no other user has permission to
+ write in the directory where the socket is located.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_charset_lite</name>
+<description>specify character set translation or recoding</description>
+<status>Experimental</status>
+<sourcefile>mod_charset_lite.c</sourcefile>
+<identifier>charset_lite_module</identifier>
+
+<summary>
+ <p>This is an <strong>experimental</strong> module and should
+ be used with care. Experiment with your
+ <code>mod_charset_lite</code> configuration to ensure that it
+ performs the desired function.</p>
+
+ <p><module>mod_charset_lite</module> allows the administrator to
+ specify the source character set of objects as well as the
+ character set they should be translated into before sending to the
+ client. <module>mod_charset_lite</module> does not translate the
+ data itself but instead tells Apache what translation to
+ perform. <module>mod_charset_lite</module> is applicable to EBCDIC
+ and ASCII host environments. In an EBCDIC environment, Apache
+ normally translates text content from the code page of the Apache
+ process locale to ISO-8859-1. <module>mod_charset_lite</module>
+ can be used to specify that a different translation is to be
+ performed. In an ASCII environment, Apache normally performs no
+ translation, so <module>mod_charset_lite</module> is needed in
+ order for any translation to take place.</p>
+
+ <p>This module provides a small subset of configuration
+ mechanisms implemented by Russian Apache and its associated
+ <code>mod_charset</code>.</p>
+</summary>
+
+<section><title>Common Problems</title>
+
+<section><title>Invalid character set names</title>
+
+ <p>The character set name parameters of <directive
+ module="mod_charset_lite">CharsetSourceEnc</directive> and
+ <directive module="mod_charset_lite">CharsetDefault</directive>
+ must be acceptable to the translation mechanism used by APR on the
+ system where <module>mod_charset_lite</module> is deployed. These
+ character set names are not standardized and are usually not the
+ same as the corresponding values used in http headers. Currently,
+ APR can only use iconv(3), so you can easily test your character
+ set names using the iconv(1) program, as follows:</p>
+<example>
+ iconv -f charsetsourceenc-value -t charsetdefault-value
+</example>
+</section>
+
+<section><title>Mismatch between character set of content and translation
+ rules</title>
+
+ <p>If the translation rules don't make sense for the content,
+ translation can fail in various ways, including:</p>
+
+ <ul>
+ <li>The translation mechanism may return a bad return code,
+ and the connection will be aborted.</li>
+
+ <li>The translation mechanism may silently place special
+ characters (e.g., question marks) in the output buffer when
+ it cannot translate the input buffer.</li>
+ </ul>
+</section>
+</section>
+
+<directivesynopsis>
+<name>CharsetSourceEnc</name>
+<syntax>CharsetSourceEnc <em>charset</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>The <directive>CharsetSourceEnc</directive> directive specifies the
+ source charset of files in the associated container.</p>
+
+ <p>The value of the <em>charset</em> argument must be accepted
+ as a valid character set name by the character set support in
+ APR. Generally, this means that it must be supported by
+ iconv.</p>
+ Example:
+<example>
+ <Directory "/export/home/trawick/apacheinst/htdocs/convert"><br />
+ CharsetSourceEnc UTF-16BE<br />
+ CharsetDefault ISO8859-1<br />
+ </Directory>
+</example>
+ <p>The character set names in this example work with the iconv
+ translation support in Solaris 8.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>CharsetDefault</name>
+<syntax>CharsetDefault <em>charset</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>The <directive>CharsetDefault</directive> directive specifies the
+ charset that content in the associated container should be
+ translated to.</p>
+
+ <p>The value of the <em>charset</em> argument must be accepted
+ as a valid character set name by the character set support in
+ APR. Generally, this means that it must be supported by
+ iconv.</p>
+ Example:
+<example>
+ <Directory "/export/home/trawick/apacheinst/htdocs/convert"><br />
+ CharsetSourceEnc UTF-16BE<br />
+ CharsetDefault ISO8859-1<br />
+ </Directory>
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>CharsetOptions</name>
+<syntax>CharsetOptions <em>option</em> [<em>option</em>] ...</syntax>
+<default>CharsetOptions <em>DebugLevel=0</em>
+<em>NoImplicitAdd</em></default>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>The <directive>CharsetOptions</directive> directive configures certain
+ behaviors of <module>mod_charset_lite</module>. <em>Option</em> can
+ be one of</p>
+
+ <dl>
+ <dt>DebugLevel=<em>n</em></dt>
+
+ <dd>The <code>DebugLevel</code> keyword allows you to specify
+ the level of debug messages generated by
+ <module>mod_charset_lite</module>. By default, no messages are
+ generated. This is equivalent to <code>DebugLevel=0</code>.
+ With higher numbers, more debug messages are generated, and
+ server performance will be degraded. The actual meanings of
+ the numeric values are described with the definitions of the
+ DBGLVL_ constants near the beginning of
+ <code>mod_charset_lite.c</code>.</dd>
+
+ <dt>ImplicitAdd | NoImplicitAdd</dt>
+
+ <dd>The <code>ImplicitAdd</code> keyword specifies that
+ <module>mod_charset_lite</module> should implicitly insert its
+ filter when the configuration specifies that the character
+ set of content should be translated. If the filter chain is
+ explicitly configured using the AddOutputFilter directive,
+ <code>NoImplicitAdd</code> should be specified so that
+ <module>mod_charset_lite</module> doesn't add its filter.</dd>
+ </dl>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_dav</name>
+<description>Distributed Authoring and Versioning
+(<a href="http://www.webdav.org/">WebDAV</a>) functionality.</description>
+<status>Extension</status>
+<sourcefile>mod_dav.c</sourcefile>
+<identifier>dav_module</identifier>
+
+<summary>
+ <p>This module provides class 1 and class 2 <a
+ href="http://www.webdav.org">WebDAV</a> ('Web-based Distributed
+ Authoring and Versioning') functionality for Apache. This
+ extension to the HTTP protocol allows creating, moving,
+ copying, and deleting resources and collections on a remote web
+ server.</p>
+
+ <p>To enable mod_dav, add the following to a container in your
+ <code>httpd.conf</code> file:</p>
+
+<example>Dav On</example>
+
+ <p>Also, specify a valid filename for the DAV lock database by
+ adding the following to the global section in your
+ <code>httpd.conf</code> file:</p>
+
+<example>DavLockDB /tmp/DavLock
+ <em>(Any web-server writable filename, without an
+ extension)</em>
+</example>
+</summary>
+
+<directivesynopsis>
+<name>Dav</name>
+<description>Enable WebDAV HTTP methods</description>
+<syntax>Dav on|off</syntax>
+<default>Dav off</default>
+<contextlist><context>directory</context></contextlist>
+
+<usage>
+ <p>Use the <directive>Dav</directive> directive to enable the
+ WebDAV HTTP methods for the given container. You may wish to add a
+ <directive module="core" type="section">Limit</directive> clause
+ inside the <directive module="core"
+ type="section">location</directive> directive to limit access to
+ DAV-enabled locations.</p>
+
+<example><title>Example</title>
+ DavLockDB /tmp/DavLock<br />
+ <br />
+ <Location /foo><br />
+ Dav On<br />
+ <br />
+ AuthType Basic<br />
+ AuthName DAV<br />
+ AuthUserFile user.passwd<br />
+ <br />
+ <LimitExcept GET HEAD OPTIONS><br />
+ require user admin<br />
+ </LimitExcept><br />
+ </Location><br />
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<description>Location of the DAV lock database</description>
+<name>DavLockDB</name>
+<syntax>DavLockDB <em>file-path</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>Use the <directive>DavLockDB</directive> directive to specify
+ the full path to the lock database, excluding an extension. The
+ default (file system) implementation of mod_dav uses a SDBM
+ database to track user locks. The utility
+ <code>modules/dav/util/lockview</code> can be used from the server
+ to display all locks in a lock database.</p>
+
+<example><title>Example</title>
+DavLockDB /tmp/DavLock
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>DavMinTimeout</name>
+<description>Minimum amount of time the server holds a lock on
+a DAV resource</description>
+<syntax>DavMinTimeout <em>seconds</em></syntax>
+<default>DavMinTimeout 0</default>
+<contextlist><context>directory</context></contextlist>
+
+<usage>
+ <p>When a client requests a DAV resource lock, it can also
+ specify a time when the lock will be automatically removed by
+ the server. This value is only a request, and the server can
+ ignore it or inform the client of an arbitrary value.</p>
+
+ <p>Use the <directive>DavMinTimeout</directive> directive to specify, in
+ seconds, the minimum lock timeout to return to a client.
+ Microsoft Web Folders defaults to a timeout of 120 seconds; the
+ <directive>DavMinTimeout</directive> can override this to a higher value
+ (like 600 seconds) to reduce the chance of the client losing
+ the lock due to network latency.</p>
+
+<example><title>Example</title>
+ <Location /MSWord><br />
+ DavMinTimeout 600<br />
+ </Location><br />
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>DavDepthInfinity</name>
+<description>Allow PROPFIND, Depth: Infinity requests</description>
+<syntax>DavDepthInfinity on|off</syntax>
+<default>DavDepthInfinity off</default>
+<contextlist><context>directory</context></contextlist>
+
+<usage>
+ <p>Use the <directive>DavDepthInfinity</directive> directive to
+ allow the processing of PROPFIND requests containing the header
+ 'Depth: Infinity'. Because this type of request could constitute a
+ denial-of-service attack, by default it is not allowed.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
+
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta name="generator" content="HTML Tidy, see www.w3.org" />
+
+ <title>Apache module mod_deflate</title>
+ </head>
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+
+ <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
+ vlink="#000080" alink="#FF0000">
+ <!--#include virtual="header.html" -->
+
+ <h1 align="CENTER">Module mod_deflate</h1>
+
+ <p>This module provides the ability to set environment
+ variables based upon attributes of the request.</p>
+
+ <p><a href="module-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> Experimental<br />
+ <a href="module-dict.html#SourceFile"
+ rel="Help"><strong>Source File:</strong></a>
+ mod_deflate.c<br />
+ <a href="module-dict.html#ModuleIdentifier"
+ rel="Help"><strong>Module Identifier:</strong></a>
+ deflate_module<br />
+ <a href="module-dict.html#Compatibility"
+ rel="Help"><strong>Compatibility:</strong></a> Available in
+ Apache 2.0 and later.</p>
+
+ <h2>Summary</h2>
+
+ <p>The experimental <samp>mod_deflate</samp> module allows
+ output from your server to be compressed before being sent
+ to the client over the network.</p>
+
+ <h2>Directives</h2>
+
+ <ul>
+ <li><a href="#DeflateFilterNote">DeflateFilterNote</a></li>
+
+ <li><a href="#DeflateWindowSize">DeflateWindowSize</a></li>
+
+ <li><a href="#DeflateMemLevel">DeflateMemLevel</a></li>
+ </ul>
+ <hr />
+ <!-- the HR is part of the directive description -->
+
+ <h2><a id="DeflateFilterNote" name="DeflateFilterNote">DeflateFilterNote
+ directive</a></h2>
+
+ <p><a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> DeflateFilterNote <em>notename
+ </em><br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> <i>none</i><br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> server config<br />
+ <a href="directive-dict.html#Override"
+ rel="Help"><strong>Override:</strong></a> none<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> Experimental<br />
+ <a href="directive-dict.html#Module"
+ rel="Help"><strong>Module:</strong></a> mod_deflate<br />
+ <a href="directive-dict.html#Compatibility"
+ rel="Help"><strong>Compatibility:</strong></a> Apache 2.0 and
+ above</p>
+
+ <p>The DeflateFilterNote directive specifies that a note about
+ compression ratios should be attached to the request. The name
+ of the note is the value specified for the directive.</p>
+
+ <hr />
+ <!-- the HR is part of the directive description -->
+
+ <h2><a id="DeflateWindowSize"
+ name="DeflateWindowSize">DeflateWindowSize directive</a></h2>
+
+ <p><a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> DeflateWindowSize
+ <em>value</em><br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> <em>none</em><br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> server config<br />
+ <a href="directive-dict.html#Override"
+ rel="Help"><strong>Override:</strong></a> none<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> Experimental<br />
+ <a href="directive-dict.html#Module"
+ rel="Help"><strong>Module:</strong></a> mod_deflate<br />
+ <a href="directive-dict.html#Compatibility"
+ rel="Help"><strong>Compatibility:</strong></a> Apache 2.0 and
+ above</p>
+
+ <p>The <samp>DeflateWindowSize</samp> directive specifies the
+ zlib compression window size.</p>
+
+ <hr />
+ <!-- the HR is part of the directive description -->
+
+ <h2><a id="DeflateMemLevel" name="DeflateMemLevel">DeflateMemLevel
+ directive</a></h2>
+
+ <p><a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> DeflateMemLevel
+ <em>value</em><br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> <em>none</em><br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> server config<br />
+ <a href="directive-dict.html#Override"
+ rel="Help"><strong>Override:</strong></a> none<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> Experimental<br />
+ <a href="directive-dict.html#Module"
+ rel="Help"><strong>Module:</strong></a> mod_deflate<br />
+ <a href="directive-dict.html#Compatibility"
+ rel="Help"><strong>Compatibility:</strong></a> Apache 2.0 and
+ above</p>
+
+ <p>The DeflateMemLevel directive specifies the amount of
+ memory available to zlib for compression.</p>
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_deflate</name>
+<description>Compress content before
+ it is delivered to the client</description>
+<status>experimental</status>
+<sourcefile>mod_deflate.c</sourcefile>
+<identifier>deflate_module</identifier>
+
+<summary>
+ <p>The experimental <module>mod_deflate</module> module provides
+ the <code>DEFLATE</code> output filter that allows output from
+ your server to be compressed before being sent to the client over
+ the network.</p>
+</summary>
+<seealso><directive module="mod_mime">AddOutputFilter</directive></seealso>
+<seealso><directive module="core">SetOutputFilter</directive></seealso>
+
+<section><title>Enabling Compression</title>
+
+ <p>Compression is implemented by the <code>DEFLATE</code>
+ <a href="../filter.html">filter</a>. The following directive
+ will enable compression for documents in the container where it
+ is placed:</p>
+ <p><strong>Most popular browsers can not handle compression of all content
+ so you may want to enable the 'gzip-only-text/html' note (see below)
+ </strong></p>
+
+<example>SetEnv gzip-only-text/html 1<br />
+SetOutputFilter DEFLATE
+</example>
+
+ <p>Here is an example of enabling compression for the Apache
+ documentation:</p>
+
+<example>
+<Directory "/your-server-root/manual"><br />
+ SetEnv gzip-only-text/html 1<br />
+ SetOutputFilter DEFLATE<br />
+</Directory>
+</example>
+</section>
+
+<directivesynopsis>
+<name>DeflateFilterNote</name>
+<description>Places the compression ratio in a note for logging</description>
+<syntax>DeflateFilterNote <em>notename</em></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>DeflateFilterNote</directive> directive
+ specifies that a note about compression ratios should be attached
+ to the request. The name of the note is the value specified for
+ the directive.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>DeflateWindowSize</name>
+<description>Zlib compression window size</description>
+<syntax>DeflateWindowSize <em>value</em></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <!-- XXX: Ummm... What unit??? -->
+ <p>The <directive>DeflateWindowSize</directive> directive specifies the
+ zlib compression window size.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>DeflateMemLevel</name>
+<description>Amount of memory available to zlib for compression</description>
+<syntax>DeflateMemLevel <em>value</em></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <!-- XXX: Ummm... What unit??? -->
+ <p>The <directive>DeflateMemLevel</directive> directive specifies
+ the amount of memory available to zlib for compression.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_dir</name>
+<description>Provides for "trailing slash" redirects and
+ serving directory index files.</description>
+<status>Base</status>
+<sourcefile>mod_dir.c</sourcefile>
+<identifier>dir_module</identifier>
+
+<summary>
+ <p>The index of a directory can come from one of two sources:</p>
+
+ <ul>
+ <li>A file written by the user, typically called
+ <code>index.html</code>. The <directive module="mod_dir"
+ >DirectoryIndex</directive> directive sets the
+ name of this file. This is controlled by
+ <module>mod_dir</module>.</li>
+
+ <li>Otherwise, a listing generated by the server. This is
+ provided by <module>mod_autoindex</module>.</li>
+ </ul>
+ <p>The two functions are separated so that you can completely
+ remove (or replace) automatic index generation should you want
+ to.</p>
+
+ <p>A "trailing slash" redirect is issued when the server
+ receives a request for a URL
+ <code>http://servername/foo/dirname</code> where
+ <code>dirname</code> is a directory. Directories require a
+ trailing slash, so <module>mod_dir</module> issues a redirect to
+ <code>http://servername/foo/dirname/</code>.</p>
+</summary>
+
+<directivesynopsis>
+<description>List of resources to look for when the client requests
+a directory</description>
+<name>DirectoryIndex</name>
+<syntax>DirectoryIndex
+ <em>local-url</em> [<em>local-url</em>] ...</syntax>
+<default>DirectoryIndex index.html</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>DirectoryIndex</directive> directive sets the
+ list of resources to look for, when the client requests an index
+ of the directory by specifying a / at the end of the a directory
+ name. <em>Local-url</em> is the (%-encoded) URL of a document on
+ the server relative to the requested directory; it is usually the
+ name of a file in the directory. Several URLs may be given, in
+ which case the server will return the first one that it finds. If
+ none of the resources exist and the <code>Indexes</code> option is
+ set, the server will generate its own listing of the
+ directory.</p>
+
+<example><title>Example</title>
+DirectoryIndex index.html
+</example>
+
+ <p>then a request for <code>http://myserver/docs/</code> would
+ return <code>http://myserver/docs/index.html</code> if it
+ exists, or would list the directory if it did not.</p>
+
+ <p>Note that the documents do not need to be relative to the
+ directory;</p>
+
+<example>DirectoryIndex index.html index.txt /cgi-bin/index.pl</example>
+ <p>would cause the CGI script <code>/cgi-bin/index.pl</code> to be
+ executed if neither <code>index.html</code> or
+ <code>index.txt</code> existed in a directory.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_env</name>
+ <description>Modifies the environment which is
+ passed to CGI scripts and SSI pages</description>
+ <status>Base</status>
+ <sourcefile>mod_env.c</sourcefile>
+ <identifier>env_module</identifier>
+ <summary>
+ <p>This module allows for control of the environment that will
+ be provided to CGI scripts and SSI pages. Environment variables
+ may be passed from the shell which invoked the httpd process.
+ Alternatively, environment variables may be set or unset within
+ the configuration process.</p>
+ </summary>
+ <seealso><a href="../env.html">Environment Variables</a></seealso>
+
+ <directivesynopsis>
+ <name>PassEnv</name>
+ <description>Passes environment variables from the shell</description>
+ <syntax>PassEnv
+ <em>env-variable</em> [<em>env-variable</em>] ...</syntax>
+ <contextlist>
+ <context>server config</context><context>virtual host</context>
+ <context>directory</context><context>.htaccess</context>
+ </contextlist>
+ <override>FileInfo</override>
+
+<usage>
+ <p>Specifies one or more environment variables to pass to CGI
+ scripts and SSI pages from the environment of the shell which
+ invoked the httpd process. Example:</p>
+<example>
+ PassEnv LD_LIBRARY_PATH
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SetEnv</name>
+<description>Sets environment variables</description>
+<syntax>SetEnv <em>env-variable value</em></syntax>
+<contextlist>
+<context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>Sets an environment variable, which is then passed on to CGI
+ scripts and SSI pages. Example:</p>
+<example>
+ SetEnv SPECIAL_PATH /foo/bin
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>UnsetEnv</name>
+<description>Removes variables from the environment</description>
+<syntax>UnsetEnv <em>env-variable</em> [<em>env-variable</em>] ...</syntax>
+<contextlist>
+<context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>Removes one or more environment variables from those passed
+ on to CGI scripts and SSI pages. Example:</p>
+<example>
+ UnsetEnv LD_LIBRARY_PATH
+</example>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_example</name>
+<description>Illustrates the Apache module API</description>
+<status>Experimental</status>
+<sourcefile>mod_example.c</sourcefile>
+<identifier>example_module</identifier>
+
+<summary>
+<note type="warning">
+ This document has not been updated
+ to take into account changes made in the 2.0 version of the
+ Apache HTTP Server. Some of the information may still be
+ relevant, but please use it with care.
+</note>
+
+ <p>The files in the <code>src/modules/example directory</code>
+ under the Apache distribution directory tree are provided as an
+ example to those that wish to write modules that use the Apache
+ API.</p>
+
+ <p>The main file is <code>mod_example.c</code>, which
+ illustrates all the different callback mechanisms and call
+ syntaxes. By no means does an add-on module need to include
+ routines for all of the callbacks - quite the contrary!</p>
+
+ <p>The example module is an actual working module. If you link
+ it into your server, enable the "example-handler" handler for a
+ location, and then browse to that location, you will see a
+ display of some of the tracing the example module did as the
+ various callbacks were made.</p>
+</summary>
+
+<section><title>Compiling the example module</title>
+
+ <p>To include the example module in your server, follow the
+ steps below:</p>
+
+ <ol>
+ <li>
+ Uncomment the "AddModule modules/example/mod_example" line
+ near the bottom of the <code>src/Configuration</code> file.
+ If there isn't one, add it; it should look like this:
+<example>
+ AddModule modules/example/mod_example.o
+</example>
+ </li>
+
+ <li>Run the <code>src/Configure</code> script
+ ("<code>cd src; ./Configure</code>"). This will
+ build the Makefile for the server itself, and update the
+ <code>src/modules/Makefile</code> for any additional modules
+ you have requested from beneath that subdirectory.</li>
+
+ <li>Make the server (run "<code>make</code>" in the
+ <code>src</code> directory).</li>
+ </ol>
+
+ <p>To add another module of your own:</p>
+
+ <ol type="A">
+ <li><code>mkdir src/modules/<em>mymodule</em></code></li>
+
+ <li><code>cp src/modules/example/*
+ src/modules/<em>mymodule</em></code></li>
+
+ <li>Modify the files in the new directory.</li>
+
+ <li>Follow steps [1] through [3] above, with appropriate
+ changes.</li>
+ </ol>
+</section>
+
+<section><title>Using the <code>mod_example</code> Module</title>
+
+ <p>To activate the example module, include a block similar to
+ the following in your <code>srm.conf</code> file:</p>
+<example>
+ <Location /example-info><br />
+ SetHandler example-handler<br />
+ </Location>
+</example>
+
+ <p>As an alternative, you can put the following into a <a
+ href="core.html#accessfilename"><code>.htaccess</code></a> file
+ and then request the file "test.example" from that location:</p>
+<example>
+ AddHandler example-handler .example
+</example>
+
+ <p>After reloading/restarting your server, you should be able
+ to browse to this location and see the brief display mentioned
+ earlier.</p>
+</section>
+
+<directivesynopsis>
+<name>Example</name>
+<description>Demonstration directive to illustrate the Apache module
+API</description>
+<syntax>Example</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context></contextlist>
+
+<usage>
+ <p>The <directive>Example</directive> directive just sets a demonstration
+ flag which the example module's content handler displays. It
+ takes no arguments. If you browse to an URL to which the
+ example content-handler applies, you will get a display of the
+ routines within the module and how and in what order they were
+ called to service the document request. The effect of this
+ directive one can observe under the point "<code>Example
+ directive declared here: YES/NO</code>".</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_expires</name>
+<description>Generation of
+ <code>Expires</code> HTTP headers according to user-specified
+ criteria</description>
+<status>Extension</status>
+<sourcefile>mod_expires.c</sourcefile>
+<identifier>expires_module</identifier>
+
+<summary>
+ <p>This module controls the setting of the <code>Expires</code>
+ HTTP header in server responses. The expiration date can set to
+ be relative to either the time the source file was last
+ modified, or to the time of the client access.</p>
+
+ <p>The <code>Expires</code> HTTP header is an instruction to
+ the client about the document's validity and persistence. If
+ cached, the document may be fetched from the cache rather than
+ from the source until this time has passed. After that, the
+ cache copy is considered "expired" and invalid, and a new copy
+ must be obtained from the source.</p>
+</summary>
+
+<section id="AltSyn"><title>Alternate Interval
+ Syntax</title>
+
+ <p>The <directive module="mod_expires">ExpiresDefault</directive> and
+ <directive module="mod_expires">ExpiresByType</directive> directives
+ can also be defined in a more readable syntax of the form:</p>
+
+<example>
+ ExpiresDefault "<base> [plus] {<num>
+ <type>}*"<br />
+ ExpiresByType type/encoding "<base> [plus]
+ {<num> <type>}*"
+</example>
+
+ <p>where <base> is one of:</p>
+
+ <ul>
+ <li><code>access</code></li>
+
+ <li><code>now</code> (equivalent to
+ '<code>access</code>')</li>
+
+ <li><code>modification</code></li>
+ </ul>
+
+ <p>The '<code>plus</code>' keyword is optional. <num>
+ should be an integer value [acceptable to <code>atoi()</code>],
+ and <type> is one of:</p>
+
+ <ul>
+ <li><code>years</code></li>
+
+ <li><code>months</code></li>
+
+ <li><code>weeks</code></li>
+
+ <li><code>days</code></li>
+
+ <li><code>hours</code></li>
+
+ <li><code>minutes</code></li>
+
+ <li><code>seconds</code></li>
+ </ul>
+
+ <p>For example, any of the following directives can be used to
+ make documents expire 1 month after being accessed, by
+ default:</p>
+
+<example>
+ ExpiresDefault "access plus 1 month"<br />
+ ExpiresDefault "access plus 4 weeks"<br />
+ ExpiresDefault "access plus 30 days"
+</example>
+
+ <p>The expiry time can be fine-tuned by adding several
+ '<num> <type>' clauses:</p>
+
+<example>
+ExpiresByType text/html "access plus 1 month 15
+ days 2 hours"<br />
+ ExpiresByType image/gif "modification plus 5 hours 3
+ minutes"
+</example>
+
+ <p>Note that if you use a modification date based setting, the
+ Expires header will <strong>not</strong> be added to content
+ that does not come from a file on disk. This is due to the fact
+ that there is no modification time for such content.</p>
+</section>
+
+<directivesynopsis>
+<name>ExpiresActive</name>
+<description>Enables generation of <code>Expires</code> headers</description>
+<syntax>ExpiresActive On|Off</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>This directive enables or disables the generation of the
+ <code>Expires</code> header for the document realm in question.
+ (That is, if found in an <code>.htaccess</code> file, for
+ instance, it applies only to documents generated from that
+ directory.) If set to <em><code>Off</code></em>, no
+ <code>Expires</code> header will be generated for any document
+ in the realm (unless overridden at a lower level, such as an
+ <code>.htaccess</code> file overriding a server config file).
+ If set to <em><code>On</code></em>, the header will be added to
+ served documents according to the criteria defined by the
+ <directive module="mod_expires">ExpiresByType</directive> and
+ <directive module="mod_expires">ExpiresDefault</directive> directives
+ (<em>q.v.</em>).</p>
+
+ <p>Note that this directive does not guarantee that an
+ <code>Expires</code> header will be generated. If the criteria
+ aren't met, no header will be sent, and the effect will be as
+ though this directive wasn't even specified.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ExpiresByType</name>
+<description>Value of the <code>Expires</code> header configured
+by MIME type</description>
+<syntax>ExpiresByType
+ <em>MIME-type <code>seconds</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>This directive defines the value of the <code>Expires</code>
+ header generated for documents of the specified type
+ (<em>e.g.</em>, <code>text/html</code>). The second argument
+ sets the number of seconds that will be added to a base time to
+ construct the expiration date.</p>
+
+ <p>The base time is either the last modification time of the
+ file, or the time of the client's access to the document. Which
+ should be used is specified by the
+ <code><em><code></em></code> field; <strong>M</strong>
+ means that the file's last modification time should be used as
+ the base time, and <strong>A</strong> means the client's access
+ time should be used.</p>
+
+ <p>The difference in effect is subtle. If <em>M</em> is used,
+ all current copies of the document in all caches will expire at
+ the same time, which can be good for something like a weekly
+ notice that's always found at the same URL. If <em>A</em> is
+ used, the date of expiration is different for each client; this
+ can be good for image files that don't change very often,
+ particularly for a set of related documents that all refer to
+ the same images (<em>i.e.</em>, the images will be accessed
+ repeatedly within a relatively short timespan).</p>
+
+ <p><strong>Example:</strong></p>
+<example>
+# enable expirations<br />
+ExpiresActive On<br />
+# expire GIF images after a month in the client's cache<br />
+ExpiresByType image/gif A2592000<br />
+# HTML documents are good for a week from the time they were changed<br />
+ExpiresByType text/html M604800
+</example>
+
+ <p>Note that this directive only has effect if
+ <code>ExpiresActive On</code> has been specified. It overrides,
+ for the specified MIME type <em>only</em>, any expiration date
+ set by the <directive module="mod_expires">ExpiresDefault</directive>
+ directive.</p>
+
+ <p>You can also specify the expiration time calculation using
+ an <a href="#AltSyn">alternate syntax</a>, described earlier in
+ this document.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ExpiresDefault</name>
+<description>Default algorithm for calculating expiration time</description>
+<syntax>ExpiresDefault <em><code>seconds</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context><context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>This directive sets the default algorithm for calculating the
+ expiration time for all documents in the affected realm. It can be
+ overridden on a type-by-type basis by the <directive
+ module="mod_expires">ExpiresByType</directive> directive. See the
+ description of that directive for details about the syntax of the
+ argument, and the <a href="#AltSyn">alternate syntax</a>
+ description as well.</p>
+</usage>
+</directivesynopsis>
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_ext_filter</name>
+<description>Pass the response body
+ through an external program before delivery to the
+ client</description>
+<status>Experimental</status>
+<sourcefile>mod_ext_filter.c</sourcefile>
+<identifier>ext_filter_module</identifier>
+
+<summary>
+ <p>This is an <strong>experimental</strong> module and should
+ be used with care. Test your <module>mod_ext_filter</module>
+ configuration carefully to ensure that it performs the desired
+ function. You may wish to review <a href="../filter.html">
+ this information</a> for background on the Apache filtering
+ model.</p>
+
+ <p><module>mod_ext_filter</module> presents a simple and familiar
+ programming model for filters. With this module, a program
+ which reads from stdin and writes to stdout (i.e., a Unix-style
+ filter command) can be a filter for Apache. This filtering
+ mechanism is much slower than using a filter which is specially
+ written for the Apache API and runs inside of the Apache server
+ process, but it does have the following benefits:</p>
+
+ <ul>
+ <li>the programming model is much simpler</li>
+
+ <li>any programming/scripting language can be used, provided
+ that it allows the program to read from standard input and
+ write to standard output</li>
+
+ <li>existing programs can be used unmodified as Apache
+ filters</li>
+ </ul>
+
+ <p>Even when the performance characteristics are not suitable
+ for production use, <code>mod_ext_filter</code> can be used as
+ a prototype environment for filters.</p>
+</summary>
+
+<section><title>Examples</title>
+
+<section><title>Generating HTML from some other type of response</title>
+<example>
+<pre>
+ # mod_ext_filter directive to define a filter to HTML-ize text/c files
+ # using the external program /usr/bin/enscript, with the type of the
+ # result set to text/html
+ ExtFilterDefine c-to-html mode=output intype=text/c outtype=text/html \
+ cmd="/usr/bin/enscript --color -W html -Ec -o - -"
+
+ <Directory "/export/home/trawick/apacheinst/htdocs/c">
+
+ # core directive to cause the new filter to be run on output
+ SetOutputFilter c-to-html
+
+ # mod_mime directive to set the type of .c files to text/c
+ AddType text/c .c
+
+ # mod_ext_filter directive to set the debug level just high
+ # enough to see a log message per request showing the configuration
+ # in force
+ ExtFilterOptions DebugLevel=1
+
+ </Directory>
+</pre>
+</example>
+</section>
+
+<section><title>Implementing a content encoding filter</title>
+<example>
+<pre>
+ # mod_ext_filter directive to define the external filter
+ ExtFilterDefine gzip mode=output cmd=/bin/gzip
+
+ <Location /gzipped>
+
+ # core directive to cause the gzip filter to be run on output
+ SetOutputFilter gzip
+
+ # mod_header directive to add "Content-Encoding: gzip" header field
+ Header set Content-Encoding gzip
+
+ </Location>
+</pre>
+</example>
+
+ <p>Note: this gzip example is just for the purposes of illustration.
+ Please refer to <module>mod_deflate</module> for a practical
+ implementation.</p>
+</section>
+
+<section><title>Slowing down the server</title>
+<example>
+<pre>
+ # mod_ext_filter directive to define a filter which runs everything
+ # through cat; cat doesn't modify anything; it just introduces extra
+ # pathlength and consumes more resources
+ ExtFilterDefine slowdown mode=output cmd=/bin/cat preservescontentlength
+
+ <Location />
+
+ # core directive to cause the slowdown filter to be run several times on
+ # output
+ SetOutputFilter slowdown slowdown slowdown
+
+ </Location>
+</pre>
+</example>
+</section>
+
+</section> <!-- Examples -->
+
+<directivesynopsis>
+<name>ExtFilterDefine</name>
+<syntax>ExtFilterDefine <em>filtername</em> <em>parameters</em></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>ExtFilterDefine</directive> directive defines the
+ characteristics of an external filter, including the program to
+ run and its arguments.</p>
+
+ <p><em>filtername</em> specifies the name of the filter being
+ defined. This name can then be used in SetOutputFilter
+ directives. It must be unique among all registered filters.
+ <em>At the present time, no error is reported by the
+ register-filter API, so a problem with duplicate names isn't
+ reported to the user.</em></p>
+
+ <p>Subsequent parameters can appear in any order and define the
+ external command to run and certain other characteristics. The
+ only required parameter is <em>cmd=</em>. These parameters
+ are:</p>
+
+ <dl>
+ <dt>cmd=<em>cmdline</em></dt>
+
+ <dd>The <code>cmd=</code> keyword allows you to specify the
+ external command to run. If there are arguments after the
+ program name, the command line should be surrounded in
+ quotation marks.</dd>
+
+ <dt>mode=<em>mode</em></dt>
+
+ <dd><em>mode</em> should be <em>output</em> for now (the
+ default). In the future, <em>mode=input</em> will be used to
+ specify a filter for request bodies.</dd>
+
+ <dt>intype=<em>imt</em></dt>
+
+ <dd>This parameter specifies the internet media type (i.e.,
+ MIME type) of documents which should be filtered. By default,
+ all documents are filtered. If <code>intype=</code> is
+ specified, the filter will be disabled for documents of other
+ types.</dd>
+
+ <dt>outtype=<em>imt</em></dt>
+
+ <dd>This parameter specifies the internet media type (i.e.,
+ MIME type) of filtered documents. It is useful when the
+ filter changes the internet media type as part of the
+ filtering operation. By default, the internet media type is
+ unchanged.</dd>
+
+ <dt>PreservesContentLength</dt>
+
+ <dd>The <code>PreservesContentLength</code> keyword specifies
+ that the filter preserves the content length. This is not the
+ default, as most filters change the content length. In the
+ event that the filter doesn't modify the length, this keyword
+ should be specified.</dd>
+ </dl>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ExtFilterOptions</name>
+<syntax>ExtFilterOptions
+ <em>option</em> [<em>option</em>] ...</syntax>
+<default>ExtFilterOptions DebugLevel=0 NoLogStderr</default>
+<contextlist><context>directory</context></contextlist>
+
+<usage>
+ <p>The <directive>ExtFilterOptions</directive> directive specifies
+ special processing options for <code>mod_ext_filter</code>.
+ <em>Option</em> can be one of</p>
+
+ <dl>
+ <dt>DebugLevel=<em>n</em></dt>
+
+ <dd>
+ The <code>DebugLevel</code> keyword allows you to specify
+ the level of debug messages generated by
+ <code>mod_ext_filter</code>. By default, no debug messages
+ are generated. This is equivalent to
+ <code>DebugLevel=0</code>. With higher numbers, more debug
+ messages are generated, and server performance will be
+ degraded. The actual meanings of the numeric values are
+ described with the definitions of the DBGLVL_ constants
+ near the beginning of <code>mod_ext_filter.c</code>.
+
+ <p>Note: The core directive LogLevel should be used to
+ cause debug messages to be stored in the Apache error
+ log.</p>
+ </dd>
+
+ <dt>LogStderr | NoLogStderr</dt>
+
+ <dd>The <code>LogStderr</code> keyword specifies that
+ messages written to standard error by the external filter
+ program will be saved in the Apache error log.
+ <code>NoLogStderr</code> disables this feature.</dd>
+ </dl>
+
+ <p>Example:</p>
+<example>
+ ExtFilterOptions LogStderr DebugLevel=0
+</example>
+
+ <p>Messages written to the filter's standard error will be stored
+ in the Apache error log. No debug messages will be generated by
+ <module>mod_ext_filter</module>. </p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_file_cache</name>
+<description>Caches a static list of files in memory</description>
+<status>Experimental</status>
+<sourcefile>mod_file_cache.c</sourcefile>
+<identifier>file_cache_module</identifier>
+
+<summary>
+
+<note type="warning">
+This module should be used with care. You can easily
+ create a broken site using mod_file_cache, so read this
+ document carefully.
+</note>
+
+ <p><em>Caching</em> frequently requested files that change very
+ infrequently is a technique for reducing server load.
+ mod_file_cache provides two techniques for caching frequently
+ requested <em>static</em> files. Through configuration
+ directives, you can direct mod_file_cache to either open then
+ mmap()a file, or to pre-open a file and save the file's open
+ <em>file handle</em>. Both techniques reduce server load when
+ processing requests for these files by doing part of the work
+ (specifically, the file I/O) for serving the file when the
+ server is started rather than during each request.</p>
+
+ <p>Notice: You cannot use this for speeding up CGI programs or
+ other files which are served by special content handlers. It
+ can only be used for regular files which are usually served by
+ the Apache core content handler.</p>
+
+ <p>This module is an extension of and borrows heavily from the
+ mod_mmap_static module in Apache 1.3.</p>
+</summary>
+
+<section><title>Using mod_file_cache</title>
+
+ <p><module>mod_file_cache</module> caches a list of statically
+ configured files via <directive
+ module="mod_file_cache">MMapFile</directive> or <directive
+ module="mod_file_cache">CacheFile</directive> directives in the
+ main server configuration.</p>
+
+ <p>Not all platforms support both directives. For example, Apache
+ on Windows does not currently support the <directive
+ module="mod_file_cache">MMapStatic</directive> directive, while
+ other platforms, like AIX, support both. You will receive an error
+ message in the server error log if you attempt to use an
+ unsupported directive. If given an unsupported directive, the
+ server will start but the file will not be cached. On platforms
+ that support both directives, you should experiment with both to
+ see which works best for you.</p>
+
+<section><title>MmapFile Directive</title>
+
+ <p>The <directive module="mod_file_cache">MmapFile</directive>
+ directive of <module>mod_file_cache</module> maps a list of
+ statically configured files into memory through the system call
+ <code>mmap()</code>. This system call is available on most modern
+ Unix derivates, but not on all. There are sometimes
+ system-specific limits on the size and number of files that can be
+ mmap()d, experimentation is probably the easiest way to find
+ out.</p>
+
+ <p>This mmap()ing is done once at server start or restart,
+ only. So whenever one of the mapped files changes on the
+ filesystem you <em>have</em> to restart the server (see the <a
+ href="../stopping.html">Stopping and Restarting</a>
+ documentation). To reiterate that point: if the files are
+ modified <em>in place</em> without restarting the server you
+ may end up serving requests that are completely bogus. You
+ should update files by unlinking the old copy and putting a new
+ copy in place. Most tools such as <code>rdist</code> and
+ <code>mv</code> do this. The reason why this modules doesn't
+ take care of changes to the files is that this check would need
+ an extra <code>stat()</code> every time which is a waste and
+ against the intent of I/O reduction.</p>
+</section>
+
+<section><title>CacheFile Directive</title>
+
+ <p>The <directive module="mod_file_cache">CacheFile</directive>
+ directive of <module>mod_file_cache</module> opens an active
+ <em>handle</em> or <em>file descriptor</em> to the file (or files)
+ listed in the configuration directive and places these open file
+ handles in the cache. When the file is requested, the server
+ retrieves the handle from the cache and passes it to the
+ sendfile() (or TransmitFile() on Windows), socket API.</p>
+
+ <p>Insert more details about sendfile API...</p>
+
+ <p>This file handle caching is done once at server start or
+ restart, only. So whenever one of the cached files changes on
+ the filesystem you <em>have</em> to restart the server (see the
+ <a href="../stopping.html">Stopping and Restarting</a>
+ documentation). To reiterate that point: if the files are
+ modified <em>in place</em> without restarting the server you
+ may end up serving requests that are completely bogus. You
+ should update files by unlinking the old copy and putting a new
+ copy in place. Most tools such as <code>rdist</code> and
+ <code>mv</code> do this.</p>
+</section>
+
+<note><title>Note</title> Don't bother asking for a for a
+ directive which recursively caches all the files in a
+ directory. Try this instead... See the
+ <directive module="core">Include</directive> directive, and consider
+ this command:
+<example>
+ find /www/htdocs -type f -print \ <br />
+ | sed -e 's/.*/mmapfile &/' > /www/conf/mmap.conf
+</example>
+</note>
+
+</section>
+
+<directivesynopsis>
+<name>MMapFile</name>
+<syntax>MMapFile <em>file-path</em> [<em>file-path</em>] ...</syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>MMapFile</directive> directive maps one or more files
+ (given as whitespace separated arguments) into memory at server
+ startup time. They are automatically unmapped on a server
+ shutdown. When the files have changed on the filesystem at
+ least a HUP or USR1 signal should be send to the server to
+ re-mmap them.</p>
+
+ <p>Be careful with the <em>file-path</em> arguments: They have
+ to literally match the filesystem path Apache's URL-to-filename
+ translation handlers create. We cannot compare inodes or other
+ stuff to match paths through symbolic links <em>etc.</em>
+ because that again would cost extra <code>stat()</code> system
+ calls which is not acceptable. This module may or may not work
+ with filenames rewritten by <module>mod_alias</module> or
+ <module>mod_rewrite</module>.</p>
+
+<example><title>Example</title>
+ MMapFile /usr/local/apache/htdocs/index.html
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>CacheFile</name>
+<syntax>CacheFile
+ <em>file-path</em> [<em>file-path</em>] ...</syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>CacheFile</directive> directive opens handles to
+ one or more files (given as whitespace separated arguments) and
+ places these handles into the cache at server startup
+ time. Handles to cached files are automatically closed on a server
+ shutdown. When the files have changed on the filesystem, the
+ server should be restarted to to re-cache them.</p>
+
+ <p>Be careful with the <em>file-path</em> arguments: They have
+ to literally match the filesystem path Apache's URL-to-filename
+ translation handlers create. We cannot compare inodes or other
+ stuff to match paths through symbolic links <em>etc.</em>
+ because that again would cost extra <code>stat()</code> system
+ calls which is not acceptable. This module may or may not work
+ with filenames rewritten by <module>mod_alias</module> or
+ <module>mod_rewrite</module>.</p>
+
+<example><title>Example</title>
+ CacheFile /usr/local/apache/htdocs/index.html
+</example>
+</usage>
+
+</directivesynopsis>
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_headers</name>
+<description>Customization of HTTP request
+ and response headers</description>
+<status>Extension</status>
+<sourcefile>mod_headers.c</sourcefile>
+<identifier>headers_module</identifier>
+<compatibility>RequestHeader is available only in Apache 2.0</compatibility>
+
+<summary>
+ <p>This module provides directives to control and modify HTTP
+ request and response headers. Headers can be merged, replaced
+ or removed.</p>
+</summary>
+
+<section><title>Order of Processing</title>
+
+ <p>The directives provided by mod_header can occur almost
+ anywhere within the server configuration. They are valid in the
+ main server config and virtual host sections, inside
+ <Directory>, <Location> and <Files> sections,
+ and within .htaccess files.</p>
+
+ <p>The directives are processed in the following order:</p>
+
+ <ol>
+ <li>main server</li>
+
+ <li>virtual host</li>
+
+ <li><Directory> sections and .htaccess</li>
+
+ <li><Location></li>
+
+ <li><Files></li>
+ </ol>
+
+ <p>Order is important. These two headers have a different
+ effect if reversed:</p>
+
+<example>
+RequestHeader append MirrorID "mirror 12"<br />
+ RequestHeader unset MirrorID
+</example>
+
+ <p>This way round, the MirrorID header is not set. If reversed,
+ the MirrorID header is set to "mirror 12".</p>
+</section>
+
+<section><title>Example</title>
+
+ <ol>
+ <li>Copy all request headers that begin with "TS" to the
+ response headers:
+
+<example>
+ Header echo ^TS*
+</example></li>
+
+ <li>Add a header, MyHeader, to the response including a
+ timestamp for when the request was received and how long it
+ took to begin serving the request. This header can be used by
+ the client to intuit load on the server or in isolating
+ bottlenecks between the client and the server.
+
+<example>
+ Header add MyHeader "%D %t"
+</example>
+ results in this header being added to the response:
+<example>
+ MyHeader: D=3775428 t=991424704447256
+</example>
+ </li>
+
+ <li>Say hello to Joe
+
+<example>
+ Header add MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request."
+</example>
+ results in this header being added to the response:
+<example>
+ MyHeader: Hello Joe. It took D=3775428 microseconds for Apache to serve this request.
+</example>
+ </li>
+
+ <li>Conditionally send MyHeader on the response if and only
+ if header "MyRequestHeader" is present on the request. This
+ is useful for constructing headers in response to some client
+ stimulus. Note that this example requires the services of the
+ mod_setenvif module.
+
+<example>
+ SetEnvIf MyRequestHeader value HAVE_MyRequestHeader<br />
+ Header add MyHeader "%D %t mytext" env=HAVE_MyRequestHeader
+</example>
+ If the header "MyRequestHeader: value" is present on the
+ HTTP request, the response will contain the following
+ header:
+<example>
+ MyHeader: D=3775428 t=991424704447256 mytext
+</example>
+ </li>
+ </ol>
+</section>
+
+<directivesynopsis>
+<name>RequestHeader</name>
+<description>Configure HTTP request headers</description>
+<syntax>RequestHeader set|append|add|unset <em>header</em>
+[<em>value</em>]</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>This directive can replace, merge or remove HTTP request
+ headers. The header is modified just before the content handler
+ is run, allowing incoming headers to be modified. The action it
+ performs is determined by the first argument. This can be one
+ of the following values:</p>
+
+ <ul>
+ <li><strong>set</strong><br />
+ The request header is set, replacing any previous header
+ with this name</li>
+
+ <li><strong>append</strong><br />
+ The request header is appended to any existing header of the
+ same name. When a new value is merged onto an existing header
+ it is separated from the existing header with a comma. This
+ is the HTTP standard way of giving a header multiple
+ values.</li>
+
+ <li><strong>add</strong><br />
+ The request header is added to the existing set of headers,
+ even if this header already exists. This can result in two
+ (or more) headers having the same name. This can lead to
+ unforeseen consequences, and in general "append" should be
+ used instead.</li>
+
+ <li><strong>unset</strong><br />
+ The request header of this name is removed, if it exists. If
+ there are multiple headers of the same name, all will be
+ removed.</li>
+ </ul>
+
+ <p>This argument is followed by a header name, which can
+ include the final colon, but it is not required. Case is
+ ignored. For <code>add</code>, <code>append</code> and
+ <code>set</code> a value is given as the third argument. If
+ this value contains spaces, it should be surrounded by double
+ quotes. For unset, no value should be given.</p>
+
+ <p>The <directive>RequestHeader</directive> directive is processed
+ just before the request is run by its handler in the fixup phase.
+ This should allow headers generated by the browser, or by Apache
+ input filters to be overridden or modified.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>Header</name>
+<description>Configure HTTP response headers</description>
+<syntax>Header set|append|add|unset|echo <em>header</em>
+[<em>value</em>]</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>This directive can replace, merge or remove HTTP response
+ headers. The header is modified just after the content handler
+ and output filters are run, allowing outgoing headers to be
+ modified. The action it performs is determined by the first
+ argument. This can be one of the following values:</p>
+
+ <ul>
+ <li><strong>set</strong><br />
+ The response header is set, replacing any previous header
+ with this name. The <em>value</em> may be a format
+ string.</li>
+
+ <li><strong>append</strong><br />
+ The response header is appended to any existing header of
+ the same name. When a new value is merged onto an existing
+ header it is separated from the existing header with a comma.
+ This is the HTTP standard way of giving a header multiple
+ values.</li>
+
+ <li><strong>add</strong><br />
+ The response header is added to the existing set of headers,
+ even if this header already exists. This can result in two
+ (or more) headers having the same name. This can lead to
+ unforeseen consequences, and in general "append" should be
+ used instead.</li>
+
+ <li><strong>unset</strong><br />
+ The response header of this name is removed, if it exists.
+ If there are multiple headers of the same name, all will be
+ removed.</li>
+
+ <li><strong>echo</strong><br />
+ Request headers with this name are echoed back in the
+ response headers. <em>header</em> may be a regular
+ expression.</li>
+ </ul>
+
+ <p>This argument is followed by a <em>header</em> name, which
+ can include the final colon, but it is not required. Case is
+ ignored for set, append, add and unset. The <em>header</em>
+ name for echo is case sensitive and may be a regular
+ expression.</p>
+
+ <p>For <code>add</code>, <code>append</code> and
+ <code>set</code> a <em>value</em> is specified as the third
+ argument. If <em>value</em> contains spaces, it should be
+ surrounded by doublequotes. <em>value</em> may be a character
+ string, a string containing format specifiers or a combination
+ of both. The following format specifiers are supported in
+ <em>value</em>:</p>
+<table>
+<tr><td>%t: </td> <td>The time the request was received in Universal
+Coordinated Time since the epoch (Jan. 1, 1970) measured in
+microseconds. The value is preceded by "t=".</td></tr>
+
+<tr><td>%D: </td> <td>The time from when the request was received to
+the time the headers are sent on the wire. This is a measure of the
+duration of the request. The value is preceded by "D=".</td></tr>
+
+<tr><td>%{FOOBAR}e:</td> <td>The contents of the <a href="../env.html">environment
+variable</a> FOOBAR.</td></tr>
+</table>
+
+ <p>When the <directive>Header</directive> directive is used with the
+ <code>add</code>, <code>append</code>, or <code>set</code>
+ argument, a fourth argument may be used to specify conditions
+ under which the action will be taken. If the <a
+ href="../env.html">environment variable</a> specified in the
+ <code>env=...</code> argument exists (or if the environment
+ variable does not exist and <code>env=!...</code> is specified)
+ then the action specified by the <directive>Header</directive> directive
+ will take effect. Otherwise, the directive will have no effect
+ on the request.</p>
+
+ <p>The Header directives are processed just before the response
+ is sent to the network. These means that it is possible to set
+ and/or override most headers, except for those headers added by
+ the header filter.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_imap</name>
+<description>Server-side imagemap processing</description>
+<status>Base</status>
+<sourcefile>mod_imap.c</sourcefile>
+<identifier>imap_module</identifier>
+
+<summary>
+ <p>This module processes <code>.map</code> files, thereby
+ replacing the functionality of the <code>imagemap</code> CGI
+ program. Any directory or document type configured to use the
+ handler <code>imap-file</code> (using either
+ <directive module="mod_mime">AddHandler</directive> or
+ <directive module="core">SetHandler</directive>)
+ will be processed by this module.</p>
+
+ <p>The following directive will activate files ending with
+ <code>.map</code> as imagemap files:</p>
+
+<example>AddHandler imap-file map</example>
+
+ <p>Note that the following is still supported:</p>
+
+<example>AddType application/x-httpd-imap map</example>
+
+ <p>However, we are trying to phase out "magic MIME types" so we
+ are deprecating this method.</p>
+</summary>
+
+<section><title>New Features</title>
+
+ <p>The imagemap module adds some new features that were not
+ possible with previously distributed imagemap programs.</p>
+
+ <ul>
+ <li>URL references relative to the Referer: information.</li>
+
+ <li>Default <BASE> assignment through a new map
+ directive <code>base</code>.</li>
+
+ <li>No need for <code>imagemap.conf</code> file.</li>
+
+ <li>Point references.</li>
+
+ <li>Configurable generation of imagemap menus.</li>
+ </ul>
+</section>
+
+<section><title>Imagemap File</title>
+
+ <p>The lines in the imagemap files can have one of several
+ formats:</p>
+
+<example>
+ directive value [x,y ...]<br />
+ directive value "Menu text" [x,y ...]<br />
+ directive value x,y ... "Menu text"
+</example>
+ <p>The directive is one of <code>base</code>,
+ <code>default</code>, <code>poly</code>, <code>circle</code>,
+ <code>rect</code>, or <code>point</code>. The value is an
+ absolute or relative URL, or one of the special values listed
+ below. The coordinates are <code>x,y</code> pairs separated by
+ whitespace. The quoted text is used as the text of the link if
+ a imagemap menu is generated. Lines beginning with '#' are
+ comments.</p>
+
+<section><title>Imagemap File Directives</title>
+ <p>There are six directives allowed in the imagemap file. The
+ directives can come in any order, but are processed in the
+ order they are found in the imagemap file.</p>
+
+ <dl>
+ <dt><code>base</code> Directive</dt>
+
+ <dd>Has the effect of <code><BASE HREF="value"></code>.
+ The non-absolute URLs of the map-file are taken relative to
+ this value. The <code>base</code> directive overrides
+ ImapBase as set in a .htaccess file or in the server
+ configuration files. In the absence of an ImapBase
+ configuration directive, <code>base</code> defaults to
+ <code>http://server_name/</code>.<br />
+ <code>base_uri</code> is synonymous with <code>base</code>.
+ Note that a trailing slash on the URL is significant.</dd>
+
+ <dt><code>default</code> Directive</dt>
+
+ <dd>The action taken if the coordinates given do not fit any
+ of the <code>poly</code>, <code>circle</code> or
+ <code>rect</code> directives, and there are no
+ <code>point</code> directives. Defaults to
+ <code>nocontent</code> in the absence of an ImapDefault
+ configuration setting, causing a status code of <code>204 No
+ Content</code> to be returned. The client should keep the
+ same page displayed.</dd>
+
+ <dt><code>poly</code> Directive</dt>
+
+ <dd>Takes three to one-hundred points, and is obeyed if the
+ user selected coordinates fall within the polygon defined by
+ these points.</dd>
+
+ <dt><code>circle</code></dt>
+
+ <dd>Takes the center coordinates of a circle and a point on
+ the circle. Is obeyed if the user selected point is with the
+ circle.</dd>
+
+ <dt><code>rect</code> Directive</dt>
+
+ <dd>Takes the coordinates of two opposing corners of a
+ rectangle. Obeyed if the point selected is within this
+ rectangle.</dd>
+
+ <dt><code>point</code> Directive</dt>
+
+ <dd>Takes a single point. The point directive closest to the
+ user selected point is obeyed if no other directives are
+ satisfied. Note that <code>default</code> will not be
+ followed if a <code>point</code> directive is present and
+ valid coordinates are given.</dd>
+ </dl>
+</section>
+
+<section><title>Values</title>
+
+ <p>The values for each of the directives can any of the following:</p>
+
+
+ <dl>
+ <dt>a URL</dt>
+
+ <dd>The URL can be relative or absolute URL. Relative URLs
+ can contain '..' syntax and will be resolved relative to the
+ <code>base</code> value.<br />
+ <code>base</code> itself will not resolved according to the
+ current value. A statement <code>base mailto:</code> will
+ work properly, though.</dd>
+
+ <dt><code>map</code></dt>
+
+ <dd>Equivalent to the URL of the imagemap file itself. No
+ coordinates are sent with this, so a menu will be generated
+ unless ImapMenu is set to 'none'.</dd>
+
+ <dt><code>menu</code></dt>
+
+ <dd>Synonymous with <code>map</code>.</dd>
+
+ <dt><code>referer</code></dt>
+
+ <dd>Equivalent to the URL of the referring document. Defaults
+ to <code>http://servername/</code> if no Referer: header was
+ present.</dd>
+
+ <dt><code>nocontent</code></dt>
+
+ <dd>Sends a status code of <code>204 No Content</code>,
+ telling the client to keep the same page displayed. Valid for
+ all but <code>base</code>.</dd>
+
+ <dt><code>error</code></dt>
+
+ <dd>Fails with a <code>500 Server Error</code>. Valid for all
+ but <code>base</code>, but sort of silly for anything but
+ <code>default</code>.</dd>
+ </dl>
+</section>
+
+<section><title>Coordinates</title>
+
+ <dl>
+ <dt><code>0,0 200,200</code></dt>
+
+ <dd>A coordinate consists of an <code>x</code> and a <code>y</code>
+ value separated by a comma. The coordinates are separated
+ from each other by whitespace. To accommodate the way Lynx
+ handles imagemaps, should a user select the coordinate
+ <code>0,0</code>, it is as if no coordinate had been
+ selected.</dd>
+ </dl>
+
+</section>
+
+<section><title>Quoted Text</title>
+
+ <dl>
+ <dt><code>"Menu Text"</code></dt>
+
+ <dd>After the value or after the coordinates, the line
+ optionally may contain text within double quotes. This string
+ is used as the text for the link if a menu is
+ generated:<br />
+ <code><a HREF="http://foo.com/">Menu
+ text</a></code><br />
+ If no quoted text is present, the name of the link will be
+ used as the text:<br />
+ <code><a
+ HREF="http://foo.com/">http://foo.com</a></code><br />
+ It is impossible to escape double quotes within this
+ text.</dd>
+ </dl>
+</section>
+</section>
+
+<section><title>Example Mapfile</title>
+
+<example>
+ #Comments are printed in a 'formatted' or
+ 'semiformatted' menu.<br />
+ #And can contain html tags. <hr><br />
+ base referer<br />
+ poly map "Could I have a menu, please?" 0,0 0,10 10,10
+ 10,0<br />
+ rect .. 0,0 77,27 "the directory of the referer"<br />
+ circle http://www.inetnebr.com/lincoln/feedback/ 195,0
+ 305,27<br />
+ rect another_file "in same directory as referer" 306,0
+ 419,27<br />
+ point http://www.zyzzyva.com/ 100,100<br />
+ point http://www.tripod.com/ 200,200<br />
+ rect mailto:nate@tripod.com 100,150 200,0 "Bugs?"<br />
+</example>
+
+</section>
+
+<section><title>Referencing your mapfile</title>
+
+<example>
+ <A HREF="/maps/imagemap1.map"><br />
+ <IMG ISMAP SRC="/images/imagemap1.gif"><br />
+ </A>
+</example>
+</section>
+
+<directivesynopsis>
+<name>ImapMenu</name>
+<description>Action if no coordinates are given when calling
+an imagemap</description>
+<syntax>ImapMenu
+ none|formatted|semiformatted|unformatted</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>ImapMenu</directive> directive determines the
+ action taken if an imagemap file is called without valid
+ coordinates.</p>
+
+ <dl>
+ <dt><code>none</code></dt>
+
+ <dd>If ImapMenu is <code>none</code>, no menu is generated,
+ and the <code>default</code> action is performed.</dd>
+
+ <dt><code>formatted</code></dt>
+
+ <dd>A <code>formatted</code> menu is the simplest menu.
+ Comments in the imagemap file are ignored. A level one header
+ is printed, then an hrule, then the links each on a separate
+ line. The menu has a consistent, plain look close to that of
+ a directory listing.</dd>
+
+ <dt><code>semiformatted</code></dt>
+
+ <dd>In the <code>semiformatted</code> menu, comments are
+ printed where they occur in the imagemap file. Blank lines
+ are turned into HTML breaks. No header or hrule is printed,
+ but otherwise the menu is the same as a
+ <code>formatted</code> menu.</dd>
+
+ <dt><code>unformatted</code></dt>
+
+ <dd>Comments are printed, blank lines are ignored. Nothing is
+ printed that does not appear in the imagemap file. All breaks
+ and headers must be included as comments in the imagemap
+ file. This gives you the most flexibility over the appearance
+ of your menus, but requires you to treat your map files as
+ HTML instead of plaintext.</dd>
+ </dl>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ImapDefault</name>
+<description>Default action when an imagemap is called with coordinates
+that are not explicitly mapped</description>
+<syntax>ImapDefault error|nocontent|map|referer|<em>URL</em></syntax>
+<default>ImapDefault nocontent</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>ImapDefault</directive> directive sets the default
+ <code>default</code> used in the imagemap files. Its value is
+ overridden by a <code>default</code> directive within the
+ imagemap file. If not present, the <code>default</code> action
+ is <code>nocontent</code>, which means that a <code>204 No
+ Content</code> is sent to the client. In this case, the client
+ should continue to display the original page.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ImapBase</name>
+<description>Default <code>base</code> for imagemap files</description>
+<syntax>ImapBase map|referer|<em>URL</em></syntax>
+<default>ImapBase http://servername/</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>Indexes</override>
+
+<usage>
+ <p>The <directive>ImapBase</directive> directive sets the default
+ <code>base</code> used in the imagemap files. Its value is
+ overridden by a <code>base</code> directive within the imagemap
+ file. If not present, the <code>base</code> defaults to
+ <code>http://servername/</code>.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_include</name>
+<status>Base</status>
+<identifier>include_module</identifier>
+<source>mod_include.c</source>
+<compatibility></compatibility>
+<description>This module provides for server-parsed html
+documents.</description>
+
+<summary>
+
+ <p>This module provides a filter which will process files
+ before they are sent to the client. The processing is
+ controlled by specially formated SGML comments, referred to as
+ <em>elements</em>. These elements allow conditional text, the
+ inclusion other files or programs, as well as the setting and
+ printing of environment variables.</p>
+
+ <seealso><strong>See also</strong>:
+ <directive module="core">Options</directive>,
+ <directive module="core">SetOutputFilter</directive>
+ and <directive module="core">AcceptPathInfo</directive>.</seealso>
+
+</summary>
+
+<section id="enabling">
+ <title>Enabling Server-Side Includes</title>
+
+ <p>Server Side Includes are implemented by the
+ <code>INCLUDES</code> <a href="../filter.html">filter</a>. If
+ documents containing server-side include directives are given
+ the extension .shtml, the following directives will make Apache
+ parse them and assign the resulting document the mime type of
+ <code>text/html</code>:</p>
+
+ <example>
+ AddType text/html .shtml<br />
+ AddOutputFilter INCLUDES .shtml
+ </example>
+
+ <p>The following directive must be given for the directories
+ containing the shtml files (typically in a
+ <code><Directory></code> section, but this directive is
+ also valid .htaccess files if <code>AllowOverride
+ Options</code> is set):</p>
+
+ <example>
+ Options +Includes
+ </example>
+
+ <p>For backwards compatibility, the <code>server-parsed</code>
+ <a href="../handler.html">handler</a> also activates the
+ INCLUDES filter. As well, Apache will activate the INCLUDES
+ filter for any document with mime type
+ <code>text/x-server-parsed-html</code> or
+ <code>text/x-server-parsed-html3</code> (and the resulting
+ output will have the mime type <code>text/html</code>).</p>
+
+ <p>For more information, see our <a
+ href="../howto/ssi.html">Tutorial on Server Side
+ Includes</a>.</p>
+</section>
+
+<section id="basic">
+ <title>Basic Elements</title>
+ <p>The document is parsed as an HTML document, with special
+ commands embedded as SGML comments. A command has the syntax: </p>
+
+ <example>
+ <code><!--#</code><em>element attribute=value
+ attribute=value ...</em> <code>--></code>
+ </example>
+
+ <p>The value will often be enclosed in double quotes; many
+ commands only allow a single attribute-value pair. Note that
+ the comment terminator (<samp>--></samp>) should be preceded
+ by whitespace to ensure that it isn't considered part of an SSI
+ token. </p>
+
+ <p>The allowed elements are:</p>
+
+ <dl>
+ <dt><strong>config</strong></dt>
+
+ <dd>
+ This command controls various aspects of the parsing. The
+ valid attributes are:
+
+ <dl>
+ <dt><strong>errmsg</strong></dt>
+
+ <dd>The value is a message that is sent back to the
+ client if an error occurs whilst parsing the
+ document.</dd>
+
+ <dt><strong>sizefmt</strong></dt>
+
+ <dd>The value sets the format to be used which displaying
+ the size of a file. Valid values are <code>bytes</code>
+ for a count in bytes, or <code>abbrev</code> for a count
+ in Kb or Mb as appropriate.</dd>
+
+ <dt><strong>timefmt</strong></dt>
+
+ <dd>The value is a string to be used by the
+ <code>strftime(3)</code> library routine when printing
+ dates.</dd>
+ </dl>
+ </dd>
+
+ <dt><strong><a id="echo" name="echo">echo</a></strong></dt>
+
+ <dd>
+ This command prints one of the <a href="#includevars">include
+ variables</a>, defined
+ below. If the variable is unset, it is printed as
+ <code>(none)</code>. Any dates printed are subject to the
+ currently configured <code>timefmt</code>. Attributes:
+
+ <dl>
+ <dt><strong>var</strong></dt>
+
+ <dd>The value is the name of the variable to print.</dd>
+
+ <dt><strong>encoding</strong></dt>
+
+ <dd>Specifies how Apache should encode special characters
+ contained in the variable before outputting them. If set
+ to "none", no encoding will be done. If set to "url",
+ then URL encoding (also known as %-encoding; this is
+ appropriate for use within URLs in links, etc.) will be
+ performed. At the start of an <code>echo</code> element,
+ the default is set to "entity", resulting in entity
+ encoding (which is appropriate in the context of a
+ block-level HTML element, eg. a paragraph of text). This
+ can be changed by adding an <code>encoding</code>
+ attribute, which will remain in effect until the next
+ <code>encoding</code> attribute is encountered or the
+ element ends, whichever comes first. Note that the
+ <code>encoding</code> attribute must <em>precede</em> the
+ corresponding <code>var</code> attribute to be effective,
+ and that only special characters as defined in the
+ ISO-8859-1 character encoding will be encoded. This
+ encoding process may not have the desired result if a
+ different character encoding is in use. Apache 1.3.12 and
+ above; previous versions do no encoding.</dd>
+ </dl>
+ </dd>
+
+ <dt><strong>exec</strong></dt>
+
+ <dd>
+ The exec command executes a given shell command or CGI
+ script. The IncludesNOEXEC <a
+ href="core.html#options">Option</a> disables this command
+ completely. The valid attributes are:
+
+ <dl>
+ <dt><strong>cgi</strong></dt>
+
+ <dd>
+ The value specifies a (%-encoded) URL relative path to
+ the CGI script. If the path does not begin with a (/),
+ then it is taken to be relative to the current
+ document. The document referenced by this path is
+ invoked as a CGI script, even if the server would not
+ normally recognize it as such. However, the directory
+ containing the script must be enabled for CGI scripts
+ (with <a
+ href="mod_alias.html#scriptalias">ScriptAlias</a> or
+ the ExecCGI <a href="core.html#options">Option</a>).
+
+ <p>The CGI script is given the PATH_INFO and query
+ string (QUERY_STRING) of the original request from the
+ client; these cannot be specified in the URL path. The
+ include variables will be available to the script in
+ addition to the standard <a href="mod_cgi.html">CGI</a>
+ environment.</p>
+
+ <p>For example:</p>
+
+ <code><!--#exec cgi="/cgi-bin/example.cgi" --></code>
+
+ <p>If the script returns a Location: header instead of
+ output, then this will be translated into an HTML
+ anchor.</p>
+
+ <p>The <code><a href="#includevirtual">include
+ virtual</a></code> element should be
+ used in preference to <code>exec cgi</code>. In particular,
+ if you need to pass additional arguments to a CGI program,
+ using the query string, this cannot be done with <code>exec
+ cgi</code>, but can be done with <code>include
+ virtual</code>, as shown here:</p>
+
+ <code><!--#include virtual="/cgi-bin/example.cgi?argument=value" --></code>
+ </dd>
+
+ <dt><strong>cmd</strong></dt>
+
+ <dd>
+ <p>The server will execute the given string using
+ <code>/bin/sh</code>. The <a
+ href="#includevars">include variables</a> are available
+ to the command, in addition to the usual set of CGI
+ variables.</p>
+
+ <p>The use of <code><a href="#includevirtual">#include
+ virtual</a></code> is almost always
+ prefered to using either <code>#exec cgi</code> or <code>#exec
+ cmd</code>. The former (<code>#include virtual</code>) used the
+ standard Apache sub-request mechanism to include files or
+ scripts. It is much better tested and maintained.</p>
+
+ <p>In addition, on some platforms, like Win32, and on unix
+ when using suexec, you cannot pass arguments to a command in
+ an <code>exec</code> directive, or otherwise include spaces in
+ the command. Thus, while the following will work under a
+ non-suexec configuration on unix, it will not produce the
+ desired result under Win32, or when running suexec:</p>
+
+ <code><!--#exec cmd="perl /path/to/perlscript arg1 arg2" --></code>
+
+ </dd>
+ </dl>
+ </dd>
+
+ <dt><strong>fsize</strong></dt>
+
+ <dd>
+ This command prints the size of the specified file, subject
+ to the <code>sizefmt</code> format specification.
+ Attributes:
+
+ <dl>
+ <dt><strong>file</strong></dt>
+
+ <dd>The value is a path relative to the directory
+ containing the current document being parsed.</dd>
+
+ <dt><strong>virtual</strong></dt>
+
+ <dd>The value is a (%-encoded) URL-path relative to the
+ current document being parsed. If it does not begin with
+ a slash (/) then it is taken to be relative to the
+ current document.</dd>
+ </dl>
+ </dd>
+
+ <dt><strong>flastmod</strong></dt>
+
+ <dd>This command prints the last modification date of the
+ specified file, subject to the <code>timefmt</code> format
+ specification. The attributes are the same as for the
+ <code>fsize</code> command.</dd>
+
+ <dt><strong>include</strong></dt>
+
+ <dd>
+ This command inserts the text of another document or file
+ into the parsed file. Any included file is subject to the
+ usual access control. If the directory containing the
+ parsed file has the <a href="core.html#options">Option</a>
+ IncludesNOEXEC set, and the including the document would
+ cause a program to be executed, then it will not be
+ included; this prevents the execution of CGI scripts.
+ Otherwise CGI scripts are invoked as normal using the
+ complete URL given in the command, including any query
+ string.
+
+ <p>An attribute defines the location of the document; the
+ inclusion is done for each attribute given to the include
+ command. The valid attributes are:</p>
+
+ <dl>
+ <dt><strong>file</strong></dt>
+
+ <dd>The value is a path relative to the directory
+ containing the current document being parsed. It cannot
+ contain <code>../</code>, nor can it be an absolute path.
+ Therefore, you cannot include files that are outside of the
+ document root, or above the current document in the directory
+ structure.
+ The <code>virtual</code> attribute should always be used
+ in preference to this one.</dd>
+
+ <dt><strong><a name="includevirtual">virtual</a></strong></dt>
+
+ <dd>
+ <p>The value is a (%-encoded) URL relative to the
+ current document being parsed. The URL cannot contain a
+ scheme or hostname, only a path and an optional query
+ string. If it does not begin with a slash (/) then it is
+ taken to be relative to the current document.</p>
+
+ <p>A URL is constructed from the attribute, and the output the
+ server would return if the URL were accessed by the client
+ is included in the parsed output. Thus included files can
+ be nested.</p>
+
+ <p>If the specified URL is a CGI program, the program will
+ be executed and its output inserted in place of the directive
+ in the parsed file. You may include a query string in a CGI
+ url:</p>
+
+ <code><!--#include virtual="/cgi-bin/example.cgi?argument=value" --></code>
+
+ <p><code>include virtual</code> should be used in preference
+ to <code>exec cgi</code> to include the output of CGI
+ programs into an HTML document.</p>
+ </dd>
+ </dl>
+ </dd>
+
+ <dt><strong>printenv</strong></dt>
+
+ <dd>
+ <p>This prints out a listing of all existing variables and
+ their values. Starting with Apache 1.3.12, special characters
+ are entity encoded (see the <a
+ href="#echo"><code>echo</code></a> element for details)
+ before being output. There are no attributes.</p>
+
+ <p>For example:</p>
+
+ <p><code><!--#printenv --></code></p>
+
+ <p>The <strong>printenv</strong> element is available only in
+ Apache 1.2 and above.</p>
+ </dd>
+ <dt><strong>set</strong></dt>
+
+ <dd>
+ This sets the value of a variable. Attributes:
+
+ <dl>
+ <dt><strong>var</strong></dt>
+
+ <dd>The name of the variable to set.</dd>
+
+ <dt><strong>value</strong></dt>
+
+ <dd>The value to give a variable.</dd>
+ </dl>
+ <p>
+ For example: <code><!--#set var="category" value="help"
+ --></code></p>
+
+ <p>The <strong>set</strong> element is available only in
+ Apache 1.2 and above.</p>
+ </dd>
+ </dl>
+</section>
+
+<section id="includevars">
+ <title>Include Variables</title>
+
+ In addition to the variables in the standard CGI environment,
+ these are available for the <code>echo</code> command, for
+ <code>if</code> and <code>elif</code>, and to any program
+ invoked by the document.
+
+ <dl>
+ <dt>DATE_GMT</dt>
+
+ <dd>The current date in Greenwich Mean Time.</dd>
+
+ <dt>DATE_LOCAL</dt>
+
+ <dd>The current date in the local time zone.</dd>
+
+ <dt>DOCUMENT_NAME</dt>
+
+ <dd>The filename (excluding directories) of the document
+ requested by the user.</dd>
+
+ <dt>DOCUMENT_URI</dt>
+
+ <dd>The (%-decoded) URL path of the document requested by the
+ user. Note that in the case of nested include files, this is
+ <em>not</em> then URL for the current document.</dd>
+
+ <dt>LAST_MODIFIED</dt>
+
+ <dd>The last modification date of the document requested by
+ the user.</dd>
+ </dl>
+</section>
+
+<section>
+ <title>Variable Substitution</title>
+
+ <p>Variable substitution is done within quoted strings in most
+ cases where they may reasonably occur as an argument to an SSI
+ directive. This includes the <samp>config</samp>,
+ <samp>exec</samp>, <samp>flastmod</samp>, <samp>fsize</samp>,
+ <samp>include</samp>, and <samp>set</samp> directives, as well
+ as the arguments to conditional operators. You can insert a
+ literal dollar sign into the string using backslash
+ quoting:</p>
+<pre>
+ <!--#if expr="$a = \$test" -->
+</pre>
+
+ <p>If a variable reference needs to be substituted in the
+ middle of a character sequence that might otherwise be
+ considered a valid identifier in its own right, it can be
+ disambiguated by enclosing the reference in braces,
+ <em>a la</em> shell substitution:</p>
+<pre>
+ <!--#set var="Zed" value="${REMOTE_HOST}_${REQUEST_METHOD}" -->
+</pre>
+
+ <p>This will result in the <samp>Zed</samp> variable being set
+ to "<samp>X_Y</samp>" if <samp>REMOTE_HOST</samp> is
+ "<samp>X</samp>" and <samp>REQUEST_METHOD</samp> is
+ "<samp>Y</samp>".</p>
+
+ <p>EXAMPLE: the below example will print "in foo" if the
+ DOCUMENT_URI is /foo/file.html, "in bar" if it is
+ /bar/file.html and "in neither" otherwise:</p>
+<pre>
+ <!--#if expr="\"$DOCUMENT_URI\" = \"/foo/file.html\"" -->
+ in foo
+ <!--#elif expr="\"$DOCUMENT_URI\" = \"/bar/file.html\"" -->
+ in bar
+ <!--#else -->
+ in neither
+ <!--#endif -->
+</pre>
+</section>
+
+<section>
+ <title id="flowctrl">Flow Control Elements</title>
+
+ These are available in Apache 1.2 and above. The basic flow
+ control elements are:
+<pre>
+ <!--#if expr="<em>test_condition</em>" -->
+ <!--#elif expr="<em>test_condition</em>" -->
+ <!--#else -->
+ <!--#endif -->
+</pre>
+
+ <p>The <strong><code>if</code></strong> element works like an
+ if statement in a programming language. The test condition is
+ evaluated and if the result is true, then the text until the
+ next <strong><code>elif</code></strong>,
+ <strong><code>else</code></strong>. or
+ <strong><code>endif</code></strong> element is included in the
+ output stream.</p>
+
+ <p>The <strong><code>elif</code></strong> or
+ <strong><code>else</code></strong> statements are be used the
+ put text into the output stream if the original test_condition
+ was false. These elements are optional.</p>
+
+ <p>The <strong><code>endif</code></strong> element ends the
+ <strong><code>if</code></strong> element and is required.</p>
+
+ <p><em>test_condition</em> is one of the following:</p>
+
+ <dl>
+ <dt><em>string</em></dt>
+
+ <dd>true if <em>string</em> is not empty</dd>
+
+ <dt><em>string1</em> = <em>string2</em><br />
+ <em>string1</em> != <em>string2</em><br />
+ <em>string1</em> < <em>string2</em><br />
+ <em>string1</em> <= <em>string2</em><br />
+ <em>string1</em> > <em>string2</em><br />
+ <em>string1</em> >= <em>string2</em></dt>
+
+ <dd>Compare string1 with string 2. If string2 has the form
+ <em>/string/</em> then it is compared as a regular
+ expression. Regular expressions have the same syntax as those
+ found in the Unix <samp>egrep</samp> command.</dd>
+
+ <dt>( <em>test_condition</em> )</dt>
+
+ <dd>true if <em>test_condition</em> is true</dd>
+
+ <dt>! <em>test_condition</em></dt>
+
+ <dd>true if <em>test_condition</em> is false</dd>
+
+ <dt><em>test_condition1</em> &&
+ <em>test_condition2</em></dt>
+
+ <dd>true if both <em>test_condition1</em> and
+ <em>test_condition2</em> are true</dd>
+
+ <dt><em>test_condition1</em> || <em>test_condition2</em></dt>
+
+ <dd>true if either <em>test_condition1</em> or
+ <em>test_condition2</em> is true</dd>
+ </dl>
+
+ <p>"<em>=</em>" and "<em>!=</em>" bind more tightly than
+ "<em>&&</em>" and "<em>||</em>". "<em>!</em>" binds
+ most tightly. Thus, the following are equivalent:</p>
+<pre>
+ <!--#if expr="$a = test1 && $b = test2" -->
+ <!--#if expr="($a = test1) && ($b = test2)" -->
+</pre>
+
+ <p>Anything that's not recognized as a variable or an operator
+ is treated as a string. Strings can also be quoted:
+ <em>'string'</em>. Unquoted strings can't contain whitespace
+ (blanks and tabs) because it is used to separate tokens such as
+ variables. If multiple strings are found in a row, they are
+ concatenated using blanks. So,</p>
+<pre>
+ <em>string1 string2</em> results in <em>string1 string2</em>
+ <em>'string1 string2'</em> results in <em>string1 string2</em>
+</pre>
+
+</section>
+
+<section>
+ <title>Using Server Side Includes for ErrorDocuments</title>
+
+ There is <a href="../misc/custom_errordocs.html">a document</a>
+ which describes how to use the features of mod_include to offer
+ internationalized customized server error documents.
+
+ <h2>PATH_INFO with Server Side Includes</h2>
+
+ <p>Files processed for server-side includes no longer accept
+ requests with PATH_INFO (trailing pathname information) by
+ default. You can use the <a
+ href="core.html#AcceptPathInfo">AcceptPathInfo</a> directive to
+ configure the server to accept requests with PATH_INFO.</p>
+
+</section>
+
+
+<directivesynopsis>
+<name>SSIEndTag</name>
+<description>Changes the string that mod_include looks for to end an
+include command.</description>
+<syntax>SSIEndTag <em>tag</em></syntax>
+<default>SSIEndTag "-->"</default>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+<override>FileInfo</override>
+<compatibility>Apache 1.2 and Available in version 2.0.30 and later.
+</compatibility>
+
+<usage>
+ <p>This directive changes the string that mod_include looks for
+ to mark the end of a include command.</p>
+
+ <seealso>See also: <directive>SSIStartTag</directive>.</seealso>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSIErrorMsg</name>
+<description>Changes the error message displayed when there is an error</description>
+<syntax>SSIErrorMsg <em>message</em></syntax>
+<default>SSIErrorMsg
+"[an error occurred while processing this directive]"</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override></override>
+<compatibility>Available in version 2.0.30 and later.</compatibility>
+
+<usage>
+ <p>The SSIErrorMsg directive changes the error message displayed
+ when mod_include encounters an error. For production servers you
+ may consider changing the default error message to
+ <code>"<-- Error -->"</code> so that the message
+ is not presented to the user.
+ </p>
+ <p>This directive has the same effect as the <code><--#config
+ errmsg=<em>message</em> --></code> element.</p>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSIStartTag</name>
+<description></description>
+<syntax>Changes the string that mod_include looks for to start an
+include element</syntax>
+<default>SSIStartTag "<--!"</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<override></override>
+<compatibility>Available in version 2.0.30 and later.</compatibility>
+
+<usage>
+
+ <p>This directive changes the string that mod_include looks for
+ to mark an include element to process.</p>
+
+ <p>You may want to use this option if have 2 servers parsing the
+ output of a file each processing different commands (possibly at
+ different times).</p>
+
+ <seealso>See also: <directive>SSIEndTag</directive></seealso>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSITimeFormat</name>
+<description>Configures the format in which date strings are
+displayed</description>
+<syntax>SSITimeFormat <em>formatstring</em></syntax>
+<default>SSITimeFormat "%A, %d-%b-%Y %H:%M:%S %Z"</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override></override>
+<compatibility>Available in version 2.0.30 and later.</compatibility>
+
+<usage>
+<p>This directive changes the format in which date strings are displayed
+ when echoing DATE environment variables. The <em>formatstring</em>
+ is as in strftime(3) from the C standard library.</p>
+
+ <p>This directive has the same effect as the <code><--#config
+ timefmt=<em>formatstring</em> --></code> element.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>XBitHack</name>
+<syntax>XBitHack on|off|full</syntax>
+<default>XBitHack off</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>Options</override>
+<compatibility></compatibility>
+<description>Parse SSI directives in files with the execute
+bit set</description>
+
+<usage>
+ <p>The XBitHack directives controls the parsing of ordinary
+ html documents. This directive only affects files associated
+ with the MIME type <code>text/html</code>. XBitHack can take on
+ the following values:</p>
+
+ <dl>
+ <dt>off</dt>
+
+ <dd>No special treatment of executable files.</dd>
+
+ <dt>on</dt>
+
+ <dd>Any text/html file that has the user-execute bit set will
+ be treated as a server-parsed html document.</dd>
+
+ <dt>full</dt>
+
+ <dd>
+ As for <code>on</code> but also test the group-execute bit.
+ If it is set, then set the Last-modified date of the
+ returned file to be the last modified time of the file. If
+ it is not set, then no last-modified date is sent. Setting
+ this bit allows clients and proxies to cache the result of
+ the request.
+
+ <p><strong>Note:</strong> you would not want to use the full
+ option, unless you assure the group-execute bit is unset for
+ every SSI script which might <code>#include</code> a CGI
+ or otherwise produces different output on each hit (or could
+ potentially change on subsequent requests).</p>
+ </dd>
+ </dl>
+
+ </usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_info</name>
+<status>Extension</status>
+<description>This module provides a comprehensive overview of the server
+configuration including all installed modules and directives in the
+configuration files.</description>
+<identifier>info_module</identifier>
+<sourcefile>mod_info.c</sourcefile>
+<compatibility>Available in Apache 1.1 and later</compatibility>
+
+
+<summary>
+
+ <h2>Using mod_info</h2>
+
+ <p>To configure it, add the following to your
+ <code>httpd.conf</code> file.</p>
+
+<example>
+<Location /server-info><br />
+SetHandler server-info<br />
+</Location><br />
+</example>
+
+ You may wish to add a
+ <directive module="core"><Limit></directive>
+ clause inside the
+ <directive module="core"><location></directive>
+ directive to limit access to your server configuration
+ information.
+
+ <p>Once configured, the server information is obtained by
+ accessing <code>http://your.host.dom/server-info</code></p>
+
+ <note>
+ Note that the configuration files are read by the
+ module at run-time, and therefore the display may
+ <em>not</em> reflect the running server's active
+ configuration if the files have been changed since the server
+ was last reloaded. Also, the configuration files must be
+ readable by the user as which the server is running (see the
+ <directive module="mpm_common">User</directive> directive), or
+ else the directive settings will not be listed.
+
+ <p>It should also be noted that if
+ <module>mod_info</module> is compiled into the server, its
+ handler capability is available in <em>all</em> configuration
+ files, including <em>per</em>-directory files (<em>e.g.</em>,
+ <code>.htaccess</code>). This may have security-related
+ ramifications for your site.</p>
+ </note>
+</summary>
+
+<directivesynopsis>
+<name>AddModuleInfo</name>
+<description>Allows additional information to be added to the module
+information displayed by the server-info handler</description>
+<syntax>AddModuleInfo <em>module-name string</em></syntax>
+<default><em>none</em></default>
+<contextlist><context>server config</context> <context>virtual
+host</context></contextlist>
+<compatibility>Apache 1.3 and above</compatibility>
+
+<usage>
+ <p>This allows the content of <em>string</em> to be shown as
+ HTML interpreted, <strong>Additional Information</strong> for
+ the module <em>module-name</em>. Example:</p>
+
+<example>
+AddModuleInfo mod_auth.c 'See <A HREF="http://www.apache.org/docs/mod/mod_auth.html">http://www.apache.org/docs/mod/mod_auth.html</A>'
+</example>
+</usage>
+
+</directivesynopsis>
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_isapi</name>
+<description>ISAPI Extensions within Apache for Windows</description>
+<status>Base</status>
+<sourcefile>mod_isapi.c</sourcefile>
+<identifier>isapi_module</identifier>
+<compatibility>Win32 only</compatibility>
+
+<summary>
+ <p>This module implements the Internet Server extension API. It
+ allows Internet Server extensions (<em>e.g.</em> ISAPI .dll
+ modules) to be served by Apache for Windows, subject to the
+ noted restrictions.</p>
+
+ <p>ISAPI extension modules (.dll files) are written by third
+ parties. The Apache Group does not author these modules, so we
+ provide no support for them. Please contact the ISAPI's author
+ directly if you are experiencing problems running their ISAPI
+ extention. <strong>Please <em>do not</em> post such problems to
+ Apache's lists or bug reporting pages.</strong></p>
+</summary>
+
+<section><title>Usage</title> <p>In the server configuration file, use
+the <directive module="mod_mime">AddHandler</directive> directive to
+associate ISAPI files with the <code>isapi-isa</code> handler, and map
+it to the with their file extensions. To enable any .dll file to be
+processed as an ISAPI extention, edit the httpd.conf file and add the
+following line:</p>
+<example>
+ AddHandler isapi-isa .dll
+</example>
+
+ <p>There is no capability within the Apache server to leave a
+ requested module loaded. However, you may preload and keep a
+ specific module loaded by using the following syntax in your
+ httpd.conf:</p>
+<example>
+ ISAPICacheFile c:/WebWork/Scripts/ISAPI/mytest.dll
+</example>
+
+ <p>Whether or not you have preloaded an ISAPI extension, all
+ ISAPI extensions are governed by the same permissions and
+ restrictions as CGI scripts. That is, <code>Options
+ ExecCGI</code> must be set for the directory that contains the
+ ISAPI .dll file.</p>
+
+ <p>Review the <a href="#notes">Additional Notes</a> and the <a
+ href="#journal">Programmer's Journal</a> for additional details
+ and clarification of the specific ISAPI support offered by
+ mod_isapi.</p>
+</section>
+
+<section id="notes"><title>Additional Notes</title>
+
+ <p>Apache's ISAPI implementation conforms to all of the ISAPI
+ 2.0 specification, except for some "Microsoft-specific"
+ extensions dealing with asynchronous I/O. Apache's I/O model
+ does not allow asynchronous reading and writing in a manner
+ that the ISAPI could access. If an ISA tries to access
+ unsupported features, including async I/O, a message is placed
+ in the error log to help with debugging. Since these messages
+ can become a flood, the directive <code>ISAPILogNotSupported
+ Off</code> exists to quiet this noise.</p>
+
+ <p>Some servers, like Microsoft IIS, load the ISAPI extension
+ into the server and keep it loaded until memory usage is too
+ high, or unless configuration options are specified. Apache
+ currently loads and unloads the ISAPI extension each time it is
+ requested, unless the ISAPICacheFile directive is specified.
+ This is inefficient, but Apache's memory model makes this the
+ most effective method. Many ISAPI modules are subtly
+ incompatible with the Apache server, and unloading these
+ modules helps to ensure the stability of the server.</p>
+
+ <p>Also, remember that while Apache supports ISAPI Extensions,
+ it <strong>does not support ISAPI Filters.</strong> Support for
+ filters may be added at a later date, but no support is planned
+ at this time.</p>
+</section>
+
+<section id="journal"><title>Programmer's Journal</title>
+
+ <p>If you are programming Apache 2.0 <module>mod_isapi</module>
+ modules, you must limit your calls to ServerSupportFunction to the
+ following directives:</p>
+
+ <dl>
+ <dt>HSE_REQ_SEND_URL_REDIRECT_RESP</dt>
+
+ <dd>Redirect the user to another location.<br />
+ This must be a fully qualified URL (e.g.
+ http://server/location).</dd>
+
+ <dt>HSE_REQ_SEND_URL</dt>
+
+ <dd>Redirect the user to another location.<br />
+ This cannot be a fully qualified URL, you are not allowed to
+ pass the protocol or a server name (e.g. simply
+ /location).<br />
+ This redirection is handled by the server, not the
+ browser.<br />
+ <strong>Warning:</strong> in their recent documentation,
+ Microsoft appears to have abandoned the distinction between
+ the two HSE_REQ_SEND_URL functions. Apache continues to treat
+ them as two distinct functions with different requirements
+ and behaviors.</dd>
+
+ <dt>HSE_REQ_SEND_RESPONSE_HEADER</dt>
+
+ <dd>Apache accepts a response body following the header if it
+ follows the blank line (two consecutive newlines) in the
+ headers string argument. This body cannot contain NULLs,
+ since the headers argument is NULL terminated.</dd>
+
+ <dt>HSE_REQ_DONE_WITH_SESSION</dt>
+
+ <dd>Apache considers this a no-op, since the session will be
+ finished when the ISAPI returns from processing.</dd>
+
+ <dt>HSE_REQ_MAP_URL_TO_PATH</dt>
+
+ <dd>Apache will translate a virtual name to a physical
+ name.</dd>
+
+ <dt>HSE_APPEND_LOG_PARAMETER</dt>
+
+ <dd>
+ This logged message may be captured in any of the following
+ logs:
+
+ <ul>
+ <li>in the \"%{isapi-parameter}n\" component in a
+ CustomLog directive</li>
+
+ <li>in the %q log component with the
+ ISAPIAppendLogToQuery On directive</li>
+
+ <li>in the error log with the ISAPIAppendLogToErrors On
+ directive</li>
+ </ul>
+ The first option, the %{isapi-parameter}n component, is
+ always available and prefered.
+ </dd>
+
+ <dt>HSE_REQ_IS_KEEP_CONN</dt>
+
+ <dd>Will return the negotiated Keep-Alive status.</dd>
+
+ <dt>HSE_REQ_SEND_RESPONSE_HEADER_EX</dt>
+
+ <dd>Will behave as documented, although the fKeepConn flag is
+ ignored.</dd>
+
+ <dt>HSE_REQ_IS_CONNECTED</dt>
+
+ <dd>Will report false if the request has been aborted.</dd>
+ </dl>
+
+ <p>Apache returns FALSE to any unsupported call to
+ ServerSupportFunction, and sets the GetLastError value to
+ ERROR_INVALID_PARAMETER.</p>
+
+ <p>ReadClient retrieves the request body exceeding the initial
+ buffer (defined by ISAPIReadAheadBuffer). Based on the
+ ISAPIReadAheadBuffer setting (number of bytes to buffer prior
+ to calling the ISAPI handler) shorter requests are sent
+ complete to the extension when it is invoked. If the request is
+ longer, the ISAPI extension must use ReadClient to retrieve the
+ remaining request body.</p>
+
+ <p>WriteClient is supported, but only with the HSE_IO_SYNC flag
+ or no option flag (value of 0). Any other WriteClient request
+ will be rejected with a return value of FALSE, and a
+ GetLastError value of ERROR_INVALID_PARAMETER.</p>
+
+ <p>GetServerVariable is supported, although extended server
+ variables do not exist (as defined by other servers.) All the
+ usual Apache CGI environment variables are available from
+ GetServerVariable, as well as the ALL_HTTP and ALL_RAW
+ values.</p>
+
+ <p>Apache 2.0 <module>mod_isapi</module> supports additional
+ features introduced in later versions of the ISAPI specification,
+ as well as limited emulation of async I/O and the TransmitFile
+ semantics. Apache also supports preloading ISAPI .dlls for
+ performance, neither of which were not available under Apache 1.3
+ mod_isapi.</p>
+</section>
+
+<directivesynopsis>
+<name>ISAPIFileChache</name>
+<description>ISAPI .dll files to be loaded at startup</description>
+<syntax>ISAPIFileCache <em>file-path</em> [<em>file-path</em>] ...</syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Specifies a space-separated list of file names to be loaded
+ when the Apache server is launched, and remain loaded until the
+ server is shut down. This directive may be repeated for every
+ ISAPI .dll file desired. The full path name of each file should
+ be specified.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ISAPIReadAheadBuffer</name>
+<description>Size of the Read Ahead Buffer sent to ISAPI
+extensions</description>
+<syntax>ISAPIReadAheadBuffer <em>size</em></syntax>
+<default>ISAPIReadAheadBuffer 49152</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Defines the maximum size of the Read Ahead Buffer sent to
+ ISAPI extensions when they are initially invoked. All remaining
+ data must be retrieved using the ReadClient callback; some
+ ISAPI extensions may not support the ReadClient function. Refer
+ questions to the ISAPI extension's author.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ISAPILogNotSupported</name>
+<description>Log unsupported feature requests from ISAPI
+extensions</description>
+<syntax>ISAPILogNotSupported on|off</syntax>
+<default>ISAPILogNotSupported on</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Logs all requests for unsupported features from ISAPI
+ extensions in the server error log. While this should be turned
+ off once all desired ISAPI modules are functioning, it defaults
+ to on to help administrators track down problems.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ISAPIAppendLogToErrors</name>
+<description>Record HSE_APPEND_LOG_PARAMETER requests from ISAPI
+extensions to the error log</description>
+<syntax>ISAPIAppendLogToErrors on|off</syntax>
+<default>ISAPIAppendLogToErrors off</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Record HSE_APPEND_LOG_PARAMETER requests from ISAPI
+ extensions to the server error log.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ISAPIAppendLogToQuery</name>
+<description>Record HSE_APPEND_LOG_PARAMETER requests from ISAPI
+extensions to the query field</description>
+<syntax>ISAPIAppendLogToQuery on|off</syntax>
+<default>ISAPIAppendLogToQuery off</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Record HSE_APPEND_LOG_PARAMETER requests from ISAPI
+ extensions to the query field (appended to the CustomLog %q
+ component).</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_log_config</name>
+<status>Base</status>
+<identifier>log_config_module</identifier>
+<compatibility></compatibility>
+
+<description>This module provides for logging of the requests
+made to the server, using the Common Log Format or a
+user-specified format.</description>
+
+<summary>
+
+ <p>This module provides for flexible logging of client
+ requests. Logs are written in a customizable format, and may be
+ written directly to a file, or to an external program.
+ Conditional logging is provided so that individual requests may
+ be included or excluded from the logs based on characteristics
+ of the request.</p>
+
+ <p>Three directives are provided by this module:
+ <code>TransferLog</code> to create a log file,
+ <code>LogFormat</code> to set a custom format, and
+ <code>CustomLog</code> to define a log file and format in one
+ step. The <code>TransferLog</code> and <code>CustomLog</code>
+ directives can be used multiple times in each server to cause
+ each request to be logged to multiple files.</p>
+
+<seealso><strong>See also</strong>:
+<a href="../logs.html">Apache Log Files</a>.</seealso>
+
+<section>
+<title>Custom Log Formats</title>
+
+ <p>The format argument to the <code>LogFormat</code> and
+ <code>CustomLog</code> directives is a string. This string is
+ logged to the log file for each request. It can contain literal
+ characters copied into the log files and the c-type control
+ characters "\n" and "\t" to represent new-lines and tabs.
+ Literal quotes and back-slashes should be escaped with
+ back-slashes.</p>
+
+ <p>The characteristics of the request itself are logged by
+ placing "%" directives in the format string, which are replaced
+ in the log file by the values as follows:</p>
+
+<table>
+
+<tr><td>%...a:</td>
+<td>Remote IP-address</td></tr>
+
+<tr><td>%...A:</td>
+<td>Local IP-address</td></tr>
+
+<tr><td>%...B:</td>
+<td>Bytes sent, excluding HTTP headers.</td></tr>
+
+<tr><td>%...b:</td>
+<td>Bytes sent, excluding HTTP headers. In CLF format
+i.e. a '-' rather than a 0 when no bytes are sent.</td></tr>
+
+<tr><td>%...{Foobar}C:</td>
+<td>The contents of cookie "Foobar" in the request sent to the server.</td></tr>
+
+<tr><td>%...D:</td>
+<td>The time taken to serve the request, in microseconds.</td></tr>
+
+<tr><td>%...{FOOBAR}e:</td>
+<td>The contents of the environment variable FOOBAR</td></tr>
+
+<tr><td>%...f:</td>
+<td>Filename</td></tr>
+
+<tr><td>%...h:</td>
+<td>Remote host</td></tr>
+
+<tr><td>%...H</td>
+<td>The request protocol</td></tr>
+
+<tr><td>%...{Foobar}i:</td>
+<td>The contents of Foobar: header line(s) in the request
+sent to the server.</td></tr>
+
+<tr><td>%...l:</td>
+<td>Remote logname (from identd, if supplied)</td></tr>
+
+<tr><td>%...m:</td>
+<td>The request method</td></tr>
+
+<tr><td>%...{Foobar}n:</td>
+<td>The contents of note "Foobar" from another module.</td></tr>
+
+<tr><td>%...{Foobar}o:</td>
+<td>The contents of Foobar: header line(s) in the reply.</td></tr>
+
+<tr><td>%...p:</td>
+<td>The canonical Port of the server serving the request</td></tr>
+
+<tr><td>%...P:</td>
+<td>The process ID of the child that serviced the request.</td></tr>
+
+<tr><td>%...q:</td>
+<td>The query string (prepended with a ? if a query string exists,
+otherwise an empty string)</td></tr>
+
+<tr><td>%...r:</td>
+<td>First line of request</td></tr>
+
+<tr><td>%...s:</td>
+<td>Status. For requests that got internally redirected, this is
+the status of the *original* request --- %...>s for the last.</td></tr>
+
+<tr><td>%...t:</td>
+<td>Time, in common log format time format (standard english format)</td></tr>
+
+<tr><td>%...{format}t:</td>
+<td>The time, in the form given by format, which should
+be in strftime(3) format. (potentially localized)</td></tr>
+
+<tr><td>%...T:</td>
+<td>The time taken to serve the request, in seconds.</td></tr>
+
+<tr><td>%...u:</td>
+<td>Remote user (from auth; may be bogus if return status (%s) is 401)</td></tr>
+
+<tr><td>%...U:</td>
+<td>The URL path requested, not including any query string.</td></tr>
+
+<tr><td>%...v:</td>
+<td>The canonical ServerName of the server serving the request.</td></tr>
+
+<tr><td>%...V:</td>
+<td>The server name according to the UseCanonicalName setting.</td></tr>
+
+<tr><td>%...X:</td>
+<td>Connection status when response is completed.
+<example>
+'X' = connection aborted before the response completed.<br />
+'+' = connection may be kept alive after the response is sent.<br />
+'-' = connection will be closed after the response is sent.
+</example>
+(This directive was %...c in late versions of Apache 1.3, but
+this conflicted with the historical ssl %...{var}c syntax.)</td></tr>
+
+</table>
+
+ <p>The "..." can be nothing at all (<em>e.g.</em>, <code>"%h %u
+ %r %s %b"</code>), or it can indicate conditions for inclusion
+ of the item (which will cause it to be replaced with "-" if the
+ condition is not met). The forms of condition are a list of
+ HTTP status codes, which may or may not be preceded by "!".
+ Thus, "%400,501{User-agent}i" logs User-agent: on 400 errors
+ and 501 errors (Bad Request, Not Implemented) only;
+ "%!200,304,302{Referer}i" logs Referer: on all requests which
+ did <strong>not</strong> return some sort of normal status.</p>
+
+ <p>Note that there is no escaping performed on the strings from
+ %...r, %...i and %...o. This is mainly to comply with the
+ requirements of the Common Log Format. This implies that
+ clients can insert control characters into the log, so care
+ should be taken when dealing with raw log files.</p>
+
+ <p>Some commonly used log format strings are:</p>
+
+ <dl>
+ <dt>Common Log Format (CLF)</dt>
+
+ <dd><code>"%h %l %u %t \"%r\" %>s %b"</code></dd>
+
+ <dt>Common Log Format with Virtual Host</dt>
+
+ <dd><code>"%v %h %l %u %t \"%r\" %>s %b"</code></dd>
+
+ <dt>NCSA extended/combined log format</dt>
+
+ <dd><code>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
+ \"%{User-agent}i\""</code></dd>
+
+ <dt>Referer log format</dt>
+
+ <dd><code>"%{Referer}i -> %U"</code></dd>
+
+ <dt>Agent (Browser) log format</dt>
+
+ <dd><code>"%{User-agent}i"</code></dd>
+ </dl>
+
+ <p>Note that the canonical <a
+ href="core.html#servername">ServerName</a> and <a
+ href="mpm_common.html#listen">Listen</a> of the server serving the
+ request are used for <code>%v</code> and <code>%p</code>
+ respectively. This happens regardless of the <a
+ href="core.html#usecanonicalname">UseCanonicalName</a> setting
+ because otherwise log analysis programs would have to duplicate
+ the entire vhost matching algorithm in order to decide what
+ host really served the request.</p>
+ </section>
+
+ <section>
+
+ <title>Security Considerations</title>
+
+ <p>See the <a
+ href="../misc/security_tips.html#serverroot">security tips</a>
+ document for details on why your security could be compromised
+ if the directory where logfiles are stored is writable by
+ anyone other than the user that starts the server.</p>
+
+ </section>
+
+</summary>
+
+<directivesynopsis>
+<name>CookieLog</name>
+<description>Sets filename for the logging of cookies</description>
+<syntax>CookieLog <em>filename</em></syntax>
+<default><i>none</i></default>
+<contextlist><context>server config</context><context>virtual
+host</context></contextlist>
+<compatibility>Only available in Apache 1.2 and above</compatibility>
+
+<usage>
+
+ <p>The <directive>CookieLog</directive> directive sets the
+ filename for logging of cookies. The filename is relative to the
+ <directive module="core">serverroot</directive>. This directive is
+ included only for compatibility with <module>mod_cookies</module>,
+ and is deprecated.</p>
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>CustomLog</name>
+<description>Sets filename and format of log file</description>
+<syntax>CustomLog
+ <em>file</em>|<em>pipe</em> <em>format</em>|<em>nickname</em>
+ [env=[!]<em>environment-variable</em>]</syntax>
+<default><i>none</i></default>
+<contextlist><context>server config</context><context>virtual
+host</context></contextlist>
+<compatibility>Nickname only available in Apache 1.3 or later.
+Conditional logging available in 1.3.5 or later.</compatibility>
+
+
+<usage>
+ <p>The <directive>CustomLog</directive> directive is used to
+ log requests to the server. A log format is specified, and the
+ logging can optionally be made conditional on request
+ characteristics using environment variables.</p>
+
+ <p>The first argument, which specifies the location to which
+ the logs will be written, can take on one of the following two
+ types of values:</p>
+
+ <dl>
+ <dt><em>file</em></dt>
+
+ <dd>A filename, relative to the <a
+ href="core.html#serverroot">ServerRoot</a>.</dd>
+
+ <dt><em>pipe</em></dt>
+
+ <dd>The pipe character "<code>|</code>", followed by the path
+ to a program to receive the log information on its standard
+ input. <strong>Security:</strong> if a program is used, then
+ it will be run under the user who started httpd. This will be
+ root if the server was started by root; be sure that the
+ program is secure.</dd>
+ </dl>
+
+ <p>The second argument specifies what will be written to the
+ log file. It can specify either a <em>nickname</em> defined by
+ a previous <a href="#logformat">LogFormat</a> directive, or it
+ can be an explicit <em>format</em> string as described in the
+ <a href="#formats">log formats</a> section.</p>
+
+ <p>For example, the following two sets of directives have
+ exactly the same effect:</p>
+
+<example>
+ # CustomLog with format nickname<br />
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
+ CustomLog logs/access_log common<br />
+<br />
+ # CustomLog with explicit format string<br />
+ CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"<br />
+</example>
+
+ <p>The third argument is optional and allows the decision on
+ whether or not to log a particular request to be based on the
+ presence or absence of a particular variable in the server
+ environment. If the specified <a href="../env.html">environment
+ variable</a> is set for the request (or is not set, in the case
+ of a '<code>env=!<em>name</em></code>' clause), then the
+ request will be logged.</p>
+
+ <p>Environment variables can be set on a <em>per</em>-request
+ basis using the <module>mod_setenvif</module>
+ and/or <module>mod_rewrite</module> modules. For
+ example, if you don't want to record requests for all GIF
+ images on your server in a separate logfile but not your main
+ log, you can use:</p>
+
+<example>
+ SetEnvIf Request_URI \.gif$ gif-image<br />
+ CustomLog gif-requests.log common env=gif-image<br />
+ CustomLog nongif-requests.log common env=!gif-image
+</example>
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LogFormat</name>
+<description>Describes a format for use in a log file</description>
+<syntax>LogFormat
+ <em>format</em>|<em>nickname</em> [<em>nickname</em>]</syntax>
+<default><i>none</i></default>
+<contextlist><context>server config</context><context>virtual
+host</context></contextlist>
+<compatibility>Nickname only available in Apache 1.3 or later.
+</compatibility>
+
+<usage>
+ <p>This directive specifies the format of the access log
+ file.</p>
+
+ <p>The <directive>LogFormat</directive> directive can take one of two
+ forms. In the first form, where only one argument is specified,
+ this directive sets the log format which will be used by logs
+ specified in subsequent <directive>TransferLog</directive>
+ directives. The single argument can specify an explicit
+ <em>format</em> as discussed in <a href="#formats">custom log
+ formats</a> section above. Alternatively, it can use a
+ <em>nickname</em> to refer to a log format defined in a
+ previous <directive>LogFormat</directive> directive as described
+ below.</p>
+
+ <p>The second form of the <directive>LogFormat</directive>
+ directive associates an explicit <em>format</em> with a
+ <em>nickname</em>. This <em>nickname</em> can then be used in
+ subsequent <directive>LogFormat</directive> or
+ <directive>CustomLog</directive> directives rather than
+ repeating the entire format string. A
+ <directive>LogFormat</directive>
+ directive which defines a nickname <strong>does nothing
+ else</strong> -- that is, it <em>only</em> defines the
+ nickname, it doesn't actually apply the format and make it the
+ default. Therefore, it will not affect subsequent
+ <directive>TransferLog</directive> directives.</p>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+
+<name>TransferLog</name>
+<description>Specifly location of a log file</description>
+<syntax>TransferLog <em>file</em>|<em>pipe</em></syntax>
+<default><i>none</i></default>
+<contextlist><context>server config</context><context>virtual
+host</context></contextlist>
+<compatibility></compatibility>
+
+<usage>
+
+ <p>This directive has exactly the same arguments and effect as
+ the <directive>CustomLog</directive> directive, with the
+ exception that it does not allow the log format to be specified
+ explicitly or for conditional logging of requests. Instead, the
+ log format is determined by the most recently specified
+ specified <directive>LogFormat</directive> directive (which
+ does not define a nickname). Common Log Format is used if no
+ other format has been specified.</p>
+
+ <p>Example:</p>
+<example>
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""<br />
+ TransferLog logs/access_log
+</example>
+
+</usage>
+
+</directivesynopsis>
+
+</modulesynopsis>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_mime</name>
+<description>This module associates the request filename's extensions
+ (e.g. .html) with the file's behavior (handlers and filters)
+ and content (mime-type, language, character set and
+ encoding.)
+</description>
+<sourcefile>mod_mime.c</sourcefile>
+<identifier>mime_module</identifier>
+<status>Base</status>
+
+<summary>
+ <p>This module is used to associate various bits of "meta
+ information" with files by their filename extensions. This
+ information relates the filename of the document to it's
+ mime-type, language, character set and encoding. This
+ information is sent to the browser, and participates in content
+ negotiation, so the user's preferences are respected when
+ choosing one of several possible files to serve. See
+ <module>mod_negotiation</module> for more information
+ about content negotiation. </p>
+
+ <p>The directives <directive>AddCharset</directive>,
+ <directive>AddEncoding</directive>,
+ <directive>AddLanguage</directive> and
+ <directive>AddType</directive> all used to map file extensions
+ onto the meta-information for that file. Respectively they set
+ the character set, content-encoding, content-language, and
+ MIME-type (content-type) of documents.</p>
+
+ <p>In addition, mod_mime may define the "handler" for a
+ document, which controls which module or script will serve the
+ document. With the introduction of "filters" in Apache 2.0,
+ mod_mime can also define the filters that the the content
+ should be processed through (e.g. the Includes output filter
+ for server side scripting) and what filters the client request
+ and POST content should be processed through (the input
+ filters.)</p>
+
+ <p>The directives <directive>AddHandler</directive>,
+ <directive>AddOutputFilter</directive>, and
+ <directive>AddInputFilter</directive> control the modules
+ or scripts that serve the document. The
+ <directive>MultiviewsMatch</directive> directive allows
+ <directive>mod_negotiation</directive> to consider these
+ file extensions to included when testing Multiviews matches.</p>
+
+ <p>The directive <directive>TypesConfig</directive> is used
+ to specify a file which also maps extensions onto MIME types.
+ Most administrators use the provided mime.types file which
+ associates common filename extensions with IANA registered
+ content types. The current list is maintained at
+ <code>http://www.isi.edu/in-notes/iana/assignments/media-types/media-types</code>
+ although it may be mirrored elsewhere). This simplifies the
+ httpd.conf file by providing the majority of media-type
+ definitions, and they may be overridden by
+ <directive>AddType</directive> directives as needed.</p>
+
+ <note>Please do not send requests to the Apache httpd Project
+ to add any new entries in the distributed mime.types file
+ unless (1) they are already registered with IANA, and (2) they
+ use widely accepted, non-conflicting filename extensions across
+ platforms. category/x-subtype requests will be automatically
+ rejected, as will any new two-letter extensions as they will
+ likely conflict later with the already crowded language and
+ character set namespace.</note>
+
+ <p>The core directives <directive
+ module="core">ForceType</directive> and
+ <directive>SetHandler</directive> are used to
+ associate all the files in a given container (<em>e.g.</em>,
+ <location>, <directory>, or <Files>) with a
+ particular MIME-type or handler. These settings override any
+ filename extension mappings defined in mod_mime.</p>
+
+ <p>Note that changing the type or encoding of a file does not
+ change the value of the <code>Last-Modified</code> header.
+ Thus, previously cached copies may still be used by a client or
+ proxy, with the previous headers. If you change the
+ meta-information (language, content type, character set or
+ encoding) you may need to 'touch' affected files (updating
+ their last modified date) to ensure that all visitors are
+ receive the corrected content headers.</p>
+</summary>
+
+ <seealso>See also: <directive
+ module="mod_mime_magic">MimeMagicFile</directive></seealso>
+
+<section>
+<title id="multipleext">Files with Multiple Extensions</title>
+
+ <p>Files can have more than one extension, and the order of the
+ extensions is <em>normally</em> irrelevant. For example, if the
+ file <code>welcome.html.fr</code> maps onto content type
+ text/html and language French then the file <code>welcome.fr.html</code>
+ will map onto exactly the same information. If more than one
+ extension is given which maps onto the same
+ type of meta-information, then the one to the right will be
+ used. For example, if ".gif" maps to the MIME-type image/gif
+ and ".html" maps to the MIME-type text/html, then the file
+ <code>welcome.gif.html</code> will be associated with the
+ MIME-type "text/html".</p>
+
+ <p>Care should be taken when a file with multiple extensions
+ gets associated with both a MIME-type and a handler. This will
+ usually result in the request being by the module associated
+ with the handler. For example, if the <code>.imap</code>
+ extension is mapped to the handler "imap-file" (from mod_imap)
+ and the <code>.html</code> extension is mapped to the MIME-type
+ "text/html", then the file <code>world.imap.html</code> will be
+ associated with both the "imap-file" handler and "text/html"
+ MIME-type. When it is processed, the "imap-file" handler will
+ be used, and so it will be treated as a mod_imap imagemap
+ file.</p>
+</section>
+
+<section><title id="contentencoding">Content encoding</title>
+
+ <p>A file of a particular MIME type can additionally be encoded a
+ particular way to simplify transmission over the Internet.
+ While this usually will refer to compression, such as
+ <samp>gzip</samp>, it can also refer to encryption, such a
+ <samp>pgp</samp> or to an encoding such as UUencoding, which is
+ designed for transmitting a binary file in an ASCII (text)
+ format.</p>
+
+ <p>The MIME RFC puts it this way:</p>
+
+ <note>
+ The Content-Encoding entity-header field is used as a
+ modifier to the media-type. When present, its value indicates
+ what additional content coding has been applied to the
+ resource, and thus what decoding mechanism must be applied in
+ order to obtain the media-type referenced by the Content-Type
+ header field. The Content-Encoding is primarily used to allow
+ a document to be compressed without losing the identity of
+ its underlying media type.
+ </note>
+
+ <p>By using more than one file extension (see <a
+ href="#multipleext">section above about multiple file
+ extensions</a>), you can indicate that a file is of a
+ particular <em>type</em>, and also has a particular
+ <em>encoding</em>. </p>
+
+ <p>For example, you may have a file which is a Microsoft Word
+ document, which is pkzipped to reduce its size. If the
+ <samp>.doc</samp> extension is associated with the Microsoft
+ Word file type, and the <samp>.zip</samp> extension is
+ associated with the pkzip file encoding, then the file
+ <samp>Resume.doc.zip</samp>would be known to be a pkzip'ed Word
+ document.</p>
+
+ <p>Apache send a <samp>Content-encoding</samp> header with the
+ resource, in order to tell the client browser about the
+ encoding method.</p>
+
+ <example>Content-encoding: pkzip</example>
+
+</section>
+
+<section>
+
+<title>Character sets and languages</title>
+
+ <p>In addition to file type and the file encoding,
+ another important piece of information is what language a
+ particular document is in, and in what character set the file
+ should be displayed. For example, the document might be written
+ in the Vietnamese alphabet, or in Cyrillic, and should be
+ displayed as such. This information, also, is transmitted in
+ HTTP headers.</p>
+
+ <p>The character set, language encoding and mime type are all
+ used in the process of content negotiation (See
+ <module>mod_negotiation</module>) to determine
+ which document to give to the client, when there are
+ alternative documents in more than one character set, language,
+ encoding or mime type. All filename extensions associations
+ created with <module>AddCharset</module>, <module>AddEncoding</module>,
+ <module>AddLanguage</module> and <module>AddType</module> directives
+ (and extensions listed in the <module>MimeMagicFile</module>)
+ participate in this select process. Filename extensions that
+ are only associated using the <module>AddHandler</module>,
+ <module>AddInputFilter</module> or <module>AddOutputFilter</module>
+ directives may be included or excluded from matching by using
+ the <directive>MultiviewsMatch</directive> directive.</p>
+
+<section>
+<title>Charset</title>
+
+ <p>To convey this further information, Apache optionally sends
+ a <samp>Content-Language</samp> header, to specify the language
+ that the document is in, and can append additional information
+ onto the <samp>Content-Type</samp> header to indicate the
+ particular character set that should be used to correctly
+ render the information.</p>
+
+<example>
+Content-Language: en, fr<br />
+Content-Type: text/plain; charset=ISO-8859-2
+</example>
+
+ <p>The language specification is the two-letter abbreviation
+ for the language. The <samp>charset</samp> is the name of the
+ particular character set which should be used.</p>
+</section>
+</section>
+
+
+<directivesynopsis>
+<name>AddCharset</name>
+<syntax>AddCharset <em>charset extension</em>
+[<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>AddCharset is only available in Apache
+1.3.10 and later</compatibility>
+<description>Maps the given filename extensions
+ to the specified content charset</description>
+
+<usage>
+
+ <p>The AddCharset directive maps the given filename extensions
+ to the specified content charset. <i>charset</i> is the MIME
+ charset parameter of filenames containing <i>extension</i>.
+ This mapping is added to any already in force, overriding any
+ mappings that already exist for the same <i>extension</i>.</p>
+
+ <p>Example:</p>
+<example>
+ AddLanguage ja .ja<br />
+ AddCharset EUC-JP .euc<br />
+ AddCharset ISO-2022-JP .jis<br />
+ AddCharset SHIFT_JIS .sjis
+</example>
+
+ <p>Then the document <code>xxxx.ja.jis</code> will be treated
+ as being a Japanese document whose charset is ISO-2022-JP (as
+ will the document <code>xxxx.jis.ja</code>). The AddCharset
+ directive is useful for both to inform the client about the
+ character encoding of the document so that the document can be
+ interpreted and displayed appropriately, and for <a
+ href="../content-negotiation.html">content negotiation</a>,
+ where the server returns one from several documents based on
+ the client's charset preference.</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+
+ <seealso><strong>See also</strong>:
+ <module>mod_negotiation</module></seealso>
+
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddEncoding</name>
+<syntax>AddEncoding
+ <em>MIME-enc extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+<override>FileInfo</override>
+</contextlist>
+<description>Maps the given filename extensions
+ to the specified encoding type</description>
+
+<usage>
+
+ <p>The AddEncoding directive maps the given filename extensions
+ to the specified encoding type. <em>MIME-enc</em> is the MIME
+ encoding to use for documents containing the
+ <em>extension</em>. This mapping is added to any already in
+ force, overriding any mappings that already exist for the same
+ <em>extension</em>. Example:</p>
+
+ <example>
+ AddEncoding x-gzip .gz<br />
+ AddEncoding x-compress .Z
+ </example>
+
+ <p>This will cause filenames containing the .gz extension to be
+ marked as encoded using the x-gzip encoding, and filenames
+ containing the .Z extension to be marked as encoded with
+ x-compress. </p>
+
+ <p>Old clients expect <code>x-gzip</code> and
+ <code>x-compress</code>, however the standard dictates that
+ they're equivalent to <code>gzip</code> and
+ <code>compress</code> respectively. Apache does content
+ encoding comparisons by ignoring any leading <code>x-</code>.
+ When responding with an encoding Apache will use whatever form
+ (<em>i.e.</em>, <code>x-foo</code> or <code>foo</code>) the
+ client requested. If the client didn't specifically request a
+ particular form Apache will use the form given by the
+ <code>AddEncoding</code> directive. To make this long story
+ short, you should always use <code>x-gzip</code> and
+ <code>x-compress</code> for these two specific encodings. More
+ recent encodings, such as <code>deflate</code> should be
+ specified without the <code>x-</code>.</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+
+ <seealso><strong>See also</strong>: <a href="#multipleext">Files with
+ multiple extensions</a></seealso>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddHandler</name>
+<syntax>AddHandler
+ <em>handler-name extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility></compatibility>
+<description>AddHandler maps the filename extensions <em>extension</em>
+to the <a href="../handler.html">handler</a> <em>handler-name</em>.
+</description>
+
+<usage>
+<p>This mapping is added to any already in
+ force, overriding any mappings that already exist for the same
+ <em>extension</em>. For example, to activate CGI scripts with
+ the file extension "<code>.cgi</code>", you might use:</p>
+
+<example>
+ AddHandler cgi-script .cgi
+</example>
+
+ <p>Once that has been put into your srm.conf or httpd.conf
+ file, any file containing the "<code>.cgi</code>" extension
+ will be treated as a CGI program.</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+
+ <seealso><strong>See also</strong>: <a href="#multipleext">Files with
+ multiple extensions</a></seealso>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddInputFilter</name>
+<syntax>AddInputFilter
+ <em>filter</em>[<em>;filter</em>...] extension
+ [<em>extension</em> ...]</syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<compatibility>AddInputFilter
+ is only available in Apache 2.0.26 and later.</compatibility>
+<description>Maps the filename extensions
+ <em>extension</em> to the filter or filters which will process
+ client requests and POST input when they are received by the
+ server.</description>
+
+<usage>
+
+ <p>AddInputFilter maps the filename extensions
+ <em>extension</em> to the filter or filters which will process
+ client requests and POST input when they are received by the
+ server. This is in addition to any filters defined elsewhere,
+ including the <a
+ href="core.html#setinputfilter">SetInputFilter</a> directive.
+ This mapping is merged over any already in force, overriding
+ any mappings that already exist for the same
+ <em>extension</em>.</p>
+
+ <p>If more than one filter is specified, they must be separated
+ by semicolons in the order in which they should process the
+ content. Both the filter and <em>extension</em> arguments are
+ case-insensitive, and the extension may be specified with or
+ without a leading dot.</p>
+
+ <seealso>See also the <a href="../filter.html">Filters</a>
+ documentation.</seealso>
+</usage>
+
+</directivesynopsis>
+
+
+<directivesynopsis>
+<name>AddLanguage</name>
+<syntax>AddLanguage
+ <em>MIME-lang extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<description>maps the given filename extension
+to the specified content language.</description>
+
+<usage>
+
+ <p>The AddLanguage directive maps the given filename extension
+ to the specified content language. <em>MIME-lang</em> is the
+ MIME language of filenames containing <em>extension</em>. This
+ mapping is added to any already in force, overriding any
+ mappings that already exist for the same
+ <em>extension</em>.</p>
+
+ <p>Example:</p>
+
+ <example>
+ AddEncoding x-compress .Z<br />
+ AddLanguage en .en<br />
+ AddLanguage fr .fr
+ </example>
+
+ <p>Then the document <code>xxxx.en.Z</code> will be treated as
+ being a compressed English document (as will the document
+ <code>xxxx.Z.en</code>). Although the content language is
+ reported to the client, the browser is unlikely to use this
+ information. The AddLanguage directive is more useful for <a
+ href="../content-negotiation.html">content negotiation</a>,
+ where the server returns one from several documents based on
+ the client's language preference.</p>
+
+ <p>If multiple language assignments are made for the same
+ extension, the last one encountered is the one that is used.
+ That is, for the case of:</p>
+
+<example>
+ AddLanguage en .en<br />
+ AddLanguage en-uk .en<br />
+ AddLanguage en-us .en
+</example>
+
+ <p>documents with the extension "<code>.en</code>" would be
+ treated as being "<code>en-us</code>".</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+
+ <seealso><strong>See also</strong>: <a href="#multipleext">Files with
+ multiple extensions</a>, <module>mod_negotiation</module></seealso>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddOutputFilter</name>
+<syntax>AddOutputFilter
+ <em>filter</em>[<em>;filter</em>...] extension
+ [<em>extension</em> ...]</syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override></override>
+<compatibility>AddOutputFilter
+ is only available in Apache 2.0.26 and later.</compatibility>
+<description>maps the filename
+extensions <em>extension</em> to the filters which will process
+responses from the server before they are sent to the
+client.</description>
+
+<usage>
+
+ <p>The <directive>AddOutputFilter</directive> directive maps the filename
+ extensions <em>extension</em> to the filters which will process
+ responses from the server before they are sent to the client.
+ This is in addition to any filters defined elsewhere, including
+ the <directive module="core">SetOutputFilter</directive>
+ directive. This mapping is merged over any already in force,
+ overriding any mappings that already exist for the same
+ <em>extension</em>.</p>
+
+ <p>For example, the following configuration will process all
+ .shtml files for server-side includes.</p>
+
+
+ <example>
+ AddOutputFilter INCLUDES shtml
+ </example>
+
+ <p>If more than one filter is specified, they must be separated
+ by semicolons in the order in which they should process the
+ content. Both the filter and <em>extension</em> arguments are
+ case-insensitive, and the extension may be specified with or
+ without a leading dot.</p>
+
+ <seealso>See also the <a href="../filter.html">Filters</a>
+ documentation.</seealso>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AddType</name>
+<syntax>AddType <em>MIME-type
+ extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<description>maps the given filename extensions
+onto the specified content type.</description>
+
+<usage>
+
+ <p>The AddType directive maps the given filename extensions
+ onto the specified content type. <em>MIME-type</em> is the MIME
+ type to use for filenames containing <em>extension</em>. This
+ mapping is added to any already in force, overriding any
+ mappings that already exist for the same <em>extension</em>.
+ This directive can be used to add mappings not listed in the
+ MIME types file (see the <directive>TypesConfig</directive>
+ directive).</p>
+
+ <p>Example:</p>
+
+ <example>
+ AddType image/gif .gif
+ </example>
+
+ <note>It is recommended that new MIME types be added using the
+ AddType directive rather than changing the
+ <directive>TypesConfig</directive> file. </note>
+
+ <note>Note that, unlike the NCSA httpd, this directive cannot be
+ used to set the type of particular files.</note>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+
+ <seealso><strong>See also</strong>: <a href="#multipleext">Files with
+ multiple extensions</a></seealso>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MultiviewsMatch</name>
+<syntax>MultiviewsMatch
+ <em>[NegotiatedOnly] [Handlers] [Filters] [Any]</em></syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>only available
+ in Apache 2.0.26 and later.</compatibility>
+
+<usage>
+
+ <p>MultiviewsMatch permits three different behaviors for
+ <a href="mod_negotiation.html">mod_negotiation</a>'s Multiviews
+ feature. Multiviews allows a request for a file, e.g. index.html,
+ to match any negotiated extensions following the base request,
+ e.g. index.html.en, index.html,fr, or index.html.gz.</p>
+
+ <p>The NegotiatedOnly option provides that every extension following
+ the base name must correlate to a recognized mod_mime extension for
+ content negotation, e.g. Charset, Content-Type, Language, or
+ Encoding. This is the strictest implementation with the fewest
+ unexpected side effects, and is the default behavior.</p>
+
+ <p>To include extensions associated with Handlers and/or Filters,
+ set the MultiviewsMatch directive to either Handlers, Filters, or
+ both option keywords. If all other factors are equal, the smallest
+ file will be served, e.g. in deciding between index.html.cgi of 500
+ characters and index.html.pl of 1000 bytes, the .cgi file would win
+ in this example. Users of .asis files might prefer to use the
+ Handler option, if .asis files are associated with the asis-handler.</p>
+
+ <p>You may finally allow Any extensions to match, even if mod_mime
+ doesn't recognize the extension. This was the behavior in Apache 1.3,
+ and can cause unpredicatable results, such as serving .old or .bak
+ files the webmaster never expected to be served.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>DefaultLanguage</name>
+<syntax>DefaultLanguage
+ <em>MIME-lang</em></syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>DefaultLanguage
+ is only available in Apache 1.3.4 and later.</compatibility>
+<description>Sets all files in the given scope to the
+specified language</description>
+
+<usage>
+
+ <p>The DefaultLanguage directive tells Apache that all files in
+ the directive's scope (<em>e.g.</em>, all files covered by the
+ current <code><Directory></code> container) that don't
+ have an explicit language extension (such as <samp>.fr</samp>
+ or <samp>.de</samp> as configured by <samp>AddLanguage</samp>)
+ should be considered to be in the specified <em>MIME-lang</em>
+ language. This allows entire directories to be marked as
+ containing Dutch content, for instance, without having to
+ rename each file. Note that unlike using extensions to specify
+ languages, <samp>DefaultLanguage</samp> can only specify a
+ single language.</p>
+
+ <p>If no <samp>DefaultLanguage</samp> directive is in force,
+ and a file does not have any language extensions as configured
+ by <samp>AddLanguage</samp>, then that file will be considered
+ to have no language attribute.</p>
+
+ <seealso><strong>See also</strong>: <a href="#multipleext">Files with
+ multiple extensions</a>, <module>mod_negotiation</module></seealso>
+</usage>
+</directivesynopsis>
+
+
+<directivesynopsis>
+<name>RemoveCharset</name>
+<syntax>RemoveCharset
+ <em>extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<compatibility>RemoveCharset is
+ only available in Apache 2.0.24 and later.</compatibility>
+
+<usage>
+ <p>The <samp>RemoveCharset</samp> directive removes any
+ character set associations for files with the given extensions.
+ This allows <code>.htaccess</code> files in subdirectories to
+ undo any associations inherited from parent directories or the
+ server config files.</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RemoveEncoding</name>
+<syntax>RemoveEncoding
+ <em>extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<compatibility>RemoveEncoding
+ is only available in Apache 1.3.13 and later.</compatibility>
+
+<usage>
+
+ <p>The <samp>RemoveEncoding</samp> directive removes any
+ encoding associations for files with the given extensions. This
+ allows <code>.htaccess</code> files in subdirectories to undo
+ any associations inherited from parent directories or the
+ server config files. An example of its use might be:</p>
+
+
+<example>
+ <dl>
+ <dt><code>/foo/.htaccess:</code></dt>
+ <dd><code>AddEncoding x-gzip .gz</code><br />
+ <code>AddType text/plain .asc</code><br />
+ <code><Files *.gz.asc></code><br />
+ <code> RemoveEncoding
+ .gz</code><br />
+ <code></Files></code></dd>
+ </dl>
+</example>
+
+ <p>This will cause <code>foo.gz</code> to be marked as being
+ encoded with the gzip method, but <code>foo.gz.asc</code> as an
+ unencoded plaintext file.</p>
+
+ <p><b>Note:</b>RemoveEncoding directives are processed
+ <i>after</i> any AddEncoding directives, so it is possible they
+ may undo the effects of the latter if both occur within the
+ same directory configuration.</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+</usage>
+</directivesynopsis>
+
+
+<directivesynopsis>
+<name>RemoveHandler</name>
+<syntax>RemoveHandler
+ <em>extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<compatibility>RemoveHandler is
+ only available in Apache 1.3.4 and later.</compatibility>
+
+<usage>
+
+ <p>The <samp>RemoveHandler</samp> directive removes any handler
+ associations for files with the given extensions. This allows
+ <code>.htaccess</code> files in subdirectories to undo any
+ associations inherited from parent directories or the server
+ config files. An example of its use might be:</p>
+
+<example>
+ <dl>
+ <dt><code>/foo/.htaccess:</code></dt>
+
+ <dd><code>AddHandler server-parsed .html</code></dd>
+
+ <dt><code>/foo/bar/.htaccess:</code></dt>
+
+ <dd><code>RemoveHandler .html</code></dd>
+ </dl>
+</example>
+
+ <p>This has the effect of returning <samp>.html</samp> files in
+ the <samp>/foo/bar</samp> directory to being treated as normal
+ files, rather than as candidates for parsing (see the <a
+ href="mod_include.html"><samp>mod_include</samp></a>
+ module).</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+</usage>
+</directivesynopsis>
+
+
+<directivesynopsis>
+<name>RemoveInputFilter</name>
+<syntax>RemoveInputFilter
+ <em>extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<compatibility>RemoveInputFilter is only available in Apache
+2.0.26 and later.</compatibility>
+
+<usage>
+
+ <p>The <samp>RemoveInputFilter</samp> directive removes any
+ input filter associations for files with the given extensions.
+ This allows <code>.htaccess</code> files in subdirectories to
+ undo any associations inherited from parent directories or the
+ server config files.</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RemoveLanguage</name>
+<syntax>RemoveLanguage
+ <em>extension</em> [<em>extension</em>] ...</syntax>
+<default>None</default>
+<contextlist>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<compatibility>RemoveLanguage
+ is only available in Apache 2.0.24 and later.</compatibility>
+
+
+<usage>
+
+ <p>The <samp>RemoveLanguage</samp> directive removes any
+ language associations for files with the given extensions. This
+ allows <code>.htaccess</code> files in subdirectories to undo
+ any associations inherited from parent directories or the
+ server config files.</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RemoveOutputFilter</name>
+<syntax>RemoveOutputFilter
+ <em>extension</em> [<em>extension</em>] ...</syntax>
+<default></default>
+<contextlist>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override></override>
+<compatibility>RemoveOutputFilter is only available in Apache
+2.0.26 and later.</compatibility>
+
+<usage>
+
+ <p>The <samp>RemoveOutputFilter</samp> directive removes any
+ output filter associations for files with the given extensions.
+ This allows <code>.htaccess</code> files in subdirectories to
+ undo any associations inherited from parent directories or the
+ server config files.</p>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+</usage>
+</directivesynopsis>
+
+
+<directivesynopsis>
+<name>RemoveType</name>
+<syntax>RemoveType
+ <em>extension</em> [<em>extension</em>] ...</syntax>
+<default></default>
+<contextlist>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override></override>
+<compatibility>RemoveType is
+ only available in Apache 1.3.13 and later.</compatibility>
+
+<usage>
+ <p>The <directive>RemoveType</directive> directive removes any MIME type
+ associations for files with the given extensions. This allows
+ <code>.htaccess</code> files in subdirectories to undo any
+ associations inherited from parent directories or the server
+ config files. An example of its use might be:</p>
+
+<example>
+ <dl>
+ <dt><code>/foo/.htaccess:</code></dt>
+
+ <dd><code>RemoveType .cgi</code></dd>
+ </dl>
+</example>
+
+ <p>This will remove any special handling of <code>.cgi</code>
+ files in the <code>/foo/</code> directory and any beneath it,
+ causing the files to be treated as being of the <a
+ href="core.html#defaulttype">default type</a>.</p>
+
+ <note><b>Note:</b><module>RemoveType</module> directives are processed
+ <i>after</i> any <module>AddType</module> directives, so it is
+ possible they may undo the effects of the latter if both occur
+ within the same directory configuration.</note>
+
+ <p>The <em>extension</em> argument is case-insensitive, and can
+ be specified with or without a leading dot.</p>
+</usage>
+</directivesynopsis>
+
+
+
+<directivesynopsis>
+<name>TypesConfig</name>
+<syntax>TypesConfig <em>file-path</em></syntax>
+<default>TypesConfig conf/mime.types</default>
+<contextlist>
+<context>server config</context>
+</contextlist>
+
+<usage>
+
+ <p>The TypesConfig directive sets the location of the MIME
+ types configuration file. <em>Filename</em> is relative to the
+ <a href="core.html#serverroot">ServerRoot</a>. This file sets
+ the default list of mappings from filename extensions to
+ content types; changing this file is not recommended. Use the
+ <a href="#addtype">AddType</a> directive instead. The file
+ contains lines in the format of the arguments to an AddType
+ command:</p>
+
+ <example>
+ MIME-type extension extension ...
+ </example>
+
+ <p>
+ The extensions are lower-cased. Blank lines, and lines
+ beginning with a hash character (`#') are ignored. </p>
+</usage>
+</directivesynopsis>
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_mime_magic</name>
+<description>Determines the MIME type of a file
+ by looking at a few bytes of its contents</description>
+<status>Extension</status>
+<sourcefile>mod_mime_magic.c</sourcefile>
+<identifier>mime_magic_module</identifier>
+
+<summary>
+ <p>This module determines the MIME type of files in the same
+ way the Unix file(1) command works: it looks at the first few
+ bytes of the file. It is intended as a "second line of defense"
+ for cases that <module>mod_mime</module> can't
+ resolve. To assure that mod_mime gets first try at determining
+ a file's MIME type, be sure to list mod_mime_magic
+ <strong>before</strong> mod_mime in the configuration.</p>
+
+ <p>This module is derived from a free version of the
+ <code>file(1)</code> command for Unix, which uses "magic
+ numbers" and other hints from a file's contents to figure out
+ what the contents are. This module is active only if the magic
+ file is specified by the <directive module="mod_mime_magic"
+ >MimeMagicFile</directive> directive.</p>
+</summary>
+
+<section><title>Format of the Magic File</title>
+
+ <p>The contents of the file are plain ASCII text in 4-5
+ columns. Blank lines are allowed but ignored. Commented lines
+ use a hash mark "#". The remaining lines are parsed for the
+ following columns:</p>
+
+ <table border="1">
+ <tr valign="top">
+ <th>Column</th>
+
+ <th>Description</th>
+ </tr>
+
+ <tr valign="top">
+ <td>1</td>
+
+ <td>byte number to begin checking from<br />
+ ">" indicates a dependency upon the previous non-">"
+ line</td>
+ </tr>
+
+ <tr valign="top">
+ <td>2</td>
+
+ <td>
+ type of data to match
+
+ <table border="1">
+ <tr>
+ <td>byte</td>
+
+ <td>single character</td>
+ </tr>
+
+ <tr>
+ <td>short</td>
+
+ <td>machine-order 16-bit integer</td>
+ </tr>
+
+ <tr>
+ <td>long</td>
+
+ <td>machine-order 32-bit integer</td>
+ </tr>
+
+ <tr>
+ <td>string</td>
+
+ <td>arbitrary-length string</td>
+ </tr>
+
+ <tr>
+ <td>date</td>
+
+ <td>long integer date (seconds since Unix
+ epoch/1970)</td>
+ </tr>
+
+ <tr>
+ <td>beshort</td>
+
+ <td>big-endian 16-bit integer</td>
+ </tr>
+
+ <tr>
+ <td>belong</td>
+
+ <td>big-endian 32-bit integer</td>
+ </tr>
+
+ <tr>
+ <td>bedate</td>
+
+ <td>big-endian 32-bit integer date</td>
+ </tr>
+
+ <tr>
+ <td>leshort</td>
+
+ <td>little-endian 16-bit integer</td>
+ </tr>
+
+ <tr>
+ <td>lelong</td>
+
+ <td>little-endian 32-bit integer</td>
+ </tr>
+
+ <tr>
+ <td>ledate</td>
+
+ <td>little-endian 32-bit integer date</td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <tr valign="top">
+ <td>3</td>
+
+ <td>contents of data to match</td>
+ </tr>
+
+ <tr valign="top">
+ <td>4</td>
+
+ <td>MIME type if matched</td>
+ </tr>
+
+ <tr valign="top">
+ <td>5</td>
+
+ <td>MIME encoding if matched (optional)</td>
+ </tr>
+ </table>
+
+ <p>For example, the following magic file lines would recognize
+ some audio formats.</p>
+<example>
+<pre>
+# Sun/NeXT audio data
+0 string .snd
+>12 belong 1 audio/basic
+>12 belong 2 audio/basic
+>12 belong 3 audio/basic
+>12 belong 4 audio/basic
+>12 belong 5 audio/basic
+>12 belong 6 audio/basic
+>12 belong 7 audio/basic
+>12 belong 23 audio/x-adpcm
+</pre>
+</example>
+ <p>Or these would recognize the difference between "*.doc" files
+ containing Microsoft Word or FrameMaker documents. (These are
+ incompatible file formats which use the same file suffix.)</p>
+<example>
+<pre>
+# Frame
+0 string \<MakerFile application/x-frame
+0 string \<MIFFile application/x-frame
+0 string \<MakerDictionary application/x-frame
+0 string \<MakerScreenFon application/x-frame
+0 string \<MML application/x-frame
+0 string \<Book application/x-frame
+0 string \<Maker application/x-frame
+
+# MS-Word
+0 string \376\067\0\043 application/msword
+0 string \320\317\021\340\241\261 application/msword
+0 string \333\245-\0\0\0 application/msword
+</pre>
+</example>
+ <p>An optional MIME encoding can be included as a fifth column.
+ For example, this can recognize gzipped files and set the
+ encoding for them.</p>
+<example>
+<pre>
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+0 string \037\213 application/octet-stream x-gzip
+</pre>
+</example>
+</section>
+
+<section><title>Performance Issues</title>
+ <p>This module is not for every system. If your system is barely
+ keeping up with its load or if you're performing a web server
+ benchmark, you may not want to enable this because the
+ processing is not free.</p>
+
+ <p>However, an effort was made to improve the performance of
+ the original file(1) code to make it fit in a busy web server.
+ It was designed for a server where there are thousands of users
+ who publish their own documents. This is probably very common
+ on intranets. Many times, it's helpful if the server can make
+ more intelligent decisions about a file's contents than the
+ file name allows ...even if just to reduce the "why doesn't my
+ page work" calls when users improperly name their own files.
+ You have to decide if the extra work suits your
+ environment.</p>
+
+ <p>When compiling an Apache server, this module should be at or
+ near the top of the list of modules in the Configuration file.
+ The modules are listed in increasing priority so that will mean
+ this one is used only as a last resort, just like it was
+ designed to.</p>
+
+</section>
+
+<section id="notes"><title>Notes</title>
+
+ <p>The following notes apply to the mod_mime_magic module and are
+ included here for compliance with contributors' copyright
+ restrictions that require their acknowledgment. </p>
+<pre>
+/*
+ * mod_mime_magic: MIME type lookup via file magic numbers
+ * Copyright (c) 1996-1997 Cisco Systems, Inc.
+ *
+ * This software was submitted by Cisco Systems to the Apache Group in July
+ * 1997. Future revisions and derivatives of this source code must
+ * acknowledge Cisco Systems as the original contributor of this module.
+ * All other licensing and usage conditions are those of the Apache Group.
+ *
+ * Some of this code is derived from the free version of the file command
+ * originally posted to comp.sources.unix. Copyright info for that program
+ * is included below as required.
+ * ---------------------------------------------------------------------------
+ * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
+ *
+ * This software is not subject to any license of the American Telephone and
+ * Telegraph Company or of the Regents of the University of California.
+ *
+ * Permission is granted to anyone to use this software for any purpose on any
+ * computer system, and to alter it and redistribute it freely, subject to
+ * the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission. Since few users ever read sources, credits
+ * must appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software. Since few users ever read
+ * sources, credits must appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ * -------------------------------------------------------------------------
+ *
+ * For compliance with Mr Darwin's terms: this has been very significantly
+ * modified from the free "file" command.
+ * - all-in-one file for compilation convenience when moving from one
+ * version of Apache to the next.
+ * - Memory allocation is done through the Apache API's pool structure.
+ * - All functions have had necessary Apache API request or server
+ * structures passed to them where necessary to call other Apache API
+ * routines. (<em>i.e.</em>, usually for logging, files, or memory allocation in
+ * itself or a called function.)
+ * - struct magic has been converted from an array to a single-ended linked
+ * list because it only grows one record at a time, it's only accessed
+ * sequentially, and the Apache API has no equivalent of realloc().
+ * - Functions have been changed to get their parameters from the server
+ * configuration instead of globals. (It should be reentrant now but has
+ * not been tested in a threaded environment.)
+ * - Places where it used to print results to stdout now saves them in a
+ * list where they're used to set the MIME type in the Apache request
+ * record.
+ * - Command-line flags have been removed since they will never be used here.
+ *
+ */
+</pre>
+</section>
+
+<directivesynopsis>
+<name>MimeMagicFile</name>
+<description>Enable MIME-type determination based on file contents
+using the specified magic file</description>
+<syntax>MimeMagicFile <em>file-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+ <p>The <directive>MimeMagicFile</directive> directive can be used to
+ enable this module, the default file is distributed at
+ <code>conf/magic</code>. Non-rooted paths are relative to the
+ ServerRoot. Virtual hosts will use the same file as the main
+ server unless a more specific setting is used, in which case
+ the more specific setting overrides the main server's file.</p>
+</usage>
+</directivesynopsis>
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_negotiation</name>
+<description>Provides for <a
+ href="../content-negotiation.html">content negotiation</a></description>
+<status>Base</status>
+<sourcefile>mod_negotiation.c</sourcefile>
+<identifier>negotiation_module</identifier>
+
+<summary>
+ <p>Content negotiation, or more accurately content selection, is
+ the selection of the document that best matches the clients
+ capabilities, from one of several available documents. There
+ are two implementations of this.</p>
+
+ <ul>
+ <li>A type map (a file with the handler
+ <code>type-map</code>) which explicitly lists the files
+ containing the variants.</li>
+
+ <li>A MultiViews search (enabled by the MultiViews <directive
+ module="core.html">Options</directive>, where the server does an
+ implicit filename pattern match, and choose from amongst the
+ results.</li>
+ </ul>
+</summary>
+
+<seealso><directive module="mod_mime">DefaultLangauge</directive></seealso>
+<seealso><directive module="mod_mime">AddEncoding</directive></seealso>
+<seealso><directive module="mod_mime">AddLanguage</directive></seealso>
+<seealso><directive module="mod_mime">AddType</directive></seealso>
+
+<section><title>Type maps</title>
+ <p>A type map has the same format as RFC822 mail headers. It
+ contains document descriptions separated by blank lines, with
+ lines beginning with a hash character ('#') treated as
+ comments. A document description consists of several header
+ records; records may be continued on multiple lines if the
+ continuation lines start with spaces. The leading space will be
+ deleted and the lines concatenated. A header record consists of
+ a keyword name, which always ends in a colon, followed by a
+ value. Whitespace is allowed between the header name and value,
+ and between the tokens of value. The headers allowed are: </p>
+
+ <dl>
+ <dt>Content-Encoding:</dt>
+
+ <dd>The encoding of the file. Apache only recognizes
+ encodings that are defined by an <directive
+ module="mod_mime">AddEncoding</directive> directive.
+ This normally includes the encodings <code>x-compress</code>
+ for compress'd files, and <code>x-gzip</code> for gzip'd
+ files. The <code>x-</code> prefix is ignored for encoding
+ comparisons.</dd>
+
+ <dt>Content-Language:</dt>
+
+ <dd>The language of the variant, as an Internet standard
+ language tag (RFC 1766). An example is <code>en</code>,
+ meaning English.</dd>
+
+ <dt>Content-Length:</dt>
+
+ <dd>The length of the file, in bytes. If this header is not
+ present, then the actual length of the file is used.</dd>
+
+ <dt>Content-Type:</dt>
+
+ <dd>
+ The MIME media type of the document, with optional
+ parameters. Parameters are separated from the media type
+ and from one another by a semi-colon, with a syntax of
+ <code>name=value</code>. Common parameters include:
+
+ <dl>
+ <dt>level</dt>
+
+ <dd>an integer specifying the version of the media type.
+ For <code>text/html</code> this defaults to 2, otherwise
+ 0.</dd>
+
+ <dt>qs</dt>
+
+ <dd>a floating-point number with a value in the range 0.0
+ to 1.0, indicating the relative 'quality' of this variant
+ compared to the other available variants, independent of
+ the client's capabilities. For example, a jpeg file is
+ usually of higher source quality than an ascii file if it
+ is attempting to represent a photograph. However, if the
+ resource being represented is ascii art, then an ascii
+ file would have a higher source quality than a jpeg file.
+ All qs values are therefore specific to a given
+ resource.</dd>
+ </dl>
+ Example:
+
+ <blockquote>
+ <code>Content-Type: image/jpeg; qs=0.8</code>
+ </blockquote>
+ </dd>
+
+ <dt>URI:</dt>
+
+ <dd>The path to the file containing this variant, relative to
+ the map file.</dd>
+ </dl>
+</section>
+
+<section><title>MultiViews</title>
+
+ <p>A MultiViews search is enabled by the MultiViews <directive
+ module="core">Options</directive>. If the server receives a
+ request for <code>/some/dir/foo</code> and
+ <code>/some/dir/foo</code> does <em>not</em> exist, then the
+ server reads the directory looking for all files named
+ <code>foo.*</code>, and effectively fakes up a type map which
+ names all those files, assigning them the same media types and
+ content-encodings it would have if the client had asked for one
+ of them by name. It then chooses the best match to the client's
+ requirements, and returns that document.</p>
+</section>
+
+<directivesynopsis>
+<name>CacheNegotiatedDocs</name>
+<description>Allows content-negotiated documents to be
+cached by proxy servers</description>
+<syntax>CacheNegotiatedDocs on|off</syntax>
+<default>CacheNegotiatedDocs off</default>
+<contextlist><context>server config</context></contextlist>
+<compatibility>The syntax changed in version 2.0.</compatibility>
+
+<usage>
+ <p>If set, this directive allows content-negotiated documents
+ to be cached by proxy servers. This could mean that clients
+ behind those proxys could retrieve versions of the documents
+ that are not the best match for their abilities, but it will
+ make caching more efficient.</p>
+
+ <p>This directive only applies to requests which come from
+ HTTP/1.0 browsers. HTTP/1.1 provides much better control over
+ the caching of negotiated documents, and this directive has no
+ effect in responses to HTTP/1.1 requests.</p>
+
+ <p>Prior to version 2.0,
+ <directive>CacheNegotiatedDocs</directive> did not take an
+ argument; it was turned on by the presence of the directive by
+ itself.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ForceLangaugePriority</name>
+<description>Action to take if a single acceptable document is not
+found</description>
+<syntax>ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback]</syntax>
+<default>ForceLangaugePriority None</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>Available in version 2.0.30 and later</compatibility>
+
+<usage>
+ <p>The <directive>ForceLanguagePriority</directive> directive uses
+ the given <directive
+ module="mod_negotiation">LanguagePriority</directive> to satisfy
+ negotation where the server could otherwise not return a single
+ matching document.</p>
+
+ <p><code>ForceLanguagePriority Prefer</code> uses
+ <code>LanguagePriority</code> to serve a one valid result, rather
+ than returning an HTTP result 300 (MULTIPLE CHOICES) when there
+ are several equally valid choices. If the directives below were
+ given, and the user's Accept-Language header assigned en and de
+ each as quality .500 (equally acceptable) then then first matching
+ variant, en, will be served.</p>
+
+<example>
+ LanguagePriority en fr de<br />
+ ForceLanguagePriority Prefer
+</example>
+
+ <p><code>ForceLanguagePriority Fallback</code> uses
+ <code>LanguagePriority</code> to serve a valid result, rather than
+ returning an HTTP result 406 (NOT ACCEPTABLE). If the directives
+ below were given, and the user's Accept-Language only permitted an
+ es langauge response, but such a variant isn't found, then the
+ first variant from the LanguagePriority list below will be
+ served.</p>
+
+<example>
+ LanguagePriority en fr de<br />
+ ForceLanguagePriority Fallback
+</example>
+
+ <p>Both options, Prefer and Fallback, may be specified, so either the
+ first matching variant from LanguagePriority will be served if more
+ that one variant is acceptable, or first available document will be
+ served if none of the variants matched the client's acceptable list of
+ languages.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LanguagePriority</name>
+<description>The precendence of language variants for cases where
+the client does not express a preference</description>
+<syntax>LanguagePriority <em>MIME-lang</em> [<em>MIME-lang</em>] ...</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>The <directive>LanguagePriority</directive> sets the precedence
+ of language variants for the case where the client does not
+ express a preference, when handling a MultiViews request. The list
+ of <em>MIME-lang</em> are in order of decreasing preference.
+ Example:</p>
+
+<example>LanguagePriority en fr de</example>
+
+ <p>For a request for <code>foo.html</code>, where
+ <code>foo.html.fr</code> and <code>foo.html.de</code> both
+ existed, but the browser did not express a language preference,
+ then <code>foo.html.fr</code> would be returned.</p>
+
+ <p>Note that this directive only has an effect if a 'best'
+ language cannot be determined by any other means or the <directive
+ module="mod_negotiation">ForceLanguagePriority</directive> directive
+ is not <code>None</code>. Correctly implemented HTTP/1.1 requests
+ will mean this directive has no effect.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_proxy</name>
+<description>HTTP/1.1 proxy/gateway server</description>
+<status>Extension</status>
+<sourcefile>mod_proxy.c</sourcefile>
+<identifier>proxy_module</identifier>
+
+<summary>
+<note type="warning"><title>Warning</title>
+This document has been updated to take into account changes
+made in the 2.0 version of the Apache HTTP Server. Some of the
+information may still be inaccurate, please use it
+with care.
+</note>
+
+<p>This module implements a proxy/gateway for Apache. It implements
+proxying capability for
+<code>FTP</code>,
+<code>CONNECT</code> (for SSL),
+<code>HTTP/0.9</code>,
+<code>HTTP/1.0</code>, and
+<code>HTTP/1.1</code>.
+The module can be configured to connect to other proxy modules for these
+and other protocols.</p>
+
+<p>This module was experimental in Apache 1.1.x. Improvements and bugfixes
+were made in Apache v1.2.x and Apache v1.3.x, then the module underwent a major
+overhaul for Apache v2.0. The protocol support was upgraded to HTTP/1.1,
+and filter support was enabled.</p>
+
+<p>Please note that the <strong>caching</strong> function present in
+mod_proxy up to Apache v1.3.x has been <strong>removed</strong> from
+mod_proxy and will be incorporated into a new module, mod_cache.</p>
+</summary>
+
+<section id="configs"><title>Common configuration topics</title>
+
+<ul>
+<li><a href="#forwardreverse">Forward and Reverse Proxies</a></li>
+<li><a href="#access">Controlling access to your proxy</a></li>
+<li><a href="#shortname">Using Netscape hostname shortcuts</a></li>
+<li><a href="#mimetypes">Why doesn't file type <em>xxx</em> download via FTP?</a></li>
+<li><a href="#type">How can I force an FTP ASCII download of File <em>xxx</em>?</a></li>
+<li><a href="#percent2fhack">How can I access FTP files outside of my home directory?</a></li>
+<li><a href="#ftppass">How can I hide the FTP cleartext password in my browser's URL line?</a></li>
+<li><a href="#startup">Why does Apache start more slowly when using the
+ proxy module?</a></li>
+<!--<li><a href="#socks">Can I use the Apache proxy module with my SOCKS proxy?</a>-->
+<li><a href="#intranet">What other functions are useful for an intranet proxy server?</a></li>
+</ul>
+
+<section id="forwardreverse"><title>Forward and Reverse Proxies</title>
+
+<p>Apache can be configured in both a <em>forward</em> and <em>reverse</em>
+proxy configuration.</p>
+
+<p>A <em>forward proxy</em> is an intermediate system that enables a browser to connect to a
+remote network to which it normally does not have access. A forward proxy
+can also be used to cache data, reducing load on the networks between the
+forward proxy and the remote webserver.</p>
+
+<p>Apache's mod_proxy can be figured to behave like a forward proxy
+using the <directive module="mod_proxy">ProxyRemote</directive>
+directive. In addition, caching of data can be achieved by configuring
+Apache <module>mod_cache</module>. Other dedicated forward proxy
+packages include <a href="http://www.squid.org">Squid</a>.</p>
+
+<p>A <em>reverse proxy</em> is a webserver system that is capable of serving webpages
+sourced from other webservers - in addition to webpages on disk or generated
+dynamically by CGI - making these pages look like they originated at the
+reverse proxy.</p>
+
+<p>When configured with the mod_cache module the reverse
+proxy can act as a cache for slower backend webservers. The reverse proxy
+can also enable advanced URL strategies and management techniques, allowing
+webpages served using different webserver systems or architectures to
+coexist inside the same URL space. Reverse proxy systems are also ideal for
+implementing centralised logging websites with many or diverse website
+backends. Complex multi-tier webserver systems can be constructed using an
+Apache mod_proxy frontend and any number of backend webservers.</p>
+
+<p>The reverse proxy is configured using the
+<directive module="mod_proxy">ProxyPass</directive> and <directive
+module="mod_proxy">ProxyPassReverse</directive> directives. Caching can be
+enabled using mod_cache as with the forward proxy.</p>
+
+</section>
+
+<section id="access"><title>Controlling access to your proxy</title>
+
+<p>You can control who can access your proxy via the normal <directive module="core" type="section">Directory</directive>
+control block using the following example:</p>
+
+<example>
+<Directory proxy:*><br />
+Order Deny,Allow<br />
+Deny from all<br />
+Allow from 192.168.0<br />
+</Directory>
+</example>
+
+<p>A <directive module="core" type="section">Files</directive> block
+will also work, and is the only method known to work for all possible
+URLs in Apache versions earlier than 1.2b10.</p>
+
+<p>When configuring a reverse proxy, access control takes on the
+attributes of the normal server <directive module="core"
+type="section">directory</directive> configuration.</p>
+
+
+<!--<h2><a name="shortname">Using Netscape hostname shortcuts</a></h2>
+
+There is an optional patch to the proxy module to allow Netscape-like
+hostname shortcuts to be used. It's available from the
+<a href="http://www.apache.org/dist/contrib/patches/1.2/netscapehost.patch"
+><code>contrib/patches/1.2</code></a> directory on the Apache Web
+site.<p>-->
+
+</section>
+
+<section id="mimetypes"><title>Why doesn't file type <em>xxx</em>
+download via FTP?</title>
+
+<p>You probably don't have that particular file type defined as
+<em>application/octet-stream</em> in your proxy's mime.types configuration
+file. A useful line can be</p>
+
+<example>
+application/octet-stream bin dms lha lzh exe class tgz taz
+</example>
+</section>
+
+<section id="type"><title>How can I force an FTP ASCII download of
+File <em>xxx</em>?</title>
+
+<p>In the rare situation where you must download a specific file using the FTP
+<strong>ASCII</strong> transfer method (while the default transfer is in
+<strong>binary</strong> mode), you can override mod_proxy's default by
+suffixing the request with <code>;type=a</code> to force an ASCII transfer.
+(FTP Directory listings are always executed in ASCII mode, however.)</p>
+</section>
+
+<section id="percent2fhck"><title>How can I access FTP files outside
+of my home directory?</title>
+
+<p>
+An FTP URI is interpreted relative to the home directory of the user
+who is logging in. Alas, to reach higher directory levels you cannot
+use /../, as the dots are interpreted by the browser and not actually
+sent to the FTP server. To address this problem, the so called "Squid
+%2f hack" was implemented in the Apache FTP proxy; it is is a solution
+which is also used by other popular proxy servers like the <a
+href="http://www.squid-cache.org/">Squid Proxy Cache</a>. By
+prepending /%2f to the path of your request, you can make such a proxy
+change the FTP starting directory to / (instead of the home
+directory). </p>
+
+<p><strong>Example:</strong> To retrieve the file
+<code>/etc/motd</code>, you would use the URL</p>
+<example>ftp://<em>user@host</em>/%2f/etc/motd</example>
+</section>
+
+<section id="ftppass"><title>How can I hide the FTP cleartext password
+in my browser's URL line?</title>
+
+<p>
+To log in to an FTP server by username and password, Apache
+uses different strategies.
+In absense of a user name and password in the URL altogether,
+Apache sends an anomymous login to the FTP server, i.e.,</p>
+<example>
+user: anonymous<br />
+password: apache_proxy@
+</example>
+<p>This works for all popular FTP servers which are configured for
+anonymous access.</p>
+
+<p>For a personal login with a specific username, you can embed
+the user name into the URL, like in:
+<code>ftp://<em>username@host</em>/myfile</code>. If the FTP server
+asks for a password when given this username (which it should),
+then Apache will reply with a [401 Authorization required] response,
+which causes the Browser to pop up the username/password dialog.
+Upon entering the password, the connection attempt is retried,
+and if successful, the requested resource is presented.
+The advantage of this procedure is that your browser does not
+display the password in cleartext (which it would if you had used
+<code>ftp://<em>username:password@host</em>/myfile</code> in
+the first place).</p>
+
+<note><title>Note</title>
+The password which is transmitted in such a way
+is not encrypted on its way. It travels between your browser and
+the Apache proxy server in a base64-encoded cleartext string, and
+between the Apache proxy and the FTP server as plaintext. You should
+therefore think twice before accessing your FTP server via HTTP
+(or before accessing your personal files via FTP at all!) When
+using unsecure channels, an eavesdropper might intercept your
+password on its way.
+</note>
+</section>
+
+<section id="startup"><title>Why does Apache start more slowly when
+using the proxy module?</title>
+
+<p>If you're using the <directive module="mod_proxy">ProxyBlock</directive>
+directive, hostnames' IP addresses are looked up and cached during
+startup for later match test. This may take a few seconds (or more)
+depending on the speed with which the hostname lookups occur.</p>
+</section>
+
+<!--<h2><a name="socks">Can I use the Apache proxy module with my SOCKS proxy?</a></h2>
+
+Yes. Just build Apache with the rule <code>SOCKS4=yes</code> in your
+<em>Configuration</em> file, and follow the instructions there. SOCKS5
+capability can be added in a similar way (there's no <code>SOCKS5</code>
+rule yet), so use the <code>EXTRA_LDFLAGS</code> definition, or build Apache
+normally and run it with the <em>runsocks</em> wrapper provided with SOCKS5,
+if your OS supports dynamically linked libraries.<p>
+
+Some users have reported problems when using SOCKS version 4.2 on Solaris.
+The problem was solved by upgrading to SOCKS 4.3.<p>
+
+Remember that you'll also have to grant access to your Apache proxy machine by
+permitting connections on the appropriate ports in your SOCKS daemon's
+configuration.<p>
+-->
+
+<section id="intranet"><title>What other functions are useful for an
+intranet proxy server?</title>
+
+<p>An Apache proxy server situated in an intranet needs to forward
+external requests through the company's firewall. However, when it has
+to access resources within the intranet, it can bypass the firewall
+when accessing hosts. The <directive
+module="mod_proxy">NoProxy</directive> directive is useful for
+specifying which hosts belong to the intranet and should be accessed
+directly.</p>
+
+<p>Users within an intranet tend to omit the local domain name from their
+WWW requests, thus requesting "http://somehost/" instead of
+"http://somehost.my.dom.ain/". Some commercial proxy servers let them get
+away with this and simply serve the request, implying a configured
+local domain. When the <directive module="mod_proxy">ProxyDomain</directive> directive
+is used and the server is <a href="#proxyrequests">configured for
+proxy service</a>, Apache can return a redirect response and send the client
+to the correct, fully qualified, server address. This is the preferred method
+since the user's bookmark files will then contain fully qualified hosts.</p>
+</section>
+
+</section>
+
+<directivesynopsis>
+<name>ProxyPreserveHost</name>
+<syntax>ProxyPreserveHost on|off</syntax>
+<default>ProxyPreserveHost Off</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<compatibility>Available in
+Apache 2.0.31 and later.</compatibility>
+
+<usage>
+<p>When enabled, this option will pass the Host: line from the
+incoming request to the proxied host, instead of the hostname
+specified in the proxypass line.
+</p>
+<p>This option should normally be turned 'off'.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyRequests</name>
+<syntax>ProxyRequests on|off</syntax>
+<default>ProxyRequests Off</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<p>This allows or prevents Apache from functioning as a forward proxy
+server. (Setting ProxyRequests to 'off' does not disable use of the
+<directive module="mod_proxy">ProxyPass</directive> directive.)</p>
+
+<p>In a typical reverse proxy configuration, this option should be set to
+'off'.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyRemote</name>
+<syntax>ProxyRemote <em>match remote-server</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<p>This defines remote proxies to this proxy. <em>match</em> is either the
+name of a URL-scheme that the remote server supports, or a partial URL
+for which the remote server should be used, or '*' to indicate the
+server should be contacted for all requests. <em>remote-server</em> is a
+partial URL for the remote server. Syntax:</p>
+
+<pre>
+ remote-server = protocol://hostname[:port]
+</pre>
+
+<p><em>protocol</em> is the protocol that should be used to communicate
+with the remote server; only "http" is supported by this module.</p>
+
+<p>
+Example:</p>
+<example>
+ ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000<br />
+ ProxyRemote * http://cleversite.com<br />
+ ProxyRemote ftp http://ftpproxy.mydomain.com:8080
+</example>
+
+<p>In the last example, the proxy will forward FTP requests, encapsulated
+as yet another HTTP proxy request, to another proxy which can handle
+them.</p>
+
+<p>This option also supports reverse proxy configuration - a backend
+webserver can be embedded within a virtualhost URL space even if that
+server is hidden by another forward proxy.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyPass</name>
+<syntax>ProxyPass [<em>path</em>] !|<em>url</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<!-- XXX: Need to document that the path is not used when placed in
+a location section -->
+<p>This directive allows remote servers to be mapped into the space of
+the local server; the local server does not act as a proxy in the
+conventional sense, but appears to be a mirror of the remote
+server. <em>path</em> is the name of a local virtual path;
+<em>url</em> is a partial URL for the remote server.</p>
+
+<p>Suppose the local server has address <code>http://wibble.org/</code>;
+then</p>
+<example>
+ ProxyPass /mirror/foo/ http://foo.com/
+</example>
+<p>will cause a local request for the
+<<code>http://wibble.org/mirror/foo/bar</code>> to be
+internally converted into a proxy request to
+<<code>http://foo.com/bar</code>>.</p>
+<p>
+The ! directive is useful in situations where you don't want to reverse-proxy
+a subdirectory. eg.</p>
+<example>
+ ProxyPass /mirror/foo/i !<br />
+ ProxyPass /mirror/foo http://foo.com
+</example>
+<p>will proxy all requests to /mirror/foo to foo.com EXCEPT requests made to /mirror/foo/i</p>
+
+<note>NB: order is important. you need to put the exclusions BEFORE the general proxypass directive</note>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyPassReverse</name>
+<syntax>ProxyPassReverse [<em>path</em>] <em>url</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<!-- XXX: Need to document that the path is not used when placed in
+a location section -->
+<p>This directive lets Apache adjust the URL in the <code>Location</code>,
+<code>Content-Location</code> and <code>URI</code> headers on
+HTTP redirect responses. This is essential when Apache is used as
+a reverse proxy to avoid by-passing the reverse proxy because of HTTP
+redirects on the backend servers which stay behind the reverse proxy.</p>
+
+<p><em>path</em> is the name of a local virtual path.<br />
+<em>url</em> is a partial URL for the remote server - the same way they are
+used for the <directive module="mod_proxy">ProxyPass</directive> directive.</p>
+
+<p>
+Example:<br />
+Suppose the local server has address <code>http://wibble.org/</code>; then</p>
+<example>
+ ProxyPass /mirror/foo/ http://foo.com/<br />
+ ProxyPassReverse /mirror/foo/ http://foo.com/
+</example>
+<p>will not only cause a local request for the
+<<code>http://wibble.org/mirror/foo/bar</code>> to be internally
+converted into a proxy request to <<code>http://foo.com/bar</code>> (the
+functionality <code>ProxyPass</code> provides here). It also takes care of
+redirects the server foo.com sends: when <code>http://foo.com/bar</code> is
+redirected by him to <code>http://foo.com/quux</code> Apache adjusts this to
+<code>http://wibble.org/mirror/foo/quux</code> before forwarding the HTTP
+redirect response to the client. </p>
+<p>
+Note that this <directive>ProxyPassReverse</directive> directive can
+also be used in conjunction with the proxy pass-through feature
+("<code>RewriteRule ... [P]</code>") from
+<module>mod_rewrite</module> because its doesn't depend on a
+corresponding <directive module="mod_proxy">ProxyPass</directive>
+directive.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AllowCONNECT</name>
+<syntax>AllowCONNECT <em>port</em> [<em>port</em>] ...</syntax>
+<default>AllowCONNECT 443 563</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<p>The <directive>AllowCONNECT</directive> directive specifies a list
+of port numbers to which the proxy <code>CONNECT</code> method may
+connect. Today's browsers use this method when a <em>https</em>
+connection is requested and proxy tunneling over <em>http</em> is in
+effect.<br /> By default, only the default https port (443) and the
+default snews port (563) are enabled. Use the
+<directive>AllowCONNECT</directive> directive to overrride this default and
+allow connections to the listed ports only.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyBlock</name>
+<syntax>ProxyBlock *|<em>word|host|domain</em>
+[<em>word|host|domain</em>] ...</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<p>The <directive>ProxyBlock</directive> directive specifies a list of
+words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and
+FTP document requests to sites whose names contain matched words,
+hosts or domains are <em>blocked</em> by the proxy server. The proxy
+module will also attempt to determine IP addresses of list items which
+may be hostnames during startup, and cache them for match test as
+well. Example:</p>
+
+<example>
+ ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
+</example>
+
+<p>'rocky.wotsamattau.edu' would also be matched if referenced by IP
+address.</p>
+
+<p>Note that 'wotsamattau' would also be sufficient to match
+'wotsamattau.edu'.</p>
+
+<p>Note also that</p>
+
+<example>
+ProxyBlock *
+</example>
+
+<p>blocks connections to all sites.</p>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyReceiveBufferSize</name>
+<syntax>ProxyReceiveBufferSize <em>bytes</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<p>The <directive>ProxyReceiveBufferSize</directive> directive
+specifies an explicit network buffer size for outgoing HTTP and FTP
+connections, for increased throughput. It has to be greater than 512
+or set to 0 to indicate that the system's default buffer size should
+be used.</p>
+<example><title>Example</title>
+ ProxyReceiveBufferSize 2048
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyMaxForwards</name>
+<syntax>ProxyMaxForwards <em>number</em></syntax>
+<default>ProxyMaxForwards 10</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<compatibility>Available in Apache 2.0 and later</compatibility>
+
+<usage>
+<p>The <directive>ProxyMaxForwards</directive> directive specifies the
+maximum number of proxies through which a request may pass. This is
+set to prevent infinite proxy loops, or a DoS attack.</p>
+
+<example><title>Example</title>
+ ProxyMaxForwards 10
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>NoProxy</name>
+<syntax>NoProxy
+ <em>Domain</em>|
+ <em>SubNet</em>|
+ <em>IpAddr</em>|
+ <em>Hostname</em>
+[<em>Domain</em>|
+ <em>SubNet</em>|
+ <em>IpAddr</em>|
+ <em>Hostname</em>] ...</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<p>This directive is only useful for Apache proxy servers within
+intranets. The <directive>NoProxy</directive> directive specifies a
+list of subnets, IP addresses, hosts and/or domains, separated by
+spaces. A request to a host which matches one or more of these is
+always served directly, without forwarding to the configured
+<directive module="mod_proxy">ProxyRemote</directive> proxy server(s).</p>
+
+<example><title>Example</title>
+ ProxyRemote * http://firewall.mycompany.com:81<br />
+ NoProxy .mycompany.com 192.168.112.0/21
+</example>
+
+<p>The arguments to the NoProxy directive are one of the following type list:</p>
+ <dl>
+ <!-- ===================== Domain ======================= -->
+ <dt><a name="domain">
+ <em>Domain</em></a></dt>
+ <dd>A <em>Domain</em> is a partially qualified DNS domain name, preceded
+ by a period.
+ It represents a list of hosts which logically belong to the same DNS
+ domain or zone (<em>i.e.</em>, the suffixes of the hostnames are all ending in
+ <em>Domain</em>).<br />
+ Examples: <code>.com</code> <code>.apache.org.</code><br />
+ To distinguish <em>Domain</em>s from <a href="#hostname"><em>Hostname</em></a>s (both
+ syntactically and semantically; a DNS domain can have a DNS A record,
+ too!), <em>Domain</em>s are always written
+ with a leading period.<br />
+ Note: Domain name comparisons are done without regard to the case,
+ and <em>Domain</em>s are always assumed to be anchored in the root
+ of the DNS tree, therefore two domains <code>.MyDomain.com</code> and
+ <code>.mydomain.com.</code> (note the trailing period) are
+ considered equal. Since a domain comparison does not involve a DNS
+ lookup, it is much more efficient than subnet comparison.</dd>
+
+ <!-- ===================== SubNet ======================= -->
+ <dt><a name="subnet">
+ <em>SubNet</em></a></dt>
+ <dd>A <em>SubNet</em> is a partially qualified internet address in
+ numeric (dotted quad) form, optionally followed by a slash and the
+ netmask, specified as the number of significant bits in the
+ <em>SubNet</em>. It is used to represent a subnet of hosts which can
+ be reached over a common network interface. In the absence of the
+ explicit net mask it is assumed that omitted (or zero valued)
+ trailing digits specify the mask. (In this case, the netmask can
+ only be multiples of 8 bits wide.)<br />
+ Examples:
+ <dl>
+ <dt><code>192.168</code> or <code>192.168.0.0</code></dt>
+ <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
+ (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
+ <dt><code>192.168.112.0/21</code></dt>
+ <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
+ valid bits (also used in the form 255.255.248.0)</dd>
+ </dl>
+ As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
+ equivalent to an <em>IPAddr</em>, while a <em>SubNet</em> with zero
+ valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
+ <em>_Default_</em>, matching any IP address. </dd>
+
+ <!-- ===================== IPAddr ======================= -->
+ <dt><a name="ipaddr">
+ <em>IPAddr</em></a></dt>
+ <dd>A <em>IPAddr</em> represents a fully qualified internet address in
+ numeric (dotted quad) form. Usually, this address represents a
+ host, but there need not necessarily be a DNS domain name
+ connected with the address.<br />
+ Example: 192.168.123.7<br />
+ Note: An <em>IPAddr</em> does not need to be resolved by the DNS
+ system, so it can result in more effective apache performance.</dd>
+
+ <!-- ===================== Hostname ======================= -->
+ <dt><a name="hostname">
+ <em>Hostname</em></a></dt>
+ <dd>A <em>Hostname</em> is a fully qualified DNS domain name which can
+ be resolved to one or more <a
+ href="#ipaddr"><em>IPAddrs</em></a> via the DNS domain name service.
+ It represents a logical host (in contrast to
+ <a href="#domain"><em>Domain</em></a>s, see
+ above) and must be resolvable to at least one <a
+ href="#ipaddr"><em>IPAddr</em></a> (or often to a list of hosts
+ with different <a href="#ipaddr"><em>IPAddr</em></a>'s).<br />
+ Examples: <code>prep.ai.mit.edu</code>
+ <code>www.apache.org.</code><br />
+ Note: In many situations, it is more effective to specify an
+ <a href="#ipaddr"><em>IPAddr</em></a> in place of a
+ <em>Hostname</em> since a DNS lookup
+ can be avoided. Name resolution in Apache can take a remarkable deal
+ of time when the connection to the name server uses a slow PPP
+ link.<br />
+ Note: <em>Hostname</em> comparisons are done without regard to the case,
+ and <em>Hostname</em>s are always assumed to be anchored in the root
+ of the DNS tree, therefore two hosts <code>WWW.MyDomain.com</code>
+ and <code>www.mydomain.com.</code> (note the trailing period) are
+ considered equal.</dd>
+</dl>
+</usage>
+<seealso><a href="../dns-caveats.html">DNS Issues</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyTimeout</name>
+<syntax>ProxyTimeout <em>seconds</em></syntax>
+<default>ProxyTimeout 300</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<compatibility>Available in
+Apache 2.0.31 and later</compatibility>
+
+<usage>
+<p>This directive allows a user to specifiy a timeout on proxy requests.
+This is usefull when you have a slow/buggy appserver which hangs,
+and you would rather just return a timeout and fail gracefully instead
+of waiting however long it takes the server to return
+</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyDomain</name>
+<syntax>ProxyDomain <em>Domain</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<p>This directive is only useful for Apache proxy servers within
+intranets. The <directive>ProxyDomain</directive> directive specifies
+the default domain which the apache proxy server will belong to. If a
+request to a host without a domain name is encountered, a redirection
+response to the same host with the configured <em>Domain</em> appended
+will be generated.</p>
+
+<example><title>Example</title>
+ ProxyRemote * http://firewall.mycompany.com:81<br />
+ NoProxy .mycompany.com 192.168.112.0/21<br />
+ ProxyDomain .mycompany.com
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyVia</name>
+<syntax>ProxyVia on|off|full|block</syntax>
+<default>ProxyVia off</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+
+<usage>
+<p>This directive controls the use of the <code>Via:</code> HTTP
+header by the proxy. Its intended use is to control the flow of of
+proxy requests along a chain of proxy servers. See RFC2068 (HTTP/1.1)
+for an explanation of <code>Via:</code> header lines.</p>
+
+<ul> <li>If set
+to <em>off</em>, which is the default, no special processing is
+performed. If a request or reply contains a <code>Via:</code> header,
+it is passed through unchanged.</li>
+
+<li>If set to <em>on</em>, each
+request and reply will get a <code>Via:</code> header line added for
+the current host.</li>
+
+<li>If set to <em>full</em>, each generated <code>Via:</code> header
+line will additionally have the Apache server version shown as a
+<code>Via:</code> comment field.</li>
+
+<li>If set to <em>block</em>, every
+proxy request will have all its <code>Via:</code> header lines
+removed. No new <code>Via:</code> header will be generated.</li>
+</ul>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ProxyErrorOverride</name>
+<syntax>ProxyErrorOverride On|Off</syntax>
+<default>ProxyErrorOverride Off</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<compatibility>Available in version 2.0 and later</compatibility>
+
+<usage>
+<p>This directive is useful for reverse-proxy setups, where you want to
+have a common look and feel on the error pages seen by the end user.
+This also allows for included files (via mod_include's SSI) to get
+the error code and act accordingly (default behavior would display
+the error page of the proxied server, turning this on shows the SSI
+Error message).</p>
+</usage>
+</directivesynopsis>
+</modulesynopsis>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE xml:manual [ <!ENTITY nbsp " "> ]>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_rewrite</name>
+
+<description>Provides a rule-based rewriting engine to rewrite requested
+URLs on the fly</description>
+
+<status>Extension</status>
+<sourcefile>mod_rewrite.c</sourcefile>
+<identifier>rewrite_module</identifier>
+<compatibility>Available in Apache 1.3 and later</compatibility>
+
+<summary>
+ <blockquote>
+ <em>``The great thing about mod_rewrite is it gives you
+ all the configurability and flexibility of Sendmail.
+ The downside to mod_rewrite is that it gives you all
+ the configurability and flexibility of Sendmail.''</em>
+
+
+ <div align="RIGHT">
+ -- Brian Behlendorf<br />
+ Apache Group
+ </div>
+ </blockquote>
+
+ <blockquote>
+ <em>`` Despite the tons of examples and docs,
+ mod_rewrite is voodoo. Damned cool voodoo, but still
+ voodoo. ''</em>
+
+ <div align="RIGHT">
+ -- Brian Moore<br />
+ bem@news.cmc.net
+ </div>
+ </blockquote>
+
+
+ <p>Welcome to mod_rewrite, the Swiss Army Knife of URL
+ manipulation!</p>
+
+ <p>This module uses a rule-based rewriting engine (based on a
+ regular-expression parser) to rewrite requested URLs on the
+ fly. It supports an unlimited number of rules and an
+ unlimited number of attached rule conditions for each rule to
+ provide a really flexible and powerful URL manipulation
+ mechanism. The URL manipulations can depend on various tests,
+ for instance server variables, environment variables, HTTP
+ headers, time stamps and even external database lookups in
+ various formats can be used to achieve a really granular URL
+ matching.</p>
+
+ <p>This module operates on the full URLs (including the
+ path-info part) both in per-server context
+ (<code>httpd.conf</code>) and per-directory context
+ (<code>.htaccess</code>) and can even generate query-string
+ parts on result. The rewritten result can lead to internal
+ sub-processing, external request redirection or even to an
+ internal proxy throughput.</p>
+
+ <p>But all this functionality and flexibility has its
+ drawback: complexity. So don't expect to understand this
+ entire module in just one day.</p>
+
+ <p>This module was invented and originally written in April
+ 1996 and gifted exclusively to the The Apache Group in July 1997
+ by</p>
+
+ <blockquote>
+ <a href="http://www.engelschall.com/"><code>Ralf S.
+ Engelschall</code></a><br />
+ <a
+ href="mailto:rse@engelschall.com"><code>rse@engelschall.com</code></a><br />
+ <a
+ href="http://www.engelschall.com/"><code>www.engelschall.com</code></a>
+ </blockquote>
+</summary>
+
+<section id="Internal"><title>Interal Processing</title>
+
+ <p>The internal processing of this module is very complex but
+ needs to be explained once even to the average user to avoid
+ common mistakes and to let you exploit its full
+ functionality.</p>
+
+<section id="InternalAPI"><title>API Phases</title>
+
+ <p>First you have to understand that when Apache processes a
+ HTTP request it does this in phases. A hook for each of these
+ phases is provided by the Apache API. Mod_rewrite uses two of
+ these hooks: the URL-to-filename translation hook which is
+ used after the HTTP request has been read but before any
+ authorization starts and the Fixup hook which is triggered
+ after the authorization phases and after the per-directory
+ config files (<code>.htaccess</code>) have been read, but
+ before the content handler is activated.</p>
+
+ <p>So, after a request comes in and Apache has determined the
+ corresponding server (or virtual server) the rewriting engine
+ starts processing of all mod_rewrite directives from the
+ per-server configuration in the URL-to-filename phase. A few
+ steps later when the final data directories are found, the
+ per-directory configuration directives of mod_rewrite are
+ triggered in the Fixup phase. In both situations mod_rewrite
+ rewrites URLs either to new URLs or to filenames, although
+ there is no obvious distinction between them. This is a usage
+ of the API which was not intended to be this way when the API
+ was designed, but as of Apache 1.x this is the only way
+ mod_rewrite can operate. To make this point more clear
+ remember the following two points:</p>
+
+ <ol>
+ <li>Although mod_rewrite rewrites URLs to URLs, URLs to
+ filenames and even filenames to filenames, the API
+ currently provides only a URL-to-filename hook. In Apache
+ 2.0 the two missing hooks will be added to make the
+ processing more clear. But this point has no drawbacks for
+ the user, it is just a fact which should be remembered:
+ Apache does more in the URL-to-filename hook than the API
+ intends for it.</li>
+
+ <li>
+ Unbelievably mod_rewrite provides URL manipulations in
+ per-directory context, <em>i.e.</em>, within
+ <code>.htaccess</code> files, although these are reached
+ a very long time after the URLs have been translated to
+ filenames. It has to be this way because
+ <code>.htaccess</code> files live in the filesystem, so
+ processing has already reached this stage. In other
+ words: According to the API phases at this time it is too
+ late for any URL manipulations. To overcome this chicken
+ and egg problem mod_rewrite uses a trick: When you
+ manipulate a URL/filename in per-directory context
+ mod_rewrite first rewrites the filename back to its
+ corresponding URL (which is usually impossible, but see
+ the <code>RewriteBase</code> directive below for the
+ trick to achieve this) and then initiates a new internal
+ sub-request with the new URL. This restarts processing of
+ the API phases.
+
+ <p>Again mod_rewrite tries hard to make this complicated
+ step totally transparent to the user, but you should
+ remember here: While URL manipulations in per-server
+ context are really fast and efficient, per-directory
+ rewrites are slow and inefficient due to this chicken and
+ egg problem. But on the other hand this is the only way
+ mod_rewrite can provide (locally restricted) URL
+ manipulations to the average user.</p>
+ </li>
+ </ol>
+
+ <p>Don't forget these two points!</p>
+</section>
+
+<section id="InternalRuleset"><title>Ruleset Processing</title>
+
+ <p>Now when mod_rewrite is triggered in these two API phases, it
+ reads the configured rulesets from its configuration
+ structure (which itself was either created on startup for
+ per-server context or during the directory walk of the Apache
+ kernel for per-directory context). Then the URL rewriting
+ engine is started with the contained ruleset (one or more
+ rules together with their conditions). The operation of the
+ URL rewriting engine itself is exactly the same for both
+ configuration contexts. Only the final result processing is
+ different. </p>
+
+ <p>The order of rules in the ruleset is important because the
+ rewriting engine processes them in a special (and not very
+ obvious) order. The rule is this: The rewriting engine loops
+ through the ruleset rule by rule (<directive
+ module="mod_rewrite">RewriteRule</directive> directives) and
+ when a particular rule matches it optionally loops through
+ existing corresponding conditions (<code>RewriteCond</code>
+ directives). For historical reasons the conditions are given
+ first, and so the control flow is a little bit long-winded. See
+ Figure 1 for more details.</p>
+
+ <div align="CENTER">
+ <table cellspacing="0" cellpadding="2" border="0">
+ <tr>
+ <td bgcolor="#CCCCCC"><img
+ src="../images/mod_rewrite_fig1.gif" width="428"
+ height="385"
+ alt="[Needs graphics capability to display]" /></td>
+ </tr>
+
+ <tr>
+ <td align="CENTER"><strong>Figure 1:</strong> The
+ control flow through the rewriting ruleset</td>
+ </tr>
+ </table>
+ </div>
+
+ <p>As you can see, first the URL is matched against the
+ <em>Pattern</em> of each rule. When it fails mod_rewrite
+ immediately stops processing this rule and continues with the
+ next rule. If the <em>Pattern</em> matches, mod_rewrite looks
+ for corresponding rule conditions. If none are present, it
+ just substitutes the URL with a new value which is
+ constructed from the string <em>Substitution</em> and goes on
+ with its rule-looping. But if conditions exist, it starts an
+ inner loop for processing them in the order that they are
+ listed. For conditions the logic is different: we don't match
+ a pattern against the current URL. Instead we first create a
+ string <em>TestString</em> by expanding variables,
+ back-references, map lookups, <em>etc.</em> and then we try
+ to match <em>CondPattern</em> against it. If the pattern
+ doesn't match, the complete set of conditions and the
+ corresponding rule fails. If the pattern matches, then the
+ next condition is processed until no more conditions are
+ available. If all conditions match, processing is continued
+ with the substitution of the URL with
+ <em>Substitution</em>.</p>
+
+</section>
+
+<section id="quoting"><title>Quoting Special Characters</title>
+
+ <p>As of Apache 1.3.20, special characters in
+ <i>TestString</i> and <i>Substitution</i> strings can be
+ escaped (that is, treated as normal characters without their
+ usual special meaning) by prefixing them with a slosh ('\')
+ character. In other words, you can include an actual
+ dollar-sign character in a <i>Substitution</i> string by
+ using '<code>\$</code>'; this keeps mod_rewrite from trying
+ to treat it as a backreference.</p>
+</section>
+
+<section id="InternalBackRefs"><title>Regex Back-Reference Availability</title>
+
+ <p>One important thing here has to be remembered: Whenever you
+ use parentheses in <em>Pattern</em> or in one of the
+ <em>CondPattern</em>, back-references are internally created
+ which can be used with the strings <code>$N</code> and
+ <code>%N</code> (see below). These are available for creating
+ the strings <em>Substitution</em> and <em>TestString</em>.
+ Figure 2 shows to which locations the back-references are
+ transfered for expansion.</p>
+
+ <div align="CENTER">
+ <table cellspacing="0" cellpadding="2" border="0">
+ <tr>
+ <td bgcolor="#CCCCCC"><img
+ src="../images/mod_rewrite_fig2.gif" width="381"
+ height="179"
+ alt="[Needs graphics capability to display]" /></td>
+ </tr>
+
+ <tr>
+ <td align="CENTER"><strong>Figure 2:</strong> The
+ back-reference flow through a rule</td>
+ </tr>
+ </table>
+ </div>
+
+ <p>We know this was a crash course on mod_rewrite's internal
+ processing. But you will benefit from this knowledge when
+ reading the following documentation of the available
+ directives.</p>
+
+</section>
+</section>
+
+<section id="EnvVar"><title>Environment Variables</title>
+
+ <p>This module keeps track of two additional (non-standard)
+ CGI/SSI environment variables named <code>SCRIPT_URL</code>
+ and <code>SCRIPT_URI</code>. These contain the
+ <em>logical</em> Web-view to the current resource, while the
+ standard CGI/SSI variables <code>SCRIPT_NAME</code> and
+ <code>SCRIPT_FILENAME</code> contain the <em>physical</em>
+ System-view. </p>
+
+ <p>Notice: These variables hold the URI/URL <em>as they were
+ initially requested</em>, <em>i.e.</em>, <em>before</em> any
+ rewriting. This is important because the rewriting process is
+ primarily used to rewrite logical URLs to physical
+ pathnames.</p>
+
+ <p><strong>Example:</strong></p>
+
+<example>
+<pre>
+SCRIPT_NAME=/sw/lib/w3s/tree/global/u/rse/.www/index.html
+SCRIPT_FILENAME=/u/rse/.www/index.html
+SCRIPT_URL=/u/rse/
+SCRIPT_URI=http://en1.engelschall.com/u/rse/
+</pre>
+</example>
+
+</section>
+
+<section id="Solutions"><title>Practical Solutions</title>
+
+ <p>We also have an <a href="../misc/rewriteguide.html">URL
+ Rewriting Guide</a> available, which provides a collection of
+ practical solutions for URL-based problems. There you can
+ find real-life rulesets and additional information about
+ mod_rewrite.</p>
+</section>
+
+
+<directivesynopsis>
+
+<name>RewriteEngine</name>
+
+<summary>Enables or disables runtime rewriting engine</summary>
+
+<syntax>RewriteEngine on|off</syntax>
+<default>RewriteEngine off</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+
+ <p>The <directive>RewriteEngine</directive> directive enables or
+ disables the runtime rewriting engine. If it is set to
+ <code>off</code> this module does no runtime processing at
+ all. It does not even update the <code>SCRIPT_URx</code>
+ environment variables.</p>
+
+ <p>Use this directive to disable the module instead of
+ commenting out all the <directive
+ module="mod_rewrite">RewriteRule</directive> directives!</p>
+
+ <p>Note that, by default, rewrite configurations are not
+ inherited. This means that you need to have a
+ <code>RewriteEngine on</code> directive for each virtual host
+ in which you wish to use it.</p>
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RewriteOptions</name>
+<description>Sets some special options for the rewrite engine</description>
+<syntax>RewriteOptions <em>Options</em></syntax>
+<default>None</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+
+<usage>
+
+ <p>The <directive>RewriteOptions</directive> directive sets some
+ special options for the current per-server or per-directory
+ configuration. The <em>Option</em> strings can be one of the
+ following:</p>
+
+ <ul>
+ <li>'<strong><code>inherit</code></strong>'<br />
+ This forces the current configuration to inherit the
+ configuration of the parent. In per-virtual-server context
+ this means that the maps, conditions and rules of the main
+ server are inherited. In per-directory context this means
+ that conditions and rules of the parent directory's
+ <code>.htaccess</code> configuration are inherited.</li>
+ </ul>
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RewriteLog</name>
+<description>Sets the name of the file used for logging rewrite engine
+processing</description>
+<syntax>RewriteLog <em>file-path</em></syntax>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>RewriteLog</directive> directive sets the name
+ of the file to which the server logs any rewriting actions it
+ performs. If the name does not begin with a slash
+ ('<code>/</code>') then it is assumed to be relative to the
+ <em>Server Root</em>. The directive should occur only once per
+ server config.</p>
+
+<note> To disable the logging of
+ rewriting actions it is not recommended to set
+ <em>Filename</em> to <code>/dev/null</code>, because
+ although the rewriting engine does not then output to a
+ logfile it still creates the logfile output internally.
+ <strong>This will slow down the server with no advantage
+ to the administrator!</strong> To disable logging either
+ remove or comment out the <directive>RewriteLog</directive>
+ directive or use <code>RewriteLogLevel 0</code>!
+</note>
+
+<note><title>Security</title>
+
+See the <a href="../misc/security_tips.html">Apache Security Tips</a>
+document for details on why your security could be compromised if the
+directory where logfiles are stored is writable by anyone other than
+the user that starts the server.
+</note>
+
+<example><title>Example</title>
+RewriteLog "/usr/local/var/apache/logs/rewrite.log"
+</example>
+
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RewriteLogLevel</name>
+<description>Sets the verbosity of the log file used by the rewrite
+engine</description>
+<syntax>RewriteLogLevel <em>Level</em></syntax>
+<default>RerwiteLogLevel 0</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>RewriteLogLevel</directive> directive sets the
+ verbosity level of the rewriting logfile. The default level 0
+ means no logging, while 9 or more means that practically all
+ actions are logged.</p>
+
+ <p>To disable the logging of rewriting actions simply set
+ <em>Level</em> to 0. This disables all rewrite action
+ logs.</p>
+
+<note> Using a high value for
+ <em>Level</em> will slow down your Apache server
+ dramatically! Use the rewriting logfile at a
+ <em>Level</em> greater than 2 only for debugging!
+</note>
+
+<example><title>Example</title>
+RewriteLogLevel 3
+</example>
+
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RewriteLock</name>
+<description>Sets the name of the lock file used for <directive
+module="mod_rewrite">RewriteMap</directive>
+synchronization</description>
+<syntax>RewriteLock <em>file-path</em></syntax>
+<default>None</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>This directive sets the filename for a synchronization
+ lockfile which mod_rewrite needs to communicate with <directive
+ module="mod_rewrite">RewriteMap</directive>
+ <em>programs</em>. Set this lockfile to a local path (not on a
+ NFS-mounted device) when you want to use a rewriting
+ map-program. It is not required for other types of rewriting
+ maps.</p>
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RewriteMap</name>
+<description>Defines a mapping function for key-lookup</description>
+<syntax>RewriteMap <em>MapName</em> <em>MapType</em>:<em>MapSource</em>
+</syntax>
+<default>None</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>RewriteMap</directive> directive defines a
+ <em>Rewriting Map</em> which can be used inside rule
+ substitution strings by the mapping-functions to
+ insert/substitute fields through a key lookup. The source of
+ this lookup can be of various types.</p>
+
+ <p>The <a id="mapfunc" name="mapfunc"><em>MapName</em></a> is
+ the name of the map and will be used to specify a
+ mapping-function for the substitution strings of a rewriting
+ rule via one of the following constructs:</p>
+
+ <blockquote>
+ <strong><code>${</code> <em>MapName</em> <code>:</code>
+ <em>LookupKey</em> <code>}</code><br />
+ <code>${</code> <em>MapName</em> <code>:</code>
+ <em>LookupKey</em> <code>|</code> <em>DefaultValue</em>
+ <code>}</code></strong>
+ </blockquote>
+
+ <p>When such a construct occurs the map <em>MapName</em> is
+ consulted and the key <em>LookupKey</em> is looked-up. If the
+ key is found, the map-function construct is substituted by
+ <em>SubstValue</em>. If the key is not found then it is
+ substituted by <em>DefaultValue</em> or by the empty string
+ if no <em>DefaultValue</em> was specified.</p>
+
+ <p>The following combinations for <em>MapType</em> and
+ <em>MapSource</em> can be used:</p>
+
+ <ul>
+ <li>
+ <strong>Standard Plain Text</strong><br />
+ MapType: <code>txt</code>, MapSource: Unix filesystem
+ path to valid regular file
+
+ <p>This is the standard rewriting map feature where the
+ <em>MapSource</em> is a plain ASCII file containing
+ either blank lines, comment lines (starting with a '#'
+ character) or pairs like the following - one per
+ line.</p>
+
+ <blockquote>
+ <strong><em>MatchingKey</em>
+ <em>SubstValue</em></strong>
+ </blockquote>
+
+<example><title>Example</title>
+<pre>
+##
+## map.txt -- rewriting map
+##
+
+Ralf.S.Engelschall rse # Bastard Operator From Hell
+Mr.Joe.Average joe # Mr. Average
+</pre>
+</example>
+
+<example>
+RewriteMap real-to-user txt:/path/to/file/map.txt
+</example>
+ </li>
+
+ <li>
+ <strong>Randomized Plain Text</strong><br />
+ MapType: <code>rnd</code>, MapSource: Unix filesystem
+ path to valid regular file
+
+ <p>This is identical to the Standard Plain Text variant
+ above but with a special post-processing feature: After
+ looking up a value it is parsed according to contained
+ ``<code>|</code>'' characters which have the meaning of
+ ``or''. In other words they indicate a set of
+ alternatives from which the actual returned value is
+ chosen randomly. Although this sounds crazy and useless,
+ it was actually designed for load balancing in a reverse
+ proxy situation where the looked up values are server
+ names. Example:</p>
+
+<example>
+<pre>
+##
+## map.txt -- rewriting map
+##
+
+static www1|www2|www3|www4
+dynamic www5|www6
+</pre>
+</example>
+
+<example>
+RewriteMap servers rnd:/path/to/file/map.txt
+</example>
+ </li>
+
+ <li>
+ <strong>Hash File</strong><br />
+ MapType: <code>dbm</code>, MapSource: Unix filesystem
+ path to valid regular file
+
+ <p>Here the source is a binary NDBM format file
+ containing the same contents as a <em>Plain Text</em>
+ format file, but in a special representation which is
+ optimized for really fast lookups. You can create such a
+ file with any NDBM tool or with the following Perl
+ script:</p>
+
+<example>
+<pre>
+#!/path/to/bin/perl
+##
+## txt2dbm -- convert txt map to dbm format
+##
+
+use NDBM_File;
+use Fcntl;
+
+($txtmap, $dbmmap) = @ARGV;
+
+open(TXT, "<$txtmap") or die "Couldn't open $txtmap!\n";
+tie (%DB, 'NDBM_File', $dbmmap,O_RDWR|O_TRUNC|O_CREAT, 0644) or die "Couldn't create $dbmmap!\n";
+
+while (<TXT>) {
+ next if (/^\s*#/ or /^\s*$/);
+ $DB{$1} = $2 if (/^\s*(\S+)\s+(\S+)/);
+}
+
+untie %DB;
+close(TXT);
+</pre>
+</example>
+
+<example>
+$ txt2dbm map.txt map.db
+</example>
+ </li>
+
+ <li>
+ <strong>Internal Function</strong><br />
+ MapType: <code>int</code>, MapSource: Internal Apache
+ function
+
+ <p>Here the source is an internal Apache function.
+ Currently you cannot create your own, but the following
+ functions already exists:</p>
+
+ <ul>
+ <li><strong>toupper</strong>:<br />
+ Converts the looked up key to all upper case.</li>
+
+ <li><strong>tolower</strong>:<br />
+ Converts the looked up key to all lower case.</li>
+
+ <li><strong>escape</strong>:<br />
+ Translates special characters in the looked up key to
+ hex-encodings.</li>
+
+ <li><strong>unescape</strong>:<br />
+ Translates hex-encodings in the looked up key back to
+ special characters.</li>
+ </ul>
+ </li>
+
+ <li>
+ <strong>External Rewriting Program</strong><br />
+ MapType: <code>prg</code>, MapSource: Unix filesystem
+ path to valid regular file
+
+ <p>Here the source is a program, not a map file. To
+ create it you can use the language of your choice, but
+ the result has to be a executable (<em>i.e.</em>, either
+ object-code or a script with the magic cookie trick
+ '<code>#!/path/to/interpreter</code>' as the first
+ line).</p>
+
+ <p>This program is started once at startup of the Apache
+ servers and then communicates with the rewriting engine
+ over its <code>stdin</code> and <code>stdout</code>
+ file-handles. For each map-function lookup it will
+ receive the key to lookup as a newline-terminated string
+ on <code>stdin</code>. It then has to give back the
+ looked-up value as a newline-terminated string on
+ <code>stdout</code> or the four-character string
+ ``<code>NULL</code>'' if it fails (<em>i.e.</em>, there
+ is no corresponding value for the given key). A trivial
+ program which will implement a 1:1 map (<em>i.e.</em>,
+ key == value) could be:</p>
+
+<example>
+<pre>
+#!/usr/bin/perl
+$| = 1;
+while (<STDIN>) {
+ # ...put here any transformations or lookups...
+ print $_;
+}
+</pre>
+</example>
+
+ <p>But be very careful:</p>
+
+ <ol>
+ <li>``<em>Keep it simple, stupid</em>'' (KISS), because
+ if this program hangs it will hang the Apache server
+ when the rule occurs.</li>
+
+ <li>Avoid one common mistake: never do buffered I/O on
+ <code>stdout</code>! This will cause a deadloop! Hence
+ the ``<code>$|=1</code>'' in the above example...</li>
+
+ <li>Use the <directive
+ module="mod_rewrite">RewriteLock</directive> directive to
+ define a lockfile mod_rewrite can use to synchronize the
+ communication to the program. By default no such
+ synchronization takes place.</li>
+ </ol>
+ </li>
+ </ul>
+ The <directive>RewriteMap</directive> directive can occur more than
+ once. For each mapping-function use one
+ <directive>RewriteMap</directive> directive to declare its rewriting
+ mapfile. While you cannot <strong>declare</strong> a map in
+ per-directory context it is of course possible to
+ <strong>use</strong> this map in per-directory context.
+
+<note><title>Note</title> For plain text and DBM format files the
+looked-up keys are cached in-core until the <code>mtime</code> of the
+mapfile changes or the server does a restart. This way you can have
+map-functions in rules which are used for <strong>every</strong>
+request. This is no problem, because the external lookup only happens
+once!
+</note>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RewriteBase</name>
+<description>Sets the base URL for per-directory rewrites</description>
+<syntax>RewriteBase <em>URL-path</em></syntax>
+<default>RewriteBase <em>physical-directory-path</em></default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>The <directive>RewriteBase</directive> directive explicitly
+ sets the base URL for per-directory rewrites. As you will see
+ below, <directive module="mod_rewrite">RewriteRule</directive>
+ can be used in per-directory config files
+ (<code>.htaccess</code>). There it will act locally,
+ <em>i.e.</em>, the local directory prefix is stripped at this
+ stage of processing and your rewriting rules act only on the
+ remainder. At the end it is automatically added back to the
+ path.</p>
+
+ <p>When a substitution occurs for a new URL, this module has
+ to re-inject the URL into the server processing. To be able
+ to do this it needs to know what the corresponding URL-prefix
+ or URL-base is. By default this prefix is the corresponding
+ filepath itself. <strong>But at most websites URLs are NOT
+ directly related to physical filename paths, so this
+ assumption will usually be wrong!</strong> There you have to
+ use the <code>RewriteBase</code> directive to specify the
+ correct URL-prefix.</p>
+
+<note> If your webserver's URLs are <strong>not</strong> directly
+related to physical file paths, you have to use
+<directive>RewriteBase</directive> in every <code>.htaccess</code>
+files where you want to use <directive
+module="mod_rewrite">RewriteRule</directive> directives.
+</note>
+
+ <p> For example, assume the following per-directory config file:</p>
+
+<example>
+<pre>
+#
+# /abc/def/.htaccess -- per-dir config file for directory /abc/def
+# Remember: /abc/def is the physical path of /xyz, <em>i.e.</em>, the server
+# has a 'Alias /xyz /abc/def' directive <em>e.g.</em>
+#
+
+RewriteEngine On
+
+# let the server know that we were reached via /xyz and not
+# via the physical path prefix /abc/def
+RewriteBase /xyz
+
+# now the rewriting rules
+RewriteRule ^oldstuff\.html$ newstuff.html
+</pre>
+</example>
+
+ <p>In the above example, a request to
+ <code>/xyz/oldstuff.html</code> gets correctly rewritten to
+ the physical file <code>/abc/def/newstuff.html</code>.</p>
+
+<note><title>For Apache Hackers</title>
+<p>The following list gives detailed information about
+ the internal processing steps:</p>
+<pre>
+<font size="-1">Request:
+ /xyz/oldstuff.html
+
+Internal Processing:
+ /xyz/oldstuff.html -> /abc/def/oldstuff.html (per-server Alias)
+ /abc/def/oldstuff.html -> /abc/def/newstuff.html (per-dir RewriteRule)
+ /abc/def/newstuff.html -> /xyz/newstuff.html (per-dir RewriteBase)
+ /xyz/newstuff.html -> /abc/def/newstuff.html (per-server Alias)
+
+Result:
+ /abc/def/newstuff.html
+</font>
+</pre>
+ <p><font size="-1">This seems very complicated but is
+ the correct Apache internal processing, because the
+ per-directory rewriting comes too late in the
+ process. So, when it occurs the (rewritten) request
+ has to be re-injected into the Apache kernel! BUT:
+ While this seems like a serious overhead, it really
+ isn't, because this re-injection happens fully
+ internally to the Apache server and the same
+ procedure is used by many other operations inside
+ Apache. So, you can be sure the design and
+ implementation is correct.</font></p>
+</note>
+
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RewriteCond</name>
+<description>Defines a condition under which rewriting will take place
+</description>
+<syntax> RewriteCond
+ <em>TestString</em> <em>CondPattern</em></syntax>
+<default>None</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>The <directive>RewriteCond</directive> directive defines a
+ rule condition. Precede a <directive
+ module="mod_rewrite">RewriteRule</directive> directive with one
+ or more <directive>RewriteCond</directive> directives. The following
+ rewriting rule is only used if its pattern matches the current
+ state of the URI <strong>and</strong> if these additional
+ conditions apply too.</p>
+
+ <p><em>TestString</em> is a string which can contains the
+ following expanded constructs in addition to plain text:</p>
+
+ <ul>
+ <li>
+ <strong>RewriteRule backreferences</strong>: These are
+ backreferences of the form
+
+ <blockquote>
+ <strong><code>$N</code></strong>
+ </blockquote>
+ (0 <= N <= 9) which provide access to the grouped
+ parts (parenthesis!) of the pattern from the
+ corresponding <code>RewriteRule</code> directive (the one
+ following the current bunch of <code>RewriteCond</code>
+ directives).
+ </li>
+
+ <li>
+ <strong>RewriteCond backreferences</strong>: These are
+ backreferences of the form
+
+ <blockquote>
+ <strong><code>%N</code></strong>
+ </blockquote>
+ (1 <= N <= 9) which provide access to the grouped
+ parts (parentheses!) of the pattern from the last matched
+ <code>RewriteCond</code> directive in the current bunch
+ of conditions.
+ </li>
+
+ <li>
+ <strong>RewriteMap expansions</strong>: These are
+ expansions of the form
+
+ <blockquote>
+ <strong><code>${mapname:key|default}</code></strong>
+ </blockquote>
+ See <a href="#mapfunc">the documentation for
+ RewriteMap</a> for more details.
+ </li>
+
+ <li>
+ <strong>Server-Variables</strong>: These are variables of
+ the form
+
+ <blockquote>
+ <strong><code>%{</code> <em>NAME_OF_VARIABLE</em>
+ <code>}</code></strong>
+ </blockquote>
+ where <em>NAME_OF_VARIABLE</em> can be a string taken
+ from the following list:
+
+ <table bgcolor="#F0F0F0" cellspacing="0" cellpadding="5">
+ <tr>
+ <td valign="TOP">
+ <strong>HTTP headers:</strong>
+
+ <p><font size="-1">HTTP_USER_AGENT<br />
+ HTTP_REFERER<br />
+ HTTP_COOKIE<br />
+ HTTP_FORWARDED<br />
+ HTTP_HOST<br />
+ HTTP_PROXY_CONNECTION<br />
+ HTTP_ACCEPT<br />
+ </font></p>
+ </td>
+
+ <td valign="TOP">
+ <strong>connection & request:</strong>
+
+ <p><font size="-1">REMOTE_ADDR<br />
+ REMOTE_HOST<br />
+ REMOTE_USER<br />
+ REMOTE_IDENT<br />
+ REQUEST_METHOD<br />
+ SCRIPT_FILENAME<br />
+ PATH_INFO<br />
+ QUERY_STRING<br />
+ AUTH_TYPE<br />
+ </font></p>
+ </td>
+ </tr>
+
+ <tr>
+ <td valign="TOP">
+ <strong>server internals:</strong>
+
+ <p><font size="-1">DOCUMENT_ROOT<br />
+ SERVER_ADMIN<br />
+ SERVER_NAME<br />
+ SERVER_ADDR<br />
+ SERVER_PORT<br />
+ SERVER_PROTOCOL<br />
+ SERVER_SOFTWARE<br />
+ </font></p>
+ </td>
+
+ <td valign="TOP">
+ <strong>system stuff:</strong>
+
+ <p><font size="-1">TIME_YEAR<br />
+ TIME_MON<br />
+ TIME_DAY<br />
+ TIME_HOUR<br />
+ TIME_MIN<br />
+ TIME_SEC<br />
+ TIME_WDAY<br />
+ TIME<br />
+ </font></p>
+ </td>
+
+ <td valign="TOP">
+ <strong>specials:</strong>
+
+ <p><font size="-1">API_VERSION<br />
+ THE_REQUEST<br />
+ REQUEST_URI<br />
+ REQUEST_FILENAME<br />
+ IS_SUBREQ<br />
+ </font></p>
+ </td>
+ </tr>
+ </table>
+
+<note>
+ <p>These variables all
+ correspond to the similarly named HTTP
+ MIME-headers, C variables of the Apache server or
+ <code>struct tm</code> fields of the Unix system.
+ Most are documented elsewhere in the Manual or in
+ the CGI specification. Those that are special to
+ mod_rewrite include:</p>
+
+ <dl>
+ <dt><code>IS_SUBREQ</code></dt>
+
+ <dd>Will contain the text "true" if the request
+ currently being processed is a sub-request,
+ "false" otherwise. Sub-requests may be generated
+ by modules that need to resolve additional files
+ or URIs in order to complete their tasks.</dd>
+
+ <dt><code>API_VERSION</code></dt>
+
+ <dd>This is the version of the Apache module API
+ (the internal interface between server and
+ module) in the current httpd build, as defined in
+ include/ap_mmn.h. The module API version
+ corresponds to the version of Apache in use (in
+ the release version of Apache 1.3.14, for
+ instance, it is 19990320:10), but is mainly of
+ interest to module authors.</dd>
+
+ <dt><code>THE_REQUEST</code></dt>
+
+ <dd>The full HTTP request line sent by the
+ browser to the server (e.g., "<code>GET
+ /index.html HTTP/1.1</code>"). This does not
+ include any additional headers sent by the
+ browser.</dd>
+
+ <dt><code>REQUEST_URI</code></dt>
+
+ <dd>The resource requested in the HTTP request
+ line. (In the example above, this would be
+ "/index.html".)</dd>
+
+ <dt><code>REQUEST_FILENAME</code></dt>
+
+ <dd>The full local filesystem path to the file or
+ script matching the request.</dd>
+ </dl>
+</note>
+ </li>
+ </ul>
+
+ <p>Special Notes:</p>
+
+ <ol>
+ <li>The variables SCRIPT_FILENAME and REQUEST_FILENAME
+ contain the same value, <em>i.e.</em>, the value of the
+ <code>filename</code> field of the internal
+ <code>request_rec</code> structure of the Apache server.
+ The first name is just the commonly known CGI variable name
+ while the second is the consistent counterpart to
+ REQUEST_URI (which contains the value of the
+ <code>uri</code> field of <code>request_rec</code>).</li>
+
+ <li>There is the special format:
+ <code>%{ENV:variable}</code> where <em>variable</em> can be
+ any environment variable. This is looked-up via internal
+ Apache structures and (if not found there) via
+ <code>getenv()</code> from the Apache server process.</li>
+
+ <li>There is the special format:
+ <code>%{HTTP:header}</code> where <em>header</em> can be
+ any HTTP MIME-header name. This is looked-up from the HTTP
+ request. Example: <code>%{HTTP:Proxy-Connection}</code> is
+ the value of the HTTP header
+ ``<code>Proxy-Connection:</code>''.</li>
+
+ <li>There is the special format
+ <code>%{LA-U:variable}</code> for look-aheads which perform
+ an internal (URL-based) sub-request to determine the final
+ value of <em>variable</em>. Use this when you want to use a
+ variable for rewriting which is actually set later in an
+ API phase and thus is not available at the current stage.
+ For instance when you want to rewrite according to the
+ <code>REMOTE_USER</code> variable from within the
+ per-server context (<code>httpd.conf</code> file) you have
+ to use <code>%{LA-U:REMOTE_USER}</code> because this
+ variable is set by the authorization phases which come
+ <em>after</em> the URL translation phase where mod_rewrite
+ operates. On the other hand, because mod_rewrite implements
+ its per-directory context (<code>.htaccess</code> file) via
+ the Fixup phase of the API and because the authorization
+ phases come <em>before</em> this phase, you just can use
+ <code>%{REMOTE_USER}</code> there.</li>
+
+ <li>There is the special format:
+ <code>%{LA-F:variable}</code> which performs an internal
+ (filename-based) sub-request to determine the final value
+ of <em>variable</em>. Most of the time this is the same as
+ LA-U above.</li>
+ </ol>
+
+ <p><em>CondPattern</em> is the condition pattern,
+ <em>i.e.</em>, a regular expression which is applied to the
+ current instance of the <em>TestString</em>, <em>i.e.</em>,
+ <em>TestString</em> is evaluated and then matched against
+ <em>CondPattern</em>.</p>
+
+ <p><strong>Remember:</strong> <em>CondPattern</em> is a
+ standard <em>Extended Regular Expression</em> with some
+ additions:</p>
+
+ <ol>
+ <li>You can prefix the pattern string with a
+ '<code>!</code>' character (exclamation mark) to specify a
+ <strong>non</strong>-matching pattern.</li>
+
+ <li>
+ There are some special variants of <em>CondPatterns</em>.
+ Instead of real regular expression strings you can also
+ use one of the following:
+
+ <ul>
+ <li>'<strong><CondPattern</strong>' (is lexically
+ lower)<br />
+ Treats the <em>CondPattern</em> as a plain string and
+ compares it lexically to <em>TestString</em>. True if
+ <em>TestString</em> is lexically lower than
+ <em>CondPattern</em>.</li>
+
+ <li>'<strong>>CondPattern</strong>' (is lexically
+ greater)<br />
+ Treats the <em>CondPattern</em> as a plain string and
+ compares it lexically to <em>TestString</em>. True if
+ <em>TestString</em> is lexically greater than
+ <em>CondPattern</em>.</li>
+
+ <li>'<strong>=CondPattern</strong>' (is lexically
+ equal)<br />
+ Treats the <em>CondPattern</em> as a plain string and
+ compares it lexically to <em>TestString</em>. True if
+ <em>TestString</em> is lexically equal to
+ <em>CondPattern</em>, i.e the two strings are exactly
+ equal (character by character). If <em>CondPattern</em>
+ is just <samp>""</samp> (two quotation marks) this
+ compares <em>TestString</em> to the empty string.</li>
+
+ <li>'<strong>-d</strong>' (is
+ <strong>d</strong>irectory)<br />
+ Treats the <em>TestString</em> as a pathname and tests
+ if it exists and is a directory.</li>
+
+ <li>'<strong>-f</strong>' (is regular
+ <strong>f</strong>ile)<br />
+ Treats the <em>TestString</em> as a pathname and tests
+ if it exists and is a regular file.</li>
+
+ <li>'<strong>-s</strong>' (is regular file with
+ <strong>s</strong>ize)<br />
+ Treats the <em>TestString</em> as a pathname and tests
+ if it exists and is a regular file with size greater
+ than zero.</li>
+
+ <li>'<strong>-l</strong>' (is symbolic
+ <strong>l</strong>ink)<br />
+ Treats the <em>TestString</em> as a pathname and tests
+ if it exists and is a symbolic link.</li>
+
+ <li>'<strong>-F</strong>' (is existing file via
+ subrequest)<br />
+ Checks if <em>TestString</em> is a valid file and
+ accessible via all the server's currently-configured
+ access controls for that path. This uses an internal
+ subrequest to determine the check, so use it with care
+ because it decreases your servers performance!</li>
+
+ <li>'<strong>-U</strong>' (is existing URL via
+ subrequest)<br />
+ Checks if <em>TestString</em> is a valid URL and
+ accessible via all the server's currently-configured
+ access controls for that path. This uses an internal
+ subrequest to determine the check, so use it with care
+ because it decreases your server's performance!</li>
+ </ul>
+
+<note><title>Notice</title>
+ All of these tests can
+ also be prefixed by an exclamation mark ('!') to
+ negate their meaning.
+</note>
+ </li>
+ </ol>
+
+ <p>Additionally you can set special flags for
+ <em>CondPattern</em> by appending</p>
+
+ <blockquote>
+ <strong><code>[</code><em>flags</em><code>]</code></strong>
+ </blockquote>
+ as the third argument to the <code>RewriteCond</code>
+ directive. <em>Flags</em> is a comma-separated list of the
+ following flags:
+
+ <ul>
+ <li>'<strong><code>nocase|NC</code></strong>'
+ (<strong>n</strong>o <strong>c</strong>ase)<br />
+ This makes the test case-insensitive, <em>i.e.</em>, there
+ is no difference between 'A-Z' and 'a-z' both in the
+ expanded <em>TestString</em> and the <em>CondPattern</em>.
+ This flag is effective only for comparisons between
+ <em>TestString</em> and <em>CondPattern</em>. It has no
+ effect on filesystem and subrequest checks.</li>
+
+ <li>
+ '<strong><code>ornext|OR</code></strong>'
+ (<strong>or</strong> next condition)<br />
+ Use this to combine rule conditions with a local OR
+ instead of the implicit AND. Typical example:
+
+<example>
+<pre>
+RewriteCond %{REMOTE_HOST} ^host1.* [OR]
+RewriteCond %{REMOTE_HOST} ^host2.* [OR]
+RewriteCond %{REMOTE_HOST} ^host3.*
+RewriteRule ...some special stuff for any of these hosts...
+</pre>
+</example>
+
+ Without this flag you would have to write the cond/rule
+ three times.
+ </li>
+ </ul>
+
+ <p><strong>Example:</strong></p>
+
+ <p>To rewrite the Homepage of a site according to the
+ ``<code>User-Agent:</code>'' header of the request, you can
+ use the following: </p>
+
+<example>
+<pre>
+RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*
+RewriteRule ^/$ /homepage.max.html [L]
+
+RewriteCond %{HTTP_USER_AGENT} ^Lynx.*
+RewriteRule ^/$ /homepage.min.html [L]
+
+RewriteRule ^/$ /homepage.std.html [L]
+</pre>
+</example>
+
+ <p>Interpretation: If you use Netscape Navigator as your
+ browser (which identifies itself as 'Mozilla'), then you
+ get the max homepage, which includes Frames, <em>etc.</em>
+ If you use the Lynx browser (which is Terminal-based), then
+ you get the min homepage, which contains no images, no
+ tables, <em>etc.</em> If you use any other browser you get
+ the standard homepage.</p>
+
+</usage>
+
+</directivesynopsis>
+
+<directivesynopsis>
+<name>RewriteRule</name>
+<description>Defines rules for the rewriting engine</description>
+<syntax>RewriteRule
+ <em>Pattern</em> <em>Substitution</em></syntax>
+<default>None</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context><context>.htaccess</context></contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>The <directive>RewriteRule</directive> directive is the real
+ rewriting workhorse. The directive can occur more than once.
+ Each directive then defines one single rewriting rule. The
+ <strong>definition order</strong> of these rules is
+ <strong>important</strong>, because this order is used when
+ applying the rules at run-time.</p>
+
+ <p><a id="patterns" name="patterns"><em>Pattern</em></a> can
+ be (for Apache 1.1.x a System V8 and for Apache 1.2.x and
+ later a POSIX) <a id="regexp" name="regexp">regular
+ expression</a> which gets applied to the current URL. Here
+ ``current'' means the value of the URL when this rule gets
+ applied. This may not be the originally requested URL,
+ because any number of rules may already have matched and made
+ alterations to it.</p>
+
+ <p>Some hints about the syntax of regular expressions:</p>
+
+ <table bgcolor="#F0F0F0" cellspacing="0" cellpadding="5">
+ <tr>
+ <td valign="TOP">
+<pre>
+<strong>Text:</strong>
+ <strong><code>.</code></strong> Any single character
+ <strong><code>[</code></strong>chars<strong><code>]</code></strong> Character class: One of chars
+ <strong><code>[^</code></strong>chars<strong><code>]</code></strong> Character class: None of chars
+ text1<strong><code>|</code></strong>text2 Alternative: text1 or text2
+
+<strong>Quantifiers:</strong>
+ <strong><code>?</code></strong> 0 or 1 of the preceding text
+ <strong><code>*</code></strong> 0 or N of the preceding text (N > 0)
+ <strong><code>+</code></strong> 1 or N of the preceding text (N > 1)
+
+<strong>Grouping:</strong>
+ <strong><code>(</code></strong>text<strong><code>)</code></strong> Grouping of text
+ (either to set the borders of an alternative or
+ for making backreferences where the <strong>N</strong>th group can
+ be used on the RHS of a RewriteRule with <code>$</code><strong>N</strong>)
+
+<strong>Anchors:</strong>
+ <strong><code>^</code></strong> Start of line anchor
+ <strong><code>$</code></strong> End of line anchor
+
+<strong>Escaping:</strong>
+ <strong><code>\</code></strong>char escape that particular char
+ (for instance to specify the chars "<code>.[]()</code>" <em>etc.</em>)
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p>For more information about regular expressions either have
+ a look at your local regex(3) manpage or its
+ <code>src/regex/regex.3</code> copy in the Apache 1.3
+ distribution. If you are interested in more detailed
+ information about regular expressions and their variants
+ (POSIX regex, Perl regex, <em>etc.</em>) have a look at the
+ following dedicated book on this topic:</p>
+
+ <blockquote>
+ <em>Mastering Regular Expressions</em><br />
+ Jeffrey E.F. Friedl<br />
+ Nutshell Handbook Series<br />
+ O'Reilly & Associates, Inc. 1997<br />
+ ISBN 1-56592-257-3<br />
+ </blockquote>
+
+ <p>Additionally in mod_rewrite the NOT character
+ ('<code>!</code>') is a possible pattern prefix. This gives
+ you the ability to negate a pattern; to say, for instance:
+ ``<em>if the current URL does <strong>NOT</strong> match this
+ pattern</em>''. This can be used for exceptional cases, where
+ it is easier to match the negative pattern, or as a last
+ default rule.</p>
+
+<note><title>Notice</title>
+When using the NOT character
+ to negate a pattern you cannot have grouped wildcard
+ parts in the pattern. This is impossible because when the
+ pattern does NOT match, there are no contents for the
+ groups. In consequence, if negated patterns are used, you
+ cannot use <code>$N</code> in the substitution
+ string!
+</note>
+
+ <p><a id="rhs" name="rhs"><em>Substitution</em></a> of a
+ rewriting rule is the string which is substituted for (or
+ replaces) the original URL for which <em>Pattern</em>
+ matched. Beside plain text you can use</p>
+
+ <ol>
+ <li>back-references <code>$N</code> to the RewriteRule
+ pattern</li>
+
+ <li>back-references <code>%N</code> to the last matched
+ RewriteCond pattern</li>
+
+ <li>server-variables as in rule condition test-strings
+ (<code>%{VARNAME}</code>)</li>
+
+ <li><a href="#mapfunc">mapping-function</a> calls
+ (<code>${mapname:key|default}</code>)</li>
+ </ol>
+ Back-references are <code>$</code><strong>N</strong>
+ (<strong>N</strong>=0..9) identifiers which will be replaced
+ by the contents of the <strong>N</strong>th group of the
+ matched <em>Pattern</em>. The server-variables are the same
+ as for the <em>TestString</em> of a <code>RewriteCond</code>
+ directive. The mapping-functions come from the
+ <code>RewriteMap</code> directive and are explained there.
+ These three types of variables are expanded in the order of
+ the above list.
+
+ <p>As already mentioned above, all the rewriting rules are
+ applied to the <em>Substitution</em> (in the order of
+ definition in the config file). The URL is <strong>completely
+ replaced</strong> by the <em>Substitution</em> and the
+ rewriting process goes on until there are no more rules
+ unless explicitly terminated by a
+ <code><strong>L</strong></code> flag - see below.</p>
+
+ <p>There is a special substitution string named
+ '<code>-</code>' which means: <strong>NO
+ substitution</strong>! Sounds silly? No, it is useful to
+ provide rewriting rules which <strong>only</strong> match
+ some URLs but do no substitution, <em>e.g.</em>, in
+ conjunction with the <strong>C</strong> (chain) flag to be
+ able to have more than one pattern to be applied before a
+ substitution occurs.</p>
+
+ <p>One more note: You can even create URLs in the
+ substitution string containing a query string part. Just use
+ a question mark inside the substitution string to indicate
+ that the following stuff should be re-injected into the
+ QUERY_STRING. When you want to erase an existing query
+ string, end the substitution string with just the question
+ mark.</p>
+
+<note><title>Note</title>
+There is a special feature:
+ When you prefix a substitution field with
+ <code>http://</code><em>thishost</em>[<em>:thisport</em>]
+ then <strong>mod_rewrite</strong> automatically strips it
+ out. This auto-reduction on implicit external redirect
+ URLs is a useful and important feature when used in
+ combination with a mapping-function which generates the
+ hostname part. Have a look at the first example in the
+ example section below to understand this.
+</note>
+
+<note><title>Remember</title>
+ An unconditional external
+ redirect to your own server will not work with the prefix
+ <code>http://thishost</code> because of this feature. To
+ achieve such a self-redirect, you have to use the
+ <strong>R</strong>-flag (see below).
+</note>
+
+ <p>Additionally you can set special flags for
+ <em>Substitution</em> by appending</p>
+
+ <blockquote>
+ <strong><code>[</code><em>flags</em><code>]</code></strong>
+ </blockquote>
+ as the third argument to the <code>RewriteRule</code>
+ directive. <em>Flags</em> is a comma-separated list of the
+ following flags:
+
+ <ul>
+ <li>
+ '<strong><code>redirect|R</code>
+ [=<em>code</em>]</strong>' (force <a id="redirect"
+ name="redirect"><strong>r</strong>edirect</a>)<br />
+ Prefix <em>Substitution</em> with
+ <code>http://thishost[:thisport]/</code> (which makes the
+ new URL a URI) to force a external redirection. If no
+ <em>code</em> is given a HTTP response of 302 (MOVED
+ TEMPORARILY) is used. If you want to use other response
+ codes in the range 300-400 just specify them as a number
+ or use one of the following symbolic names:
+ <code>temp</code> (default), <code>permanent</code>,
+ <code>seeother</code>. Use it for rules which should
+ canonicalize the URL and give it back to the client,
+ <em>e.g.</em>, translate ``<code>/~</code>'' into
+ ``<code>/u/</code>'' or always append a slash to
+ <code>/u/</code><em>user</em>, etc.<br />
+
+
+ <p><strong>Note:</strong> When you use this flag, make
+ sure that the substitution field is a valid URL! If not,
+ you are redirecting to an invalid location! And remember
+ that this flag itself only prefixes the URL with
+ <code>http://thishost[:thisport]/</code>, rewriting
+ continues. Usually you also want to stop and do the
+ redirection immediately. To stop the rewriting you also
+ have to provide the 'L' flag.</p>
+ </li>
+
+ <li>'<strong><code>forbidden|F</code></strong>' (force URL
+ to be <strong>f</strong>orbidden)<br />
+ This forces the current URL to be forbidden,
+ <em>i.e.</em>, it immediately sends back a HTTP response of
+ 403 (FORBIDDEN). Use this flag in conjunction with
+ appropriate RewriteConds to conditionally block some
+ URLs.</li>
+
+ <li>'<strong><code>gone|G</code></strong>' (force URL to be
+ <strong>g</strong>one)<br />
+ This forces the current URL to be gone, <em>i.e.</em>, it
+ immediately sends back a HTTP response of 410 (GONE). Use
+ this flag to mark pages which no longer exist as gone.</li>
+
+ <li>
+ '<strong><code>proxy|P</code></strong>' (force
+ <strong>p</strong>roxy)<br />
+ This flag forces the substitution part to be internally
+ forced as a proxy request and immediately (<em>i.e.</em>,
+ rewriting rule processing stops here) put through the <a
+ href="mod_proxy.html">proxy module</a>. You have to make
+ sure that the substitution string is a valid URI
+ (<em>e.g.</em>, typically starting with
+ <code>http://</code><em>hostname</em>) which can be
+ handled by the Apache proxy module. If not you get an
+ error from the proxy module. Use this flag to achieve a
+ more powerful implementation of the <a
+ href="mod_proxy.html#proxypass">ProxyPass</a> directive,
+ to map some remote stuff into the namespace of the local
+ server.
+
+ <p>Notice: To use this functionality make sure you have
+ the proxy module compiled into your Apache server
+ program. If you don't know please check whether
+ <code>mod_proxy.c</code> is part of the ``<code>httpd
+ -l</code>'' output. If yes, this functionality is
+ available to mod_rewrite. If not, then you first have to
+ rebuild the ``<code>httpd</code>'' program with mod_proxy
+ enabled.</p>
+ </li>
+
+ <li>'<strong><code>last|L</code></strong>'
+ (<strong>l</strong>ast rule)<br />
+ Stop the rewriting process here and don't apply any more
+ rewriting rules. This corresponds to the Perl
+ <code>last</code> command or the <code>break</code> command
+ from the C language. Use this flag to prevent the currently
+ rewritten URL from being rewritten further by following
+ rules. For example, use it to rewrite the root-path URL
+ ('<code>/</code>') to a real one, <em>e.g.</em>,
+ '<code>/e/www/</code>'.</li>
+
+ <li>'<strong><code>next|N</code></strong>'
+ (<strong>n</strong>ext round)<br />
+ Re-run the rewriting process (starting again with the
+ first rewriting rule). Here the URL to match is again not
+ the original URL but the URL from the last rewriting rule.
+ This corresponds to the Perl <code>next</code> command or
+ the <code>continue</code> command from the C language. Use
+ this flag to restart the rewriting process, <em>i.e.</em>,
+ to immediately go to the top of the loop.<br />
+ <strong>But be careful not to create an infinite
+ loop!</strong></li>
+
+ <li>'<strong><code>chain|C</code></strong>'
+ (<strong>c</strong>hained with next rule)<br />
+ This flag chains the current rule with the next rule
+ (which itself can be chained with the following rule,
+ <em>etc.</em>). This has the following effect: if a rule
+ matches, then processing continues as usual, <em>i.e.</em>,
+ the flag has no effect. If the rule does
+ <strong>not</strong> match, then all following chained
+ rules are skipped. For instance, use it to remove the
+ ``<code>.www</code>'' part inside a per-directory rule set
+ when you let an external redirect happen (where the
+ ``<code>.www</code>'' part should not to occur!).</li>
+
+ <li>
+ '<strong><code>type|T</code></strong>=<em>MIME-type</em>'
+ (force MIME <strong>t</strong>ype)<br />
+ Force the MIME-type of the target file to be
+ <em>MIME-type</em>. For instance, this can be used to
+ simulate the <code>mod_alias</code> directive
+ <code>ScriptAlias</code> which internally forces all files
+ inside the mapped directory to have a MIME type of
+ ``<code>application/x-httpd-cgi</code>''.</li>
+
+ <li>
+ '<strong><code>nosubreq|NS</code></strong>' (used only if
+ <strong>n</strong>o internal
+ <strong>s</strong>ub-request)<br />
+ This flag forces the rewriting engine to skip a
+ rewriting rule if the current request is an internal
+ sub-request. For instance, sub-requests occur internally
+ in Apache when <code>mod_include</code> tries to find out
+ information about possible directory default files
+ (<code>index.xxx</code>). On sub-requests it is not
+ always useful and even sometimes causes a failure to if
+ the complete set of rules are applied. Use this flag to
+ exclude some rules.<br />
+
+
+ <p>Use the following rule for your decision: whenever you
+ prefix some URLs with CGI-scripts to force them to be
+ processed by the CGI-script, the chance is high that you
+ will run into problems (or even overhead) on
+ sub-requests. In these cases, use this flag.</p>
+ </li>
+
+ <li>'<strong><code>nocase|NC</code></strong>'
+ (<strong>n</strong>o <strong>c</strong>ase)<br />
+ This makes the <em>Pattern</em> case-insensitive,
+ <em>i.e.</em>, there is no difference between 'A-Z' and
+ 'a-z' when <em>Pattern</em> is matched against the current
+ URL.</li>
+
+ <li>'<strong><code>qsappend|QSA</code></strong>'
+ (<strong>q</strong>uery <strong>s</strong>tring
+ <strong>a</strong>ppend)<br />
+ This flag forces the rewriting engine to append a query
+ string part in the substitution string to the existing one
+ instead of replacing it. Use this when you want to add more
+ data to the query string via a rewrite rule.</li>
+
+ <li>
+ '<strong><code>noescape|NE</code></strong>'
+ (<strong>n</strong>o URI <strong>e</strong>scaping of
+ output)<br />
+ This flag keeps mod_rewrite from applying the usual URI
+ escaping rules to the result of a rewrite. Ordinarily,
+ special characters (such as '%', '$', ';', and so on)
+ will be escaped into their hexcode equivalents ('%25',
+ '%24', and '%3B', respectively); this flag prevents this
+ from being done. This allows percent symbols to appear in
+ the output, as in
+<example>
+ RewriteRule /foo/(.*) /bar?arg=P1\%3d$1 [R,NE]
+</example>
+
+ which would turn '<code>/foo/zed</code>' into a safe
+ request for '<code>/bar?arg=P1=zed</code>'.
+ </li>
+
+ <li>
+ '<strong><code>passthrough|PT</code></strong>'
+ (<strong>p</strong>ass <strong>t</strong>hrough to next
+ handler)<br />
+ This flag forces the rewriting engine to set the
+ <code>uri</code> field of the internal
+ <code>request_rec</code> structure to the value of the
+ <code>filename</code> field. This flag is just a hack to
+ be able to post-process the output of
+ <code>RewriteRule</code> directives by
+ <code>Alias</code>, <code>ScriptAlias</code>,
+ <code>Redirect</code>, <em>etc.</em> directives from
+ other URI-to-filename translators. A trivial example to
+ show the semantics: If you want to rewrite
+ <code>/abc</code> to <code>/def</code> via the rewriting
+ engine of <code>mod_rewrite</code> and then
+ <code>/def</code> to <code>/ghi</code> with
+ <code>mod_alias</code>:
+<example>
+ RewriteRule ^/abc(.*) /def$1 [PT]<br />
+ Alias /def /ghi
+</example>
+ If you omit the <code>PT</code> flag then
+ <code>mod_rewrite</code> will do its job fine,
+ <em>i.e.</em>, it rewrites <code>uri=/abc/...</code> to
+ <code>filename=/def/...</code> as a full API-compliant
+ URI-to-filename translator should do. Then
+ <code>mod_alias</code> comes and tries to do a
+ URI-to-filename transition which will not work.
+
+ <p>Note: <strong>You have to use this flag if you want to
+ intermix directives of different modules which contain
+ URL-to-filename translators</strong>. The typical example
+ is the use of <code>mod_alias</code> and
+ <code>mod_rewrite</code>..</p>
+
+<note><title>For Apache hackers</title>
+ If the current Apache API had a filename-to-filename
+ hook additionally to the URI-to-filename hook then we
+ wouldn't need this flag! But without such a hook this
+ flag is the only solution. The Apache Group has
+ discussed this problem and will add such a hook in
+ Apache version 2.0.
+</note>
+ </li>
+
+ <li>'<strong><code>skip|S</code></strong>=<em>num</em>'
+ (<strong>s</strong>kip next rule(s))<br />
+ This flag forces the rewriting engine to skip the next
+ <em>num</em> rules in sequence when the current rule
+ matches. Use this to make pseudo if-then-else constructs:
+ The last rule of the then-clause becomes
+ <code>skip=N</code> where N is the number of rules in the
+ else-clause. (This is <strong>not</strong> the same as the
+ 'chain|C' flag!)</li>
+
+ <li>
+ '<strong><code>env|E=</code></strong><em>VAR</em>:<em>VAL</em>'
+ (set <strong>e</strong>nvironment variable)<br />
+ This forces an environment variable named <em>VAR</em> to
+ be set to the value <em>VAL</em>, where <em>VAL</em> can
+ contain regexp backreferences <code>$N</code> and
+ <code>%N</code> which will be expanded. You can use this
+ flag more than once to set more than one variable. The
+ variables can be later dereferenced in many situations, but
+ usually from within XSSI (via <code><!--#echo
+ var="VAR"--></code>) or CGI (<em>e.g.</em>
+ <code>$ENV{'VAR'}</code>). Additionally you can dereference
+ it in a following RewriteCond pattern via
+ <code>%{ENV:VAR}</code>. Use this to strip but remember
+ information from URLs.</li>
+ </ul>
+
+<note><title>Note</title> Never forget that <em>Pattern</em> is
+applied to a complete URL in per-server configuration
+files. <strong>But in per-directory configuration files, the
+per-directory prefix (which always is the same for a specific
+directory!) is automatically <em>removed</em> for the pattern matching
+and automatically <em>added</em> after the substitution has been
+done.</strong> This feature is essential for many sorts of rewriting,
+because without this prefix stripping you have to match the parent
+directory which is not always possible.
+
+ <p>There is one exception: If a substitution string
+ starts with ``<code>http://</code>'' then the directory
+ prefix will <strong>not</strong> be added and an
+ external redirect or proxy throughput (if flag
+ <strong>P</strong> is used!) is forced!</p>
+</note>
+
+<note><title>Note</title>
+ To enable the rewriting engine
+ for per-directory configuration files you need to set
+ ``<code>RewriteEngine On</code>'' in these files
+ <strong>and</strong> ``<code>Options
+ FollowSymLinks</code>'' must be enabled. If your
+ administrator has disabled override of
+ <code>FollowSymLinks</code> for a user's directory, then
+ you cannot use the rewriting engine. This restriction is
+ needed for security reasons.
+</note>
+
+ <p>Here are all possible substitution combinations and their
+ meanings:</p>
+
+ <p><strong>Inside per-server configuration
+ (<code>httpd.conf</code>)<br />
+ for request ``<code>GET
+ /somepath/pathinfo</code>'':</strong><br />
+ </p>
+
+ <table bgcolor="#F0F0F0" cellspacing="0" cellpadding="5">
+ <tr>
+ <td>
+<pre>
+<strong>Given Rule</strong> <strong>Resulting Substitution</strong>
+---------------------------------------------- ----------------------------------
+^/somepath(.*) otherpath$1 not supported, because invalid!
+
+^/somepath(.*) otherpath$1 [R] not supported, because invalid!
+
+^/somepath(.*) otherpath$1 [P] not supported, because invalid!
+---------------------------------------------- ----------------------------------
+^/somepath(.*) /otherpath$1 /otherpath/pathinfo
+
+^/somepath(.*) /otherpath$1 [R] http://thishost/otherpath/pathinfo
+ via external redirection
+
+^/somepath(.*) /otherpath$1 [P] not supported, because silly!
+---------------------------------------------- ----------------------------------
+^/somepath(.*) http://thishost/otherpath$1 /otherpath/pathinfo
+
+^/somepath(.*) http://thishost/otherpath$1 [R] http://thishost/otherpath/pathinfo
+ via external redirection
+
+^/somepath(.*) http://thishost/otherpath$1 [P] not supported, because silly!
+---------------------------------------------- ----------------------------------
+^/somepath(.*) http://otherhost/otherpath$1 http://otherhost/otherpath/pathinfo
+ via external redirection
+
+^/somepath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
+ via external redirection
+ (the [R] flag is redundant)
+
+^/somepath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
+ via internal proxy
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><strong>Inside per-directory configuration for
+ <code>/somepath</code><br />
+ (<em>i.e.</em>, file <code>.htaccess</code> in dir
+ <code>/physical/path/to/somepath</code> containing
+ <code>RewriteBase /somepath</code>)<br />
+ for request ``<code>GET
+ /somepath/localpath/pathinfo</code>'':</strong><br />
+ </p>
+
+ <table bgcolor="#F0F0F0" cellspacing="0" cellpadding="5">
+ <tr>
+ <td>
+<pre>
+<strong>Given Rule</strong> <strong>Resulting Substitution</strong>
+---------------------------------------------- ----------------------------------
+^localpath(.*) otherpath$1 /somepath/otherpath/pathinfo
+
+^localpath(.*) otherpath$1 [R] http://thishost/somepath/otherpath/pathinfo
+ via external redirection
+
+^localpath(.*) otherpath$1 [P] not supported, because silly!
+---------------------------------------------- ----------------------------------
+^localpath(.*) /otherpath$1 /otherpath/pathinfo
+
+^localpath(.*) /otherpath$1 [R] http://thishost/otherpath/pathinfo
+ via external redirection
+
+^localpath(.*) /otherpath$1 [P] not supported, because silly!
+---------------------------------------------- ----------------------------------
+^localpath(.*) http://thishost/otherpath$1 /otherpath/pathinfo
+
+^localpath(.*) http://thishost/otherpath$1 [R] http://thishost/otherpath/pathinfo
+ via external redirection
+
+^localpath(.*) http://thishost/otherpath$1 [P] not supported, because silly!
+---------------------------------------------- ----------------------------------
+^localpath(.*) http://otherhost/otherpath$1 http://otherhost/otherpath/pathinfo
+ via external redirection
+
+^localpath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
+ via external redirection
+ (the [R] flag is redundant)
+
+^localpath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
+ via internal proxy
+</pre>
+ </td>
+ </tr>
+ </table>
+
+ <p><strong>Example:</strong></p>
+
+ <p>We want to rewrite URLs of the form </p>
+
+ <blockquote>
+ <code>/</code> <em>Language</em> <code>/~</code>
+ <em>Realname</em> <code>/.../</code> <em>File</em>
+ </blockquote>
+ into
+
+ <blockquote>
+ <code>/u/</code> <em>Username</em> <code>/.../</code>
+ <em>File</em> <code>.</code> <em>Language</em>
+ </blockquote>
+
+ <p>We take the rewrite mapfile from above and save it under
+ <code>/path/to/file/map.txt</code>. Then we only have to
+ add the following lines to the Apache server configuration
+ file:</p>
+
+<example>
+<pre>
+RewriteLog /path/to/file/rewrite.log
+RewriteMap real-to-user txt:/path/to/file/map.txt
+RewriteRule ^/([^/]+)/~([^/]+)/(.*)$ /u/${real-to-user:$2|nobody}/$3.$1
+</pre>
+</example>
+
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_setenvif</name>
+<status>Base</status>
+<identifier>setenvif_module</identifier>
+<sourcefile>mod_setenvif.c</sourcefile>
+<compatibility>Available in Apache 1.3 and later</compatibility>
+
+<description>Allows the setting of environment variables based
+on characteristics of the request</description>
+
+<summary>
+
+ <p>The <module>mod_setenvif</module> module allows you to set
+ environment variables according to whether different aspects of
+ the request match regular expressions you specify. These
+ environment variables can be used by other parts of the server
+ to make decisions about actions to be taken.</p>
+
+ <p>The directives are considered in the order they appear in
+ the configuration files. So more complex sequences can be used,
+ such as this example, which sets <code>netscape</code> if the
+ browser is mozilla but not MSIE.</p>
+
+<example>
+ BrowserMatch ^Mozilla netscape<br />
+ BrowserMatch MSIE !netscape<br />
+</example>
+</summary>
+
+<seealso><a href="../env.html">Environment Variables in Apache</a></seealso>
+
+<directivesynopsis>
+<name>BrowserMatch</name>
+<description>Sets environment variables conditional on HTTP User-Agent
+</description>
+<syntax>BrowserMatch <em>regex env-variable</em>[=<em>value</em>]
+[<em>env-variable</em>[=<em>value</em>]] ...</syntax>
+<default><i>none</i></default>
+<context>server config, virtual host, directory, .htaccess</context>
+<override>FileInfo</override>
+<compatibility>Apache 1.2 and
+ above (in Apache 1.2 this directive was found in the
+ now-obsolete mod_browser module)</compatibility>
+
+<usage>
+ <p>The <directive>BrowserMatch</directive> directive defines
+ environment variables based on the <code>User-Agent</code> HTTP
+ request header field. The first argument should be a POSIX.2
+ extended regular expression (similar to an
+ <code>egrep</code>-style regex). The rest of the arguments give
+ the names of variables to set, and optionally values to which they
+ should be set. These take the form of</p>
+
+ <ol>
+ <li><code><em>varname</em></code>, or</li>
+
+ <li><code>!<em>varname</em></code>, or</li>
+
+ <li><code><em>varname</em>=<em>value</em></code></li>
+ </ol>
+
+ <p>In the first form, the value will be set to "1". The second
+ will remove the given variable if already defined, and the
+ third will set the variable to the value given by
+ <code><em>value</em></code>. If a <code>User-Agent</code>
+ string matches more than one entry, they will be merged.
+ Entries are processed in the order in which they appear, and
+ later entries can override earlier ones.</p>
+
+ <p>For example:</p>
+<example>
+ BrowserMatch ^Mozilla forms jpeg=yes browser=netscape<br />
+ BrowserMatch "^Mozilla/[2-3]" tables agif frames javascript<br />
+ BrowserMatch MSIE !javascript<br />
+</example>
+
+ <p>Note that the regular expression string is
+ <strong>case-sensitive</strong>. For case-INsensitive matching,
+ see the <directive
+ module="mod_setenvif">BrowserMatchNoCase</directive>
+ directive.</p>
+
+ <p>The <directive>BrowserMatch</directive> and
+ <directive>BrowserMatchNoCase</directive> directives are special cases of
+ the <directive module="mod_setenvif">SetEnvIf</directive> and <directive
+ module="mod_setenvif">SetEnvIfNoCase</directive>
+ directives. The following two lines have the same effect:</p>
+<example>
+ BrowserMatchNoCase Robot is_a_robot<br />
+ SetEnvIfNoCase User-Agent Robot is_a_robot<br />
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>BrowserMatchNoCase</name>
+<description>Sets environment variables conditional on User-Agent without
+respect to case</description>
+<syntax>BrowserMatchNoCase <em>regex env-variable</em>[=<em>value</em>]
+ [<em>env-variable</em>[=<em>value</em>]] ...</syntax>
+<default><em>none</em></default>
+<context>server config, virtual host, directory, .htaccess</context>
+<override>FileInfo</override>
+<compatibility>Apache 1.2 and
+ above (in Apache 1.2 this directive was found in the
+ now-obsolete mod_browser module)</compatibility>
+
+<usage>
+
+ <p>The <directive>BrowserMatchNoCase</directive> directive is
+ semantically identical to the <directive
+ module="mod_setenvif">BrowserMatch</directive> directive.
+ However, it provides for case-insensitive matching. For
+ example:</p>
+<example>
+ BrowserMatchNoCase mac platform=macintosh<br />
+ BrowserMatchNoCase win platform=windows<br />
+</example>
+
+ <p>The <directive>BrowserMatch</directive> and
+ <directive>BrowserMatchNoCase</directive> directives are special cases of
+ the <directive module="mod_setenvif">SetEnvIf</directive> and <directive
+ module="mod_setenvif">SetEnvIfNoCase</directive>
+ directives. The following two lines have the same effect:</p>
+<example>
+ BrowserMatchNoCase Robot is_a_robot<br />
+ SetEnvIfNoCase User-Agent Robot is_a_robot<br />
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SetEnvIf</name>
+<description>Sets environment variables based on attributes of the request
+</description>
+<syntax>SetEnvIf <em>attribute
+ regex env-variable</em>[=<em>value</em>]
+ [<em>env-variable</em>[=<em>value</em>]] ...</syntax>
+<default><em>none</em></default>
+<context> server config, virtual host, directory, .htaccess</context>
+<override>FileInfo</override>
+<compatibility>Apache 1.3 and
+ above; the Request_Protocol keyword and environment-variable
+ matching are only available with 1.3.7 and later</compatibility>
+
+<usage>
+ <p>The <directive>SetEnvIf</directive> directive defines environment
+ variables based on attributes of the request. These attributes
+ can be the values of various HTTP request header fields (see <a
+ href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC2616</a>
+ for more information about these), or of other aspects of the
+ request, including the following:</p>
+
+ <ul>
+ <li><code>Remote_Host</code> - the hostname (if available) of
+ the client making the request</li>
+
+ <li><code>Remote_Addr</code> - the IP address of the client
+ making the request</li>
+
+ <li><code>Remote_User</code> - the authenticated username (if
+ available)</li>
+
+ <li><code>Request_Method</code> - the name of the method
+ being used (<code>GET</code>, <code>POST</code>, <em>et
+ cetera</em>)</li>
+
+ <li><code>Request_Protocol</code> - the name and version of
+ the protocol with which the request was made (<em>e.g.</em>,
+ "HTTP/0.9", "HTTP/1.1", <em>etc.</em>)</li>
+
+ <li><code>Request_URI</code> - the portion of the URL
+ following the scheme and host portion</li>
+ </ul>
+
+ <p>Some of the more commonly used request header field names
+ include <code>Host</code>, <code>User-Agent</code>, and
+ <code>Referer</code>.</p>
+
+ <p>If the <em>attribute</em> name doesn't match any of the
+ special keywords, nor any of the request's header field names,
+ it is tested as the name of an environment variable in the list
+ of those associated with the request. This allows
+ <directive>SetEnvIf</directive> directives to test against the result of
+ prior matches.</p>
+
+<note>
+ <strong>Only those environment variables defined by earlier
+ <code>SetEnvIf[NoCase]</code> directives are available for
+ testing in this manner. 'Earlier' means that they were
+ defined at a broader scope (such as server-wide) or
+ previously in the current directive's scope.</strong>
+</note>
+
+ <p><em>attribute</em> may be a regular expression when used to
+ match a request header. If <em>attribute</em> is a regular
+ expression and it doesn't match any of the request's header
+ names, then <em>attribute</em> is not tested against the
+ request's environment variable list.</p>
+
+<example>
+<title>Example:</title>
+ SetEnvIf Request_URI "\.gif$" object_is_image=gif<br />
+ SetEnvIf Request_URI "\.jpg$" object_is_image=jpg<br />
+ SetEnvIf Request_URI "\.xbm$" object_is_image=xbm<br />
+ :<br />
+ SetEnvIf Referer www\.mydomain\.com intra_site_referral<br />
+ :<br />
+ SetEnvIf object_is_image xbm XBIT_PROCESSING=1<br />
+ :<br />
+ SetEnvIf ^TS* ^[a-z].* HAVE_TS<br />
+</example>
+
+ <p>The first three will set the environment variable
+ <code>object_is_image</code> if the request was for an image
+ file, and the fourth sets <code>intra_site_referral</code> if
+ the referring page was somewhere on the
+ <code>www.mydomain.com</code> Web site.</p>
+
+ <p>The last example will set environment variable
+ <code>HAVE_TS</code> if the request contains any headers that
+ begin with "TS" whose values begins with any character in the
+ set [a-z].</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SetEnvIfNoCase</name>
+<description>Sets environment variables based on attributes of the request
+without respect to case</description>
+<syntax>SetEnvIfNoCase <em>attribute regex env-variable</em>[=<em>value</em>]
+ [<em>env-variable</em>[=<em>value</em>]] ...</syntax>
+<default><em>none</em></default>
+<context>server config, virtual host, directory, .htaccess</context>
+<override>FileInfo</override>
+<compatibility>Apache 1.3 and above</compatibility>
+
+<usage>
+
+ <p>The <directive>SetEnvIfNoCase</directive> is semantically identical to
+ the <directive module="mod_setenvif">SetEnvIf</directive> directive,
+ and differs only in that the regular expression matching is
+ performed in a case-insensitive manner. For example:</p>
+<example>
+ SetEnvIfNoCase Host Apache\.Org site=apache
+</example>
+
+ <p>This will cause the <code>site</code> environment variable
+ to be set to "<code>apache</code>" if the HTTP request header
+ field <code>Host:</code> was included and contained
+ <code>Apache.Org</code>, <code>apache.org</code>, or any other
+ combination.</p>
+</usage>
+</directivesynopsis>
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_so</name>
+<status>Base (Windows>; Optional (Unix)</status>
+<identifier>so_module</identifier>
+<sourcefile>mod_so.c</sourcefile>
+<compatibility>Available in Apache 1.3 and later.</compatibility>
+
+<description>
+This module provides for loading of executable code and
+modules into the server at start-up or restart time.</description>
+
+<summary>
+
+ <p>On selected operating systems this module can be used to
+ load modules into Apache at runtime via the <a
+ href="../dso.html">Dynamic Shared Object</a> (DSO) mechanism,
+ rather than requiring a recompilation.</p>
+
+ <p>On Unix, the loaded code typically comes from shared object
+ files (usually with <samp>.so</samp> extension), on Windows
+ this may either the <samp>.so</samp> or <samp>.dll</samp>
+ extension. This module is only available in Apache 1.3 and
+ up.</p>
+
+ <p>In previous releases, the functionality of this module was
+ provided for Unix by mod_dld, and for Windows by mod_dll. On
+ Windows, mod_dll was used in beta release 1.3b1 through 1.3b5.
+ mod_so combines these two modules into a single module for all
+ operating systems.</p>
+
+ <p><strong>Warning: Apache 1.3 modules cannot be directly used
+ with Apache 2.0 - the module must be modified to dynamically
+ load or compile into Apache 2.0</strong>.</p>
+</summary>
+
+<section><title id="creating">Creating Loadable Modules
+for Windows</title>
+
+ <p><note>Note: the module name format changed for Windows
+ with Apache 1.3.15 and 2.0 - the modules are now named as
+ mod_foo.so</note>. While mod_so still loads modules with
+ ApacheModuleFoo.dll names, the new naming convention is
+ preferred; if you are converting your loadable module for 2.0,
+ please fix the name to this 2.0 convention.</p>
+
+ <p>The Apache module API is unchanged between the Unix and
+ Windows versions. Many modules will run on Windows with no or
+ little change from Unix, although others rely on aspects of the
+ Unix architecture which are not present in Windows, and will
+ not work.</p>
+
+ <p>When a module does work, it can be added to the server in
+ one of two ways. As with Unix, it can be compiled into the
+ server. Because Apache for Windows does not have the
+ <code>Configure</code> program of Apache for Unix, the module's
+ source file must be added to the ApacheCore project file, and
+ its symbols must be added to the
+ <code>os\win32\modules.c</code> file.</p>
+
+ <p>The second way is to compile the module as a DLL, a shared
+ library that can be loaded into the server at runtime, using
+ the <code><directive>LoadModule</directive></code>
+ directive. These module DLLs can be distributed and run on any
+ Apache for Windows installation, without recompilation of the
+ server.</p>
+
+ <p>To create a module DLL, a small change is necessary to the
+ module's source file: The module record must be exported from
+ the DLL (which will be created later; see below). To do this,
+ add the <code>AP_MODULE_DECLARE_DATA</code> (defined in the
+ Apache header files) to your module's module record definition.
+ For example, if your module has:</p>
+
+<example>
+ module foo_module;
+</example>
+
+ <p>Replace the above with:</p>
+<example>
+ module AP_MODULE_DECLARE_DATA foo_module;
+</example>
+
+ <p>Note that this will only be activated on Windows, so the
+ module can continue to be used, unchanged, with Unix if needed.
+ Also, if you are familiar with <code>.DEF</code> files, you can
+ export the module record with that method instead.</p>
+
+ <p>Now, create a DLL containing your module. You will need to
+ link this against the libhttpd.lib export library that is
+ created when the libhttpd.dll shared library is compiled. You
+ may also have to change the compiler settings to ensure that
+ the Apache header files are correctly located. You can find
+ this library in your server root's modules directory. It is
+ best to grab an existing module .dsp file from the tree to
+ assure the build environment is configured correctly, or
+ alternately compare the compiler and link options to your
+ .dsp.</p>
+
+ <p>This should create a DLL version of your module. Now simply
+ place it in the <samp>modules</samp> directory of your server
+ root, and use the <directive>LoadModule</directive>
+ directive to load it.</p>
+
+</section>
+
+<directivesynopsis>
+<name>LoadFile</name>
+<syntax>LoadFile <em>filename</em> [<em>filename</em>] ...</syntax>
+<default>none</default>
+<contextlist>
+<context>server config</context>
+</contextlist>
+<description>Link in the named object file or library</description>
+
+<usage>
+
+ <p>The LoadFile directive links in the named object files or
+ libraries when the server is started or restarted; this is used
+ to load additional code which may be required for some module
+ to work. <em>Filename</em> is either an absolute path or
+ relative to <a href="core.html#serverroot">ServerRoot</a>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LoadModule</name>
+<syntax>LoadModule <em>module filename</em></syntax>
+<default>none</default>
+<contextlist>
+<context>server config</context>
+</contextlist>
+<description>Links in the object file or library, and adds to the list
+of active modules</description>
+
+<usage>
+ <p>The LoadModule directive links in the object file or library
+ <em>filename</em> and adds the module structure named
+ <em>module</em> to the list of active modules. <em>Module</em>
+ is the name of the external variable of type
+ <code>module</code> in the file, and is listed as the <a
+ href="module-dict.html#ModuleIdentifier">Module Identifier</a>
+ in the module documentation. Example:</p>
+
+ <example>
+ LoadModule status_module modules/mod_status.so
+ </example>
+
+ <p>loads the named module from the modules subdirectory of the
+ ServerRoot.</p>
+</usage>
+
+</directivesynopsis>
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_speling</name>
+<status>Extension</status>
+<identifier>speling_module</identifier>
+<sourcefile>mod_speling.c</sourcefile>
+<compatibility>Available in Apache 1.3 and later. Available as
+an External module in Apache 1.1 and later.</compatibility>
+
+<description>This module attempts to correct misspellings of URLs that
+users might have entered, by ignoring capitalization and by
+allowing up to one misspelling.</description>
+
+<summary>
+
+ <p>Requests to documents sometimes cannot be served by the core
+ apache server because the request was misspelled or
+ miscapitalized. This module addresses this problem by trying to
+ find a matching document, even after all other modules gave up.
+ It does its work by comparing each document name in the
+ requested directory against the requested document name
+ <strong>without regard to case</strong>, and allowing
+ <strong>up to one misspelling</strong> (character insertion /
+ omission / transposition or wrong character). A list is built
+ with all document names which were matched using this
+ strategy.</p>
+
+ <p>If, after scanning the directory,</p>
+
+ <ul>
+ <li>no matching document was found, Apache will proceed as
+ usual and return a "document not found" error.</li>
+
+ <li>only one document is found that "almost" matches the
+ request, then it is returned in the form of a redirection
+ response.</li>
+
+ <li>more than one document with a close match was found, then
+ the list of the matches is returned to the client, and the
+ client can select the correct candidate.</li>
+ </ul>
+
+</summary>
+
+
+<directivesynopsis>
+<name>CheckSpelling</name>
+<syntax>CheckSpelling on|off</syntax>
+<default>CheckSpelling Off</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>Options</override>
+<compatibility>CheckSpelling was available as a separately available
+module for Apache 1.1, but was limited to miscapitalizations. As
+of Apache 1.3, it is part of the Apache distribution. Prior to Apache
+1.3.2, the <samp>CheckSpelling</samp> directive was only available in the
+"server" and "virtual host" contexts.</compatibility>
+<description>This directive enables or disables the spelling
+module.</description>
+
+<usage>
+
+ <p>This directive enables or disables the spelling module. When
+ enabled, keep in mind that</p>
+
+ <ul>
+ <li>the directory scan which is necessary for the spelling
+ correction will have an impact on the server's performance
+ when many spelling corrections have to be performed at the
+ same time.</li>
+
+ <li>the document trees should not contain sensitive files
+ which could be matched inadvertently by a spelling
+ "correction".</li>
+
+ <li>the module is unable to correct misspelled user names (as
+ in <code>http://my.host/~apahce/</code>), just file names or
+ directory names.</li>
+
+ <li>spelling corrections apply strictly to existing files, so
+ a request for the <samp><Location /status></samp> may
+ get incorrectly treated as the negotiated file
+ "<samp>/stats.html</samp>".</li>
+ </ul>
+</usage>
+
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<html>
+<head>
+<title>mod_ssl: Reference</title>
+
+<!--
+ Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials
+ provided with the distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ 4. The name "mod_ssl" must not be used to endorse or promote
+ products derived from this software without prior written
+ permission.
+
+ 5. Redistributions of any form whatsoever must retain the
+ following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
+ HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<style type="text/css"><!--
+A:link {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:active {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:visited {
+ text-decoration: none;
+ color: #6666cc;
+}
+#sf {
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H1 {
+ font-weight: bold;
+ font-size: 24pt;
+ line-height: 24pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H2 {
+ font-weight: bold;
+ font-size: 18pt;
+ line-height: 18pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H3 {
+ font-weight: bold;
+ font-size: 14pt;
+ line-height: 14pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H4 {
+ font-weight: bold;
+ font-size: 12pt;
+ line-height: 12pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#H {
+}
+#D {
+ background-color: #f0f0f0;
+}
+#faq {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#howto {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#term {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+--></style>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+function ro_imgNormal(imgName) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_n.src');
+ self.status = '';
+ }
+}
+function ro_imgOver(imgName, descript) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_o.src');
+ self.status = descript;
+ }
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_top_n = new Image();
+ ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_top_o = new Image();
+ ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_bot_n = new Image();
+ ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_bot_o = new Image();
+ ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_top_n = new Image();
+ ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_top_o = new Image();
+ ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_bot_n = new Image();
+ ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_bot_o = new Image();
+ ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
+<div align="center">
+<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+ <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
+ <table width="600" cellspacing="0" cellpadding="0" summary="">
+ <tr>
+ <td>
+ <table width="600" summary="">
+ <tr>
+ <td align="left" valign="bottom">
+ <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
+ </td>
+ <td align="right">
+ <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-3.gif" alt="3" width="74" height="89">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <br>
+ <img src="ssl_template.title-ref.gif" alt="Reference" width="456" height="60">
+ </td>
+ </tr>
+ </table>
+<div align="right">
+<table cellspacing="0" cellpadding="0" width="150" summary="">
+<tr>
+<td>
+<em>
+``Try to understand everything,
+but believe nothing!''
+</em>
+</td>
+</tr>
+<tr>
+<td align="right">
+<font size="-1">
+Unknown
+</font>
+</td>
+</tr>
+</table>
+</div>
+<p>
+<table cellspacing="0" cellpadding="0" border="0" summary="">
+<tr valign="bottom">
+<td>
+<img src="ssl_reference.gfont000.gif" alt="T" width="34" height="34" border="0" align="left">
+his chapter provides a reference to all configuration directives and
+additional user visible features mod_ssl provides. It's intended as the
+official resource when you want to know how a particilar mod_ssl functionality
+is actually configured or activated. Each directive is documented similar to
+the way standard Apache directives are documented in the official Apache
+documentation set, i.e. for each directive especially the syntax, default and
+context where applicable is given.
+<p>
+Notice that there are three major classes of directives which are used by
+mod_ssl: First <em>Global Directives</em> (i.e. directives with context
+``server config''), which can occur inside the server config files but only
+outside of any sectioning commands like <VirtualHost>. Second
+<em>Per-Server Directives</em> (i.e. those with context ``server config,
+virtual host''), which can occur inside the server config files both outside
+(for the main/default server) and inside <VirtualHost> sections.
+</td>
+<td>
+
+</td>
+<td>
+<div align="right">
+<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
+<tr>
+<td bgcolor="#333399">
+<font face="Arial,Helvetica" color="#ccccff">
+<b>Table Of Contents</b>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<font face="Arial,Helvetica" size="-1">
+<a href="#ToC1"><strong>Configuration Directives</strong></a><br>
+ <a href="#ToC2"><strong>SSLPassPhraseDialog</strong></a><br>
+ <a href="#ToC3"><strong>SSLMutex</strong></a><br>
+ <a href="#ToC4"><strong>SSLRandomSeed</strong></a><br>
+ <a href="#ToC5"><strong>SSLSessionCache</strong></a><br>
+ <a href="#ToC6"><strong>SSLSessionCacheTimeout</strong></a><br>
+ <a href="#ToC7"><strong>SSLEngine</strong></a><br>
+ <a href="#ToC8"><strong>SSLProtocol</strong></a><br>
+ <a href="#ToC9"><strong>SSLCipherSuite</strong></a><br>
+ <a href="#ToC10"><strong>SSLCertificateFile</strong></a><br>
+ <a href="#ToC11"><strong>SSLCertificateKeyFile</strong></a><br>
+ <a href="#ToC12"><strong>SSLCertificateChainFile</strong></a><br>
+ <a href="#ToC13"><strong>SSLCACertificatePath</strong></a><br>
+ <a href="#ToC14"><strong>SSLCACertificateFile</strong></a><br>
+ <a href="#ToC15"><strong>SSLCARevocationPath</strong></a><br>
+ <a href="#ToC16"><strong>SSLCARevocationFile</strong></a><br>
+ <a href="#ToC17"><strong>SSLVerifyClient</strong></a><br>
+ <a href="#ToC18"><strong>SSLVerifyDepth</strong></a><br>
+ <a href="#ToC19"><strong>SSLLog</strong></a><br>
+ <a href="#ToC20"><strong>SSLLogLevel</strong></a><br>
+ <a href="#ToC21"><strong>SSLOptions</strong></a><br>
+ <a href="#ToC22"><strong>SSLRequireSSL</strong></a><br>
+ <a href="#ToC23"><strong>SSLRequire</strong></a><br>
+<a href="#ToC24"><strong>Additional Features</strong></a><br>
+ <a href="#ToC25"><strong>Environment Variables</strong></a><br>
+ <a href="#ToC26"><strong>Custom Log Formats</strong></a><br>
+</font>
+</td>
+</tr>
+</table>
+</div>
+</td>
+</tr>
+</table>
+<p>
+And third <em>Per-Directory Directives</em> (i.e. those with context ``server
+config, virtual host, directory, .htaccess''), which can pretty much occur
+everywhere. Especially both inside the server config files and the
+per-directory <code>.htaccess</code> files. The three classes are subsets of
+each other, i.e. directives from the per-directory class can also be used in
+the per-server and global context, and directives from the per-server class
+can also be used the in the global context.
+<p>
+Additional directives and environment variables provided by mod_ssl (via
+on-the-fly mapping) for backward compatiblity to other Apache SSL solutions
+are documented in the <a href="ssl_compat.html">Compatibility</a> chapter.
+<h1><a name="ToC1">Configuration Directives</a></h1>
+The most visible and error-prone things of mod_ssl are its configuration
+directives. So we document them in great detail here to assist you in setting
+up the best possible configuration of your SSL-aware webserver.
+<!-- SSLPassPhraseDialog -------------------------------------------->
+<p>
+<br>
+<a name="SSLPassPhraseDialog"></a>
+<h2><a name="ToC2">SSLPassPhraseDialog</a></h2>
+<p>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLPassPhraseDialog</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of pass phrase dialog for encrypted private keys</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLPassPhraseDialog</code> <em>type</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLPassPhraseDialog builtin</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+When Apache starts up it has to read the various Certificate (see <a
+href="#SSLCertificateFile">SSLCertificateFile</a>) and Private Key (see <a
+href="#SSLCertificateKeyFile">SSLCertificateKeyFile</a>) files of the
+SSL-enabled virtual servers. Because for security reasons the Private Key
+files are usually encrypted, mod_ssl needs to query the administrator for a
+Pass Phrase in order to decrypt those files. This query can be done in two ways
+which can be configured by <em>type</em>:
+<ul>
+<li><code>builtin</code>
+ <p>
+ This is the default where an interactive terminal dialog occurs at startup
+ time just before Apache detaches from the terminal. Here the administrator
+ has to manually enter the Pass Phrase for each encrypted Private Key file.
+ Because a lot of SSL-enabled virtual hosts can be configured, the
+ following reuse-scheme is used to minimize the dialog: When a Private Key
+ file is encrypted, all known Pass Phrases (at the beginning there are
+ none, of course) are tried. If one of those known Pass Phrases succeeds no
+ dialog pops up for this particular Private Key file. If none succeeded,
+ another Pass Phrase is queried on the terminal and remembered for the next
+ round (where it perhaps can be reused).
+ <p>
+ This scheme allows mod_ssl to be maximally flexible (because for N encrypted
+ Private Key files you <em>can</em> use N different Pass Phrases - but then
+ you have to enter all of them, of course) while minimizing the terminal
+ dialog (i.e. when you use a single Pass Phrase for all N Private Key files
+ this Pass Phrase is queried only once).
+<p>
+<li><code>exec:/path/to/program</code>
+ <p>
+ Here an external program is configured which is called at startup for each
+ encrypted Private Key file. It is called with two arguments (the first is
+ of the form ``<code>servername:portnumber</code>'', the second is either
+ ``<code>RSA</code>'' or ``<code>DSA</code>''), which indicate for which
+ server and algorithm it has to print the corresponding Pass Phrase to
+ <code>stdout</code>. The intent is that this external program first runs
+ security checks to make sure that the system is not compromised by an
+ attacker, and only when these checks were passed successfully it provides
+ the Pass Phrase.
+ <p>
+ Both these security checks, and the way the Pass Phrase is determined, can
+ be as complex as you like. Mod_ssl just defines the interface: an
+ executable program which provides the Pass Phrase on <code>stdout</code>.
+ Nothing more or less! So, if you're really paranoid about security, here
+ is your interface. Anything else has to be left as an exercise to the
+ administrator, because local security requirements are so different.
+ <p>
+ The reuse-algorithm above is used here, too. In other words: The external
+ program is called only once per unique Pass Phrase.
+</ul>
+<p>
+Example:
+<blockquote>
+<pre>
+SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
+</pre>
+</blockquote>
+<!-- SSLMutex ------------------------------------------------------->
+<p>
+<br>
+<a name="SSLMutex"></a>
+<h2><a name="ToC3">SSLMutex</a></h2>
+<p>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLMutex</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Semaphore for internal mutual exclusion of operations</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLMutex</code> <em>type</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLMutex none</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This configures the SSL engine's semaphore (aka. lock) which is used for mutual
+exclusion of operations which have to be done in a synchronized way between the
+pre-forked Apache server processes. This directive can only be used in the
+global server context because it's only useful to have one global mutex.
+<p>
+The following Mutex <em>types</em> are available:
+<ul>
+<li><code>none</code>
+ <p>
+ This is the default where no Mutex is used at all. Use it at your own
+ risk. But because currently the Mutex is mainly used for synchronizing
+ write access to the SSL Session Cache you can live without it as long
+ as you accept a sometimes garbled Session Cache. So it's not recommended
+ to leave this the default. Instead configure a real Mutex.
+<p>
+<li><code>file:/path/to/mutex</code>
+ <p>
+ This is the portable and (under Unix) always provided Mutex variant where
+ a physical (lock-)file is used as the Mutex. Always use a local disk
+ filesystem for <code>/path/to/mutex</code> and never a file residing on a
+ NFS- or AFS-filesystem. Note: Internally, the Process ID (PID) of the
+ Apache parent process is automatically appended to
+ <code>/path/to/mutex</code> to make it unique, so you don't have to worry
+ about conflicts yourself. Notice that this type of mutex is not available
+ under the Win32 environment. There you <i>have</i> to use the semaphore
+ mutex.
+<p>
+<li><code>sem</code>
+ <p>
+ This is the most elegant but also most non-portable Mutex variant where a
+ SysV IPC Semaphore (under Unix) and a Windows Mutex (under Win32) is used
+ when possible. It is only available when the underlying platform
+ supports it.
+</ul>
+<p>
+Example:
+<blockquote>
+<pre>
+SSLMutex file:/usr/local/apache/logs/ssl_mutex
+</pre>
+</blockquote>
+<!-- SSLRandomSeed -------------------------------------------------->
+<p>
+<br>
+<a name="SSLRandomSeed"></a>
+<h2><a name="ToC4">SSLRandomSeed</a></h2>
+<p>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRandomSeed</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Pseudo Random Number Generator (PRNG) seeding source</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRandomSeed</code> <em>context</em> <em>source</em> [<em>bytes</em>]</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>none</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.2 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This configures one or more sources for seeding the Pseudo Random Number
+Generator (PRNG) in OpenSSL at startup time (<em>context</em> is
+<code>startup</code>) and/or just before a new SSL connection is established
+(<em>context</em> is <code>connect</code>). This directive can only be used
+in the global server context because the PRNG is a global facility.
+<p>
+The following <em>source</em> variants are available:
+<ul>
+<li><code>builtin</code>
+ <p> This is the always available builtin seeding source. It's usage
+ consumes minimum CPU cycles under runtime and hence can be always used
+ without drawbacks. The source used for seeding the PRNG contains of the
+ current time, the current process id and (when applicable) a randomly
+ choosen 1KB extract of the inter-process scoreboard structure of Apache.
+ The drawback is that this is not really a strong source and at startup
+ time (where the scoreboard is still not available) this source just
+ produces a few bytes of entropy. So you should always, at least for the
+ startup, use an additional seeding source.
+<p>
+<li><code>file:/path/to/source</code>
+ <p>
+ This variant uses an external file <code>/path/to/source</code> as the
+ source for seeding the PRNG. When <em>bytes</em> is specified, only the
+ first <em>bytes</em> number of bytes of the file form the entropy (and
+ <em>bytes</em> is given to <code>/path/to/source</code> as the first
+ argument). When <em>bytes</em> is not specified the whole file forms the
+ entropy (and <code>0</code> is given to <code>/path/to/source</code> as
+ the first argument). Use this especially at startup time, for instance
+ with an available <code>/dev/random</code> and/or
+ <code>/dev/urandom</code> devices (which usually exist on modern Unix
+ derivates like FreeBSD and Linux).
+ <p>
+ <em>But be careful</em>: Usually <code>/dev/random</code> provides only as
+ much entropy data as it actually has, i.e. when you request 512 bytes of
+ entropy, but the device currently has only 100 bytes available two things
+ can happen: On some platforms you receive only the 100 bytes while on
+ other platforms the read blocks until enough bytes are available (which
+ can take a long time). Here using an existing <code>/dev/urandom</code> is
+ better, because it never blocks and actually gives the amount of requested
+ data. The drawback is just that the quality of the received data may not
+ be the best.
+ <p>
+ On some platforms like FreeBSD one can even control how the entropy is
+ actually generated, i.e. by which system interrupts. More details one can
+ find under <i>rndcontrol(8)</i> on those platforms. Alternatively, when
+ your system lacks such a random device, you can use tool
+ like <a href="http://www.lothar.com/tech/crypto/">EGD</a>
+ (Entropy Gathering Daemon) and run it's client program with the
+ <code>exec:/path/to/program/</code> variant (see below) or use
+ <code>egd:/path/to/egd-socket</code> (see below).
+<p>
+<li><code>exec:/path/to/program</code>
+ <p>
+ This variant uses an external executable <code>/path/to/program</code> as
+ the source for seeding the PRNG. When <em>bytes</em> is specified, only the
+ first <em>bytes</em> number of bytes of its <code>stdout</code> contents
+ form the entropy. When <em>bytes</em> is not specified, the entirety of
+ the data produced on <code>stdout</code> form the entropy. Use this only
+ at startup time when you need a very strong seeding with the help of an
+ external program (for instance as in the example above with the
+ <code>truerand</code> utility you can find in the mod_ssl distribution
+ which is based on the AT&T <em>truerand</em> library). Using this in
+ the connection context slows down the server too dramatically, of course.
+ So usually you should avoid using external programs in that context.
+<p>
+<li><code>egd:/path/to/egd-socket</code> (Unix only)
+ <p>
+ This variant uses the Unix domain socket of the
+ external Entropy Gathering Daemon (EGD) (see <a
+ href="http://www.lothar.com/tech/crypto/">http://www.lothar.com/tech
+ /crypto/</a>) to seed the PRNG. Use this if no random device exists
+ on your platform.
+</ul>
+<p>
+Example:
+<blockquote>
+<pre>
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/random
+SSLRandomSeed startup file:/dev/urandom 1024
+SSLRandomSeed startup exec:/usr/local/bin/truerand 16
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/random
+SSLRandomSeed connect file:/dev/urandom 1024
+</pre>
+</blockquote>
+<!-- SSLSessionCache ------------------------------------------------>
+<p>
+<br>
+<a name="SSLSessionCache"></a>
+<h2><a name="ToC5">SSLSessionCache</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLSessionCache</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of the global/inter-process SSL Session Cache</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLSessionCache</code> <em>type</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLSessionCache none</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This configures the storage type of the global/inter-process SSL Session
+Cache. This cache is an optional facility which speeds up parallel request
+processing. For requests to the same server process (via HTTP keep-alive),
+OpenSSL already caches the SSL session information locally. But because modern
+clients request inlined images and other data via parallel requests (usually
+up to four parallel requests are common) those requests are served by
+<em>different</em> pre-forked server processes. Here an inter-process cache
+helps to avoid unneccessary session handshakes.
+<p>
+The following two storage <em>type</em>s are currently supported:
+<ul>
+<li><code>none</code>
+ <p>
+ This is the default and just disables the global/inter-process Session
+ Cache. There is no drawback in functionality, but a noticeable speed
+ penalty can be observed.
+<p>
+<li><code>dbm:/path/to/datafile</code>
+ <p>
+ This makes use of a DBM hashfile on the local disk to synchronize the
+ local OpenSSL memory caches of the server processes. The slight increase
+ in I/O on the server results in a visible request speedup for your
+ clients, so this type of storage is generally recommended.
+<p>
+<li><code>shm:/path/to/datafile</code>[<code>(</code><i>size</i><code>)</code>]
+ <p>
+ This makes use of a high-performance hash table (approx. <i>size</i> bytes
+ in size) inside a shared memory segment in RAM (established via
+ <code>/path/to/datafile</code>) to synchronize the local OpenSSL memory
+ caches of the server processes. This storage type is not available on all
+ platforms. See the mod_ssl <code>INSTALL</code> document for details on
+ how to build Apache+EAPI with shared memory support.
+</ul>
+<p>
+Examples:
+<blockquote>
+<pre>
+SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data
+SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000)
+</pre>
+</blockquote>
+<!-- SSLSessionCacheTimeout ----------------------------------------->
+<p>
+<br>
+<a name="SSLSessionCacheTimeout"></a>
+<h2><a name="ToC6">SSLSessionCacheTimeout</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLSessionCacheTimeout</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Number of seconds before an SSL session expires in the Session Cache</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLSessionCacheTimeout</code> <em>seconds</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLSessionCacheTimeout 300</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the timeout in seconds for the information stored in the
+global/inter-process SSL Session Cache and the OpenSSL internal memory cache.
+It can be set as low as 15 for testing, but should be set to higher
+values like 300 in real life.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLSessionCacheTimeout 600
+</pre>
+</blockquote>
+<!-- SSLEngine ------------------------------------------------------>
+<p>
+<br>
+<a name="SSLEngine"></a>
+<h2><a name="ToC7">SSLEngine</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLEngine</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> SSL Engine Operation Switch</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLEngine</code> <em>on|off</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLEngine off</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive toggles the usage of the SSL/TLS Protocol Engine. This is
+usually used inside a <VirtualHost> section to enable SSL/TLS for a
+particular virtual host. By default the SSL/TLS Protocol Engine is disabled
+for both the main server and all configured virtual hosts.
+<p>
+Example:
+<blockquote>
+<pre>
+<VirtualHost _default_:443>
+SSLEngine on
+...
+</VirtualHost>
+</pre>
+</blockquote>
+<!-- SSLProtocol ---------------------------------------------------->
+<p>
+<br>
+<a name="SSLProtocol"></a>
+<h2><a name="ToC8">SSLProtocol</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLProtocol</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Configure usable SSL protocol flavors</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLProtocol</code> [+-]<em>protocol</em> ...</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLProtocol all</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> Options</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.2 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive can be used to control the SSL protocol flavors mod_ssl should
+use when establishing its server environment. Clients then can only connect
+with one of the provided protocols.
+<p>
+The available (case-insensitive) <em>protocol</em>s are:
+<ul>
+<li><code>SSLv2</code>
+ <p>
+ This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the
+ original SSL protocol as designed by Netscape Corporation.
+<p>
+<li><code>SSLv3</code>
+ <p>
+ This is the Secure Sockets Layer (SSL) protocol, version 3.0. It is the
+ successor to SSLv2 and the currently (as of February 1999) de-facto
+ standardized SSL protocol from Netscape Corporation. It's supported by
+ almost all popular browsers.
+<p>
+<li><code>TLSv1</code>
+ <p>
+ This is the Transport Layer Security (TLS) protocol, version 1.0. It is the
+ successor to SSLv3 and currently (as of February 1999) still under
+ construction by the Internet Engineering Task Force (IETF). It's still
+ not supported by any popular browsers.
+<p>
+<li><code>All</code>
+ <p>
+ This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' and a
+ convinient way for enabling all protocols except one when used in
+ combination with the minus sign on a protocol as the example above shows.
+</ul>
+<p>
+Example:
+<blockquote>
+<pre>
+# enable SSLv3 and TLSv1, but not SSLv2
+SSLProtocol all -SSLv2
+</pre>
+</blockquote>
+<!-- SSLCipherSuite ------------------------------------------------->
+<p>
+<br>
+<a name="SSLCipherSuite"></a>
+<h2><a name="ToC9">SSLCipherSuite</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCipherSuite</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Cipher Suite available for negotiation in SSL handshake</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCipherSuite</code> <em>cipher-spec</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This complex directive uses a colon-separated <em>cipher-spec</em> string
+consisting of OpenSSL cipher specifications to configure the Cipher Suite the
+client is permitted to negotiate in the SSL handshake phase. Notice that this
+directive can be used both in per-server and per-directory context. In
+per-server context it applies to the standard SSL handshake when a connection
+is established. In per-directory context it forces a SSL renegotation with the
+reconfigured Cipher Suite after the HTTP request was read but before the HTTP
+response is sent.
+<p>
+An SSL cipher specification in <em>cipher-spec</em> is composed of 4 major
+attributes plus a few extra minor ones:
+<ul>
+<li><em>Key Exchange Algorithm</em>:<br>
+ RSA or Diffie-Hellman variants.
+<p>
+<li><em>Authentication Algorithm</em>:<br>
+ RSA, Diffie-Hellman, DSS or none.
+<p>
+<li><em>Cipher/Encryption Algorithm</em>:<br>
+ DES, Triple-DES, RC4, RC2, IDEA or none.
+<p>
+<li><em>MAC Digest Algorithm</em>:<br>
+ MD5, SHA or SHA1.
+</ul>
+An SSL cipher can also be an export cipher and is either a SSLv2 or SSLv3/TLSv1
+cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use,
+one can either specify all the Ciphers, one at a time, or use aliases to
+specify the preference and order for the ciphers (see <a href="#table1">Table
+1</a>).
+<p>
+<div align="center">
+<a name="table1"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 1: OpenSSL Cipher Specification Tags</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="D"><td><b>Tag</b></td> <td><b>Description</b></td>
+<tr id="H"><td colspan="2"><em>Key Exchange Algorithm:</em></td></tr>
+<tr id="D"><td><code>kRSA</code></td> <td>RSA key exchange</td></tr>
+<tr id="H"><td><code>kDHr</code></td> <td>Diffie-Hellman key exchange with RSA key</td></tr>
+<tr id="D"><td><code>kDHd</code></td> <td>Diffie-Hellman key exchange with DSA key</td></tr>
+<tr id="H"><td><code>kEDH</code></td> <td>Ephemeral (temp.key) Diffie-Hellman key exchange (no cert)</td> </tr>
+<tr id="H"><td colspan="2"><em>Authentication Algorithm:</em></td></tr>
+<tr id="D"><td><code>aNULL</code></td> <td>No authentication</td></tr>
+<tr id="H"><td><code>aRSA</code></td> <td>RSA authentication</td></tr>
+<tr id="D"><td><code>aDSS</code></td> <td>DSS authentication</td> </tr>
+<tr id="H"><td><code>aDH</code></td> <td>Diffie-Hellman authentication</td></tr>
+<tr id="D"><td colspan="2"><em>Cipher Encoding Algorithm:</em></td></tr></tr>
+<tr id="H"><td><code>eNULL</code></td> <td>No encoding</td> </tr>
+<tr id="D"><td><code>DES</code></td> <td>DES encoding</td> </tr>
+<tr id="H"><td><code>3DES</code></td> <td>Triple-DES encoding</td> </tr>
+<tr id="D"><td><code>RC4</code></td> <td>RC4 encoding</td> </tr>
+<tr id="H"><td><code>RC2</code></td> <td>RC2 encoding</td> </tr>
+<tr id="D"><td><code>IDEA</code></td> <td>IDEA encoding</td> </tr>
+<tr id="H"><td colspan="2"><em>MAC Digest Algorithm</em>:</td></tr>
+<tr id="D"><td><code>MD5</code></td> <td>MD5 hash function</td></tr>
+<tr id="H"><td><code>SHA1</code></td> <td>SHA1 hash function</td></tr>
+<tr id="D"><td><code>SHA</code></td> <td>SHA hash function</td> </tr>
+<tr id="H"><td colspan="2"><em>Aliases:</em></td></tr>
+<tr id="D"><td><code>SSLv2</code></td> <td>all SSL version 2.0 ciphers</td></tr>
+<tr id="H"><td><code>SSLv3</code></td> <td>all SSL version 3.0 ciphers</td> </tr>
+<tr id="D"><td><code>TLSv1</code></td> <td>all TLS version 1.0 ciphers</td> </tr>
+<tr id="H"><td><code>EXP</code></td> <td>all export ciphers</td> </tr>
+<tr id="D"><td><code>EXPORT40</code></td> <td>all 40-bit export ciphers only</td> </tr>
+<tr id="H"><td><code>EXPORT56</code></td> <td>all 56-bit export ciphers only</td> </tr>
+<tr id="D"><td><code>LOW</code></td> <td>all low strength ciphers (no export, single DES)</td></tr>
+<tr id="H"><td><code>MEDIUM</code></td> <td>all ciphers with 128 bit encryption</td> </tr>
+<tr id="D"><td><code>HIGH</code></td> <td>all ciphers using Triple-DES</td> </tr>
+<tr id="H"><td><code>RSA</code></td> <td>all ciphers using RSA key exchange</td> </tr>
+<tr id="D"><td><code>DH</code></td> <td>all ciphers using Diffie-Hellman key exchange</td> </tr>
+<tr id="H"><td><code>EDH</code></td> <td>all ciphers using Ephemeral Diffie-Hellman key exchange</td> </tr>
+<tr id="D"><td><code>ADH</code></td> <td>all ciphers using Anonymous Diffie-Hellman key exchange</td> </tr>
+<tr id="H"><td><code>DSS</code></td> <td>all ciphers using DSS authentication</td> </tr>
+<tr id="D"><td><code>NULL</code></td> <td>all ciphers using no encryption</td> </tr>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+Now where this becomes interesting is that these can be put together
+to specify the order and ciphers you wish to use. To speed this up
+there are also aliases (<code>SSLv2, SSLv3, TLSv1, EXP, LOW, MEDIUM,
+HIGH</code>) for certain groups of ciphers. These tags can be joined
+together with prefixes to form the <em>cipher-spec</em>. Available
+prefixes are:
+<ul>
+<li>none: add cipher to list
+<li><code>+</code>: add ciphers to list and pull them to current location in list
+<li><code>-</code>: remove cipher from list (can be added later again)
+<li><code>!</code>: kill cipher from list completely (can <b>not</b> be added later again)
+</ul>
+A simpler way to look at all of this is to use the ``<code>openssl ciphers
+-v</code>'' command which provides a nice way to successively create the
+correct <em>cipher-spec</em> string. The default <em>cipher-spec</em> string
+is ``<code>ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</code>'' which
+means the following: first, remove from consideration any ciphers that do not
+authenticate, i.e. for SSL only the Anonymous Diffie-Hellman ciphers. Next,
+use ciphers using RC4 and RSA. Next include the high, medium and then the low
+security ciphers. Finally <em>pull</em> all SSLv2 and export ciphers to the
+end of the list.
+<blockquote>
+<pre>
+$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
+NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
+NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
+EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
+... ... ... ... ...
+EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
+EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+</pre>
+</blockquote>
+The complete list of particular RSA & DH ciphers for SSL is given in <a
+href="#table2">Table 2</a>.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
+</pre>
+</blockquote>
+<p>
+<div align="center">
+<a name="table2"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 2: Particular SSL Ciphers</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="D"><td><b>Cipher-Tag</b></td> <td><b>Protocol</b></td> <td><b>Key Ex.</b></td> <td><b>Auth.</b></td> <td><b>Enc.</b></td> <td><b>MAC</b></td> <td><b>Type</b></td> </tr>
+<tr id="H"><td colspan="7"><em>RSA Ciphers:</em></td></tr>
+<tr id="D"><td><code>DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>DES-CBC3-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>IDEA-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>IDEA(128)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>RC4-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="D"><td><code>RC4-MD5</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="H"><td><code>IDEA-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>IDEA(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>RC2-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC2(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="H"><td><code>RC4-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>DES-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>RC4-64-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC4(64)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>DES-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>DES(56)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="H"><td><code>EXP-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
+<tr id="D"><td><code>EXP-RC2-CBC-MD5</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>RC2(40)</td> <td>MD5</td> <td> export</td> </tr>
+<tr id="H"><td><code>EXP-RC4-MD5</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
+<tr id="D"><td><code>EXP-RC2-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA(512)</td> <td>RSA</td> <td>RC2(40)</td> <td>MD5</td> <td> export</td> </tr>
+<tr id="H"><td><code>EXP-RC4-MD5</code></td> <td>SSLv2</td> <td>RSA(512)</td> <td>RSA</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
+<tr id="D"><td><code>NULL-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>None</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>NULL-MD5</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>None</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td colspan="7"><em>Diffie-Hellman Ciphers:</em></td></tr>
+<tr id="H"><td><code>ADH-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="D"><td><code>ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>EDH-RSA-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>EDH-DSS-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>DSS</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="D"><td><code>EDH-RSA-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>RSA</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>DSS</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="D"><td><code>EXP-EDH-RSA-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>RSA</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
+<tr id="H"><td><code>EXP-EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>DSS</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
+<tr id="D"><td><code>EXP-ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
+<tr id="H"><td><code>EXP-ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<!-- SSLCertificateFile --------------------------------------------->
+<p>
+<br>
+<a name="SSLCertificateFile"></a>
+<h2><a name="ToC10">SSLCertificateFile</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateFile</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Server PEM-encoded X.509 Certificate file</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateFile</code> <em>filename</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive points to the PEM-encoded Certificate file for the server and
+optionally also to the corresponding RSA or DSA Private Key file for it
+(contained in the same file). If the contained Private Key is encrypted the
+Pass Phrase dialog is forced at startup time. This directive can be used up to
+two times (referencing different filenames) when both a RSA and a DSA based
+server certificate is used in parallel.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
+</pre>
+</blockquote>
+<!-- SSLCertificateKeyFile ------------------------------------------>
+<p>
+<br>
+<a name="SSLCertificateKeyFile"></a>
+<h2><a name="ToC11">SSLCertificateKeyFile</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateKeyFile</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Server PEM-encoded Private Key file</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateKeyFile</code> <em>filename</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive points to the PEM-encoded Private Key file for the server. If
+the Private Key is not combined with the Certificate in the
+<code>SSLCertificateFile</code>, use this additional directive to point to the
+file with the stand-alone Private Key. When <code>SSLCertificateFile</code>
+is used and the file contains both the Certificate and the Private Key this
+directive need not be used. But we strongly discourage this practice.
+Instead we recommend you to separate the Certificate and the Private Key. If
+the contained Private Key is encrypted, the Pass Phrase dialog is forced at
+startup time. This directive can be used up to two times (referencing
+different filenames) when both a RSA and a DSA based private key is used in
+parallel.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
+</pre>
+</blockquote>
+<!-- SSLCertificateChainFile ---------------------------------------->
+<p>
+<br>
+<a name="SSLCertificateChainFile"></a>
+<h2><a name="ToC12">SSLCertificateChainFile</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateChainFile</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of PEM-encoded Server CA Certificates</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateChainFile</code> <em>filename</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3.6 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the optional <em>all-in-one</em> file where you can
+assemble the certificates of Certification Authorities (CA) which form the
+certificate chain of the server certificate. This starts with the issuing CA
+certificate of of the server certificate and can range up to the root CA
+certificate. Such a file is simply the concatenation of the various
+PEM-encoded CA Certificate files, usually in certificate chain order.
+<p>
+This should be used alternatively and/or additionally to <a
+href="#SSLCACertificatePath">SSLCACertificatePath</a> for explicitly
+constructing the server certificate chain which is sent to the browser in
+addition to the server certificate. It is especially useful to avoid conflicts
+with CA certificates when using client authentication. Because although
+placing a CA certificate of the server certificate chain into <a
+href="#SSLCACertificatePath">SSLCACertificatePath</a> has the same effect for
+the certificate chain construction, it has the side-effect that client
+certificates issued by this same CA certificate are also accepted on client
+authentication. That's usually not one expect.
+<p>
+But be careful: Providing the certificate chain works only if you are using a
+<i>single</i> (either RSA <i>or</i> DSA) based server certificate. If you are
+using a coupled RSA+DSA certificate pair, this will work only if actually both
+certificates use the <i>same</i> certificate chain. Else the browsers will be
+confused in this situation.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt
+</pre>
+</blockquote>
+<!-- SSLCACertificatePath ------------------------------------------->
+<p>
+<br>
+<a name="SSLCACertificatePath"></a>
+<h2><a name="ToC13">SSLCACertificatePath</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCACertificatePath</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Directory of PEM-encoded CA Certificates for Client Auth.</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCACertificatePath</code> <em>directory</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the directory where you keep the Certificates of
+Certification Authorities (CAs) whose clients you deal with. These are used to
+verify the client certificate on Client Authentication.
+<p>
+The files in this directory have to be PEM-encoded and are accessed through
+hash filenames. So usually you can't just place the Certificate files
+there: you also have to create symbolic links named
+<i>hash-value</i><tt>.N</tt>. And you should always make sure this directory
+contains the appropriate symbolic links. Use the <code>Makefile</code> which
+comes with mod_ssl to accomplish this task.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLCACertificatePath /usr/local/apache/conf/ssl.crt/
+</pre>
+</blockquote>
+<!-- SSLCACertificateFile ------------------------------------------->
+<p>
+<br>
+<a name="SSLCACertificateFile"></a>
+<h2><a name="ToC14">SSLCACertificateFile</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCACertificateFile</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of concatenated PEM-encoded CA Certificates for Client Auth.</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCACertificateFile</code> <em>filename</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the <em>all-in-one</em> file where you can assemble the
+Certificates of Certification Authorities (CA) whose <em>clients</em> you deal
+with. These are used for Client Authentication. Such a file is simply the
+concatenation of the various PEM-encoded Certificate files, in order of
+preference. This can be used alternatively and/or additionally to <a
+href="#SSLCACertificatePath">SSLCACertificatePath</a>.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle-client.crt
+</pre>
+</blockquote>
+<!-- SSLCARevocationPath -------------------------------------------->
+<p>
+<br>
+<a name="SSLCARevocationPath"></a>
+<h2><a name="ToC15">SSLCARevocationPath</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCARevocationPath</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Directory of PEM-encoded CA CRLs for Client Auth.</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCARevocationPath</code> <em>directory</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the directory where you keep the Certificate Revocation
+Lists (CRL) of Certification Authorities (CAs) whose clients you deal with.
+These are used to revoke the client certificate on Client Authentication.
+<p>
+The files in this directory have to be PEM-encoded and are accessed through
+hash filenames. So usually you have not only to place the CRL files there.
+Additionally you have to create symbolic links named
+<i>hash-value</i><tt>.rN</tt>. And you should always make sure this directory
+contains the appropriate symbolic links. Use the <code>Makefile</code> which
+comes with mod_ssl to accomplish this task.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLCARevocationPath /usr/local/apache/conf/ssl.crl/
+</pre>
+</blockquote>
+<!-- SSLCARevocationFile -------------------------------------------->
+<p>
+<br>
+<a name="SSLCARevocationFile"></a>
+<h2><a name="ToC16">SSLCARevocationFile</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCARevocationFile</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of concatenated PEM-encoded CA CRLs for Client Auth.</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCARevocationFile</code> <em>filename</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the <em>all-in-one</em> file where you can assemble the
+Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose
+<em>clients</em> you deal with. These are used for Client Authentication.
+Such a file is simply the concatenation of the various PEM-encoded CRL
+files, in order of preference. This can be used alternatively and/or
+additionally to <a href="#SSLCARevocationPath">SSLCARevocationPath</a>.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca-bundle-client.crl
+</pre>
+</blockquote>
+<!-- SSLVerifyClient ------------------------------------------------->
+<p>
+<br>
+<a name="SSLVerifyClient"></a>
+<h2><a name="ToC17">SSLVerifyClient</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLVerifyClient</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of Client Certificate verification</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLVerifyClient</code> <em>level</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLVerifyClient none</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the Certificate verification level for the Client
+Authentication. Notice that this directive can be used both in per-server and
+per-directory context. In per-server context it applies to the client
+authentication process used in the standard SSL handshake when a connection is
+established. In per-directory context it forces a SSL renegotation with the
+reconfigured client verification level after the HTTP request was read but
+before the HTTP response is sent.
+<p>
+The following levels are available for <em>level</em>:
+<ul>
+<li><strong>none</strong>:
+ no client Certificate is required at all
+<li><strong>optional</strong>:
+ the client <em>may</em> present a valid Certificate
+<li><strong>require</strong>:
+ the client <em>has to</em> present a valid Certificate
+<li><strong>optional_no_ca</strong>:
+ the client may present a valid Certificate<br>
+ but it need not to be (successfully) verifiable.
+</ul>
+In practice only levels <strong>none</strong> and <strong>require</strong> are
+really interesting, because level <strong>optional</strong> doesn't work with
+all browsers and level <strong>optional_no_ca</strong> is actually against the
+idea of authentication (but can be used to establish SSL test pages, etc.)
+<p>
+Example:
+<blockquote>
+<pre>
+SSLVerifyClient require
+</pre>
+</blockquote>
+<!-- SSLVerifyDepth ------------------------------------------------->
+<p>
+<br>
+<a name="SSLVerifyDepth"></a>
+<h2><a name="ToC18">SSLVerifyDepth</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLVerifyDepth</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Maximum depth of CA Certificates in Client Certificate verification</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLVerifyDepth</code> <em>number</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLVerifyDepth 1</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets how deeply mod_ssl should verify before deciding that the
+clients don't have a valid certificate. Notice that this directive can be
+used both in per-server and per-directory context. In per-server context it
+applies to the client authentication process used in the standard SSL
+handshake when a connection is established. In per-directory context it forces
+a SSL renegotation with the reconfigured client verification depth after the
+HTTP request was read but before the HTTP response is sent.
+<p>
+The depth actually is the maximum number of intermediate certificate issuers,
+i.e. the number of CA certificates which are max allowed to be followed while
+verifying the client certificate. A depth of 0 means that self-signed client
+certificates are accepted only, the default depth of 1 means the client
+certificate can be self-signed or has to be signed by a CA which is directly
+known to the server (i.e. the CA's certificate is under
+<code>SSLCACertificatePath</code>), etc.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLVerifyDepth 10
+</pre>
+</blockquote>
+<!-- SSLLog --------------------------------------------------------->
+<p>
+<br>
+<a name="SSLLog"></a>
+<h2><a name="ToC19">SSLLog</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLLog</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Where to write the dedicated SSL engine logfile</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLLog</code> <em>filename</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the name of the dedicated SSL protocol engine logfile.
+Error type messages are additionally duplicated to the general Apache error
+log file (directive <code>ErrorLog</code>). Put this somewhere where it cannot
+be used for symlink attacks on a real server (i.e. somewhere where only root
+can write). If the <em>filename</em> does not begin with a slash
+('<code>/</code>') then it is assumed to be relative to the <em>Server
+Root</em>. If <em>filename</em> begins with a bar ('<code>|</code>') then the
+following string is assumed to be a path to an executable program to which a
+reliable pipe can be established. The directive should occur only once per
+virtual server config.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLLog /usr/local/apache/logs/ssl_engine_log
+</pre>
+</blockquote>
+<!-- SSLLogLevel ---------------------------------------------------->
+<p>
+<br>
+<a name="SSLLogLevel"></a>
+<h2><a name="ToC20">SSLLogLevel</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLLogLevel</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Logging level for the dedicated SSL engine logfile</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLLogLevel</code> <em>level</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLLogLevel none</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive sets the verbosity degree of the dedicated SSL protocol engine
+logfile. The <em>level</em> is one of the following (in ascending order where
+higher levels include lower levels):
+<ul>
+<li><code>none</code><br>
+ no dedicated SSL logging is done, but messages of level
+ ``<code>error</code>'' are still written to the general Apache error
+ logfile.
+<p>
+<li><code>error</code><br>
+ log messages of error type only, i.e. messages which show fatal situations
+ (processing is stopped). Those messages are also duplicated to the
+ general Apache error logfile.
+<p>
+<li><code>warn</code><br>
+ log also warning messages, i.e. messages which show non-fatal problems
+ (processing is continued).
+<p>
+<li><code>info</code><br>
+ log also informational messages, i.e. messages which show major
+ processing steps.
+<p>
+<li><code>trace</code><br>
+ log also trace messages, i.e. messages which show minor processing steps.
+<p>
+<li><code>debug</code><br>
+ log also debugging messages, i.e. messages which show development and
+ low-level I/O information.
+</ul>
+<p>
+Example:
+<blockquote>
+<pre>
+SSLLogLevel warn
+</pre>
+</blockquote>
+<!-- SSLOptions ----------------------------------------------------->
+<p>
+<br>
+<a name="SSLOptions"></a>
+<h2><a name="ToC21">SSLOptions</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLOptions</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Configure various SSL engine run-time options</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLOptions</code> [+-]<em>option</em> ...</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> Options</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive can be used to control various run-time options on a
+per-directory basis. Normally, if multiple <code>SSLOptions</code> could
+apply to a directory, then the most specific one is taken completely; the
+options are not merged. However if <em>all</em> the options on the
+<code>SSLOptions</code> directive are preceded by a plus (<code>+</code>) or
+minus (<code>-</code>) symbol, the options are merged. Any options preceded by
+a <code>+</code> are added to the options currently in force, and any options
+preceded by a <code>-</code> are removed from the options currently in force.
+<p>
+The available <em>option</em>s are:
+<ul>
+<li><code>StdEnvVars</code>
+ <p>
+ When this option is enabled, the standard set of SSL related CGI/SSI
+ environment variables are created. This per default is disabled for
+ performance reasons, because the information extraction step is a
+ rather expensive operation. So one usually enables this option for
+ CGI and SSI requests only.
+<p>
+<li><code>CompatEnvVars</code>
+ <p>
+ When this option is enabled, additional CGI/SSI environment variables are
+ created for backward compatibility to other Apache SSL solutions. Look in
+ the <a href="ssl_compat.html">Compatibility</a> chapter for details
+ on the particular variables generated.
+<p>
+<li><code>ExportCertData</code>
+ <p>
+ When this option is enabled, additional CGI/SSI environment variables are
+ created: <code>SSL_SERVER_CERT</code>, <code>SSL_CLIENT_CERT</code> and
+ <code>SSL_CLIENT_CERT_CHAIN</code><i>n</i> (with <i>n</i> = 0,1,2,..).
+ These contain the PEM-encoded X.509 Certificates of server and client for
+ the current HTTPS connection and can be used by CGI scripts for deeper
+ Certificate checking. Additionally all other certificates of the client
+ certificate chain are provided, too. This bloats up the environment a
+ little bit which is why you have to use this option to enable it on
+ demand.
+<p>
+<li><code>FakeBasicAuth</code>
+ <p>
+ When this option is enabled, the Subject Distinguished Name (DN) of the
+ Client X509 Certificate is translated into a HTTP Basic Authorization
+ username. This means that the standard Apache authentication methods can
+ be used for access control. The user name is just the Subject of the
+ Client's X509 Certificate (can be determined by running OpenSSL's
+ <code>openssl x509</code> command: <code>openssl x509 -noout -subject -in
+ </code><em>certificate</em><code>.crt</code>). Note that no password is
+ obtained from the user. Every entry in the user file needs this password:
+ ``<code>xxj31ZMTZzkVA</code>'', which is the DES-encrypted version of the
+ word `<code>password</code>''. Those who live under MD5-based encryption
+ (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5
+ hash of the same word: ``<code>$1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/</code>''.
+<p>
+<li><code>StrictRequire</code>
+ <p>
+ This <i>forces</i> forbidden access when <code>SSLRequireSSL</code> or
+ <code>SSLRequire</code> successfully decided that access should be
+ forbidden. Usually the default is that in the case where a ``<code>Satisfy
+ any</code>'' directive is used, and other access restrictions are passed,
+ denial of access due to <code>SSLRequireSSL</code> or
+ <code>SSLRequire</code> is overridden (because that's how the Apache
+ <tt>Satisfy</tt> mechanism should work.) But for strict access restriction
+ you can use <code>SSLRequireSSL</code> and/or <code>SSLRequire</code> in
+ combination with an ``<code>SSLOptions +StrictRequire</code>''. Then an
+ additional ``<code>Satisfy Any</code>'' has no chance once mod_ssl has
+ decided to deny access.
+<p>
+<li><code>OptRenegotiate</code>
+ <p>
+ This enables optimized SSL connection renegotiation handling when SSL
+ directives are used in per-directory context. By default a strict
+ scheme is enabled where <i>every</i> per-directory reconfiguration of
+ SSL parameters causes a <i>full</i> SSL renegotiation handshake. When this
+ option is used mod_ssl tries to avoid unnecessary handshakes by doing more
+ granular (but still safe) parameter checks. Nevertheless these granular
+ checks sometimes maybe not what the user expects, so enable this on a
+ per-directory basis only, please.
+</ul>
+<p>
+Example:
+<blockquote>
+<pre>
+SSLOptions +FakeBasicAuth -StrictRequire
+<Files ~ "\.(cgi|shtml)$">
+ SSLOptions +StdEnvVars +CompatEnvVars -ExportCertData
+<Files>
+</pre>
+</blockquote>
+<!-- SSLRequireSSL -------------------------------------------------->
+<p>
+<br>
+<a name="SSLRequireSSL"></a>
+<h2><a name="ToC22">SSLRequireSSL</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRequireSSL</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Deny access when SSL is not used for the HTTP request</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRequireSSL</code></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> directory, .htaccess</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for
+the current connection. This is very handy inside the SSL-enabled virtual
+host or directories for defending against configuration errors that expose
+stuff that should be protected. When this directive is present all requests
+are denied which are not using SSL.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLRequireSSL
+</pre>
+</blockquote>
+<!-- SSLRequire ----------------------------------------------------->
+<p>
+<br>
+<a name="SSLRequire"></a>
+<h2><a name="ToC23">SSLRequire</a></h2>
+<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
+<tr>
+<td>
+<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
+<tr>
+<td>
+<table cellspacing="0" cellpadding="1" border="0" summary="">
+<tr><td>
+<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRequire</b></td></tr>
+<tr><td>
+<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Allow access only when an arbitrarily complex boolean expression is true</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Syntax"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRequire</code> <em>expression</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Default"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
+<tr><td><a
+ href="../directive-dict.html#Context"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> directory, .htaccess</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Override"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Status"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Module"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
+<tr><td><a
+ href="../directive-dict.html#Compatibility"
+ rel="Help"
+><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
+</table>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<p>
+This directive specifies a general access requirement which has to be
+fulfilled in order to allow access. It's a very powerful directive because the
+requirement specification is an arbitrarily complex boolean expression
+containing any number of access checks.
+<p>
+The <em>expression</em> must match the following syntax (given as a BNF
+grammar notation):
+<blockquote>
+<pre>
+expr ::= "<b>true</b>" | "<b>false</b>"
+ | "<b>!</b>" expr
+ | expr "<b>&&</b>" expr
+ | expr "<b>||</b>" expr
+ | "<b>(</b>" expr "<b>)</b>"
+ | comp
+
+comp ::= word "<b>==</b>" word | word "<b>eq</b>" word
+ | word "<b>!=</b>" word | word "<b>ne</b>" word
+ | word "<b><</b>" word | word "<b>lt</b>" word
+ | word "<b><=</b>" word | word "<b>le</b>" word
+ | word "<b>></b>" word | word "<b>gt</b>" word
+ | word "<b>>=</b>" word | word "<b>ge</b>" word
+ | word "<b>in</b>" "<b>{</b>" wordlist "<b>}</b>"
+ | word "<b>=~</b>" regex
+ | word "<b>!~</b>" regex
+
+wordlist ::= word
+ | wordlist "<b>,</b>" word
+
+word ::= digit
+ | cstring
+ | variable
+ | function
+
+digit ::= [0-9]+
+cstring ::= "..."
+variable ::= "<b>%{</b>" varname "<b>}</b>"
+function ::= funcname "<b>(</b>" funcargs "<b>)</b>"
+</pre>
+</blockquote>
+while for <code>varname</code> any variable from <a href="#table3">Table 3</a>
+can be used. Finally for <code>funcname</code> the following functions
+are available:
+<ul>
+<li><code>file(</code><em>filename</em><code>)</code>
+ <p>
+ This function takes one string argument and expands to the contents of the
+ file. This is especially useful for matching this contents against a
+ regular expression, etc.
+</ul>
+Notice that <em>expression</em> is first parsed into an internal machine
+representation and then evaluated in a second step. Actually, in Global and
+Per-Server Class context <em>expression</em> is parsed at startup time and
+at runtime only the machine representation is executed. For Per-Directory
+context this is different: here <em>expression</em> has to be parsed and
+immediately executed for every request.
+<p>
+Example:
+<blockquote>
+<pre>
+SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+ and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+ and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+ and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+ or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+</pre>
+</blockquote>
+<div align="center">
+<a name="table3"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 3: Available Variables for SSLRequire</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table summary=""><tr><td>
+<em>Standard CGI/1.0 and Apache variables:</em>
+<pre>
+HTTP_USER_AGENT PATH_INFO AUTH_TYPE
+HTTP_REFERER QUERY_STRING SERVER_SOFTWARE
+HTTP_COOKIE REMOTE_HOST API_VERSION
+HTTP_FORWARDED REMOTE_IDENT TIME_YEAR
+HTTP_HOST IS_SUBREQ TIME_MON
+HTTP_PROXY_CONNECTION DOCUMENT_ROOT TIME_DAY
+HTTP_ACCEPT SERVER_ADMIN TIME_HOUR
+HTTP:headername SERVER_NAME TIME_MIN
+THE_REQUEST SERVER_PORT TIME_SEC
+REQUEST_METHOD SERVER_PROTOCOL TIME_WDAY
+REQUEST_SCHEME REMOTE_ADDR TIME
+REQUEST_URI REMOTE_USER ENV:<b>variablename</b>
+REQUEST_FILENAME
+</pre>
+<em>SSL-related variables:</em>
+<pre>
+HTTPS SSL_CLIENT_M_VERSION SSL_SERVER_M_VERSION
+ SSL_CLIENT_M_SERIAL SSL_SERVER_M_SERIAL
+SSL_PROTOCOL SSL_CLIENT_V_START SSL_SERVER_V_START
+SSL_SESSION_ID SSL_CLIENT_V_END SSL_SERVER_V_END
+SSL_CIPHER SSL_CLIENT_S_DN SSL_SERVER_S_DN
+SSL_CIPHER_EXPORT SSL_CLIENT_S_DN_C SSL_SERVER_S_DN_C
+SSL_CIPHER_ALGKEYSIZE SSL_CLIENT_S_DN_ST SSL_SERVER_S_DN_ST
+SSL_CIPHER_USEKEYSIZE SSL_CLIENT_S_DN_L SSL_SERVER_S_DN_L
+SSL_VERSION_LIBRARY SSL_CLIENT_S_DN_O SSL_SERVER_S_DN_O
+SSL_VERSION_INTERFACE SSL_CLIENT_S_DN_OU SSL_SERVER_S_DN_OU
+ SSL_CLIENT_S_DN_CN SSL_SERVER_S_DN_CN
+ SSL_CLIENT_S_DN_T SSL_SERVER_S_DN_T
+ SSL_CLIENT_S_DN_I SSL_SERVER_S_DN_I
+ SSL_CLIENT_S_DN_G SSL_SERVER_S_DN_G
+ SSL_CLIENT_S_DN_S SSL_SERVER_S_DN_S
+ SSL_CLIENT_S_DN_D SSL_SERVER_S_DN_D
+ SSL_CLIENT_S_DN_UID SSL_SERVER_S_DN_UID
+ SSL_CLIENT_S_DN_Email SSL_SERVER_S_DN_Email
+ SSL_CLIENT_I_DN SSL_SERVER_I_DN
+ SSL_CLIENT_I_DN_C SSL_SERVER_I_DN_C
+ SSL_CLIENT_I_DN_ST SSL_SERVER_I_DN_ST
+ SSL_CLIENT_I_DN_L SSL_SERVER_I_DN_L
+ SSL_CLIENT_I_DN_O SSL_SERVER_I_DN_O
+ SSL_CLIENT_I_DN_OU SSL_SERVER_I_DN_OU
+ SSL_CLIENT_I_DN_CN SSL_SERVER_I_DN_CN
+ SSL_CLIENT_I_DN_T SSL_SERVER_I_DN_T
+ SSL_CLIENT_I_DN_I SSL_SERVER_I_DN_I
+ SSL_CLIENT_I_DN_G SSL_SERVER_I_DN_G
+ SSL_CLIENT_I_DN_S SSL_SERVER_I_DN_S
+ SSL_CLIENT_I_DN_D SSL_SERVER_I_DN_D
+ SSL_CLIENT_I_DN_UID SSL_SERVER_I_DN_UID
+ SSL_CLIENT_I_DN_Email SSL_SERVER_I_DN_Email
+ SSL_CLIENT_A_SIG SSL_SERVER_A_SIG
+ SSL_CLIENT_A_KEY SSL_SERVER_A_KEY
+ SSL_CLIENT_CERT SSL_SERVER_CERT
+ SSL_CLIENT_CERT_CHAIN<b>n</b>
+ SSL_CLIENT_VERIFY
+</pre>
+</td></tr></table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<br>
+<br>
+<p>
+<h1><a name="ToC24">Additional Features</a></h1>
+<h2><a name="ToC25">Environment Variables</a></h2>
+This module provides a lot of SSL information as additional environment
+variables to the SSI and CGI namespace. The generated variables are listed in
+<a href="#table4">Table 4</a>. For backward compatibility the information can
+be made available under different names, too. Look in the <a
+href="ssl_compat.html">Compatibility</a> chapter for details on the
+compatibility variables.
+<p>
+<div align="center">
+<a name="table4"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 4: SSI/CGI Environment Variables</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="H">
+ <td><b>Variable Name:</b></td>
+ <td><b>Value Type:</b></td>
+ <td><b>Description:</b></td>
+</tr>
+<tr id="D"><td><code>HTTPS</code></td> <td>flag</td> <td>HTTPS is being used.</td></tr>
+<tr id="H"><td><code>SSL_PROTOCOL</code></td> <td>string</td> <td>The SSL protocol version (SSLv2, SSLv3, TLSv1)</td></tr>
+<tr id="H"><td><code>SSL_SESSION_ID</code></td> <td>string</td> <td>The hex-encoded SSL session id</td></tr>
+<tr id="D"><td><code>SSL_CIPHER</code></td> <td>string</td> <td>The cipher specification name</td></tr>
+<tr id="D"><td><code>SSL_CIPHER_EXPORT</code></td> <td>string</td> <td><code>true</code> if cipher is an export cipher</td></tr>
+<tr id="H"><td><code>SSL_CIPHER_USEKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (actually used)</td></tr>
+<tr id="D"><td><code>SSL_CIPHER_ALGKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (possible)</td></tr>
+<tr id="H"><td><code>SSL_VERSION_INTERFACE</code></td> <td>string</td> <td>The mod_ssl program version</td></tr>
+<tr id="D"><td><code>SSL_VERSION_LIBRARY</code></td> <td>string</td> <td>The OpenSSL program version</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_M_VERSION</code></td> <td>string</td> <td>The version of the client certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_M_SERIAL</code></td> <td>string</td> <td>The serial of the client certificate</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_S_DN</code></td> <td>string</td> <td>Subject DN in client's certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Subject DN</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_I_DN</code></td> <td>string</td> <td>Issuer DN of client's certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Issuer DN</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_V_START</code></td> <td>string</td> <td>Validity of client's certificate (start time)</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_V_END</code></td> <td>string</td> <td>Validity of client's certificate (end time)</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of client's certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of client's certificate</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_CERT</code></td> <td>string</td> <td>PEM-encoded client certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_CERT_CHAIN</code><i>n</i></td> <td>string</td> <td>PEM-encoded certificates in client certificate chain</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_VERIFY</code></td> <td>string</td> <td><tt>NONE</tt>, <tt>SUCCESS</tt>, <tt>GENEROUS</tt> or <tt>FAILED:</tt><i>reason</i></td></tr>
+<tr id="D"><td><code>SSL_SERVER_M_VERSION</code></td> <td>string</td> <td>The version of the server certificate</td></tr>
+<tr id="H"><td><code>SSL_SERVER_M_SERIAL</code></td> <td>string</td> <td>The serial of the server certificate</td></tr>
+<tr id="D"><td><code>SSL_SERVER_S_DN</code></td> <td>string</td> <td>Subject DN in server's certificate</td></tr>
+<tr id="H"><td><code>SSL_SERVER_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Subject DN</td></tr>
+<tr id="D"><td><code>SSL_SERVER_I_DN</code></td> <td>string</td> <td>Issuer DN of server's certificate</td></tr>
+<tr id="H"><td><code>SSL_SERVER_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Issuer DN</td></tr>
+<tr id="D"><td><code>SSL_SERVER_V_START</code></td> <td>string</td> <td>Validity of server's certificate (start time)</td></tr>
+<tr id="H"><td><code>SSL_SERVER_V_END</code></td> <td>string</td> <td>Validity of server's certificate (end time)</td></tr>
+<tr id="D"><td><code>SSL_SERVER_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of server's certificate</td></tr>
+<tr id="H"><td><code>SSL_SERVER_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of server's certificate</td></tr>
+<tr id="D"><td><code>SSL_SERVER_CERT</code></td> <td>string</td> <td>PEM-encoded server certificate</td></tr>
+</table>
+[ where <em>x509</em> is a component of a X.509 DN:
+ <code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code> ]
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+<br>
+<h2><a name="ToC26">Custom Log Formats</a></h2>
+When mod_ssl is built into Apache or at least loaded (under DSO situation)
+additional functions exist for the <a
+href="../mod_log_config.html#formats">Custom Log Format</a> of <a
+href="../mod_log_config.html">mod_log_config</a>. First there is an additional
+``<code>%{</code><em>varname</em><code>}x</code>'' eXtension format function
+which can be used to expand any variables provided by any module, especially
+those provided by mod_ssl which can you find in <a href="#table4">Table 4</a>.
+<p>
+For backward compatibility there is additionally a special
+``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
+provided. Information about this function is provided in the <a
+href="ssl_compat.html">Compatibility</a> chapter.
+<p>
+Example:
+<blockquote>
+<pre>
+CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</pre>
+</blockquote>
+ <p>
+ <br>
+ <table summary="">
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td><table width="598" summary="">
+ <tr>
+ <td align="left"><font face="Arial,Helvetica">
+ <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
+ The Apache Interface to OpenSSL
+ </font>
+ </td>
+ <td align="right"><font face="Arial,Helvetica">
+ Copyright © 1998-2001
+ <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
+ All Rights Reserved<br>
+ </font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</div>
+</body>
+</html>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_ssl</name>
+<description>Strong cryptography using the Secure Sockets
+Layer (SSL) and Transport Layer Security (TLS) protocols</description>
+<status>Extension</status>
+<sourcefile>mod_ssl.c</sourcefile>
+<identifier>ssl_module</identifier>
+
+<summary>
+<p>This module provides SSL v2/v3 and TLS v1 support for the Apache
+HTTP Server. It was contributed by Ralf S. Engeschall based on his
+mod_ssl project and originally derived from work by Ben Laurie.</p>
+
+<p>This module relies on <a href="http://www.openssl.org/">OpenSSL</a>
+to provide the cryptography engine.</p>
+
+<p>Further details, discussion, and examples are provided in the
+<a href="../ssl/">SSL documentation</a>.</p>
+</summary>
+
+<section id="ToC25"><title>Environment Variables</title>
+
+<p>This module provides a lot of SSL information as additional environment
+variables to the SSI and CGI namespace. The generated variables are listed in
+the table below. For backward compatibility the information can
+be made available under different names, too. Look in the <a
+href="../ssl/ssl_compat.html">Compatibility</a> chapter for details on the
+compatibility variables.</p>
+
+<div align="center">
+<a name="table4"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">SSI/CGI Environment Variables</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="H">
+ <td><strong>Variable Name:</strong></td>
+ <td><strong>Value Type:</strong></td>
+ <td><strong>Description:</strong></td>
+</tr>
+<tr id="D"><td><code>HTTPS</code></td> <td>flag</td> <td>HTTPS is being used.</td></tr>
+<tr id="H"><td><code>SSL_PROTOCOL</code></td> <td>string</td> <td>The SSL protocol version (SSLv2, SSLv3, TLSv1)</td></tr>
+<tr id="H"><td><code>SSL_SESSION_ID</code></td> <td>string</td> <td>The hex-encoded SSL session id</td></tr>
+<tr id="D"><td><code>SSL_CIPHER</code></td> <td>string</td> <td>The cipher specification name</td></tr>
+<tr id="D"><td><code>SSL_CIPHER_EXPORT</code></td> <td>string</td> <td><code>true</code> if cipher is an export cipher</td></tr>
+<tr id="H"><td><code>SSL_CIPHER_USEKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (actually used)</td></tr>
+<tr id="D"><td><code>SSL_CIPHER_ALGKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (possible)</td></tr>
+<tr id="H"><td><code>SSL_VERSION_INTERFACE</code></td> <td>string</td> <td>The mod_ssl program version</td></tr>
+<tr id="D"><td><code>SSL_VERSION_LIBRARY</code></td> <td>string</td> <td>The OpenSSL program version</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_M_VERSION</code></td> <td>string</td> <td>The version of the client certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_M_SERIAL</code></td> <td>string</td> <td>The serial of the client certificate</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_S_DN</code></td> <td>string</td> <td>Subject DN in client's certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Subject DN</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_I_DN</code></td> <td>string</td> <td>Issuer DN of client's certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Issuer DN</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_V_START</code></td> <td>string</td> <td>Validity of client's certificate (start time)</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_V_END</code></td> <td>string</td> <td>Validity of client's certificate (end time)</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of client's certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of client's certificate</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_CERT</code></td> <td>string</td> <td>PEM-encoded client certificate</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_CERT_CHAIN</code><em>n</em></td> <td>string</td> <td>PEM-encoded certificates in client certificate chain</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_VERIFY</code></td> <td>string</td> <td><code>NONE</code>, <code>SUCCESS</code>, <code>GENEROUS</code> or <code>FAILED:</code><em>reason</em></td></tr>
+<tr id="D"><td><code>SSL_SERVER_M_VERSION</code></td> <td>string</td> <td>The version of the server certificate</td></tr>
+<tr id="H"><td><code>SSL_SERVER_M_SERIAL</code></td> <td>string</td> <td>The serial of the server certificate</td></tr>
+<tr id="D"><td><code>SSL_SERVER_S_DN</code></td> <td>string</td> <td>Subject DN in server's certificate</td></tr>
+<tr id="H"><td><code>SSL_SERVER_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Subject DN</td></tr>
+<tr id="D"><td><code>SSL_SERVER_I_DN</code></td> <td>string</td> <td>Issuer DN of server's certificate</td></tr>
+<tr id="H"><td><code>SSL_SERVER_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Issuer DN</td></tr>
+<tr id="D"><td><code>SSL_SERVER_V_START</code></td> <td>string</td> <td>Validity of server's certificate (start time)</td></tr>
+<tr id="H"><td><code>SSL_SERVER_V_END</code></td> <td>string</td> <td>Validity of server's certificate (end time)</td></tr>
+<tr id="D"><td><code>SSL_SERVER_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of server's certificate</td></tr>
+<tr id="H"><td><code>SSL_SERVER_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of server's certificate</td></tr>
+<tr id="D"><td><code>SSL_SERVER_CERT</code></td> <td>string</td> <td>PEM-encoded server certificate</td></tr>
+</table>
+[ where <em>x509</em> is a component of a X.509 DN:
+ <code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code> ]
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+</section>
+
+<section id="ToC26"><title>Custom Log Formats</title>
+
+<p>When <module>mod_ssl</module> is built into Apache or at least
+loaded (under DSO situation) additional functions exist for the <a
+href="../mod_log_config.html#formats">Custom Log Format</a> of
+<module>mod_log_config</module>. First there is an
+additional ``<code>%{</code><em>varname</em><code>}x</code>''
+eXtension format function which can be used to expand any variables
+provided by any module, especially those provided by mod_ssl which can
+you find in the above table.</p>
+<p>
+For backward compatibility there is additionally a special
+``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
+provided. Information about this function is provided in the <a
+href="../ssl/ssl_compat.html">Compatibility</a> chapter.</p>
+<p>
+Example:</p>
+<example>
+CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</example>
+</section>
+
+<directivesynopsis>
+<name>SSLPassPhraseDialog</name>
+<description>Type of pass phrase dialog for encrypted private
+keys</description>
+<syntax>SSLPassPhraseDialog <em>type</em></syntax>
+<default>SSLPassPhraseDialog builtin</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+<p>
+When Apache starts up it has to read the various Certificate (see
+<directive module="mod_ssl">SSLCertificateFile</directive>) and
+Private Key (see <directive
+module="mod_ssl">SSLCertificateKeyFile</directive>) files of the
+SSL-enabled virtual servers. Because for security reasons the Private
+Key files are usually encrypted, mod_ssl needs to query the
+administrator for a Pass Phrase in order to decrypt those files. This
+query can be done in two ways which can be configured by
+<em>type</em>:</p>
+<ul>
+<li><code>builtin</code>
+ <p>
+ This is the default where an interactive terminal dialog occurs at startup
+ time just before Apache detaches from the terminal. Here the administrator
+ has to manually enter the Pass Phrase for each encrypted Private Key file.
+ Because a lot of SSL-enabled virtual hosts can be configured, the
+ following reuse-scheme is used to minimize the dialog: When a Private Key
+ file is encrypted, all known Pass Phrases (at the beginning there are
+ none, of course) are tried. If one of those known Pass Phrases succeeds no
+ dialog pops up for this particular Private Key file. If none succeeded,
+ another Pass Phrase is queried on the terminal and remembered for the next
+ round (where it perhaps can be reused).</p>
+ <p>
+ This scheme allows mod_ssl to be maximally flexible (because for N encrypted
+ Private Key files you <em>can</em> use N different Pass Phrases - but then
+ you have to enter all of them, of course) while minimizing the terminal
+ dialog (i.e. when you use a single Pass Phrase for all N Private Key files
+ this Pass Phrase is queried only once).</p></li>
+
+<li><code>exec:/path/to/program</code>
+ <p>
+ Here an external program is configured which is called at startup for each
+ encrypted Private Key file. It is called with two arguments (the first is
+ of the form ``<code>servername:portnumber</code>'', the second is either
+ ``<code>RSA</code>'' or ``<code>DSA</code>''), which indicate for which
+ server and algorithm it has to print the corresponding Pass Phrase to
+ <code>stdout</code>. The intent is that this external program first runs
+ security checks to make sure that the system is not compromised by an
+ attacker, and only when these checks were passed successfully it provides
+ the Pass Phrase.</p>
+ <p>
+ Both these security checks, and the way the Pass Phrase is determined, can
+ be as complex as you like. Mod_ssl just defines the interface: an
+ executable program which provides the Pass Phrase on <code>stdout</code>.
+ Nothing more or less! So, if you're really paranoid about security, here
+ is your interface. Anything else has to be left as an exercise to the
+ administrator, because local security requirements are so different.</p>
+ <p>
+ The reuse-algorithm above is used here, too. In other words: The external
+ program is called only once per unique Pass Phrase.</p></li>
+</ul>
+<p>
+Example:</p>
+<example>
+SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLMutex</name>
+<description>Semaphore for internal mutual exclusion of
+operations</description>
+<syntax>SSLMutex <em>type</em></syntax>
+<default>SSLMutex none</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+<p>
+This configures the SSL engine's semaphore (aka. lock) which is used for mutual
+exclusion of operations which have to be done in a synchronized way between the
+pre-forked Apache server processes. This directive can only be used in the
+global server context because it's only useful to have one global mutex.</p>
+<p>
+The following Mutex <em>types</em> are available:</p>
+<ul>
+<li><code>none</code>
+ <p>
+ This is the default where no Mutex is used at all. Use it at your own
+ risk. But because currently the Mutex is mainly used for synchronizing
+ write access to the SSL Session Cache you can live without it as long
+ as you accept a sometimes garbled Session Cache. So it's not recommended
+ to leave this the default. Instead configure a real Mutex.</p></li>
+<li><code>file:/path/to/mutex</code>
+ <p>
+ This is the portable and (under Unix) always provided Mutex variant where
+ a physical (lock-)file is used as the Mutex. Always use a local disk
+ filesystem for <code>/path/to/mutex</code> and never a file residing on a
+ NFS- or AFS-filesystem. Note: Internally, the Process ID (PID) of the
+ Apache parent process is automatically appended to
+ <code>/path/to/mutex</code> to make it unique, so you don't have to worry
+ about conflicts yourself. Notice that this type of mutex is not available
+ under the Win32 environment. There you <em>have</em> to use the semaphore
+ mutex.</p></li>
+<li><code>sem</code>
+ <p>
+ This is the most elegant but also most non-portable Mutex variant where a
+ SysV IPC Semaphore (under Unix) and a Windows Mutex (under Win32) is used
+ when possible. It is only available when the underlying platform
+ supports it.</p></li>
+</ul>
+<example><title>Example</title>
+SSLMutex file:/usr/local/apache/logs/ssl_mutex
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLRandomSeed</name>
+<description>Pseudo Random Number Generator (PRNG) seeding
+source</description>
+<syntax>SSLRandomSeed <em>context</em> <em>source</em>
+[<em>bytes</em>]</syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+<p>
+This configures one or more sources for seeding the Pseudo Random Number
+Generator (PRNG) in OpenSSL at startup time (<em>context</em> is
+<code>startup</code>) and/or just before a new SSL connection is established
+(<em>context</em> is <code>connect</code>). This directive can only be used
+in the global server context because the PRNG is a global facility.</p>
+<p>
+The following <em>source</em> variants are available:</p>
+<ul>
+<li><code>builtin</code>
+ <p> This is the always available builtin seeding source. It's usage
+ consumes minimum CPU cycles under runtime and hence can be always used
+ without drawbacks. The source used for seeding the PRNG contains of the
+ current time, the current process id and (when applicable) a randomly
+ choosen 1KB extract of the inter-process scoreboard structure of Apache.
+ The drawback is that this is not really a strong source and at startup
+ time (where the scoreboard is still not available) this source just
+ produces a few bytes of entropy. So you should always, at least for the
+ startup, use an additional seeding source.</p></li>
+<li><code>file:/path/to/source</code>
+ <p>
+ This variant uses an external file <code>/path/to/source</code> as the
+ source for seeding the PRNG. When <em>bytes</em> is specified, only the
+ first <em>bytes</em> number of bytes of the file form the entropy (and
+ <em>bytes</em> is given to <code>/path/to/source</code> as the first
+ argument). When <em>bytes</em> is not specified the whole file forms the
+ entropy (and <code>0</code> is given to <code>/path/to/source</code> as
+ the first argument). Use this especially at startup time, for instance
+ with an available <code>/dev/random</code> and/or
+ <code>/dev/urandom</code> devices (which usually exist on modern Unix
+ derivates like FreeBSD and Linux).</p>
+ <p>
+ <em>But be careful</em>: Usually <code>/dev/random</code> provides only as
+ much entropy data as it actually has, i.e. when you request 512 bytes of
+ entropy, but the device currently has only 100 bytes available two things
+ can happen: On some platforms you receive only the 100 bytes while on
+ other platforms the read blocks until enough bytes are available (which
+ can take a long time). Here using an existing <code>/dev/urandom</code> is
+ better, because it never blocks and actually gives the amount of requested
+ data. The drawback is just that the quality of the received data may not
+ be the best.</p>
+ <p>
+ On some platforms like FreeBSD one can even control how the entropy is
+ actually generated, i.e. by which system interrupts. More details one can
+ find under <em>rndcontrol(8)</em> on those platforms. Alternatively, when
+ your system lacks such a random device, you can use tool
+ like <a href="http://www.lothar.com/tech/crypto/">EGD</a>
+ (Entropy Gathering Daemon) and run it's client program with the
+ <code>exec:/path/to/program/</code> variant (see below) or use
+ <code>egd:/path/to/egd-socket</code> (see below).</p></li>
+
+<li><code>exec:/path/to/program</code>
+ <p>
+ This variant uses an external executable
+ <code>/path/to/program</code> as the source for seeding the
+ PRNG. When <em>bytes</em> is specified, only the first
+ <em>bytes</em> number of bytes of its <code>stdout</code> contents
+ form the entropy. When <em>bytes</em> is not specified, the
+ entirety of the data produced on <code>stdout</code> form the
+ entropy. Use this only at startup time when you need a very strong
+ seeding with the help of an external program (for instance as in
+ the example above with the <code>truerand</code> utility you can
+ find in the mod_ssl distribution which is based on the AT&T
+ <em>truerand</em> library). Using this in the connection context
+ slows down the server too dramatically, of course. So usually you
+ should avoid using external programs in that context.</p></li>
+<li><code>egd:/path/to/egd-socket</code> (Unix only)
+ <p>
+ This variant uses the Unix domain socket of the
+ external Entropy Gathering Daemon (EGD) (see <a
+ href="http://www.lothar.com/tech/crypto/">http://www.lothar.com/tech
+ /crypto/</a>) to seed the PRNG. Use this if no random device exists
+ on your platform.</p></li>
+</ul>
+<example><title>Example</title>
+SSLRandomSeed startup builtin<br />
+SSLRandomSeed startup file:/dev/random<br />
+SSLRandomSeed startup file:/dev/urandom 1024<br />
+SSLRandomSeed startup exec:/usr/local/bin/truerand 16<br />
+SSLRandomSeed connect builtin<br />
+SSLRandomSeed connect file:/dev/random<br />
+SSLRandomSeed connect file:/dev/urandom 1024<br />
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLSessionCache</name>
+<description>Type of the global/inter-process SSL Session
+Cache</description>
+<syntax>SSLSessionCache <em>type</em></syntax>
+<default>SSLSessionCache none</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+<p>
+This configures the storage type of the global/inter-process SSL Session
+Cache. This cache is an optional facility which speeds up parallel request
+processing. For requests to the same server process (via HTTP keep-alive),
+OpenSSL already caches the SSL session information locally. But because modern
+clients request inlined images and other data via parallel requests (usually
+up to four parallel requests are common) those requests are served by
+<em>different</em> pre-forked server processes. Here an inter-process cache
+helps to avoid unneccessary session handshakes.</p>
+<p>
+The following two storage <em>type</em>s are currently supported:</p>
+<ul>
+<li><code>none</code>
+ <p>
+ This is the default and just disables the global/inter-process Session
+ Cache. There is no drawback in functionality, but a noticeable speed
+ penalty can be observed.</p></li>
+<li><code>dbm:/path/to/datafile</code>
+ <p>
+ This makes use of a DBM hashfile on the local disk to synchronize the
+ local OpenSSL memory caches of the server processes. The slight increase
+ in I/O on the server results in a visible request speedup for your
+ clients, so this type of storage is generally recommended.</p></li>
+<li><code>shm:/path/to/datafile</code>[<code>(</code><em>size</em><code>)</code>]
+ <p>
+ This makes use of a high-performance hash table (approx. <em>size</em> bytes
+ in size) inside a shared memory segment in RAM (established via
+ <code>/path/to/datafile</code>) to synchronize the local OpenSSL memory
+ caches of the server processes. This storage type is not available on all
+ platforms. See the mod_ssl <code>INSTALL</code> document for details on
+ how to build Apache+EAPI with shared memory support.</p></li>
+</ul>
+<example><title>Examples</title>
+SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data<br />
+SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000)
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLSessionCacheTimeout</name>
+<description>Number of seconds before an SSL session expires
+in the Session Cache</description>
+<syntax>SSLSessionCacheTimeout <em>seconds</em></syntax>
+<default>SSLSessionCacheTimeout 300</default>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive sets the timeout in seconds for the information stored in the
+global/inter-process SSL Session Cache and the OpenSSL internal memory cache.
+It can be set as low as 15 for testing, but should be set to higher
+values like 300 in real life.</p>
+<example><title>Example</title>
+SSLSessionCacheTimeout 600
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLEngine</name>
+<description>SSL Engine Operation Switch</description>
+<syntax>SSLEngine on|off</syntax>
+<default>SSLEngine off</default>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive toggles the usage of the SSL/TLS Protocol Engine. This
+is usually used inside a <directive module="core"
+type="section">VirtualHost</directive> section to enable SSL/TLS for a
+particular virtual host. By default the SSL/TLS Protocol Engine is
+disabled for both the main server and all configured virtual hosts.</p>
+<example><title>Example</title>
+<VirtualHost _default_:443><br />
+SSLEngine on<br />
+...<br />
+</VirtualHost>
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLProtocol</name>
+<description>Configure usable SSL protocol flavors</description>
+<syntax>SSLProtocol [+|-]<em>protocol</em> ...</syntax>
+<default>SSLProtocol all</default>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+<override>Options</override>
+
+<usage><!-- XXX Why does this have an override and not .htaccess context? -->
+<p>
+This directive can be used to control the SSL protocol flavors mod_ssl should
+use when establishing its server environment. Clients then can only connect
+with one of the provided protocols.</p>
+<p>
+The available (case-insensitive) <em>protocol</em>s are:</p>
+<ul>
+<li><code>SSLv2</code>
+ <p>
+ This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the
+ original SSL protocol as designed by Netscape Corporation.</p></li>
+
+<li><code>SSLv3</code>
+ <p>
+ This is the Secure Sockets Layer (SSL) protocol, version 3.0. It is the
+ successor to SSLv2 and the currently (as of February 1999) de-facto
+ standardized SSL protocol from Netscape Corporation. It's supported by
+ almost all popular browsers.</p></li>
+
+<li><code>TLSv1</code>
+ <p>
+ This is the Transport Layer Security (TLS) protocol, version 1.0. It is the
+ successor to SSLv3 and currently (as of February 1999) still under
+ construction by the Internet Engineering Task Force (IETF). It's still
+ not supported by any popular browsers.</p></li>
+
+<li><code>All</code>
+ <p>
+ This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' and a
+ convinient way for enabling all protocols except one when used in
+ combination with the minus sign on a protocol as the example above
+ shows.</p></li>
+</ul>
+<example><title>Example</title>
+# enable SSLv3 and TLSv1, but not SSLv2<br />
+SSLProtocol all -SSLv2
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLCipherSuite</name>
+<description>Cipher Suite available for negotiation in SSL
+handshake</description>
+<syntax>SSLCipherSuite <em>cipher-spec</em></syntax>
+<default>SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>AuthConfig</override>
+
+<usage>
+<p>
+This complex directive uses a colon-separated <em>cipher-spec</em> string
+consisting of OpenSSL cipher specifications to configure the Cipher Suite the
+client is permitted to negotiate in the SSL handshake phase. Notice that this
+directive can be used both in per-server and per-directory context. In
+per-server context it applies to the standard SSL handshake when a connection
+is established. In per-directory context it forces a SSL renegotation with the
+reconfigured Cipher Suite after the HTTP request was read but before the HTTP
+response is sent.</p>
+<p>
+An SSL cipher specification in <em>cipher-spec</em> is composed of 4 major
+attributes plus a few extra minor ones:</p>
+<ul>
+<li><em>Key Exchange Algorithm</em>:<br />
+ RSA or Diffie-Hellman variants.
+</li>
+<li><em>Authentication Algorithm</em>:<br />
+ RSA, Diffie-Hellman, DSS or none.
+</li>
+<li><em>Cipher/Encryption Algorithm</em>:<br />
+ DES, Triple-DES, RC4, RC2, IDEA or none.
+</li>
+<li><em>MAC Digest Algorithm</em>:<br />
+ MD5, SHA or SHA1.
+</li>
+</ul>
+<p>An SSL cipher can also be an export cipher and is either a SSLv2 or SSLv3/TLSv1
+cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use,
+one can either specify all the Ciphers, one at a time, or use aliases to
+specify the preference and order for the ciphers (see <a href="#table1">Table
+1</a>).</p>
+
+<div align="center">
+<a name="table1"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 1: OpenSSL Cipher Specification Tags</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="D"><td><strong>Tag</strong></td> <td><strong>Description</strong></td></tr>
+<tr id="H"><td colspan="2"><em>Key Exchange Algorithm:</em></td></tr>
+<tr id="D"><td><code>kRSA</code></td> <td>RSA key exchange</td></tr>
+<tr id="H"><td><code>kDHr</code></td> <td>Diffie-Hellman key exchange with RSA key</td></tr>
+<tr id="D"><td><code>kDHd</code></td> <td>Diffie-Hellman key exchange with DSA key</td></tr>
+<tr id="H"><td><code>kEDH</code></td> <td>Ephemeral (temp.key) Diffie-Hellman key exchange (no cert)</td> </tr>
+<tr id="H"><td colspan="2"><em>Authentication Algorithm:</em></td></tr>
+<tr id="D"><td><code>aNULL</code></td> <td>No authentication</td></tr>
+<tr id="H"><td><code>aRSA</code></td> <td>RSA authentication</td></tr>
+<tr id="D"><td><code>aDSS</code></td> <td>DSS authentication</td> </tr>
+<tr id="H"><td><code>aDH</code></td> <td>Diffie-Hellman authentication</td></tr>
+<tr id="D"><td colspan="2"><em>Cipher Encoding Algorithm:</em></td></tr>
+<tr id="H"><td><code>eNULL</code></td> <td>No encoding</td> </tr>
+<tr id="D"><td><code>DES</code></td> <td>DES encoding</td> </tr>
+<tr id="H"><td><code>3DES</code></td> <td>Triple-DES encoding</td> </tr>
+<tr id="D"><td><code>RC4</code></td> <td>RC4 encoding</td> </tr>
+<tr id="H"><td><code>RC2</code></td> <td>RC2 encoding</td> </tr>
+<tr id="D"><td><code>IDEA</code></td> <td>IDEA encoding</td> </tr>
+<tr id="H"><td colspan="2"><em>MAC Digest Algorithm</em>:</td></tr>
+<tr id="D"><td><code>MD5</code></td> <td>MD5 hash function</td></tr>
+<tr id="H"><td><code>SHA1</code></td> <td>SHA1 hash function</td></tr>
+<tr id="D"><td><code>SHA</code></td> <td>SHA hash function</td> </tr>
+<tr id="H"><td colspan="2"><em>Aliases:</em></td></tr>
+<tr id="D"><td><code>SSLv2</code></td> <td>all SSL version 2.0 ciphers</td></tr>
+<tr id="H"><td><code>SSLv3</code></td> <td>all SSL version 3.0 ciphers</td> </tr>
+<tr id="D"><td><code>TLSv1</code></td> <td>all TLS version 1.0 ciphers</td> </tr>
+<tr id="H"><td><code>EXP</code></td> <td>all export ciphers</td> </tr>
+<tr id="D"><td><code>EXPORT40</code></td> <td>all 40-bit export ciphers only</td> </tr>
+<tr id="H"><td><code>EXPORT56</code></td> <td>all 56-bit export ciphers only</td> </tr>
+<tr id="D"><td><code>LOW</code></td> <td>all low strength ciphers (no export, single DES)</td></tr>
+<tr id="H"><td><code>MEDIUM</code></td> <td>all ciphers with 128 bit encryption</td> </tr>
+<tr id="D"><td><code>HIGH</code></td> <td>all ciphers using Triple-DES</td> </tr>
+<tr id="H"><td><code>RSA</code></td> <td>all ciphers using RSA key exchange</td> </tr>
+<tr id="D"><td><code>DH</code></td> <td>all ciphers using Diffie-Hellman key exchange</td> </tr>
+<tr id="H"><td><code>EDH</code></td> <td>all ciphers using Ephemeral Diffie-Hellman key exchange</td> </tr>
+<tr id="D"><td><code>ADH</code></td> <td>all ciphers using Anonymous Diffie-Hellman key exchange</td> </tr>
+<tr id="H"><td><code>DSS</code></td> <td>all ciphers using DSS authentication</td> </tr>
+<tr id="D"><td><code>NULL</code></td> <td>all ciphers using no encryption</td> </tr>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+Now where this becomes interesting is that these can be put together
+to specify the order and ciphers you wish to use. To speed this up
+there are also aliases (<code>SSLv2, SSLv3, TLSv1, EXP, LOW, MEDIUM,
+HIGH</code>) for certain groups of ciphers. These tags can be joined
+together with prefixes to form the <em>cipher-spec</em>. Available
+prefixes are:</p>
+<ul>
+<li>none: add cipher to list</li>
+<li><code>+</code>: add ciphers to list and pull them to current location in list</li>
+<li><code>-</code>: remove cipher from list (can be added later again)</li>
+<li><code>!</code>: kill cipher from list completely (can <strong>not</strong> be added later again)</li>
+</ul>
+<p>A simpler way to look at all of this is to use the ``<code>openssl ciphers
+-v</code>'' command which provides a nice way to successively create the
+correct <em>cipher-spec</em> string. The default <em>cipher-spec</em> string
+is ``<code>ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</code>'' which
+means the following: first, remove from consideration any ciphers that do not
+authenticate, i.e. for SSL only the Anonymous Diffie-Hellman ciphers. Next,
+use ciphers using RC4 and RSA. Next include the high, medium and then the low
+security ciphers. Finally <em>pull</em> all SSLv2 and export ciphers to the
+end of the list.</p>
+<example>
+<pre>
+$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
+NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
+NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
+EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
+... ... ... ... ...
+EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
+EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+</pre>
+</example>
+<p>The complete list of particular RSA & DH ciphers for SSL is given in <a
+href="#table2">Table 2</a>.</p>
+<example><title>Example</title>
+SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
+</example>
+<div align="center">
+<a name="table2"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 2: Particular SSL Ciphers</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="D"><td><strong>Cipher-Tag</strong></td> <td><strong>Protocol</strong></td> <td><strong>Key Ex.</strong></td> <td><strong>Auth.</strong></td> <td><strong>Enc.</strong></td> <td><strong>MAC</strong></td> <td><strong>Type</strong></td> </tr>
+<tr id="H"><td colspan="7"><em>RSA Ciphers:</em></td></tr>
+<tr id="D"><td><code>DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>DES-CBC3-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>IDEA-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>IDEA(128)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>RC4-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="D"><td><code>RC4-MD5</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="H"><td><code>IDEA-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>IDEA(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>RC2-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC2(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="H"><td><code>RC4-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>DES-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>RC4-64-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC4(64)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>DES-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>DES(56)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="H"><td><code>EXP-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
+<tr id="D"><td><code>EXP-RC2-CBC-MD5</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>RC2(40)</td> <td>MD5</td> <td> export</td> </tr>
+<tr id="H"><td><code>EXP-RC4-MD5</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
+<tr id="D"><td><code>EXP-RC2-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA(512)</td> <td>RSA</td> <td>RC2(40)</td> <td>MD5</td> <td> export</td> </tr>
+<tr id="H"><td><code>EXP-RC4-MD5</code></td> <td>SSLv2</td> <td>RSA(512)</td> <td>RSA</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
+<tr id="D"><td><code>NULL-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>None</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>NULL-MD5</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>None</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td colspan="7"><em>Diffie-Hellman Ciphers:</em></td></tr>
+<tr id="H"><td><code>ADH-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="D"><td><code>ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>RC4(128)</td> <td>MD5</td> <td> </td> </tr>
+<tr id="D"><td><code>EDH-RSA-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>EDH-DSS-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>DSS</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="D"><td><code>EDH-RSA-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>RSA</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="H"><td><code>EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>DSS</td> <td>DES(56)</td> <td>SHA1</td> <td> </td> </tr>
+<tr id="D"><td><code>EXP-EDH-RSA-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>RSA</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
+<tr id="H"><td><code>EXP-EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>DSS</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
+<tr id="D"><td><code>EXP-ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
+<tr id="H"><td><code>EXP-ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLCertificateFile</name>
+<description>Server PEM-encoded X.509 Certificate file</description>
+<syntax>SSLCertificateFile <em>file-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive points to the PEM-encoded Certificate file for the server and
+optionally also to the corresponding RSA or DSA Private Key file for it
+(contained in the same file). If the contained Private Key is encrypted the
+Pass Phrase dialog is forced at startup time. This directive can be used up to
+two times (referencing different filenames) when both a RSA and a DSA based
+server certificate is used in parallel.</p>
+<example><title>Example</title>
+SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLCertificateKeyFile</name>
+<description>Server PEM-encoded Private Key file</description>
+<syntax>SSLCertificateKeyFile <em>file-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive points to the PEM-encoded Private Key file for the
+server. If the Private Key is not combined with the Certificate in the
+<directive>SSLCertificateFile</directive>, use this additional directive to
+point to the file with the stand-alone Private Key. When
+<directive>SSLCertificateFile</directive> is used and the file
+contains both the Certificate and the Private Key this directive need
+not be used. But we strongly discourage this practice. Instead we
+recommend you to separate the Certificate and the Private Key. If the
+contained Private Key is encrypted, the Pass Phrase dialog is forced
+at startup time. This directive can be used up to two times
+(referencing different filenames) when both a RSA and a DSA based
+private key is used in parallel.</p>
+<example><title>Example</title>
+SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLCertificateChainFile</name>
+<description>File of PEM-encoded Server CA Certificates</description>
+<syntax>SSLCertificateChainFile <em>file-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive sets the optional <em>all-in-one</em> file where you can
+assemble the certificates of Certification Authorities (CA) which form the
+certificate chain of the server certificate. This starts with the issuing CA
+certificate of of the server certificate and can range up to the root CA
+certificate. Such a file is simply the concatenation of the various
+PEM-encoded CA Certificate files, usually in certificate chain order.</p>
+<p>
+This should be used alternatively and/or additionally to <directive
+module="mod_ssl">SSLCACertificatePath</directive> for explicitly
+constructing the server certificate chain which is sent to the browser
+in addition to the server certificate. It is especially useful to
+avoid conflicts with CA certificates when using client
+authentication. Because although placing a CA certificate of the
+server certificate chain into <directive
+module="mod_ssl">SSLCACertificatePath</directive> has the same effect
+for the certificate chain construction, it has the side-effect that
+client certificates issued by this same CA certificate are also
+accepted on client authentication. That's usually not one expect.</p>
+<p>
+But be careful: Providing the certificate chain works only if you are using a
+<em>single</em> (either RSA <em>or</em> DSA) based server certificate. If you are
+using a coupled RSA+DSA certificate pair, this will work only if actually both
+certificates use the <em>same</em> certificate chain. Else the browsers will be
+confused in this situation.</p>
+<example><title>Example</title>
+SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLCACertificatePath</name>
+<description>Directory of PEM-encoded CA Certificates for
+Client Auth</description>
+<syntax>SSLCACertificatePath <em>directory-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive sets the directory where you keep the Certificates of
+Certification Authorities (CAs) whose clients you deal with. These are used to
+verify the client certificate on Client Authentication.</p>
+<p>
+The files in this directory have to be PEM-encoded and are accessed through
+hash filenames. So usually you can't just place the Certificate files
+there: you also have to create symbolic links named
+<em>hash-value</em><code>.N</code>. And you should always make sure this directory
+contains the appropriate symbolic links. Use the <code>Makefile</code> which
+comes with mod_ssl to accomplish this task.</p>
+<example><title>Example</title>
+SSLCACertificatePath /usr/local/apache/conf/ssl.crt/
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLCACertificateFile</name>
+<description>File of concatenated PEM-encoded CA Certificates
+for Client Auth</description>
+<syntax>SSLCACertificateFile <em>file-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive sets the <em>all-in-one</em> file where you can assemble the
+Certificates of Certification Authorities (CA) whose <em>clients</em> you deal
+with. These are used for Client Authentication. Such a file is simply the
+concatenation of the various PEM-encoded Certificate files, in order of
+preference. This can be used alternatively and/or additionally to
+<directive module="mod_ssl">SSLCACertificatePath</directive>.</p>
+<example><title>Example</title>
+SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle-client.crt
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLCARevocationPath</name>
+<description>Directory of PEM-encoded CA CRLs for
+Client Auth</description>
+<syntax>SSLCARevocationPath <em>directory-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive sets the directory where you keep the Certificate Revocation
+Lists (CRL) of Certification Authorities (CAs) whose clients you deal with.
+These are used to revoke the client certificate on Client Authentication.</p>
+<p>
+The files in this directory have to be PEM-encoded and are accessed through
+hash filenames. So usually you have not only to place the CRL files there.
+Additionally you have to create symbolic links named
+<em>hash-value</em><code>.rN</code>. And you should always make sure this directory
+contains the appropriate symbolic links. Use the <code>Makefile</code> which
+comes with <module>mod_ssl</module> to accomplish this task.</p>
+<example><title>Example</title>
+SSLCARevocationPath /usr/local/apache/conf/ssl.crl/
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLCARevocationFile</name>
+<description>File of concatenated PEM-encoded CA CRLs for
+Client Auth</description>
+<syntax>SSLCARevocationFile <em>file-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive sets the <em>all-in-one</em> file where you can
+assemble the Certificate Revocation Lists (CRL) of Certification
+Authorities (CA) whose <em>clients</em> you deal with. These are used
+for Client Authentication. Such a file is simply the concatenation of
+the various PEM-encoded CRL files, in order of preference. This can be
+used alternatively and/or additionally to <directive
+module="mod_ssl">SSLCARevocationPath</directive>.</p>
+<example><title>Example</title>
+SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca-bundle-client.crl
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLVerifyClient</name>
+<description>Type of Client Certificate verification</description>
+<syntax>SSLVerifyClient <em>level</em></syntax>
+<default>SSLVerifyClient none</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>AuthConfig</override>
+
+<usage>
+<p>
+This directive sets the Certificate verification level for the Client
+Authentication. Notice that this directive can be used both in per-server and
+per-directory context. In per-server context it applies to the client
+authentication process used in the standard SSL handshake when a connection is
+established. In per-directory context it forces a SSL renegotation with the
+reconfigured client verification level after the HTTP request was read but
+before the HTTP response is sent.</p>
+<p>
+The following levels are available for <em>level</em>:</p>
+<ul>
+<li><strong>none</strong>:
+ no client Certificate is required at all</li>
+<li><strong>optional</strong>:
+ the client <em>may</em> present a valid Certificate</li>
+<li><strong>require</strong>:
+ the client <em>has to</em> present a valid Certificate</li>
+<li><strong>optional_no_ca</strong>:
+ the client may present a valid Certificate<br />
+ but it need not to be (successfully) verifiable.</li>
+</ul>
+<p>In practice only levels <strong>none</strong> and
+<strong>require</strong> are really interesting, because level
+<strong>optional</strong> doesn't work with all browsers and level
+<strong>optional_no_ca</strong> is actually against the idea of
+authentication (but can be used to establish SSL test pages, etc.)</p>
+<example><title>Example</title>
+SSLVerifyClient require
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLVerifyDepth</name>
+<description>Maximum depth of CA Certificates in Client
+Certificate verification</description>
+<syntax>SSLVerifyDepth <em>number</em></syntax>
+<default>SSLVerifyDepth 1</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>AuthConfig</override>
+
+<usage>
+<p>
+This directive sets how deeply mod_ssl should verify before deciding that the
+clients don't have a valid certificate. Notice that this directive can be
+used both in per-server and per-directory context. In per-server context it
+applies to the client authentication process used in the standard SSL
+handshake when a connection is established. In per-directory context it forces
+a SSL renegotation with the reconfigured client verification depth after the
+HTTP request was read but before the HTTP response is sent.</p>
+<p>
+The depth actually is the maximum number of intermediate certificate issuers,
+i.e. the number of CA certificates which are max allowed to be followed while
+verifying the client certificate. A depth of 0 means that self-signed client
+certificates are accepted only, the default depth of 1 means the client
+certificate can be self-signed or has to be signed by a CA which is directly
+known to the server (i.e. the CA's certificate is under
+<directive module="mod_ssl">SSLCACertificatePath</directive>), etc.</p>
+<example><title>Example</title>
+SSLVerifyDepth 10
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLLog</name>
+<description>Where to write the dedicated SSL engine logfile</description>
+<syntax>SSLLog <em>file-path</em></syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive sets the name of the dedicated SSL protocol engine logfile.
+Error type messages are additionally duplicated to the general Apache error
+log file (directive <code>ErrorLog</code>). Put this somewhere where it cannot
+be used for symlink attacks on a real server (i.e. somewhere where only root
+can write). If the <em>file-path</em> does not begin with a slash
+('<code>/</code>') then it is assumed to be relative to the <em>Server
+Root</em>. If <em>file-path</em> begins with a bar ('<code>|</code>') then the
+following string is assumed to be a path to an executable program to which a
+reliable pipe can be established. The directive should occur only once per
+virtual server config.</p>
+<example><title>Example</title>
+SSLLog /usr/local/apache/logs/ssl_engine_log
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLLogLevel</name>
+<description>Logging level for the dedicated SSL engine
+logfile</description>
+<syntax>SSLLogLevel <em>level</em></syntax>
+<default>SSLLogLevel none</default>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+
+<usage>
+<p>
+This directive sets the verbosity degree of the dedicated SSL protocol engine
+logfile. The <em>level</em> is one of the following (in ascending order where
+higher levels include lower levels):</p>
+<ul>
+<li><code>none</code><br />
+ no dedicated SSL logging is done, but messages of level
+ ``<code>error</code>'' are still written to the general Apache error
+ logfile.
+</li>
+<li><code>error</code><br />
+ log messages of error type only, i.e. messages which show fatal situations
+ (processing is stopped). Those messages are also duplicated to the
+ general Apache error logfile.
+</li>
+<li><code>warn</code><br />
+ log also warning messages, i.e. messages which show non-fatal problems
+ (processing is continued).
+</li>
+<li><code>info</code><br />
+ log also informational messages, i.e. messages which show major
+ processing steps.
+</li>
+<li><code>trace</code><br />
+ log also trace messages, i.e. messages which show minor processing steps.
+</li>
+<li><code>debug</code><br />
+ log also debugging messages, i.e. messages which show development and
+ low-level I/O information.
+</li>
+</ul>
+<example><title>Example</title>
+SSLLogLevel warn
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLOptions</name>
+<description>Configure various SSL engine run-time options</description>
+<syntax>SSLOptions [+|-]<em>option</em> ...</syntax>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>Options</override>
+
+<usage>
+<p>
+This directive can be used to control various run-time options on a
+per-directory basis. Normally, if multiple <code>SSLOptions</code>
+could apply to a directory, then the most specific one is taken
+completely; the options are not merged. However if <em>all</em> the
+options on the <code>SSLOptions</code> directive are preceded by a
+plus (<code>+</code>) or minus (<code>-</code>) symbol, the options
+are merged. Any options preceded by a <code>+</code> are added to the
+options currently in force, and any options preceded by a
+<code>-</code> are removed from the options currently in force.</p>
+<p>
+The available <em>option</em>s are:</p>
+<ul>
+<li><code>StdEnvVars</code>
+ <p>
+ When this option is enabled, the standard set of SSL related CGI/SSI
+ environment variables are created. This per default is disabled for
+ performance reasons, because the information extraction step is a
+ rather expensive operation. So one usually enables this option for
+ CGI and SSI requests only.</p>
+</li>
+<li><code>CompatEnvVars</code>
+ <p>
+ When this option is enabled, additional CGI/SSI environment variables are
+ created for backward compatibility to other Apache SSL solutions. Look in
+ the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter for details
+ on the particular variables generated.</p>
+</li>
+<li><code>ExportCertData</code>
+ <p>
+ When this option is enabled, additional CGI/SSI environment variables are
+ created: <code>SSL_SERVER_CERT</code>, <code>SSL_CLIENT_CERT</code> and
+ <code>SSL_CLIENT_CERT_CHAIN</code><em>n</em> (with <em>n</em> = 0,1,2,..).
+ These contain the PEM-encoded X.509 Certificates of server and client for
+ the current HTTPS connection and can be used by CGI scripts for deeper
+ Certificate checking. Additionally all other certificates of the client
+ certificate chain are provided, too. This bloats up the environment a
+ little bit which is why you have to use this option to enable it on
+ demand.</p>
+</li>
+<li><code>FakeBasicAuth</code>
+ <p>
+ When this option is enabled, the Subject Distinguished Name (DN) of the
+ Client X509 Certificate is translated into a HTTP Basic Authorization
+ username. This means that the standard Apache authentication methods can
+ be used for access control. The user name is just the Subject of the
+ Client's X509 Certificate (can be determined by running OpenSSL's
+ <code>openssl x509</code> command: <code>openssl x509 -noout -subject -in
+ </code><em>certificate</em><code>.crt</code>). Note that no password is
+ obtained from the user. Every entry in the user file needs this password:
+ ``<code>xxj31ZMTZzkVA</code>'', which is the DES-encrypted version of the
+ word `<code>password</code>''. Those who live under MD5-based encryption
+ (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5
+ hash of the same word: ``<code>$1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/</code>''.</p>
+</li>
+<li><code>StrictRequire</code>
+ <p>
+ This <em>forces</em> forbidden access when <code>SSLRequireSSL</code> or
+ <code>SSLRequire</code> successfully decided that access should be
+ forbidden. Usually the default is that in the case where a ``<code>Satisfy
+ any</code>'' directive is used, and other access restrictions are passed,
+ denial of access due to <code>SSLRequireSSL</code> or
+ <code>SSLRequire</code> is overridden (because that's how the Apache
+ <code>Satisfy</code> mechanism should work.) But for strict access restriction
+ you can use <code>SSLRequireSSL</code> and/or <code>SSLRequire</code> in
+ combination with an ``<code>SSLOptions +StrictRequire</code>''. Then an
+ additional ``<code>Satisfy Any</code>'' has no chance once mod_ssl has
+ decided to deny access.</p>
+</li>
+<li><code>OptRenegotiate</code>
+ <p>
+ This enables optimized SSL connection renegotiation handling when SSL
+ directives are used in per-directory context. By default a strict
+ scheme is enabled where <em>every</em> per-directory reconfiguration of
+ SSL parameters causes a <em>full</em> SSL renegotiation handshake. When this
+ option is used mod_ssl tries to avoid unnecessary handshakes by doing more
+ granular (but still safe) parameter checks. Nevertheless these granular
+ checks sometimes maybe not what the user expects, so enable this on a
+ per-directory basis only, please.</p>
+</li>
+</ul>
+<example><title>Example</title>
+SSLOptions +FakeBasicAuth -StrictRequire<br />
+<Files ~ "\.(cgi|shtml)$"><br />
+ SSLOptions +StdEnvVars +CompatEnvVars -ExportCertData<br />
+<Files>
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLRequireSSL</name>
+<description>Deny access when SSL is not used for the
+HTTP request</description>
+<syntax>SSLRequireSSL</syntax>
+<contextlist><context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>AuthConfig</override>
+
+<usage>
+<p><!-- XXX: I think the syntax is wrong -->
+This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for
+the current connection. This is very handy inside the SSL-enabled virtual
+host or directories for defending against configuration errors that expose
+stuff that should be protected. When this directive is present all requests
+are denied which are not using SSL.</p>
+<example><title>Example</title>
+SSLRequireSSL
+</example>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SSLRequire</name>
+<description>Allow access only when an arbitrarily complex
+boolean expression is true</description>
+<syntax>SSLRequire <em>expression</em></syntax>
+<contextlist><context>directory</context>
+<context>.htaccess</context></contextlist>
+<override>AuthConfig</override>
+
+<usage>
+<p>
+This directive specifies a general access requirement which has to be
+fulfilled in order to allow access. It's a very powerful directive because the
+requirement specification is an arbitrarily complex boolean expression
+containing any number of access checks.</p>
+<p>
+The <em>expression</em> must match the following syntax (given as a BNF
+grammar notation):</p>
+<blockquote>
+<pre>
+expr ::= "<strong>true</strong>" | "<strong>false</strong>"
+ | "<strong>!</strong>" expr
+ | expr "<strong>&&</strong>" expr
+ | expr "<strong>||</strong>" expr
+ | "<strong>(</strong>" expr "<strong>)</strong>"
+ | comp
+
+comp ::= word "<strong>==</strong>" word | word "<strong>eq</strong>" word
+ | word "<strong>!=</strong>" word | word "<strong>ne</strong>" word
+ | word "<strong><</strong>" word | word "<strong>lt</strong>" word
+ | word "<strong><=</strong>" word | word "<strong>le</strong>" word
+ | word "<strong>></strong>" word | word "<strong>gt</strong>" word
+ | word "<strong>>=</strong>" word | word "<strong>ge</strong>" word
+ | word "<strong>in</strong>" "<strong>{</strong>" wordlist "<strong>}</strong>"
+ | word "<strong>=~</strong>" regex
+ | word "<strong>!~</strong>" regex
+
+wordlist ::= word
+ | wordlist "<strong>,</strong>" word
+
+word ::= digit
+ | cstring
+ | variable
+ | function
+
+digit ::= [0-9]+
+cstring ::= "..."
+variable ::= "<strong>%{</strong>" varname "<strong>}</strong>"
+function ::= funcname "<strong>(</strong>" funcargs "<strong>)</strong>"
+</pre>
+</blockquote>
+<p>while for <code>varname</code> any variable from <a
+href="#table3">Table 3</a> can be used. Finally for
+<code>funcname</code> the following functions are available:</p>
+<ul>
+<li><code>file(</code><em>filename</em><code>)</code>
+ <p>
+ This function takes one string argument and expands to the contents of the
+ file. This is especially useful for matching this contents against a
+ regular expression, etc.</p>
+</li>
+</ul>
+<p>Notice that <em>expression</em> is first parsed into an internal machine
+representation and then evaluated in a second step. Actually, in Global and
+Per-Server Class context <em>expression</em> is parsed at startup time and
+at runtime only the machine representation is executed. For Per-Directory
+context this is different: here <em>expression</em> has to be parsed and
+immediately executed for every request.</p>
+<example><title>Example</title>
+SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \<br />
+ and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \<br />
+ and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \<br />
+ and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \<br />
+ and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \<br />
+ or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+</example>
+<div align="center">
+<a name="table3"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 3: Available Variables for SSLRequire</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table summary=""><tr><td>
+<em>Standard CGI/1.0 and Apache variables:</em>
+<pre>
+HTTP_USER_AGENT PATH_INFO AUTH_TYPE
+HTTP_REFERER QUERY_STRING SERVER_SOFTWARE
+HTTP_COOKIE REMOTE_HOST API_VERSION
+HTTP_FORWARDED REMOTE_IDENT TIME_YEAR
+HTTP_HOST IS_SUBREQ TIME_MON
+HTTP_PROXY_CONNECTION DOCUMENT_ROOT TIME_DAY
+HTTP_ACCEPT SERVER_ADMIN TIME_HOUR
+HTTP:headername SERVER_NAME TIME_MIN
+THE_REQUEST SERVER_PORT TIME_SEC
+REQUEST_METHOD SERVER_PROTOCOL TIME_WDAY
+REQUEST_SCHEME REMOTE_ADDR TIME
+REQUEST_URI REMOTE_USER ENV:<strong>variablename</strong>
+REQUEST_FILENAME
+</pre>
+<em>SSL-related variables:</em>
+<pre>
+HTTPS SSL_CLIENT_M_VERSION SSL_SERVER_M_VERSION
+ SSL_CLIENT_M_SERIAL SSL_SERVER_M_SERIAL
+SSL_PROTOCOL SSL_CLIENT_V_START SSL_SERVER_V_START
+SSL_SESSION_ID SSL_CLIENT_V_END SSL_SERVER_V_END
+SSL_CIPHER SSL_CLIENT_S_DN SSL_SERVER_S_DN
+SSL_CIPHER_EXPORT SSL_CLIENT_S_DN_C SSL_SERVER_S_DN_C
+SSL_CIPHER_ALGKEYSIZE SSL_CLIENT_S_DN_ST SSL_SERVER_S_DN_ST
+SSL_CIPHER_USEKEYSIZE SSL_CLIENT_S_DN_L SSL_SERVER_S_DN_L
+SSL_VERSION_LIBRARY SSL_CLIENT_S_DN_O SSL_SERVER_S_DN_O
+SSL_VERSION_INTERFACE SSL_CLIENT_S_DN_OU SSL_SERVER_S_DN_OU
+ SSL_CLIENT_S_DN_CN SSL_SERVER_S_DN_CN
+ SSL_CLIENT_S_DN_T SSL_SERVER_S_DN_T
+ SSL_CLIENT_S_DN_I SSL_SERVER_S_DN_I
+ SSL_CLIENT_S_DN_G SSL_SERVER_S_DN_G
+ SSL_CLIENT_S_DN_S SSL_SERVER_S_DN_S
+ SSL_CLIENT_S_DN_D SSL_SERVER_S_DN_D
+ SSL_CLIENT_S_DN_UID SSL_SERVER_S_DN_UID
+ SSL_CLIENT_S_DN_Email SSL_SERVER_S_DN_Email
+ SSL_CLIENT_I_DN SSL_SERVER_I_DN
+ SSL_CLIENT_I_DN_C SSL_SERVER_I_DN_C
+ SSL_CLIENT_I_DN_ST SSL_SERVER_I_DN_ST
+ SSL_CLIENT_I_DN_L SSL_SERVER_I_DN_L
+ SSL_CLIENT_I_DN_O SSL_SERVER_I_DN_O
+ SSL_CLIENT_I_DN_OU SSL_SERVER_I_DN_OU
+ SSL_CLIENT_I_DN_CN SSL_SERVER_I_DN_CN
+ SSL_CLIENT_I_DN_T SSL_SERVER_I_DN_T
+ SSL_CLIENT_I_DN_I SSL_SERVER_I_DN_I
+ SSL_CLIENT_I_DN_G SSL_SERVER_I_DN_G
+ SSL_CLIENT_I_DN_S SSL_SERVER_I_DN_S
+ SSL_CLIENT_I_DN_D SSL_SERVER_I_DN_D
+ SSL_CLIENT_I_DN_UID SSL_SERVER_I_DN_UID
+ SSL_CLIENT_I_DN_Email SSL_SERVER_I_DN_Email
+ SSL_CLIENT_A_SIG SSL_SERVER_A_SIG
+ SSL_CLIENT_A_KEY SSL_SERVER_A_KEY
+ SSL_CLIENT_CERT SSL_SERVER_CERT
+ SSL_CLIENT_CERT_CHAIN<strong>n</strong>
+ SSL_CLIENT_VERIFY
+</pre>
+</td></tr></table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_status</name>
+<status>Base</status>
+<identifier>status_module</identifier>
+<sourcefile>mod_status.c</sourcefile>
+<compatibility>Available in Apache 1.1 and later</compatibility>
+
+<description>This module provides information on server activity and
+performance.</description>
+
+<summary>
+
+<note>
+ <strong>Warning:</strong> This document has not been updated
+ to take into account changes made in the 2.0 version of the
+ Apache HTTP Server. Some of the information may still be
+ relevant, but please use it with care.
+</note>
+
+ <p>The Status module allows a server administrator to find out
+ how well their server is performing. A HTML page is presented
+ that gives the current server statistics in an easily readable
+ form. If required this page can be made to automatically
+ refresh (given a compatible browser). Another page gives a
+ simple machine-readable list of the current server state.</p>
+
+ <p>The details given are:</p>
+
+ <ul>
+ <li>The number of children serving requests</li>
+
+ <li>The number of idle children</li>
+
+ <li>The status of each child, the number of requests that
+ child has performed and the total number of bytes served by
+ the child (*)</li>
+
+ <li>A total number of accesses and byte count served (*)</li>
+
+ <li>The time the server was started/restarted and the time it
+ has been running for</li>
+
+ <li>Averages giving the number of requests per second, the
+ number of bytes served per second and the average number of
+ bytes per request (*)</li>
+
+ <li>The current percentage CPU used by each child and in
+ total by Apache (*)</li>
+
+ <li>The current hosts and requests being processed (*)</li>
+ </ul>
+
+ A compile-time option must be used to display the details
+ marked "(*)" as the instrumentation required for obtaining
+ these statistics does not exist within standard Apache.
+</summary>
+
+<section>
+ <title>Enabling Status Support</title>
+
+ To enable status reports only for browsers from the foo.com
+ domain add this code to your <code>httpd.conf</code>
+ configuration file
+<example>
+ <Location /server-status><br />
+ SetHandler server-status<br />
+<br />
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from .foo.com<br />
+ </Location>
+</example>
+
+ <p>You can now access server statistics by using a Web browser
+ to access the page
+ <code>http://your.server.name/server-status</code></p>
+
+ <note><p>Note that <module>mod_status</module> will only work
+ when you are running Apache in <a
+ href="core.html#servertype">standalone</a> mode and not
+ <a href="core.html#servertype">inetd</a> mode.</p></note>
+</section>
+
+<section>
+
+ <title>Automatic Updates</title>
+ You can get the status page to update itself automatically if
+ you have a browser that supports "refresh". Access the page
+ <code>http://your.server.name/server-status?refresh=N</code> to
+ refresh the page every N seconds.
+
+</section>
+
+<section>
+
+ <title>Machine Readable Status File</title>
+ A machine-readable version of the status file is available by
+ accessing the page
+ <code>http://your.server.name/server-status?auto</code>. This
+ is useful when automatically run, see the Perl program in the
+ <code>/support</code> directory of Apache,
+ <code>log_server_status</code>.
+
+ <note>
+ <strong>It should be noted that if <module>mod_status</module> is
+ compiled into the server, its handler capability is available
+ in <em>all</em> configuration files, including
+ <em>per</em>-directory files (<em>e.g.</em>,
+ <code>.htaccess</code>). This may have security-related
+ ramifications for your site.</strong>
+ </note>
+
+</section>
+
+<directivesynopsis>
+
+<name>ExtendedStatus</name>
+<description>This directive controls whether the server keeps track of
+extended status information for each request. This is only
+useful if the status module is enabled on the server.</description>
+<syntax>ExtendedStatus On|Off</syntax>
+<default>ExtendedStatus Off</default>
+<contextlist><context>server config</context></contextlist>
+<compatibility>ExtendedStatus is only available in Apache 1.3.2 and
+later.</compatibility>
+
+<usage>
+ <p>This setting applies to the entire server, and cannot be
+ enabled or disabled on a virtualhost-by-virtualhost basis.</p>
+</usage>
+
+</directivesynopsis>
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_suexec</name>
+<status>Extension</status>
+<identifier>suexec_module</identifier>
+<sourcefile>mod_suexec.c</sourcefile>
+<compatibility>Available in Apache 2.0 and later</compatibility>
+
+<description>This module allows CGI scripts to run as a specified user
+and Group.</description>
+
+<summary>
+ <p>This module allows CGI scripts to run as a specified user
+ and Group.</p>
+</summary>
+
+
+<directivesynopsis>
+
+<name>SuexecUserGroup</name>
+<syntax>SuexecUserGroup <em>User Group</em></syntax>
+<default>None</default>
+<contextlist><context>server config</context>
+<context>virtual host</context></contextlist>
+<compatibility>SuexecUserGroup is only available in 2.0 and
+later.</compatibility>
+
+<usage>
+ <p>The <code>SuexecUserGroup</code> directive allows you to
+ specify a user and group for CGI programs to run as. Non-CGI
+ requests are still processes with the user specified in the
+ User directive. This directive replaces using the User and
+ Group directives inside of VirtualHosts.</p>
+</usage>
+
+</directivesynopsis>
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_unique_id</name>
+<status>Extension</status>
+<identifier>unique_id_module</identifier>
+<sourcefile>mod_unique_id.c</sourcefile>
+<compatibility>Available in Apache 1.3 and later.</compatibility>
+
+<description>This module provides an environment variable with a unique
+identifier for each request.</description>
+
+<summary>
+
+ <p>This module provides a magic token for each request which is
+ guaranteed to be unique across "all" requests under very
+ specific conditions. The unique identifier is even unique
+ across multiple machines in a properly configured cluster of
+ machines. The environment variable <code>UNIQUE_ID</code> is
+ set to the identifier for each request. Unique identifiers are
+ useful for various reasons which are beyond the scope of this
+ document.</p>
+</summary>
+
+<section>
+ <title>Theory</title>
+
+ <p>First a brief recap of how the Apache server works on Unix
+ machines. This feature currently isn't supported on Windows NT.
+ On Unix machines, Apache creates several children, the children
+ process requests one at a time. Each child can serve multiple
+ requests in its lifetime. For the purpose of this discussion,
+ the children don't share any data with each other. We'll refer
+ to the children as httpd processes.</p>
+
+ <p>Your website has one or more machines under your
+ administrative control, together we'll call them a cluster of
+ machines. Each machine can possibly run multiple instances of
+ Apache. All of these collectively are considered "the
+ universe", and with certain assumptions we'll show that in this
+ universe we can generate unique identifiers for each request,
+ without extensive communication between machines in the
+ cluster.</p>
+
+ <p>The machines in your cluster should satisfy these
+ requirements. (Even if you have only one machine you should
+ synchronize its clock with NTP.)</p>
+
+ <ul>
+ <li>The machines' times are synchronized via NTP or other
+ network time protocol.</li>
+
+ <li>The machines' hostnames all differ, such that the module
+ can do a hostname lookup on the hostname and receive a
+ different IP address for each machine in the cluster.</li>
+ </ul>
+
+ <p>As far as operating system assumptions go, we assume that
+ pids (process ids) fit in 32-bits. If the operating system uses
+ more than 32-bits for a pid, the fix is trivial but must be
+ performed in the code.</p>
+
+ <p>Given those assumptions, at a single point in time we can
+ identify any httpd process on any machine in the cluster from
+ all other httpd processes. The machine's IP address and the pid
+ of the httpd process are sufficient to do this. So in order to
+ generate unique identifiers for requests we need only
+ distinguish between different points in time.</p>
+
+ <p>To distinguish time we will use a Unix timestamp (seconds
+ since January 1, 1970 UTC), and a 16-bit counter. The timestamp
+ has only one second granularity, so the counter is used to
+ represent up to 65536 values during a single second. The
+ quadruple <em>( ip_addr, pid, time_stamp, counter )</em> is
+ sufficient to enumerate 65536 requests per second per httpd
+ process. There are issues however with pid reuse over time, and
+ the counter is used to alleviate this issue.</p>
+
+ <p>When an httpd child is created, the counter is initialized
+ with ( current microseconds divided by 10 ) modulo 65536 (this
+ formula was chosen to eliminate some variance problems with the
+ low order bits of the microsecond timers on some systems). When
+ a unique identifier is generated, the time stamp used is the
+ time the request arrived at the web server. The counter is
+ incremented every time an identifier is generated (and allowed
+ to roll over).</p>
+
+ <p>The kernel generates a pid for each process as it forks the
+ process, and pids are allowed to roll over (they're 16-bits on
+ many Unixes, but newer systems have expanded to 32-bits). So
+ over time the same pid will be reused. However unless it is
+ reused within the same second, it does not destroy the
+ uniqueness of our quadruple. That is, we assume the system does
+ not spawn 65536 processes in a one second interval (it may even
+ be 32768 processes on some Unixes, but even this isn't likely
+ to happen).</p>
+
+ <p>Suppose that time repeats itself for some reason. That is,
+ suppose that the system's clock is screwed up and it revisits a
+ past time (or it is too far forward, is reset correctly, and
+ then revisits the future time). In this case we can easily show
+ that we can get pid and time stamp reuse. The choice of
+ initializer for the counter is intended to help defeat this.
+ Note that we really want a random number to initialize the
+ counter, but there aren't any readily available numbers on most
+ systems (<em>i.e.</em>, you can't use rand() because you need
+ to seed the generator, and can't seed it with the time because
+ time, at least at one second resolution, has repeated itself).
+ This is not a perfect defense.</p>
+
+ <p>How good a defense is it? Suppose that one of your machines
+ serves at most 500 requests per second (which is a very
+ reasonable upper bound at this writing, because systems
+ generally do more than just shovel out static files). To do
+ that it will require a number of children which depends on how
+ many concurrent clients you have. But we'll be pessimistic and
+ suppose that a single child is able to serve 500 requests per
+ second. There are 1000 possible starting counter values such
+ that two sequences of 500 requests overlap. So there is a 1.5%
+ chance that if time (at one second resolution) repeats itself
+ this child will repeat a counter value, and uniqueness will be
+ broken. This was a very pessimistic example, and with real
+ world values it's even less likely to occur. If your system is
+ such that it's still likely to occur, then perhaps you should
+ make the counter 32 bits (by editing the code).</p>
+
+ <p>You may be concerned about the clock being "set back" during
+ summer daylight savings. However this isn't an issue because
+ the times used here are UTC, which "always" go forward. Note
+ that x86 based Unixes may need proper configuration for this to
+ be true -- they should be configured to assume that the
+ motherboard clock is on UTC and compensate appropriately. But
+ even still, if you're running NTP then your UTC time will be
+ correct very shortly after reboot.</p>
+
+ <p>The <code>UNIQUE_ID</code> environment variable is
+ constructed by encoding the 112-bit (32-bit IP address, 32 bit
+ pid, 32 bit time stamp, 16 bit counter) quadruple using the
+ alphabet <code>[A-Za-z0-9@-]</code> in a manner similar to MIME
+ base64 encoding, producing 19 characters. The MIME base64
+ alphabet is actually <code>[A-Za-z0-9+/]</code> however
+ <code>+</code> and <code>/</code> need to be specially encoded
+ in URLs, which makes them less desirable. All values are
+ encoded in network byte ordering so that the encoding is
+ comparable across architectures of different byte ordering. The
+ actual ordering of the encoding is: time stamp, IP address,
+ pid, counter. This ordering has a purpose, but it should be
+ emphasized that applications should not dissect the encoding.
+ Applications should treat the entire encoded
+ <code>UNIQUE_ID</code> as an opaque token, which can be
+ compared against other <code>UNIQUE_ID</code>s for equality
+ only.</p>
+
+ <p>The ordering was chosen such that it's possible to change
+ the encoding in the future without worrying about collision
+ with an existing database of <code>UNIQUE_ID</code>s. The new
+ encodings should also keep the time stamp as the first element,
+ and can otherwise use the same alphabet and bit length. Since
+ the time stamps are essentially an increasing sequence, it's
+ sufficient to have a <em>flag second</em> in which all machines
+ in the cluster stop serving and request, and stop using the old
+ encoding format. Afterwards they can resume requests and begin
+ issuing the new encodings.</p>
+
+ <p>This we believe is a relatively portable solution to this
+ problem. It can be extended to multithreaded systems like
+ Windows NT, and can grow with future needs. The identifiers
+ generated have essentially an infinite life-time because future
+ identifiers can be made longer as required. Essentially no
+ communication is required between machines in the cluster (only
+ NTP synchronization is required, which is low overhead), and no
+ communication between httpd processes is required (the
+ communication is implicit in the pid value assigned by the
+ kernel). In very specific situations the identifier can be
+ shortened, but more information needs to be assumed (for
+ example the 32-bit IP address is overkill for any site, but
+ there is no portable shorter replacement for it). </p>
+</section>
+
+
+</modulesynopsis>
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_userdir</name>
+<status>Base</status>
+<description>This module provides for user-specific
+directories.</description>
+<identifier>userdir_module</identifier>
+<sourcefile>mod_userdir.c</sourcefile>
+
+<summary>
+</summary>
+
+
+<directivesynopsis>
+
+<name>UserDir</name>
+<description>Sets the directory from which to serve files when requests
+for a particular user are received, denoted by requests containing
+<em>~username</em>, such as
+<em>http://server.example.com/~bob/</em></description>
+<syntax>UserDir <em>directory-filename</em></syntax>
+<default>UserDir <em>public_html</em></default>
+<contextlist><context>server config</context> <context>virtual
+host</context></contextlist>
+<compatibility>All forms except the <code>UserDir public_html</code>
+form are only available in Apache 1.1 or above. Use of the
+<code>enabled</code> keyword, or <code>disabled</code> with a
+list of usernames, is only available in Apache 1.3 and
+above.</compatibility>
+
+<usage>
+
+ <p>The UserDir directive sets the real directory in a user's
+ home directory to use when a request for a document for a user
+ is received. <em>Directory-filename</em> is one of the
+ following:</p>
+
+ <ul>
+ <li>The name of a directory or a pattern such as those shown
+ below.</li>
+
+ <li>The keyword <code>disabled</code>. This turns off
+ <em>all</em> username-to-directory translations except those
+ explicitly named with the <code>enabled</code> keyword (see
+ below).</li>
+
+ <li>The keyword <code>disabled</code> followed by a
+ space-delimited list of usernames. Usernames that appear in
+ such a list will <em>never</em> have directory translation
+ performed, even if they appear in an <code>enabled</code>
+ clause.</li>
+
+ <li>The keyword <code>enabled</code> followed by a
+ space-delimited list of usernames. These usernames will have
+ directory translation performed even if a global disable is
+ in effect, but not if they also appear in a
+ <code>disabled</code> clause.</li>
+ </ul>
+
+ <p>If neither the <code>enabled</code> nor the
+ <code>disabled</code> keywords appear in the
+ <code>Userdir</code> directive, the argument is treated as a
+ filename pattern, and is used to turn the name into a directory
+ specification. A request for
+ <code>http://www.foo.com/~bob/one/two.html</code> will be
+ translated to:</p>
+
+<table>
+<tr><th>UserDir directive used</th>
+<th>Translated path</th></tr>
+<tr><td>UserDir public_html</td><td>~bob/public_html/one/two.html</td></tr>
+<tr><td>UserDir /usr/web</td><td>/usr/web/bob/one/two.html</td></tr>
+<tr><td>UserDir /home/*/www</td><td>/home/bob/www/one/two.html</td></tr>
+</table>
+
+ <p>The following directives will send redirects to the client:</p>
+
+<table>
+<tr><th>UserDir directive used</th>
+<th>Translated path</th></tr>
+<tr><td>UserDir http://www.foo.com/users</td><td>http://www.foo.com/users/bob/one/two.html</td></tr>
+<tr><td>UserDir
+http://www.foo.com/*/usr</td><td>http://www.foo.com/bob/usr/one/two.html</td></tr>
+<tr><td>UserDir
+http://www.foo.com/~*/</td><td>http://www.foo.com/~bob/one/two.html</td></tr>
+</table>
+
+ <blockquote>
+ <strong>Be careful when using this directive; for instance,
+ <code>"UserDir ./"</code> would map
+ <code>"/~root"</code> to <code>"/"</code> - which is probably
+ undesirable. If you are running Apache 1.3 or above, it is
+ strongly recommended that your configuration include a
+ "<code>UserDir disabled root</code>" declaration.
+ See also the <directive module="core">Directory</directive>
+ directive and the <a href="../misc/security_tips.html">Security
+ Tips</a> page for more information.</strong>
+ </blockquote>
+
+</usage>
+
+</directivesynopsis>
+</modulesynopsis>
+
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+
+<modulesynopsis>
+<name>mod_usertrack</name>
+<description>
+ This module uses cookies to provide for a
+ <em>clickstream</em> log of user activity on a site.
+</description>
+<status>Extension</status>
+<sourcefile>mod_usertrack.c</sourcefile>
+<identifier>usertrack_module</identifier>
+<compatibility>Known as mod_cookies prior to Apache 1.3.</compatibility>
+
+<summary>
+
+ <h2>Summary</h2>
+
+ <p>Previous releases of Apache have included a module which
+ generates a 'clickstream' log of user activity on a site using
+ cookies. This was called the "cookies" module, mod_cookies. In
+ Apache 1.2 and later this module has been renamed the "user
+ tracking" module, mod_usertrack. This module has been
+ simplified and new directives added.</p>
+</summary>
+
+
+<section>
+<title>Logging</title>
+
+ <p>Previously, the cookies module (now the user tracking
+ module) did its own logging, using the <tt>CookieLog</tt>
+ directive. In this release, this module does no logging at all.
+ Instead, a configurable log format file should be used to log
+ user click-streams. This is possible because the logging module
+ now allows multiple log files. The cookie itself is logged by
+ using the text <tt>%{cookie}n</tt> in the log file format. For
+ example:</p>
+<example>
+CustomLog logs/clickstream "%{cookie}n %r %t"
+</example>
+
+ <p>For backward compatibility the configurable log module
+ implements the old <tt>CookieLog</tt> directive, but this
+ should be upgraded to the above <tt>CustomLog</tt> directive. </p>
+</section>
+
+<section>
+<title>2-digit or 4-digit dates for cookies?</title>
+
+ <p>(the following is from message
+ <022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com>
+ in the new-httpd archives)
+<pre>
+From: "Christian Allen" <christian@sane.com>
+Subject: Re: Apache Y2K bug in mod_usertrack.c
+Date: Tue, 30 Jun 1998 11:41:56 -0400
+
+Did some work with cookies and dug up some info that might be useful.
+
+True, Netscape claims that the correct format NOW is four digit dates, and
+four digit dates do in fact work... for Netscape 4.x (Communicator), that
+is. However, 3.x and below do NOT accept them. It seems that Netscape
+originally had a 2-digit standard, and then with all of the Y2K hype and
+probably a few complaints, changed to a four digit date for Communicator.
+Fortunately, 4.x also understands the 2-digit format, and so the best way to
+ensure that your expiration date is legible to the client's browser is to
+use 2-digit dates.
+
+However, this does not limit expiration dates to the year 2000; if you use
+an expiration year of "13", for example, it is interpreted as 2013, NOT
+1913! In fact, you can use an expiration year of up to "37", and it will be
+understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
+about versions previous to those). Not sure why Netscape used that
+particular year as its cut-off point, but my guess is that it was in respect
+to UNIX's 2038 problem. Netscape/MSIE 4.x seem to be able to understand
+2-digit years beyond that, at least until "50" for sure (I think they
+understand up until about "70", but not for sure).
+
+Summary: Mozilla 3.x and up understands two digit dates up until "37"
+(2037). Mozilla 4.x understands up until at least "50" (2050) in 2-digit
+form, but also understands 4-digit years, which can probably reach up until
+9999. Your best bet for sending a long-life cookie is to send it for some
+time late in the year "37".
+</pre>
+</p>
+</section>
+
+<directivesynopsis>
+<name>CookieDomain</name>
+<syntax>CookieDomain <i>domain</i></syntax>
+<default>None</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<description>controls the setting of the domain to which
+ the tracking cookie applies.</description>
+
+<usage>
+
+ <p>This directive controls the setting of the domain to which
+ the tracking cookie applies. If not present, no domain is
+ included in the cookie header field.</p>
+
+ <p>The domain string <b>must</b> begin with a dot, and
+ <b>must</b> include at least one embedded dot. That is,
+ ".foo.com" is legal, but "foo.bar.com" and ".com" are not.</p>
+</usage>
+</directivesynopsis>
+
+
+<directivesynopsis>
+<name>CookieExpires</name>
+<syntax>CookieExpires <em>expiry-period</em></syntax>
+<default></default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override></override>
+<compatibility>In 1.3.20 and earlier, not usable in directory and
+.htaccess</compatibility>
+
+<usage>
+ <p>When used, this directive sets an expiry time on the cookie
+ generated by the usertrack module. The <em>expiry-period</em>
+ can be given either as a number of seconds, or in the format
+ such as "2 weeks 3 days 7 hours". Valid denominations are:
+ years, months, weeks, hours, minutes and seconds. If the expiry
+ time is in any format other than one number indicating the
+ number of seconds, it must be enclosed by double quotes.</p>
+
+ <p>If this directive is not used, cookies last only for the
+ current browser session.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>CookieName</name>
+<syntax>CookieName <em>token</em></syntax>
+<default>Apache</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>This directive allows you to change the name of the cookie
+ this module uses for its tracking purposes. By default the
+ cookie is named "<code>Apache</code>".</p>
+
+ <p>You must specify a valid cookie name; results are
+ unpredictable if you use a name containing unusual characters.
+ Valid characters include A-Z, a-z, 0-9, "_", and "-".</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>CookieStyle</name>
+<syntax>CookieStyle
+ <i>Netscape|Cookie|Cookie2|RFC2109|RFC2965</i></syntax>
+<default></default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<description>Controls the format of the cookie header
+ field</description>
+
+<usage>
+ <p>This directive controls the format of the cookie header
+ field. The three formats allowed are:</p>
+
+ <ul>
+ <li><b>Netscape</b>, which is the original but now deprecated
+ syntax. This is the default, and the syntax Apache has
+ historically used.</li>
+
+ <li><b>Cookie</b> or <b>RFC2109</b>, which is the syntax that
+ superseded the Netscape syntax.</li>
+
+ <li><b>Cookie2</b> or <b>RFC2965</b>, which is the most
+ current cookie syntax.</li>
+ </ul>
+
+ <p>Not all clients can understand all of these formats. but you
+ should use the newest one that is generally acceptable to your
+ users' browsers.</p>
+</usage>
+</directivesynopsis>
+
+
+
+<directivesynopsis>
+<name>CookieTracking</name>
+<syntax>CookieTracking on|off</syntax>
+<default></default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+
+<usage>
+ <p>When the user track module is compiled in, and
+ "CookieTracking on" is set, Apache will start sending a
+ user-tracking cookie for all new requests. This directive can
+ be used to turn this behavior on or off on a per-server or
+ per-directory basis. By default, compiling mod_usertrack will
+ not activate cookies. </p>
+
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_vhost_alias</name>
+<status>Extension</status>
+<identifier>vhost_alias_module</identifier>
+<sourcefile>mod_vhost_alias.c</sourcefile>
+<compatibility>Available in Apache 1.3.7 and later.</compatibility>
+
+<description>This module provides support for <a
+href="../vhosts/mass.html">dynamically configured mass virtual
+hosting</a>.</description>
+
+<summary>
+
+ <p>This module creates dynamically configured virtual hosts, by
+ allowing the IP address and/or the <code>Host:</code> header of
+ the HTTP request to be used as part of the pathname to
+ determine what files to serve. This allows for easy use of a
+ huge number of virtual hosts with similar configurations.</p>
+
+ <seealso>See also: <directive
+ module="core">UseCanonicalName</directive>.</seealso>
+
+</summary>
+
+<section>
+ <title>Directory Name Interpolation</title>
+
+ <p>All the directives in this module interpolate a string into
+ a pathname. The interpolated string (henceforth called the
+ "name") may be either the server name (see the <a
+ href="core.html#usecanonicalname"><code>UseCanonicalName</code></a>
+ directive for details on how this is determined) or the IP
+ address of the virtual host on the server in dotted-quad
+ format. The interpolation is controlled by specifiers inspired
+ by <code>printf</code> which have a number of formats:</p>
+
+<table>
+
+<tr><td><code>%%</code></td>
+<td>insert a <code>%</code></td></tr>
+
+<tr><td><code>%p</code></td>
+<td>insert the port number of the virtual host</td></tr>
+
+<tr><td><code>%N.M</code></td>
+<td>insert (part of) the name</td></tr>
+
+</table>
+
+ <p><code>N</code> and <code>M</code> are used to specify
+ substrings of the name. <code>N</code> selects from the
+ dot-separated components of the name, and <code>M</code>
+ selects characters within whatever <code>N</code> has selected.
+ <code>M</code> is optional and defaults to zero if it isn't
+ present; the dot must be present if and only if <code>M</code>
+ is present. The interpretation is as follows:</p>
+
+ <table>
+ <tr><td><code>0</code></td>
+ <td>the whole name</td></tr>
+
+ <tr><td><code>1</code></td>
+ <td>the first part</td></tr>
+
+ <tr><td><code>2</code></td>
+ <td>the second part</td></tr>
+
+ <tr><td><code>-1</code></td>
+ <td>the last part</td></tr>
+
+ <tr><td><code>-2</code></td>
+ <td>the penultimate part</td></tr>
+
+ <tr><td><code>2+</code></td>
+ <td>the second and all subsequent parts</td></tr>
+
+ <tr><td><code>-2+</code></td>
+ <td>the penultimate and all preceding parts</td></tr>
+
+ <tr><td><code>1+</code> and <code>-1+</code></td>
+ <td>the same as <code>0</code></td></tr>
+ </table>
+
+ <p>If <code>N</code> or <code>M</code> is greater than the number
+ of parts available a single underscore is interpolated. </p>
+
+</section>
+
+<section>
+ <title>Examples</title>
+
+ <p>For simple name-based virtual hosts you might use the
+ following directives in your server configuration file:</p>
+
+<example>
+ UseCanonicalName Off<br />
+ VirtualDocumentRoot /usr/local/apache/vhosts/%0
+</example>
+
+ <p>A request for
+ <code>http://www.example.com/directory/file.html</code> will be
+ satisfied by the file
+ <code>/usr/local/apache/vhosts/www.example.com/directory/file.html</code>.
+ </p>
+
+ <p>For a very large number of virtual hosts it is a good idea
+ to arrange the files to reduce the size of the
+ <code>vhosts</code> directory. To do this you might use the
+ following in your configuration file:</p>
+
+<example>
+ UseCanonicalName Off<br />
+ VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2
+</example>
+
+ <p>A request for
+ <code>http://www.example.isp.com/directory/file.html</code>
+ will be satisfied by the file
+ <code>/usr/local/apache/vhosts/isp.com/e/x/a/example/directory/file.html</code>.</p>
+
+ <p>A more even spread of files can be achieved by hashing from the
+ end of the name, for example: </p>
+
+<example>
+ VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.-1/%2.-2/%2.-3/%2
+</example>
+
+ <p>The example request would come from
+ <code>/usr/local/apache/vhosts/isp.com/e/l/p/example/directory/file.html</code>.</p>
+
+ <p>Alternatively you might use: </p>
+
+<example>
+ VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2.4+
+</example>
+
+ <p>The example request would come from
+ <code>/usr/local/apache/vhosts/isp.com/e/x/a/mple/directory/file.html</code>.</p>
+
+ <p>For IP-based virtual hosting you might use the following in
+ your configuration file:</p>
+
+<example>
+ UseCanonicalName DNS<br />
+ VirtualDocumentRootIP /usr/local/apache/vhosts/%1/%2/%3/%4/docs<br />
+ VirtualScriptAliasIP /usr/local/apache/vhosts/%1/%2/%3/%4/cgi-bin
+</example>
+
+ <p>A request for
+ <code>http://www.example.isp.com/directory/file.html</code>
+ would be satisfied by the file
+ <code>/usr/local/apache/vhosts/10/20/30/40/docs/directory/file.html</code>
+ if the IP address of <code>www.example.com</code> were
+ 10.20.30.40. A request for
+ <code>http://www.example.isp.com/cgi-bin/script.pl</code> would
+ be satisfied by executing the program
+ <code>/usr/local/apache/vhosts/10/20/30/40/cgi-bin/script.pl</code>.</p>
+
+ <p>If you want to include the <code>.</code> character in a
+ <code>VirtualDocumentRoot</code> directive, but it clashes with
+ a <code>%</code> directive, you can work around the problem in
+ the following way:</p>
+
+<example>
+ VirtualDocumentRoot /usr/local/apache/vhosts/%2.0.%3.0
+</example>
+
+ <p>A request for
+ <code>http://www.example.isp.com/directory/file.html</code>
+ will be satisfied by the file
+ <code>/usr/local/apache/vhosts/example.isp/directory/file.html</code>.</p>
+
+ <p>The <directive module="mod_log_config">LogFormat</directive>
+ directives <code>%V</code> and <code>%A</code> are useful
+ in conjunction with this module.</p>
+</section>
+
+<directivesynopsis>
+<name>VirtualDocumentRoot</name>
+<syntax>VirtualDocumentRoot <em>interpolated-directory</em></syntax>
+<default>none</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<override></override>
+<compatibility>VirtualDocumentRoot is only available in 1.3.7 and
+later.</compatibility>
+<description>Dynamically configure the location of the document root
+for a given virtual host.</description>
+
+<usage>
+
+ <p>The <code>VirtualDocumentRoot</code> directive allows you to
+ determine where Apache will find your documents based on the
+ value of the server name. The result of expanding
+ <em>interpolated-directory</em> is used as the root of the
+ document tree in a similar manner to the <directive
+ module="core">DocumentRoot</directive> directive's argument.
+ If <em>interpolated-directory</em> is <code>none</code> then
+ <code>VirtaulDocumentRoot</code> is turned off. This directive
+ cannot be used in the same context as
+ <directive>VirtualDocumentRootIP</directive>.</p>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>VirtualDocumentRootIP</name>
+<syntax>VirtualDocumentRootIP <em>interpolated-directory</em></syntax>
+<default>none</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<override></override>
+<compatibility>VirtualDocumentRootIP is only available in 1.3.7
+and later.</compatibility>
+<description>Dynamically configure the location of the document root
+for a given virtual host</description>
+
+<usage>
+
+<p>The <code>VirtualDocumentRootIP</code> directive is like the
+ <directive>VirtualDocumentRoot</directive>
+ directive, except that it uses the IP address of the server end
+ of the connection instead of the server name.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>VirtualScriptAlias</name>
+<syntax>VirtualScriptAlias <em>interpolated-directory</em></syntax>
+<default>none</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<override></override>
+<compatibility>VirtualScriptAlias is only available in 1.3.7
+and later.</compatibility>
+<description>Dynamically configure the location of the CGI directory for
+a given virtual host.</description>
+
+<usage>
+
+ <p>The <code>VirtualScriptAlias</code> directive allows you to
+ determine where Apache will find CGI scripts in a similar
+ manner to <directive>VirtualDocumentRoot</directive>
+ does for other documents. It matches requests for URIs starting
+ <code>/cgi-bin/</code>, much like <directive
+ module="mod_alias">ScriptAlias</directive>
+ <code>/cgi-bin/</code> would.</p>
+
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>VirtualScriptAliasIP</name>
+<syntax>VirtualScriptAliasIP <em>interpolated-directory</em></syntax>
+<default>none</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+</contextlist>
+<override></override>
+<compatibility>VirtualScriptAliasIP is only available in 1.3.7
+and later.</compatibility>
+<description>Dynamically configure the location of the cgi directory for
+a given virtual host.</description>
+
+<usage>
+
+ <p>The <code>VirtualScriptAliasIP</code> directive is like the
+ <a
+ href="#virtualscriptalias"><code>VirtualScriptAlias</code></a>
+ directive, except that it uses the IP address of the server end
+ of the connection instead of the server name.</p>
+
+ </usage>
+
+</directivesynopsis>
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mpm_common</name>
+<description>A collection of directives that are implemented by
+more than one multi-processing module (MPM)</description>
+<status>MPM</status>
+
+<directivesynopsis>
+<name>CoreDumpDirectory</name>
+<description>Sets the directory where Apache attempts to
+switch before dumping core</description>
+<syntax>CoreDumpDirectory <em>directory</em></syntax>
+<default>CoreDumpDirectory <em>ServerRoot</em></default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module><module>mpm_winnt</module>
+</modulelist>
+
+<usage>
+
+ <p>This controls the directory to which Apache attempts to
+ switch before dumping core. The default is in the
+ <directive module="core">ServerRoot</directive> directory, however
+ since this should not be writable by the user the server runs
+ as, core dumps won't normally get written. If you want a core
+ dump for debugging, you can use this directive to place it in a
+ different location.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>Group</name>
+<description>Sets the group under which the server will answer
+requests</description>
+<syntax>Group <em>unix-group</em></syntax>
+<default>Group #-1</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module></modulelist>
+
+<usage>
+ <p>The <directive>Group</directive> directive sets the group under
+ which the server will answer requests. In order to use this
+ directive, the stand-alone server must be run initially as root.
+ <em>Unix-group</em> is one of:</p>
+
+ <dl>
+ <dt>A group name</dt>
+
+ <dd>Refers to the given group by name.</dd>
+
+ <dt># followed by a group number.</dt>
+
+ <dd>Refers to a group by its number.</dd>
+ </dl>
+ <p>It is recommended that you set up a new group specifically for
+ running the server. Some admins use user <code>nobody</code>,
+ but this is not always possible or desirable.</p>
+
+ <p>Note: if you start the server as a non-root user, it will
+ fail to change to the specified group, and will instead
+ continue to run as the group of the original user.</p>
+
+ <p>Special note: Use of this directive in <VirtualHost< is
+ no longer supported. To implement the <a
+ href="../suexec.html">suEXEC wrapper</a> with Apache 2.0, use the
+ <directive module="mod_suexec">SuexecUserGroup</directive>
+ directive. SECURITY: See <directive
+ module="mpm_common">User</directive> for a discussion of the
+ security considerations.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>PidFile</name>
+<description>Sets the file where the server records the process ID
+of the daemon</description>
+<syntax>PidFile <em>filename</em></syntax>
+<default>PidFile logs/httpd.pid</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchilde</module>
+<module>prefork</module><module>mpm_winnt</module>
+</modulelist>
+
+<usage>
+ <p>The <directive>PidFile</directive> directive sets the file to
+ which the server records the process id of the daemon. If the
+ filename does not begin with a slash (/) then it is assumed to be
+ relative to the <directive module="core">ServerRoot</directive>.</p>
+
+ <p>It is often useful to be able to send the server a signal,
+ so that it closes and then reopens its <directive
+ module="core">ErrorLog</directive> and TransferLog, and
+ re-reads its configuration files. This is done by sending a
+ SIGHUP (kill -1) signal to the process id listed in the
+ PidFile.</p>
+
+ <p>The PidFile is subject to the same warnings about log file
+ placement and <a
+ href="../misc/security_tips.html#serverroot">security</a>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>Listen</name>
+<description>Sets the IP addresses and ports that the server
+listens to</description>
+<syntax>Listen [<em>IP-address</em>:]<em>portnumber</em></syntax>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module><module>mpm_winnt</module>
+</modulelist>
+
+<usage>
+ <p>The <directive>Listen</directive> directive instructs Apache to
+ listen to only specific IP addresses or ports; by default it
+ responds to requests on all IP interfaces. The Listen directive is
+ now a required directive. If it is not in the config file, the
+ server will fail to start. This is a change from previous versions
+ of Apache.</p>
+
+ <p>The Listen directive tells the server to accept incoming
+ requests on the specified port or address-and-port combination.
+ If only a port number is specified, the server listens to the
+ given port on all interfaces. If an IP address is given as well
+ as a port, the server will listen on the given port and
+ interface.</p>
+
+ <p>Multiple Listen directives may be used to specify a number
+ of addresses and ports to listen to. The server will respond to
+ requests from any of the listed addresses and ports.</p>
+
+ <p>For example, to make the server accept connections on both
+ port 80 and port 8000, use:</p>
+<example>
+ Listen 80<br />
+ Listen 8000
+</example>
+ To make the server accept connections on two specified
+ interfaces and port numbers, use
+<example>
+ Listen 192.170.2.1:80<br />
+ Listen 192.170.2.5:8000
+</example>
+ IPv6 addresses must be surrounded in square brackets, as in the
+ following example:
+<example>
+ Listen [fe80::a00:20ff:fea7:ccea]:80
+</example>
+</usage>
+
+<seealso><a href="../dns-caveats.html">DNS Issues</a></seealso>
+<seealso><a href="../bind.html">Setting
+ which addresses and ports Apache uses</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ListenBackLog</name>
+<description>Maximum length of the queue of pending connections</description>
+<syntax>ListenBacklog <em>backlog</em></syntax>
+<default>ListenBacklog 511</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module><module>mpm_winnt</module>
+</modulelist>
+
+<usage>
+ <p>The maximum length of the queue of pending connections.
+ Generally no tuning is needed or desired, however on some
+ systems it is desirable to increase this when under a TCP SYN
+ flood attack. See the backlog parameter to the
+ <code>listen(2)</code> system call.</p>
+
+ <p>This will often be limited to a smaller number by the
+ operating system. This varies from OS to OS. Also note that
+ many OSes do not use exactly what is specified as the backlog,
+ but use a number based on (but normally larger than) what is
+ set.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LockFile</name>
+<description>Location of the accept serialization lock file</description>
+<syntax>LockFile <em>filename</em></syntax>
+<default>LockFile logs/accept.lock</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module></modulelist>
+
+<usage>
+ <p>The <directive>LockFile</directive> directive sets the path to
+ the lockfile used when Apache is compiled with either
+ USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. This
+ directive should normally be left at its default value. The main
+ reason for changing it is if the <code>logs</code> directory is
+ NFS mounted, since <strong>the lockfile must be stored on a local
+ disk</strong>. The PID of the main server process is
+ automatically appended to the filename.</p>
+
+ <p><strong>SECURITY:</strong> It is best to avoid putting this
+ file in a world writable directory such as
+ <code>/var/tmp</code> because someone could create a denial of
+ service attack and prevent the server from starting by creating
+ a lockfile with the same name as the one the server will try to
+ create.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MaxClients</name>
+<description>Maximum number of child processes that will be created
+to serve requests</description>
+<syntax>MaxClients <em>number</em></syntax>
+<default>>MaxClients
+ 8 (with threads) MaxClients 256</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>prefork</module>
+</modulelist>
+
+<usage>
+ <p>The <directive>MaxClients</directive> directive sets the limit
+ on the number of child processes that will be created to serve
+ requests. When the server is built without threading, no more than
+ this number of clients can be served simultaneously. To configure
+ more than 256 clients with the prefork MPM, you must use the
+ <directive module="mpm_common">ServerLimit</directive> directive.
+ To configure more than 1024 clients with the worker MPM, you must
+ use the <directive module="mpm_common">ServerLimit</directive> and
+ <directive module="mpm_common">ThreadLimit</directive> directives.</p>
+
+ <p>Any connection attempts over the
+ <directive>MaxClients</directive> limit will normally be queued,
+ up to a number based on the <directive module="mpm_common"
+ >ListenBacklog</directive> directive. Once a child
+ process is freed at the end of a different request, the connection
+ will then be serviced.</p>
+
+ <p>When the server is compiled with threading, then the maximum
+ number of simultaneous requests that can be served is obtained
+ from the value of this directive multiplied by
+ <directive module="mpm_common">ThreadsPerChild</directive>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MaxRequestPerChild</name>
+<description>Limit on the number of requests that an individual child server
+will handle during its life</description>
+<syntax>MaxRequestsPerChild <em>number</em></syntax>
+<default>MaxRequestsPerChild 10000</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module><module>mpm_winnt</module>
+</modulelist>
+
+<usage>
+ <p>The <directive>MaxRequestsPerChild</directive> directive sets
+ the limit on the number of requests that an individual child
+ server process will handle. After
+ <directive>MaxRequestsPerChild</directive> requests, the child
+ process will die. If <directive>MaxRequestsPerChild</directive> is
+ 0, then the process will never expire.</p>
+
+ <p>Setting <directive>MaxRequestsPerChild</directive> to a
+ non-zero limit has two beneficial effects:</p>
+
+ <ul>
+ <li>it limits the amount of memory that process can consume
+ by (accidental) memory leakage;</li>
+
+ <li>by giving processes a finite lifetime, it helps reduce
+ the number of processes when the server load reduces.</li>
+ </ul>
+
+ <p><strong>NOTE:</strong> For <em>KeepAlive</em> requests, only
+ the first request is counted towards this limit. In effect, it
+ changes the behavior to limit the number of
+ <em>connections</em> per child.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MaxSpareThreads</name>
+<description>Maximum number of idle threads</description>
+<syntax>MaxSpareThreads <em>number</em></syntax>
+<default>MaxSpareThreads 10 (Perchild) or 500 (worker)</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+</modulelist>
+
+<usage>
+ <p>Maximum number of idle threads. Different MPMs deal with this
+ directive differently. <module>perchild</module> monitors the
+ number of idle threads on a per-child basis. If there are too many
+ idle threads in that child, the server will begin to kill threads
+ within that child.</p>
+
+ <p><module>worker</module> deals with idle threads on a
+ server-wide basis. If there are too many idle threads in the
+ server then child processes are killed until the number of idle
+ threads is less than this number.</p>
+
+</usage>
+<seealso><directive module="mpm_common">MinSpareThreads</directive></seealso>
+<seealso><directive module="mpm_common">StartServers</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MaxThreadsPerChild</name>
+<description>Maximum number of threads per child process</description>
+<syntax>MaxThreadsPerChild <em>number</em></syntax>
+<default>MaxThreadsPerChild 64</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+</modulelist>
+
+<usage>
+ <p>Maximum number of threads per child. For MPMs with a
+ variable number of threads per child, this directive sets the
+ maximum number of threads that will be created in each child
+ process. To increase this value beyond its default, it is
+ necessary to change the value of the compile-time define
+ <code>HARD_THREAD_LIMIT</code> and recompile the server.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MinSpareThreads</name>
+<description>Minimum number of idle threads available to handle request
+spikes</description>
+<syntax>MinSpareServers <em>number</em></syntax>
+<default>MinSpareThreads 5 (Perchild) or 250 (worker)</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+</modulelist>
+
+<usage>
+ <p>Minimum number of idle threads to handle request spikes.
+ Different MPMs deal with this directive
+ differently. <module>perchild</module> monitors the number of idle
+ threads on a per-child basis. If there aren't enough idle threads
+ in that child, the server will begin to create new threads within
+ that child.</p>
+
+ <p><module>worker</module> deals with idle threads on a
+ server-wide basis. If there aren't enough idle threads in the
+ server then child processes are created until the number of idle
+ threads is greater than number.</p>
+</usage>
+<seealso><directive module="mpm_common">MaxSpareThreads</directive></seealso>
+<seealso><directive module="mpm_common">StartServers</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>NumServers</name>
+<description>Total number of children alive at the same time</description>
+<syntax>NumServers <em>number</em></syntax>
+<default>NumServers 2</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>perchild</module></modulelist>
+
+<usage>
+ <p>Number of children alive at the same time. MPMs that use
+ this directive do not dynamically create new child processes so
+ this number should be large enough to handle the requests for
+ the entire site.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ScoreBoardFile</name>
+<description>Location of the file used to store coordination data for
+the child processes</description>
+<syntax>ScoreBoardFile <em>file-path</em></syntax>
+<default>ScoreBoardFile logs/apache_status</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module></modulelist>
+
+<usage>
+ <p>The <directive>ScoreBoardFile</directive> directive is required
+ on some architectures to place a file that the server will use to
+ communicate between its children and the parent. The easiest way
+ to find out if your architecture requires a scoreboard file is to
+ run Apache and see if it creates the file named by the
+ directive. If your architecture requires it then you must ensure
+ that this file is not used at the same time by more than one
+ invocation of Apache.</p>
+
+ <p>If you have to use a <directive>ScoreBoardFile</directive> then
+ you may see improved speed by placing it on a RAM disk. But be
+ careful that you heed the same warnings about log file placement
+ and <a href="../misc/security_tips.html">security</a>.</p>
+</usage>
+<seealso><a
+ href="../stopping.html">Stopping and Restarting Apache</a></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>SendBufferSize</name>
+<description>TCP buffer size</description>
+<syntax>SendBufferSize <em>bytes</em></syntax>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module><module>mpm_winnt</module>
+</modulelist>
+
+<usage>
+ <p>The server will set the TCP buffer size to the number of bytes
+ specified. Very useful to increase past standard OS defaults on
+ high speed high latency (<em>i.e.</em>, 100ms or so, such as
+ transcontinental fast pipes).</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ServerLimit</name>
+<description>Upper limit on configurable number of processes</description>
+<syntax>ServerLimit <em>number</em></syntax>
+<default>ServerLimit 256 (prefork), ServerLimit 16 (worker)</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>prefork</module>
+</modulelist>
+
+<usage>
+ <p>For the <module>prefork</module> MPM, this directive sets the
+ maximum configured value for <directive
+ module="mpm_common">MaxClients</directive> for the lifetime of the
+ Apache process. For the worker MPM, this directive in combination
+ with <directive module="mpm_common">ThreadLimit</directive> sets
+ the maximum configured value for <directive
+ module="mpm_common">MaxClients</directive> for the lifetime of the
+ Apache process. Any attempts to change this directive during a
+ restart will be ignored, but <directive
+ module="mpm_common">MaxClients</directive> can be modified during
+ a restart.</p>
+
+ <p>Special care must be taken when using this directive. If
+ <directive>ServerLimit</directive> is set to a value much higher
+ than necessary, extra, unused shared memory will be allocated. If
+ both <directive>ServerLimit</directive> and <directive
+ module="mpm_common">MaxClients</directive> are set to values
+ higher than the system can handle, Apache may not start or the
+ system may become unstable.</p>
+
+ <p>With the <module>prefork</module> MPM, use this directive only
+ if you need to set <directive
+ module="mpm_common">MaxClients</directive> higher higher than 256.
+ Do not set the value of this directive any higher than what you
+ might want to set <directive
+ module="mpm_common">MaxClients</directive> to.</p>
+
+ <p>With the <module>worker</module> MPM, use this directive only
+ if your <directive module="mpm_common">MaxClients</directive> and
+ <directive module="mpm_common">ThreadsPerChild</directive>
+ settings require more than 16 server processes. Do not set the
+ value of this directive any higher than the number of server
+ processes required by what you may want for <directive
+ module="mpm_common">MaxClients </directive> and <directive
+ module="mpm_common">ThreadsPerChild</directive>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>StartServers</name>
+<description>Number of child server processes created at startup</description>
+<syntax>StartServers <em>number</em></syntax>
+<default>StartServers 5</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module></modulelist>
+
+<usage>
+ <p>The <directive>StartServers</directive> directive sets the
+ number of child server processes created on startup. As the number
+ of processes is dynamically controlled depending on the load,
+ there is usually little reason to adjust this parameter.</p>
+</usage>
+<seealso><directive module="mpm_common">MinSpareThreads</directive></seealso>
+<seealso><directive module="mpm_common">MaxSpareThreads</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>StartThreads</name>
+<description>Nubmer of threads each child creates on startup</description>
+<syntax>StartThreads <em>number</em></syntax>
+<default>StartThreads 5</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>perchild</module></modulelist>
+
+<usage>
+ <p>Number of threads each child creates on startup. As the
+ number of threads is dynamically controlled depending on the
+ load, there is usually little reason to adjust this
+ parameter.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ThreadLimit</name>
+<description>Sets the upper limit on the configurable number of threads
+per child process</description>
+<syntax>ThreadLimit <em>number</em></syntax>
+<default>ThreadLimit 64</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module></modulelist>
+
+<usage>
+ <p>This directive sets the maximum configured value for <directive
+ module="mpm_common">ThreadsPerChild</directive> for the lifetime
+ of the Apache process. Any attempts to change this directive
+ during a restart will be ignored, but <directive
+ module="mpm_common">ThreadsPerChild</directive> can be modified
+ during a restart up to the value of this directive.</p>
+
+ <p>Special care must be taken when using this directive. If
+ <directive>ThreadLimit</directive> is set to a value much higher
+ than <directive module="mpm_common">ThreadsPerChild</directive>,
+ extra unused shared memory will be allocated. If both
+ <directive>ThreadLimit</directive> and <directive
+ module="mpm_common">ThreadsPerChild</directive> are set to values
+ higher than the system can handle, Apache may not start or the
+ system may become unstable.</p>
+
+ <p>Use this directive only if you need to set <directive
+ module="mpm_common">ThreadsPerChild</directive> higher than 64. Do
+ not set the value of this directive any higher than what you might
+ want to set <directive
+ module="mpm_common">ThreadsPerChild</directive> to.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ThreadsPerChild</name>
+<description>Number of threads created by each child process</description>
+<syntax>ThreadsPerChild <em>number</em></syntax>
+<default>ThreadsPerChild 50</default>
+<contextlist><context>server config</context></contextlist>
+<modulelist><module>worker</module><module>mpm_winnt</module>
+</modulelist>
+
+<usage>
+ <p>This directive sets the number of threads created by each
+ child process. The child creates these threads at startup and
+ never creates more. if using an MPM like mpmt_winnt, where
+ there is only one child process, this number should be high
+ enough to handle the entire load of the server. If using an MPM
+ like worker, where there are multiple child processes, the
+ total number of threads should be high enough to handle the
+ common load on the server.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>User</name>
+<description>The userid under which the server will answer
+requests</description>
+<syntax>User <em>unix-userid</em></syntax>
+<default>User #-1</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+<modulelist><module>worker</module><module>perchild</module>
+<module>prefork</module></modulelist>
+
+<usage>
+ <p>The <directive>User</directive> directive sets the userid as
+ which the server will answer requests. In order to use this
+ directive, the standalone server must be run initially as
+ root. <em>Unix-userid</em> is one of:</p>
+
+ <dl>
+ <dt>A username</dt>
+
+ <dd>Refers to the given user by name.</dd>
+
+ <dt># followed by a user number.</dt>
+
+ <dd>Refers to a user by their number.</dd>
+ </dl>
+
+ <p>The user should have no privileges which result in it being
+ able to access files which are not intended to be visible to the
+ outside world, and similarly, the user should not be able to
+ execute code which is not meant for httpd requests. It is
+ recommended that you set up a new user and group specifically for
+ running the server. Some admins use user <code>nobody</code>, but
+ this is not always possible or desirable. For example
+ <module>mod_proxy</module>'s cache, when enabled, must be
+ accessible to this user (see <directive
+ module="mod_proxy">CacheRoot</directive>).</p>
+
+ <p>Notes: If you start the server as a non-root user, it will
+ fail to change to the lesser privileged user, and will instead
+ continue to run as that original user. If you do start the
+ server as root, then it is normal for the parent process to
+ remain running as root.</p>
+
+ <p>Special note: Use of this directive in <directive module="core"
+ type="section">VirtualHost</directive> is no longer supported. To
+ configure your server for <a href="mod_suexec.html">suexec</a> use
+ <directive module="mod_suexec">SuexecUserGroup</directive>.</p>
+
+<note><title>Security</title> <p>Don't set <directive>User</directive>
+(or <directive module="mpm_common">Group</directive>) to
+<code>root</code> unless you know exactly what you are doing, and what
+the dangers are.</p></note>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta name="generator" content="Microsoft FrontPage 4.0" />
+
+ <title>Apache MPM prefork</title>
+ </head>
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+
+ <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
+ vlink="#000080" alink="#FF0000">
+ <!--#include virtual="header.html" -->
+
+ <h1 align="CENTER">Multi-Processing Module NetWare</h1>
+
+ <p>This Multi-Processing Module implements an exclusively threaded web
+ server optimized for Novell NetWare.</p>
+
+ <p><a href="module-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> MPM<br />
+ <a href="module-dict.html#SourceFile"
+ rel="Help"><strong>Source File:</strong></a> mpm_netware.c<br />
+ <a href="module-dict.html#ModuleIdentifier"
+ rel="Help"><strong>Module Identifier:</strong></a>
+ mpm_netware_module</p>
+
+ <h2>Summary</h2>
+
+ <p>This Multi-Processing Module (MPM) implements an exclusively threaded web server
+ that has been optimized for Novell NetWare.</p>
+
+ <p>The main thread is responsible for launching child
+ worker threads which listen for connections and serve them when they
+ arrive. Apache always tries to maintain several <em>spare</em>
+ or idle worker threads, which stand ready to serve incoming
+ requests. In this way, clients do not need to wait for a new
+ child threads to be spawned before their requests can be
+ served.</p>
+
+ <p>The <code>StartThreads</code>, <code>MinSpareThreads</code>,
+ <code>MaxSpareThreads</code>, and <code>MaxThreads</code>
+ regulate how the main thread creates worker threads to serve
+ requests. In general, Apache is very self-regulating, so most
+ sites do not need to adjust these directives from their default
+ values. Sites which need to serve more than 250 simultaneous
+ requests may need to increase <code>MaxThreads</code>, while
+ sites with limited memory may need to decrease
+ <code>MaxThreads</code> to keep the server from thrashing (spawning and
+ terminating idle threads). More information about
+ tuning process creation is provided in the <a
+ href="../misc/perf-tuning.html">performance hints</a>
+ documentation.</p>
+
+ <p><code>MaxRequestsPerChild</code> controls how frequently the
+ server recycles processes by killing old ones and launching new
+ ones. On the NetWare OS it is highly recommended that this directive
+ remain set to 0. This allows worker threads to continue servicing
+ requests indefinitely.</p>
+
+ <p>See also: <a href="../bind.html">Setting which addresses and
+ ports Apache uses</a>.</p>
+
+ <h2>Directives</h2>
+
+ <ul>
+
+ <li><a href="mpm_common.html#listen">Listen</a></li>
+
+ <li><a href="mpm_common.html#listenbacklog">ListenBacklog</a></li>
+
+ <li><a href="#maxthreads">MaxThreads</a></li>
+
+ <li><a href="mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></li>
+
+ <li><a href="#maxsparethreads">MaxSpareThreads</a></li>
+
+ <li><a href="#minsparethreads">MinSpareThreads</a></li>
+
+ <li><a href="mpm_common.html#sendbuffersize">SendBufferSize</a></li>
+
+ <li><a href="#startthreads">StartThreads</a></li>
+
+ <li><a href="#threadstacksize">ThreadStackSize</a></li>
+
+ </ul>
+ <hr />
+
+ <h2><a id="maxthreads"
+ name="maxthreads">MaxThreads directive</a></h2>
+ <!--%plaintext <?INDEX {\tt MaxThreads} directive> -->
+ <a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> MaxThreads
+ <em>number</em><br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> <code>MaxThreads 250</code><br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> server config<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> core<p>The MaxThreads directive sets the desired maximum
+ number worker threads allowable.</p>
+
+ <p>See also <a href="#minsparethreads">MinSpareThreads</a>, <a href="#maxsparethreads">MaxSpareThreads</a> and
+ <a href="#startthreads">StartThreads</a>.</p>
+ <hr />
+
+ <h2><a id="maxsparethreads"
+ name="maxspareservers">MaxSpareThreads directive</a></h2>
+ <!--%plaintext <?INDEX {\tt MaxSpareServers} directive> -->
+ <a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> MaxSpareThreads
+ <em>number</em><br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> <code>MaxSpareThreads 100</code><br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> server config<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> core
+
+ <p>The MaxSpareThreads directive sets the desired maximum
+ number of <em>idle</em> worker threads. An idle worker thread
+ is one which is not handling a request. If there are more than
+ MaxSpareThreads idle, then the main thread will kill off the
+ excess worker threads.</p>
+
+ <p>Tuning of this parameter should only be necessary on very
+ busy sites. Setting this parameter to a large number is almost
+ always a bad idea.</p>
+
+ <p>See also <a href="#minsparethreads">MinSpareThreads</a>, <a href="#maxthreads">MaxThreads</a> and
+ <a href="#startthreads">StartThreads</a>.</p>
+ <hr />
+
+ <h2><a id="minsparethreads"
+ name="minspareservers">MinSpareThreads directive</a></h2>
+ <!--%plaintext <?INDEX {\tt MinSpareServers} directive> -->
+ <a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> MinSpareThreads
+ <em>number</em><br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> <code>MinSpareThreads 10</code><br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> server config<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> core<p>The MinSpareThreads directive sets the desired minimum
+ number of <em>idle</em> worker threads. An idle worker thread
+ is one which is not handling a request. If there are fewer than MinSpareThreads idle, then the
+ main thread spawns new worker.</p>
+
+ <p>Tuning of this parameter should only be necessary on very
+ busy sites. Setting this parameter to a large number is almost
+ always a bad idea.</p>
+
+ <p>See also <a href="#maxsparethreads">MaxSpareThreads</a>, <a href="#maxthreads">MaxThreads</a> and
+ <a href="#startthreads">StartThreads</a>.
+ <hr />
+
+ <h2><a id="startthreads"
+ name="startthreads">StartThreads directive</a></h2>
+ <!--%plaintext <?INDEX {\tt StartThreads} directive> -->
+ <a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> StartThreads
+ <em>number</em><br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> <code>StartThreads
+ 50</code><br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> server config<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> core<p>The StartThreads directive sets the desired
+ number of worker threads to spawn and startup. </p>
+
+ <p>See also <a href="#maxsparethreads">MaxSpareThreads</a>, <a href="#minsparethreads">MinSpareThreads</a>
+ and <a href="#maxthreads">MaxThreads</a>.
+ <hr />
+
+ <h2><a id="threadstacksize"
+ name="threadstacksize">ThreadStackSize</a></h2>
+ <a href="directive-dict.html#Syntax"
+ rel="Help"><strong>Syntax:</strong></a> ThreadStackSize
+ <em>number</em><br />
+ <a href="directive-dict.html#Default"
+ rel="Help"><strong>Default:</strong></a> <code>ThreadStackSize
+ 65536</code><br />
+ <a href="directive-dict.html#Context"
+ rel="Help"><strong>Context:</strong></a> server config<br />
+ <a href="directive-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> core
+ <p>This directive tells the server what stack size to use for
+ each of the running threads. If you ever get a stack overflow
+ you will need to bump this number to a higher setting.</p>
+
+ <hr />
+
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+<name>mpm_netware</name>
+<description>Multi-Processing Module implementing an exclusively threaded web
+ server optimized for Novell NetWare</description>
+<status>MPM</status>
+<sourcefile>mpm_netware.c</sourcefile>
+<identifier>mpm_netware_module</identifier>
+
+<summary>
+ <p>This Multi-Processing Module (MPM) implements an exclusively threaded web server
+ that has been optimized for Novell NetWare.</p>
+
+ <p>The main thread is responsible for launching child
+ worker threads which listen for connections and serve them when they
+ arrive. Apache always tries to maintain several <em>spare</em>
+ or idle worker threads, which stand ready to serve incoming
+ requests. In this way, clients do not need to wait for a new
+ child threads to be spawned before their requests can be
+ served.</p>
+
+ <p>The <code>StartThreads</code>, <code>MinSpareThreads</code>,
+ <code>MaxSpareThreads</code>, and <code>MaxThreads</code>
+ regulate how the main thread creates worker threads to serve
+ requests. In general, Apache is very self-regulating, so most
+ sites do not need to adjust these directives from their default
+ values. Sites which need to serve more than 250 simultaneous
+ requests may need to increase <code>MaxThreads</code>, while
+ sites with limited memory may need to decrease
+ <code>MaxThreads</code> to keep the server from thrashing (spawning and
+ terminating idle threads). More information about
+ tuning process creation is provided in the <a
+ href="../misc/perf-tuning.html">performance hints</a>
+ documentation.</p>
+
+ <p><code>MaxRequestsPerChild</code> controls how frequently the
+ server recycles processes by killing old ones and launching new
+ ones. On the NetWare OS it is highly recommended that this directive
+ remain set to 0. This allows worker threads to continue servicing
+ requests indefinitely.</p>
+
+ <p>See also: <a href="../bind.html">Setting which addresses and
+ ports Apache uses</a>.</p>
+</summary>
+
+<directivesynopsis location="mpm_common"><name>Listen</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>ListenBacklog</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>SendBufferSize</name>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MaxThreads</name>
+<syntax>MaxThreads <em>number</em></syntax>
+<default>MaxThreads 250</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+<p>The MaxThreads directive sets the desired maximum
+ number worker threads allowable.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MaxSpareThreads</name>
+<syntax>MaxSpareThreads <em>number</em></syntax>
+<default>MaxSpareThreads 100</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>MaxSpareThreads</directive> directive sets the
+ desired maximum number of <em>idle</em> worker threads. An idle
+ worker thread is one which is not handling a request. If there are
+ more than MaxSpareThreads idle, then the main thread will kill off
+ the excess worker threads.</p>
+
+ <p>Tuning of this parameter should only be necessary on very
+ busy sites. Setting this parameter to a large number is almost
+ always a bad idea.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MinSpareThreads</name>
+<syntax>MinSpareThreads <em>number</em></syntax>
+<default>MinSpareThreads 10</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+<p>The <directive>MinSpareThreads</directive> directive sets the
+desired minimum number of <em>idle</em> worker threads. An idle worker
+thread is one which is not handling a request. If there are fewer than
+MinSpareThreads idle, then the main thread spawns new worker.</p>
+
+ <p>Tuning of this parameter should only be necessary on very
+ busy sites. Setting this parameter to a large number is almost
+ always a bad idea.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>StartThreads</name>
+<syntax>StartThreads <em>number</em></syntax>
+<default>StartThreads 50</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+<p>The StartThreads directive sets the desired
+ number of worker threads to spawn and startup</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ThreadStackSize</name>
+<syntax>ThreadStackSize <em>number</em></syntax>
+<default>ThreadStackSize 65536</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>This directive tells the server what stack size to use for
+ each of the running threads. If you ever get a stack overflow
+ you will need to bump this number to a higher setting.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mpm_winnt</name>
+<description>This Multi-Processing Module is optimized for Windows
+ NT.</description>
+<status>MPM</status>
+<sourcefile>mpm_winnt.c</sourcefile>
+<identifier>mpm_winnt_module</identifier>
+
+<summary>
+ <p>This Multi-Processing Module (MPM) is the default for the
+ Windows NT operating systems. It uses a single control process
+ which launches a single child process which in turn creates
+ threads to handle requests</p>
+</summary>
+
+<directivesynopsis location="mpm_common"><name>CoreDumpDirectory</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>PidFile</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>Listen</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>ListenBacklog</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>SendBufferSize</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>ThreadsPerChild</name>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>perchild</name>
+<description>Multi-Processing Module allowing for daemon processes
+ serving requests to be assigned a variety of different
+ userids</description>
+<status>MPM</status>
+<sourcefile>perchild.c</sourcefile>
+<identifier>mpm_perchild_module</identifier>
+
+<summary>
+<note type="warning">
+This MPM does not currently work on most platforms. Work is ongoing to
+make it functional.
+</note>
+
+ <p>This Multi-Processing Module (MPM) implements a hybrid
+ multi-process, multi-threaded web server. A fixed number of
+ processes create threads to handle requests. Fluctuations in
+ load are handled by increasing or decreasing the number of
+ threads in each process.</p>
+
+ <p>A single control process launches the number of child processes
+ indicated by the <directive
+ module="mpm_common">NumServers</directive> directive at server
+ startup. Each child process creates threads as specified in the
+ <code>StartThreads</code> directive. The individual threads then
+ listen for connections and serve them when they arrive.</p>
+
+ <p>Apache always tries to maintain a pool of <em>spare</em> or
+ idle server threads, which stand ready to serve incoming
+ requests. In this way, clients do not need to wait for new
+ threads to be created. For each child process, Apache assesses
+ the number of idle threads and creates or destroys threads to
+ keep this number within the boundaries specified by
+ <code>MinSpareThreads</code> and <code>MaxSpareThreads</code>.
+ Since this process is very self-regulating, it is rarely
+ necessary to modify these directives from their default values.
+ The maximum number of clients that may be served simultaneously
+ is determined by multiplying the number of server processes
+ that will be created (<code>NumServers</code>) by the maximum
+ number of threads created in each process
+ (<code>MaxThreadsPerChild</code>).</p>
+
+ <p>While the parent process is usually started as root under
+ Unix in order to bind to port 80, the child processes and
+ threads are launched by Apache as a less-privileged user. The
+ <code>User</code> and <code>Group</code> directives are used to
+ set the privileges of the Apache child processes. The child
+ processes must be able to read all the content that will be
+ served, but should have as few privileges beyond that as
+ possible. In addition, unless <a
+ href="../suexec.html">suexec</a> is used, these directives also
+ set the privileges which will be inherited by CGI scripts.</p>
+
+ <p><code>MaxRequestsPerChild</code> controls how frequently the
+ server recycles processes by killing old ones and launching new
+ ones.</p>
+
+ <p>See also: <a href="../bind.html">Setting which addresses and
+ ports Apache uses</a>.</p>
+
+ <p>In addition it adds the extra ability to specify that
+ specific processes should serve requests under different
+ userids. These processes can then be associated with specific
+ virtual hosts.</p>
+ <!-- XXX: This desperately needs more explanation. -->
+</summary>
+
+<directivesynopsis location="mpm_common">
+<name>CoreDumpDirectory</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>Group</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>PidFile</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>Listen</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>ListenBacklog</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>LockFile</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>MaxRequestsPerChild</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>MaxSpareThreads</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>MaxThreadsPerChild</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>MinSpareThreads</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>NumServers</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>ScoreBoardFile</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>SendBufferSize</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>StartThreads</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common">
+<name>User</name>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AssignUserId</name>
+<syntax>AssignUserID <em>user_id</em> <em>group_id</em></syntax>
+<contextlist><context>virtual host</context></contextlist>
+
+<usage>
+ <p>Tie a virtual host to a specific child process. Requests addressed to
+the virtual host where this directive appears will be served by the process
+running with the specified user and group id.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>ChildPerUserId</name>
+<syntax>ChildPerUserID <em>user_id</em>
+<em>group_id</em> <em>child_id</em></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Specify a user id and group id for a specific child process. The number of
+children if set by the <a href="mpm_common.html#numservers">NumServers</a>
+directive. For example, the default value for <a
+href="mpm_common.html#numservers">NumServers</a> is 5 and that means
+children ids 1,2,3,4 and 5 are available for assigment. If a child does not
+have an associated ChildPerUserID, it inherits the <a
+href="mpm_common.html#user">User</a> and <a
+href="mpm_common.html#group">Group</a> settings from the main server </p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+<name>prefork</name>
+<description>Implements a non-threaded, pre-forking web server</description>
+<status>MPM</status>
+<sourcefile>prefork.c</sourcefile>
+<identifier>mpm_prefork_module</identifier>
+
+<summary>
+ <p>This Multi-Processing Module (MPM) implements a
+ non-threaded, pre-forking web server which handles request in a
+ manner very similar to the default behavior of Apache 1.3 on
+ Unix.</p>
+
+ <p>A single control process is responsible for launching child
+ processes which listen for connections and serve them when they
+ arrive. Apache always tries to maintain several <em>spare</em>
+ or idle server processes, which stand ready to serve incoming
+ requests. In this way, clients do not need to wait for a new
+ child processes to be forked before their requests can be
+ served.</p>
+
+ <p>The <directive module="mpm_common">StartServers</directive>,
+ <directive module="prefork">MinSpareServers</directive>,
+ <directive module="prefork">MaxSpareServers</directive>, and
+ <directive module="mpm_common">MaxClients</directive> regulate how
+ the parent process creates children to serve requests. In general,
+ Apache is very self-regulating, so most sites do not need to
+ adjust these directives from their default values. Sites which
+ need to serve more than 256 simultaneous requests may need to
+ increase <directive module="mpm_common">MaxClients</directive>,
+ while sites with limited memory may need to decrease <directive
+ module="mpm_common">MaxClients</directive> to keep the server from
+ thrashing (swapping memory to disk and back). More information
+ about tuning process creation is provided in the <a
+ href="../misc/perf-tuning.html">performance hints</a>
+ documentation.</p>
+
+ <p>While the parent process is usually started as root under Unix
+ in order to bind to port 80, the child processes are launched by
+ Apache as a less-privileged user. The <directive
+ module="mpm_common">User</directive> and <directive
+ module="mpm_common">Group</directive> directives are used to set
+ the privileges of the Apache child processes. The child processes
+ must be able to read all the content that will be served, but
+ should have as few privileges beyond that as possible. In
+ addition, unless <a href="../suexec.html">suexec</a> is used,
+ these directives also set the privileges which will be inherited
+ by CGI scripts.</p>
+
+ <p><directive module="mpm_common">MaxRequestsPerChild</directive>
+ controls how frequently the server recycles processes by killing
+ old ones and launching new ones.</p>
+</summary>
+<seealso><a href="../bind.html">Setting which addresses and
+ ports Apache uses</a></seealso>
+
+<directivesynopsis location="mpm_common">
+<name>CoreDumpDirectory</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>PidFile</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>Listen</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>ListenBacklog</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>LockFile</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>MaxRequestsPerChild</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>MaxSpareServers</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>MinSpareServers</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>ScoreBoardFile</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>SendBufferSize</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>ServerLimit</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>StartServers</name>
+</directivesynopsis>
+
+<directivesynopsis location="mpm_common">
+<name>User</name>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AcceptMutex</name>
+<description>Method that Apache uses to serialize multiple children
+accepting requests on network sockets</description>
+<syntax>AcceptMutex default|<em>method</em></syntax>
+<default>AcceptMutex default</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>AcceptMutex</directive> directives sets the
+ method that Apache uses to serialize multiple children accepting
+ requests on network sockets. Prior to Apache 2.0, the method was
+ selectable only at compile time. The optimal method to use is
+ highly architecture and platform dependent. For further details,
+ see the <a href="../misc/perf-tuning.html">performance tuning</a>
+ documentation.</p>
+
+ <p>If this directive is set to <code>default</code>, then the
+ compile-time selected default will be used. Other possible
+ methods are listed below. Note that not all methods are
+ available on all platforms. If a method is specified which is
+ not available, a message will be written to the error log
+ listing the available methods.</p>
+
+ <dl>
+ <dt><code>flock</code></dt>
+
+ <dd>uses the <code>flock(2)</code> system call to lock the
+ file defined by the <directive module="mpm_common"
+ >LockFile</directive> directive.</dd>
+
+ <dt><code>fcntl</code></dt>
+
+ <dd>uses the <code>fnctl(2)</code> system call to lock the
+ file defined by the <directive module="mpm_common"
+ >LockFile</directive> directive.</dd>
+
+ <dt><code>sysvsem</code></dt>
+
+ <dd>uses SySV-style semaphores to implement the mutex.</dd>
+
+ <dt><code>pthread</code></dt>
+
+ <dd>uses POSIX mutexes as implemented by the POSIX Threads
+ (PThreads) specification.</dd>
+ </dl>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MaxSpareServers</name>
+<description>Maximum number of idle child server processes</description>
+<syntax>MaxSpareServers <em>number</em><br /></syntax>
+<default>MaxSpareServers 10</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>MaxSpareServers</directive> directive sets the
+ desired maximum number of <em>idle</em> child server processes. An
+ idle process is one which is not handling a request. If there are
+ more than MaxSpareServers idle, then the parent process will kill
+ off the excess processes.</p>
+
+ <p>Tuning of this parameter should only be necessary on very
+ busy sites. Setting this parameter to a large number is almost
+ always a bad idea.</p>
+</usage>
+<seealso><directive module="prefork">MinSpareServers</directive></seealso>
+<seealso><directive module="mpm_common">StartServers</directive></seealso>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>MinSpareServers</name>
+<description>Minimum number of idle child server processes</description>
+<syntax>MinSpareServers <em>number</em></syntax>
+<default>MinSpareServers 5</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>The <directive>MinSpareServers</directive> directive sets the
+ desired minimum number of <em>idle</em> child server processes. An
+ idle process is one which is not handling a request. If there are
+ fewer than MinSpareServers idle, then the parent process creates
+ new children at a maximum rate of 1 per second.</p>
+
+ <p>Tuning of this parameter should only be necessary on very
+ busy sites. Setting this parameter to a large number is almost
+ always a bad idea.</p>
+
+ <p>This directive has no effect on Microsoft Windows.</p>
+</usage>
+<seealso><directive module="prefork">MaxSpareServers</directive></seealso>
+<seealso><directive module="mpm_common">StartServers</directive></seealso>
+</directivesynopsis>
+
+</modulesynopsis>
+
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta name="generator" content="HTML Tidy, see www.w3.org" />
+
+ <title>Apache MPM worker</title>
+ </head>
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+
+ <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
+ vlink="#000080" alink="#FF0000">
+ <!--#include virtual="header.html" -->
+
+ <h1 align="CENTER">Multi-Processing Module worker</h1>
+
+ <p>This Multi-Processing Module implements a hybrid
+ multi-threaded multi-process web server.</p>
+
+ <p><a href="module-dict.html#Status"
+ rel="Help"><strong>Status:</strong></a> MPM<br />
+ <a href="module-dict.html#SourceFile"
+ rel="Help"><strong>Source File:</strong></a> worker.c<br />
+ <a href="module-dict.html#ModuleIdentifier"
+ rel="Help"><strong>Module Identifier:</strong></a>
+ mpm_worker_module</p>
+
+ <h2>Summary</h2>
+
+ <p>This Multi-Processing Module (MPM) is the default for most
+ unix-like operating systems. It implements a hybrid
+ multi-process multi-threaded server. Each process has a fixed
+ number of threads. The server adjusts to handle load by
+ increasing or decreasing the number of processes.</p>
+
+ <p>A single control process is responsible for launching child
+ processes. Each child process creates a fixed number of threads
+ as specified in the <code>ThreadsPerChild</code> directive. The
+ individual threads then listen for connections and serve them
+ when they arrive.</p>
+
+ <p>Apache always tries to maintain a pool of <em>spare</em> or
+ idle server threads, which stand ready to serve incoming
+ requests. In this way, clients do not need to wait for a new
+ threads or processes to be created before their requests can be
+ served. Apache assesses the total number of idle threads in all
+ processes, and forks or kills processes to keep this number
+ within the boundaries specified by <code>MinSpareThreads</code>
+ and <code>MaxSpareThreads</code>. Since this process is very
+ self-regulating, it is rarely necessary to modify these
+ directives from their default values. The maximum number of
+ clients that may be served simultaneously is determined by
+ multiplying the maximum number of server processes that will be
+ created (<code>MaxClients</code>) by the number of threads
+ created in each process (<code>ThreadsPerChild</code>).</p>
+
+ <p>While the parent process is usually started as root under
+ Unix in order to bind to port 80, the child processes and
+ threads are launched by Apache as a less-privileged user. The
+ <code>User</code> and <code>Group</code> directives are used to
+ set the privileges of the Apache child processes. The child
+ processes must be able to read all the content that will be
+ served, but should have as few privileges beyond that as
+ possible. In addition, unless <a
+ href="../suexec.html">suexec</a> is used, these directives also
+ set the privileges which will be inherited by CGI scripts.</p>
+
+ <p><code>MaxRequestsPerChild</code> controls how frequently the
+ server recycles processes by killing old ones and launching new
+ ones.</p>
+
+ <p>See also: <a href="../bind.html">Setting which addresses and
+ ports Apache uses</a>.</p>
+
+ <h2>Directives</h2>
+
+ <ul>
+ <li><a
+ href="mpm_common.html#coredumpdirectory">CoreDumpDirectory</a></li>
+
+ <li><a href="mpm_common.html#group">Group</a></li>
+
+ <li><a href="mpm_common.html#pidfile">PidFile</a></li>
+
+ <li><a href="mpm_common.html#listen">Listen</a></li>
+
+ <li><a
+ href="mpm_common.html#listenbacklog">ListenBacklog</a></li>
+
+ <li><a href="mpm_common.html#lockfile">LockFile</a></li>
+
+ <li><a href="mpm_common.html#maxclients">MaxClients</a></li>
+
+ <li><a
+ href="mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></li>
+
+ <li><a
+ href="mpm_common.html#maxsparethreads">MaxSpareThreads</a></li>
+
+ <li><a
+ href="mpm_common.html#minsparethreads">MinSpareThreads</a></li>
+
+ <li><a
+ href="mpm_common.html#scoreboardfile">ScoreBoardFile</a></li>
+
+ <li><a
+ href="mpm_common.html#sendbuffersize">SendBufferSize</a></li>
+
+ <li><a
+ href="mpm_common.html#startservers">StartServers</a></li>
+
+ <li><a
+ href="mpm_common.html#threadsperchild">ThreadsPerChild</a></li>
+
+ <li><a href="mpm_common.html#user">User</a></li>
+ </ul>
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
+
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+<name>worker</name>
+<description>Multi-Processing Module implementing a hybrid
+ multi-threaded multi-process web server</description>
+<status>MPM</status>
+<sourcefile>worker.c</sourcefile>
+<identifier>mpm_worker_module</identifier>
+
+<summary>
+ <p>This Multi-Processing Module (MPM) is the default for most
+ unix-like operating systems. It implements a hybrid
+ multi-process multi-threaded server. Each process has a fixed
+ number of threads. The server adjusts to handle load by
+ increasing or decreasing the number of processes.</p>
+
+ <p>A single control process is responsible for launching child
+ processes. Each child process creates a fixed number of threads
+ as specified in the <code>ThreadsPerChild</code> directive. The
+ individual threads then listen for connections and serve them
+ when they arrive.</p>
+
+ <p>Apache always tries to maintain a pool of <em>spare</em> or
+ idle server threads, which stand ready to serve incoming
+ requests. In this way, clients do not need to wait for a new
+ threads or processes to be created before their requests can be
+ served. Apache assesses the total number of idle threads in all
+ processes, and forks or kills processes to keep this number
+ within the boundaries specified by <code>MinSpareThreads</code>
+ and <code>MaxSpareThreads</code>. Since this process is very
+ self-regulating, it is rarely necessary to modify these
+ directives from their default values. The maximum number of
+ clients that may be served simultaneously is determined by
+ multiplying the maximum number of server processes that will be
+ created (<code>MaxClients</code>) by the number of threads
+ created in each process (<code>ThreadsPerChild</code>).</p>
+
+ <p>While the parent process is usually started as root under
+ Unix in order to bind to port 80, the child processes and
+ threads are launched by Apache as a less-privileged user. The
+ <code>User</code> and <code>Group</code> directives are used to
+ set the privileges of the Apache child processes. The child
+ processes must be able to read all the content that will be
+ served, but should have as few privileges beyond that as
+ possible. In addition, unless <a
+ href="../suexec.html">suexec</a> is used, these directives also
+ set the privileges which will be inherited by CGI scripts.</p>
+
+ <p><code>MaxRequestsPerChild</code> controls how frequently the
+ server recycles processes by killing old ones and launching new
+ ones.</p>
+
+ <p>See also: <a href="../bind.html">Setting which addresses and
+ ports Apache uses</a>.</p>
+</summary>
+
+<directivesynopsis location="mpm_common"><name>CoreDumpDirectory</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>Group</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>PidFile</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>Listen</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>ListenBacklog</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>LockFile</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>MaxClients</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>MaxSpareThreads</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>MinSpareThreads</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>ScoreBoardFile</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>SendBufferSize</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>ServerLimit</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>StartServers</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>ThreadLimit</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>ThreadsPerChild</name>
+</directivesynopsis>
+<directivesynopsis location="mpm_common"><name>User</name>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta name="generator" content="notepad" />
+
+ <title>New features with Apache 2.0</title>
+ </head>
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+
+ <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
+ vlink="#000080" alink="#FF0000">
+ <!--#include virtual="header.html" -->
+
+ <h1 align="CENTER">Übersicht der neuen Funktionen in Apache 2.0</h1>
+ <p>übersetzt von simon.putz@t-online.de</p>
+ <p>Erweiterungen: <a href="#core">Core</a> | <a href="#module">Module</a></p>
+
+ <hr />
+
+ <h2><a id="core" name="core">Core Erweiterungen:</a></h2>
+
+ <dl>
+ <dt><strong>Unix Threading</strong></dt>
+
+ <dd>Auf Unix Systemen mit POSIX threads Unterstützung, kann Apache jetzt
+ in einem hybrid multiprocess im multithreaded mode gestartet werden. Dies
+ verbessiert die Skalierfähigkeit für viele, aber nicht alle Konfigurationen.</dd>
+
+ <dt><strong>Neues Build System</strong></dt>
+
+ <dd>Das build system wurde komplett auf der Basis von autoconf und libtool neugeschrieben.
+ Dadurch wird Apaches Konfigurationssystem dem vieler anderer Packages ähnlicher.</dd>
+
+ <dt><strong>Multiprotocol Unterstützung</strong></dt>
+
+ <dd>Apache hat jetzt einiges der Infrastruktur bereit um mehrere Protokolle zu unterstützen.
+ mod_echo wurde zum Beispiel neugeschrieben.</dd>
+
+ <dt><strong>Bessere Unterstützung von nicht-Unix Plattformen</strong></dt>
+
+ <dd>Apache 2.0 ist schneller und stabiler auf nicht-Unix
+ Plattformen wie BeOS, OS/2, und Windows. Mit der Einführung von Plattform-spezifischen
+ <a href="mpm.html">multi-processing Modulen</a> (MPMs) und der
+ Apache Portable Runtime (APR), sind diese Plattformen jetzt in ihrer
+ eigenen API implementiert, was die häufigen Fehler der schlecht funktionierenden
+ POSIX-emulation layer vermeidet.</dd>
+
+ <dt><strong>Neue Apache API</strong></dt>
+
+ <dd>Die API für Module hat sich in 2.0 stark verändert.
+ Viele der module-ordering Probleme von 1.3 sollten verschwunden sein.
+ 2.0 macht einiges hiervon automatisch, und das module ordering wird
+ jetzt per-hook vorgenommen, um mehr Flexibilität zu bieten. Außerdem wurden neue calls
+ hinzugefügt, die zusätzliche Modul-Fähigkeiten bieten, ohne den core zu patchen.</dd>
+
+ <dt><strong>IPv6 Unterstützung</strong></dt>
+
+ <dd>Auf Systemen, bei denen IPv6 durch die zugrunde liegende
+ Apache Portable Runtime library unterstützt ist, bekommt Apache standarmäßig IPv6 listening
+ sockets. Zusätzlich unterstützen die Listen,
+ NameVirtualHost, and <VirtualHost> Directiven
+ numerische IPv6 address strings (z.B., "Listen
+ [fe80::1]:8080").</dd>
+
+ <dt><strong>Filtering</strong></dt>
+
+ <dd>Apache Module können jetzt als Filter die auf den Inhalts-Stream wirken, wie er
+ von oder zum Server kommt.
+ Dadurch können z. B. die Ausgabe von CGI scripts von den Server Side Include Direktiven
+ durch den INCLUDE filter in mod_include bearbeitet werden.</dd>
+
+ <dt><strong>Mehrsprachige Fehlermeldungen</strong></dt>
+
+ <dd>Fehlermeldungen zum Browser werden jetzt, durch SSI Dokumente, in verschiedenen Sprachen zur Verfügung gestellt.
+ Sie können durch den Administrator angepasst werden, um ein einheitliches Design zu erreichen.</dd>
+
+ <dt><strong>Vereinfachte Konfiguration</strong></dt>
+
+ <dd>Viele komplizierte Direktiven wurden vereinfacht. Die oft verwirrenden
+ Port und BindAddress Direktiven wurden entfernt; nur die
+ Listen Direktive wird zum IP address binding benutzt; die
+ ServerName Direktive bestimmt den Server-Namen und Port-Nummer
+ nur zur Weiterleitung und vhost Erkennung.</dd>
+
+ <dt><strong>Eingebaute Windows NT Unicode Unterstützung</strong></dt>
+
+ <dd>Apache 2.0 auf Windows NT benutzt jetzt utf-8 für alle Dateinamen
+ Encodierungen. Diese werden direkt zum zugrunde liegenden unicode Dateisystem übersetzt,
+ somit wird die Mehrsprach-Unterstützung, fü alle Windows NT-basiernde Installationen,
+ inclusive Windows 2000 und Windows XP gewährt.
+ <em>Diese Unterstützung geht nicht auf Windows 95, 98 oder ME über, diese
+ benutzen noch immer die lokale codepage des Rechners zum Dateisystem-Zugriff.</em></dd>
+
+ </dl>
+ <hr />
+
+ <h2><a id="module" name="module">Modul Erweiterungen:</a></h2>
+
+ <dl>
+ <dt><strong>mod_ssl</strong></dt>
+
+ <dd>Neues Modul in Apache 2.0. Dieses Modul ist ein Interface
+ zu den SSL/TLS Verschlüsselungs-Protokollen, die von OpenSSL bereitgestellt werden.</dd>
+
+ <dt><strong>mod_dav</strong></dt>
+
+ <dd>Neues Modul in Apache 2.0. Dieses Modul bietet die HTTP
+ Distributed Authoring and Versioning (DAV) Spezifikation, um
+ Web-Inhalte zu Posten und zu Warten.</dd>
+
+ <dt><strong>mod_auth_digest</strong></dt>
+
+ <dd>Zusätzliche Unterstützung für prozessübergreifendes session caching mittels shared memory.
+ </dd>
+
+ <dt><strong>mod_charset_lite</strong></dt>
+
+ <dd>Neues Modul in Apache 2.0. Dieses experimentelle Modul erlaubt Zeichensatz-Übersetung oder Wiederkodierung.</dd>
+
+ <dt><strong>mod_file_cache</strong></dt>
+
+ <dd>Neues Modul in Apache 2.0. Dieses Modul beinhaltet die Funktionen von mod_mmap_static aus Apache 1.3 und
+ weitere Zwischenspeicherungs-Möglichkeiten.</dd>
+
+ <dt><strong>mod_headers</strong></dt>
+
+ <dd>Dieses Modul ist in Apache 2.0 viel flexibler geworden. Es kann jetzt request-header die von mod_proxy benutzt werden, verändern
+ und es kann Response-Header nach Fallunterscheidung setzen.</dd>
+
+ <dt><strong>mod_proxy</strong></dt>
+
+ <dd>Das Proxy Modul wurde komplett neugeschrieben um die Funktionen der neuen Filter Infrastruktur auszuschöpfen und
+ um einen zuverlässigen, mit HTTP/1.1 übereinstimmenden Proxy zu erstellen.</dd>
+
+ <dt><strong>mod_negotiation</strong></dt>
+
+ <dd>Eine neue <a href="mod/mod_negotiation.html#forcelanguagepriority">ForceLanguagePriority</a>
+ Direktive kann benutzt werden, um zu sichern, dass der Client auf jeden Fall ein einzelnes Dokument anstatt
+ NOT ACCEPTABLE oder MULTIPLE CHOICES Antworten bekommt. Zusätzlich wurden die Verhandlungs und Multiview
+ Algorithmen gesäubert um einheitlichere Ergebnisse zu liefern. Außerdem wird eine neue Form der Type Map
+ die Dokumente einschließen kann, bereitgestellt.</dd>
+
+ <dt><strong>mod_autoindex</strong></dt>
+
+ <dd>Automatisch indizierte Verzeichnis Auflistungen können für bessere Übersichtlichkeit
+ durch eine HTML Tabelle dargestellt werden. Genauerere Sortierungen, wie Versions-Sorting und Platzhalter-Filtering
+ des Verzeichnislistings werden unterstützt.</dd>
+
+ <dt><strong>mod_include</strong></dt>
+
+ <dd>Neue Direktiven erlauben es, die Standard Start- und Endtags von SSI Elementen
+ zu ändern und die Fehler and Zeitformat Konfiguration in der Haupkonfigurationsdatei
+ anstatt im SSI Dokument stattzufinden.
+ Ergebnisse von regular expression parsing und grouping können duch die mod_include Variablen $0 bis $9 eingeholt werden.</dd>
+
+ <dt><strong>mod_auth_dbm</strong></dt>
+
+ <dd>DBM-ähnliche Datenbanken werden jetzt durch die <a href="mod/mod_auth_dbm.html#authdbmtype">AuthDBMType</a>
+ Direktive unterstützt.<a
+ </dd>
+
+ <dt><strong>mod_auth_db</strong></dt>
+
+ <dd>Berkeley DB 3.0 wird jetzt unterstützt</dd>
+
+ <dt><strong>mod_proxy</strong></dt>
+
+ <dd>Neue <Proxy > Konfigurations Sections bringen eine lesbarere
+ (und intern schnellere) Kontrolle der zwischengespeicherten Seiten; die überladene
+ <Directory "proxy:...> Konfiguration wird nicht unterstützt. Das
+ Modul is jetzt in eigene Protokoll-Unterstützungs Module wie proxy_connect, proxy_ftp and proxy_http gegliedert.</dd>
+
+ </dl>
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
+
+
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>Site Map - Apache HTTP Server 2.0</title>
+ </head>
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+
+ <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
+ vlink="#000080" alink="#FF0000">
+ <!--#include virtual="header.html" -->
+
+ <h1 align="center">Site Map</h1>
+
+<ul>
+<li><a href="index.html">Apache HTTP Server Version 2.0 Documentation</a>
+
+<ul>
+<li>Release Notes
+<ul>
+<li><a href="upgrading.html">Upgrading to 2.0 from 1.3</a></li>
+<li><a href="new_features_2_0.html">New features with Apache 2.0</a></li>
+</ul></li>
+
+<li>Using the Apache HTTP Server
+<ul>
+<li><a href="install.html">Compiling and Installing Apache</a></li>
+<li><a href="invoking.html">Starting Apache</a></li>
+<li><a href="stopping.html">Stopping and Restarting the Server</a></li>
+<li><a href="configuring.html">Configuration Files</a></li>
+<li><a href="sections.html">How Directory, Location and Files sections work</a></li>
+<li><a href="server-wide.html">Server-Wide Configuration</a></li>
+<li><a href="logs.html">Log Files</a></li>
+<li><a href="urlmapping.html">Mapping URLs to Filesystem Locations</a></li>
+<li><a href="misc/security_tips.html">Security Tips</a></li>
+<li><a href="dso.html">Dynamic Shared Object (DSO) support</a></li>
+<li><a href="content-negotiation.html">Content Negotiation</a></li>
+<li><a href="custom-error.html">Custom error responses</a></li>
+<li><a href="bind.html">Setting which addresses and ports Apache uses</a></li>
+<li><a href="mpm.html">Multi-Processing Modules (MPMs)</a></li>
+<li><a href="env.html">Environment Variables in Apache</a></li>
+<li><a href="handler.html">Apache's Handler Use</a></li>
+<li><a href="filter.html">Filters</a></li>
+<li><a href="suexec.html">suEXEC Support</a></li>
+<li><a href="misc/perf-tuning.html">Performance Hintes</a></li>
+<li><a href="misc/rewriteguide.html">URL Rewriting Guide</a></li>
+</ul></li>
+
+<li><a href="vhosts/index.html">Apache Virtual Host documentation</a>
+<ul>
+<li><a href="vhosts/name-based.html">Name-based Virtual Hosts</a></li>
+<li><a href="vhosts/ip-based.html">IP-based Virtual Host Support</a></li>
+<li><a href="vhosts/mass.html">Dynamically configured mass virtual hosting</a></li>
+<li><a href="vhosts/examples.html">VirtualHost Examples</a></li>
+<li><a href="vhosts/details.html">An In-Depth Discussion of Virtual Host Matching</a></li>
+<li><a href="vhosts/fd-limits.html">File descriptor limitations</a></li>
+<li><a href="dns-caveats.html">Issues Regarding DNS and Apache</a></li>
+</ul></li>
+
+<li><a href="faq/index.html">Apache Server Frequently Asked Questions</a>
+<ul>
+<li><a href="faq/support.html">Support</a></li>
+</ul></li>
+
+<li><a href="ssl/index.html">Apache SSL/TLS Encryption</a>
+<ul>
+<li><a href="ssl/ssl_intro.html">SSL/TLS Encryption: An Introduction</a></li>
+<li><a href="ssl/ssl_compat.html">SSL/TLS Encryption: Compatibility</a></li>
+<li><a href="ssl/ssl_howto.html">SSL/TLS Encryption: How-To</a></li>
+<li><a href="ssl/ssl_faq.html">SSL/TLS Encryption: FAQ</a></li>
+<li><a href="ssl/ssl_glossary.html">SSL/TLS Encryption: Glossary</a></li>
+</ul></li>
+
+
+<li>Guides, Tutorials, and HowTos
+<ul>
+<li><a href="howto/auth.html">Authentication</a></li>
+<li><a href="howto/cgi.html">Apache Tutorial: Dynamic Content with CGI</a></li>
+<li><a href="howto/ssi.html">Apache Tutorial: Introduction to Server
+Side Includes</a></li>
+<li><a href="misc/tutorials.html">Apache Tutorials</a></li>
+</ul></li>
+
+
+<li>Platfrom-specific Notes
+<ul>
+<li><a href="platform/windows.html">Using Apache with Microsoft
+Windows</a></li>
+<li><a href="platform/win_compiling.html">Compiling Apache for
+Microsoft Windows</a></li>
+<li><a href="platform/win_service.html">Running Apache for Windows as
+a Service</a></li>
+<li><a href="platform/netware.html">Using Apache with Novell NetWare</a></li>
+<li><a href="platform/perf-hp.html">Running a High-Performance Web
+Server on HPUX</a></li>
+<li><a href="ebcdic.html">The Apache EBCDIC Port</a></li>
+</ul></li>
+
+<li><a href="programs/index.html">Apache HTTP Server and Supporting Programs</a>
+<ul>
+<li><a href="programs/httpd.html">Manual Page: httpd</a></li>
+<li><a href="programs/ab.html">Manual Page: ab</a></li>
+<li><a href="programs/apachectl.html">Manual Page: apachectl</a></li>
+<li><a href="programs/apxs.html">Manual Page: apxs</a></li>
+<li><a href="programs/dbmmanage.html">Manual Page: dbmmanage</a></li>
+<li><a href="programs/htdigest.html">Manual Page: htdigest</a></li>
+<li><a href="programs/htpasswd.html">Manual Page: htpasswd</a></li>
+<li><a href="programs/logresolve.html">Manual Page: logresolve</a></li>
+<li><a href="programs/rotatelogs.html">Manual Page: rotatelogs</a></li>
+<li><a href="programs/suexec.html">Manual Page: suexec</a></li>
+<li><a href="programs/other.html">Other Programs</a></li>
+</ul></li>
+
+<li><a href="misc/index.html">Apache Miscellaneous Documentation</a>
+<ul>
+<li><a href="misc/custom_errordocs.html">International Customized Server Error Messages</a></li>
+<li><a href="misc/fin_wait_2.html">Connections in FIN_WAIT_2 and Apache</a></li>
+<li><a href="misc/known_client_problems.html">Known Client Problems</a></li>
+<li><a href="misc/descriptors.html">Descriptors and Apache</a></li>
+<li><a href="cgi_path.html">PATH_INFO Changes in the CGI Environment</a></li>
+</ul></li>
+
+<li><a href="mod/index.html">Apache modules</a>
+<ul>
+<li><a href="mod/index-bytype.html">Apache modules - By Type</a></li>
+<li><a href="mod/directives.html">Apache directives</a></li>
+<li><a href="mod/module-dict.html">Definitions of terms used to describe Apache modules</a></li>
+<li><a href="mod/directive-dict.html">Definitions of terms used to describe Apache directives</a></li>
+<li><a href="mod/core.html">Apache Core Features</a></li>
+<li><a href="mod/mpm_common.html">Apache MPM Common Directives</a></li>
+<li><a href="mod/mpm_netware.html">Apache MPM netware</a></li>
+<li><a href="mod/mpm_winnt.html">Apache MPM winnt</a></li>
+<li><a href="mod/perchild.html">Apache MPM perchild</a></li>
+<li><a href="mod/prefork.html">Apache MPM prefork</a></li>
+<li><a href="mod/threaded.html">Apache MPM threaded</a></li>
+<li><a href="mod/mod_access.html">Apache module mod_access</a></li>
+<li><a href="mod/mod_actions.html">Apache module mod_actions</a></li>
+<li><a href="mod/mod_alias.html">Apache module mod_alias</a></li>
+<li><a href="mod/mod_asis.html">Apache module mod_asis</a></li>
+<li><a href="mod/mod_auth.html">Apache module mod_auth</a></li>
+<li><a href="mod/mod_auth_anon.html">Apache module mod_auth_anon.c</a></li>
+<li><a href="mod/mod_auth_db.html">Apache module mod_auth_db</a></li>
+<li><a href="mod/mod_auth_dbm.html">Apache module mod_auth_dbm</a></li>
+<li><a href="mod/mod_auth_digest.html">Apache module mod_auth_digest</a></li>
+<li><a href="mod/mod_auth_ldap.html">Apache module mod_ldap</a></li>
+<li><a href="mod/mod_autoindex.html">Apache module mod_autoindex</a></li>
+<li><a href="mod/mod_cern_meta.html">Apache module mod_cern_meta</a></li>
+<li><a href="mod/mod_cgi.html">Apache module mod_cgi</a></li>
+<li><a href="mod/mod_cgid.html">Apache module mod_cgi</a></li>
+<li><a href="mod/mod_charset_lite.html">Apache module mod_charset_lite</a></li>
+<li><a href="mod/mod_dav.html">Apache module mod_dav</a></li>
+<li><a href="mod/mod_dir.html">Apache module mod_dir</a></li>
+<li><a href="mod/mod_env.html">Apache module mod_env</a></li>
+<li><a href="mod/mod_example.html">Apache module mod_example</a></li>
+<li><a href="mod/mod_expires.html">Apache module mod_expires</a></li>
+<li><a href="mod/mod_ext_filter.html">Apache module mod_ext_filter</a></li>
+<li><a href="mod/mod_file_cache.html">Apache module mod_file_cache</a></li>
+<li><a href="mod/mod_headers.html">Apache module mod_headers</a></li>
+<li><a href="mod/mod_imap.html">Apache module mod_imap</a></li>
+<li><a href="mod/mod_include.html">Apache module mod_include</a></li>
+<li><a href="mod/mod_info.html">Apache module mod_info</a></li>
+<li><a href="mod/mod_isapi.html">Apache module mod_isapi</a></li>
+<li><a href="mod/mod_ldap.html">Apache module mod_ldap</a></li>
+<li><a href="mod/mod_log_config.html">Apache module mod_log_config</a></li>
+<li><a href="mod/mod_mime.html">Apache module mod_mime</a></li>
+<li><a href="mod/mod_mime_magic.html">Apache module mod_mime_magic</a></li>
+<li><a href="mod/mod_mmap_static.html">Apache module mod_mmap_static</a></li>
+<li><a href="mod/mod_negotiation.html">Apache module mod_negotiation</a></li>
+<li><a href="mod/mod_proxy.html">Apache module mod_proxy</a></li>
+<li><a href="mod/mod_rewrite.html">Apache module mod_rewrite</a></li>
+<li><a href="mod/mod_setenvif.html">Apache module mod_setenvif</a></li>
+<li><a href="mod/mod_so.html">Apache module mod_so</a></li>
+<li><a href="mod/mod_speling.html">Apache module mod_speling</a></li>
+<li><a href="mod/mod_ssl.html">Apache module mod_ssl</a></li>
+<li><a href="mod/mod_status.html">Apache module mod_status</a></li>
+<li><a href="mod/mod_suexec.html">Apache module mod_suexec</a></li>
+<li><a href="mod/mod_unique_id.html">Apache module mod_unique_id</a></li>
+<li><a href="mod/mod_userdir.html">Apache module mod_userdir</a></li>
+<li><a href="mod/mod_usertrack.html">Apache module mod_usertrack</a></li>
+<li><a href="mod/mod_vhost_alias.html">Apache module mod_vhost_alias</a></li>
+</ul></li>
+
+<li><a href="developer/index.html">Developer Documentation</a>
+<ul>
+<li><a href="developer/API.html">Apache API notes</a></li>
+<li><a href="developer/debugging.html">Debugging Memory Allocation in APR</a></li>
+<li><a href="developer/documenting.html">Documenting Apache 2.0</a></li>
+<li><a href="developer/hooks.html">Apache 2.0 Hook Functions</a></li>
+<li><a href="developer/layeredio.html">Apache 2.0 Layered I/O</a></li>
+<li><a href="developer/modules.html">Converting Modules from Apache 1.3 to Apache 2.0</a></li>
+<li><a href="developer/request.html">Request Processing in Apache 2.0</a></li>
+</ul></li>
+
+</ul></li>
+
+</ul>
+
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
\ No newline at end of file
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>Site Map - Apache HTTP Server 2.0</title>
+ </head>
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+
+ <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
+ vlink="#000080" alink="#FF0000">
+ <!--#include virtual="header.html" -->
+
+ <h1 align="center">Site Map</h1>
+
+<ul>
+<li><a href="index.html">Apache HTTP Server Version 2.0 Documentation</a>
+
+<ul>
+<li>Release Notes
+<ul>
+<li><a href="upgrading.html">Upgrading to 2.0 from 1.3</a></li>
+<li><a href="new_features_2_0.html">New features with Apache 2.0</a></li>
+</ul></li>
+
+<li>Using the Apache HTTP Server
+<ul>
+<li><a href="install.html">Compiling and Installing Apache</a></li>
+<li><a href="invoking.html">Starting Apache</a></li>
+<li><a href="stopping.html">Stopping and Restarting the Server</a></li>
+<li><a href="configuring.html">Configuration Files</a></li>
+<li><a href="sections.html">How Directory, Location and Files sections work</a></li>
+<li><a href="server-wide.html">Server-Wide Configuration</a></li>
+<li><a href="logs.html">Log Files</a></li>
+<li><a href="urlmapping.html">Mapping URLs to Filesystem Locations</a></li>
+<li><a href="misc/security_tips.html">Security Tips</a></li>
+<li><a href="dso.html">Dynamic Shared Object (DSO) support</a></li>
+<li><a href="content-negotiation.html">Content Negotiation</a></li>
+<li><a href="custom-error.html">Custom error responses</a></li>
+<li><a href="bind.html">Setting which addresses and ports Apache uses</a></li>
+<li><a href="mpm.html">Multi-Processing Modules (MPMs)</a></li>
+<li><a href="env.html">Environment Variables in Apache</a></li>
+<li><a href="handler.html">Apache's Handler Use</a></li>
+<li><a href="filter.html">Filters</a></li>
+<li><a href="suexec.html">suEXEC Support</a></li>
+<li><a href="misc/perf-tuning.html">Performance Hintes</a></li>
+<li><a href="misc/rewriteguide.html">URL Rewriting Guide</a></li>
+</ul></li>
+
+<li><a href="vhosts/index.html">Apache Virtual Host documentation</a>
+<ul>
+<li><a href="vhosts/name-based.html">Name-based Virtual Hosts</a></li>
+<li><a href="vhosts/ip-based.html">IP-based Virtual Host Support</a></li>
+<li><a href="vhosts/mass.html">Dynamically configured mass virtual hosting</a></li>
+<li><a href="vhosts/examples.html">VirtualHost Examples</a></li>
+<li><a href="vhosts/details.html">An In-Depth Discussion of Virtual Host Matching</a></li>
+<li><a href="vhosts/fd-limits.html">File descriptor limitations</a></li>
+<li><a href="dns-caveats.html">Issues Regarding DNS and Apache</a></li>
+</ul></li>
+
+<li><a href="faq/index.html">Apache Server Frequently Asked Questions</a>
+<ul>
+<li><a href="faq/support.html">Support</a></li>
+</ul></li>
+
+<li><a href="ssl/index.html">Apache SSL/TLS Encryption</a>
+<ul>
+<li><a href="ssl/ssl_intro.html">SSL/TLS Encryption: An Introduction</a></li>
+<li><a href="ssl/ssl_compat.html">SSL/TLS Encryption: Compatibility</a></li>
+<li><a href="ssl/ssl_howto.html">SSL/TLS Encryption: How-To</a></li>
+<li><a href="ssl/ssl_faq.html">SSL/TLS Encryption: FAQ</a></li>
+<li><a href="ssl/ssl_glossary.html">SSL/TLS Encryption: Glossary</a></li>
+</ul></li>
+
+
+<li>Guides, Tutorials, and HowTos
+<ul>
+<li><a href="howto/auth.html">Authentication</a></li>
+<li><a href="howto/cgi.html">Apache Tutorial: Dynamic Content with CGI</a></li>
+<li><a href="howto/ssi.html">Apache Tutorial: Introduction to Server
+Side Includes</a></li>
+<li><a href="misc/tutorials.html">Apache Tutorials</a></li>
+</ul></li>
+
+
+<li>Platfrom-specific Notes
+<ul>
+<li><a href="platform/windows.html">Using Apache with Microsoft
+Windows</a></li>
+<li><a href="platform/win_compiling.html">Compiling Apache for
+Microsoft Windows</a></li>
+<li><a href="platform/win_service.html">Running Apache for Windows as
+a Service</a></li>
+<li><a href="platform/netware.html">Using Apache with Novell NetWare</a></li>
+<li><a href="platform/perf-hp.html">Running a High-Performance Web
+Server on HPUX</a></li>
+<li><a href="ebcdic.html">The Apache EBCDIC Port</a></li>
+</ul></li>
+
+<li><a href="programs/index.html">Apache HTTP Server and Supporting Programs</a>
+<ul>
+<li><a href="programs/httpd.html">Manual Page: httpd</a></li>
+<li><a href="programs/ab.html">Manual Page: ab</a></li>
+<li><a href="programs/apachectl.html">Manual Page: apachectl</a></li>
+<li><a href="programs/apxs.html">Manual Page: apxs</a></li>
+<li><a href="programs/dbmmanage.html">Manual Page: dbmmanage</a></li>
+<li><a href="programs/htdigest.html">Manual Page: htdigest</a></li>
+<li><a href="programs/htpasswd.html">Manual Page: htpasswd</a></li>
+<li><a href="programs/logresolve.html">Manual Page: logresolve</a></li>
+<li><a href="programs/rotatelogs.html">Manual Page: rotatelogs</a></li>
+<li><a href="programs/suexec.html">Manual Page: suexec</a></li>
+<li><a href="programs/other.html">Other Programs</a></li>
+</ul></li>
+
+<li><a href="misc/index.html">Apache Miscellaneous Documentation</a>
+<ul>
+<li><a href="misc/custom_errordocs.html">International Customized Server Error Messages</a></li>
+<li><a href="misc/fin_wait_2.html">Connections in FIN_WAIT_2 and Apache</a></li>
+<li><a href="misc/known_client_problems.html">Known Client Problems</a></li>
+<li><a href="misc/descriptors.html">Descriptors and Apache</a></li>
+<li><a href="cgi_path.html">PATH_INFO Changes in the CGI Environment</a></li>
+</ul></li>
+
+<li><a href="mod/index.html">Apache modules</a>
+<ul>
+<li><a href="mod/index-bytype.html">Apache modules - By Type</a></li>
+<li><a href="mod/directives.html">Apache directives</a></li>
+<li><a href="mod/module-dict.html">Definitions of terms used to describe Apache modules</a></li>
+<li><a href="mod/directive-dict.html">Definitions of terms used to describe Apache directives</a></li>
+<li><a href="mod/core.html">Apache Core Features</a></li>
+<li><a href="mod/mpm_common.html">Apache MPM Common Directives</a></li>
+<li><a href="mod/mpm_netware.html">Apache MPM netware</a></li>
+<li><a href="mod/mpm_winnt.html">Apache MPM winnt</a></li>
+<li><a href="mod/perchild.html">Apache MPM perchild</a></li>
+<li><a href="mod/prefork.html">Apache MPM prefork</a></li>
+<li><a href="mod/threaded.html">Apache MPM threaded</a></li>
+<li><a href="mod/mod_access.html">Apache module mod_access</a></li>
+<li><a href="mod/mod_actions.html">Apache module mod_actions</a></li>
+<li><a href="mod/mod_alias.html">Apache module mod_alias</a></li>
+<li><a href="mod/mod_asis.html">Apache module mod_asis</a></li>
+<li><a href="mod/mod_auth.html">Apache module mod_auth</a></li>
+<li><a href="mod/mod_auth_anon.html">Apache module mod_auth_anon.c</a></li>
+<li><a href="mod/mod_auth_db.html">Apache module mod_auth_db</a></li>
+<li><a href="mod/mod_auth_dbm.html">Apache module mod_auth_dbm</a></li>
+<li><a href="mod/mod_auth_digest.html">Apache module mod_auth_digest</a></li>
+<li><a href="mod/mod_auth_ldap.html">Apache module mod_ldap</a></li>
+<li><a href="mod/mod_autoindex.html">Apache module mod_autoindex</a></li>
+<li><a href="mod/mod_cern_meta.html">Apache module mod_cern_meta</a></li>
+<li><a href="mod/mod_cgi.html">Apache module mod_cgi</a></li>
+<li><a href="mod/mod_cgid.html">Apache module mod_cgi</a></li>
+<li><a href="mod/mod_charset_lite.html">Apache module mod_charset_lite</a></li>
+<li><a href="mod/mod_dav.html">Apache module mod_dav</a></li>
+<li><a href="mod/mod_dir.html">Apache module mod_dir</a></li>
+<li><a href="mod/mod_env.html">Apache module mod_env</a></li>
+<li><a href="mod/mod_example.html">Apache module mod_example</a></li>
+<li><a href="mod/mod_expires.html">Apache module mod_expires</a></li>
+<li><a href="mod/mod_ext_filter.html">Apache module mod_ext_filter</a></li>
+<li><a href="mod/mod_file_cache.html">Apache module mod_file_cache</a></li>
+<li><a href="mod/mod_headers.html">Apache module mod_headers</a></li>
+<li><a href="mod/mod_imap.html">Apache module mod_imap</a></li>
+<li><a href="mod/mod_include.html">Apache module mod_include</a></li>
+<li><a href="mod/mod_info.html">Apache module mod_info</a></li>
+<li><a href="mod/mod_isapi.html">Apache module mod_isapi</a></li>
+<li><a href="mod/mod_ldap.html">Apache module mod_ldap</a></li>
+<li><a href="mod/mod_log_config.html">Apache module mod_log_config</a></li>
+<li><a href="mod/mod_mime.html">Apache module mod_mime</a></li>
+<li><a href="mod/mod_mime_magic.html">Apache module mod_mime_magic</a></li>
+<li><a href="mod/mod_mmap_static.html">Apache module mod_mmap_static</a></li>
+<li><a href="mod/mod_negotiation.html">Apache module mod_negotiation</a></li>
+<li><a href="mod/mod_proxy.html">Apache module mod_proxy</a></li>
+<li><a href="mod/mod_rewrite.html">Apache module mod_rewrite</a></li>
+<li><a href="mod/mod_setenvif.html">Apache module mod_setenvif</a></li>
+<li><a href="mod/mod_so.html">Apache module mod_so</a></li>
+<li><a href="mod/mod_speling.html">Apache module mod_speling</a></li>
+<li><a href="mod/mod_ssl.html">Apache module mod_ssl</a></li>
+<li><a href="mod/mod_status.html">Apache module mod_status</a></li>
+<li><a href="mod/mod_suexec.html">Apache module mod_suexec</a></li>
+<li><a href="mod/mod_unique_id.html">Apache module mod_unique_id</a></li>
+<li><a href="mod/mod_userdir.html">Apache module mod_userdir</a></li>
+<li><a href="mod/mod_usertrack.html">Apache module mod_usertrack</a></li>
+<li><a href="mod/mod_vhost_alias.html">Apache module mod_vhost_alias</a></li>
+</ul></li>
+
+<li><a href="developer/index.html">Developer Documentation</a>
+<ul>
+<li><a href="developer/API.html">Apache API notes</a></li>
+<li><a href="developer/debugging.html">Debugging Memory Allocation in APR</a></li>
+<li><a href="developer/documenting.html">Documenting Apache 2.0</a></li>
+<li><a href="developer/hooks.html">Apache 2.0 Hook Functions</a></li>
+<li><a href="developer/layeredio.html">Apache 2.0 Layered I/O</a></li>
+<li><a href="developer/modules.html">Converting Modules from Apache 1.3 to Apache 2.0</a></li>
+<li><a href="developer/request.html">Request Processing in Apache 2.0</a></li>
+</ul></li>
+
+</ul></li>
+
+</ul>
+
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>
+<head>
+<title>mod_ssl: Title Page</title>
+
+<!--
+ Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials
+ provided with the distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ 4. The name "mod_ssl" must not be used to endorse or promote
+ products derived from this software without prior written
+ permission.
+
+ 5. Redistributions of any form whatsoever must retain the
+ following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
+ HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<style type="text/css"><!--
+A:link {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:active {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:visited {
+ text-decoration: none;
+ color: #6666cc;
+}
+#sf {
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H1 {
+ font-weight: bold;
+ font-size: 24pt;
+ line-height: 24pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H2 {
+ font-weight: bold;
+ font-size: 18pt;
+ line-height: 18pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H3 {
+ font-weight: bold;
+ font-size: 14pt;
+ line-height: 14pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H4 {
+ font-weight: bold;
+ font-size: 12pt;
+ line-height: 12pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#H {
+}
+#D {
+ background-color: #f0f0f0;
+}
+#faq {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#howto {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#term {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+--></style>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+function ro_imgNormal(imgName) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_n.src');
+ self.status = '';
+ }
+}
+function ro_imgOver(imgName, descript) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_o.src');
+ self.status = descript;
+ }
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_unknown1_n = new Image();
+ ro_img_unknown1_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_unknown1_o = new Image();
+ ro_img_unknown1_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
+<div align="center">
+<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+<br>
+<table cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+ <table cellspacing="0" cellpadding="0" border="0" summary="">
+ <tr>
+ <td>
+ <img
+ src="ssl_cover_title.jpg"
+ alt="User Manual"
+ width="421" height="73">
+ </td>
+ </tr>
+ <tr>
+ <td align="right">
+ <font face="Arial,Helvetica">mod_ssl version 2.8</font>
+ </td>
+ </tr>
+ </table>
+ <br>
+ </td>
+</tr>
+<tr>
+ <td>
+ <a
+ href="http://www.modssl.org/"
+><img
+ src="ssl_cover_logo.jpg"
+ alt="mod_ssl - The Apache Interface to OpenSSL"
+ border="0"
+ width="504" height="231"></a>
+ </td>
+</tr>
+<tr>
+ <td align="right">
+ <table summary="">
+ <tr>
+ <td>
+ <tt>Ralf S. Engelschall</tt><br>
+ <tt>rse@engelschall.com</tt><br>
+ <tt>www.engelschall.com</tt><br>
+ </td>
+ <td>
+
+ </td>
+ <td align="right" valign="bottom">
+<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_unknown1', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_unknown1'); return true" onfocus="ro_imgOver('ro_img_unknown1', 'next page'); return true" onblur="ro_imgNormal('ro_img_unknown1'); return true"><img name="ro_img_unknown1" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br>Overview
+ </td>
+ <td>
+ <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="30" height="1" align="bottom" border="0">
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+ </td>
+</tr>
+</table>
+</div>
+</body>
+</html>
--- /dev/null
+<html>
+<head>
+<title>mod_ssl: Title Page</title>
+
+<!--
+ Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials
+ provided with the distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ 4. The name "mod_ssl" must not be used to endorse or promote
+ products derived from this software without prior written
+ permission.
+
+ 5. Redistributions of any form whatsoever must retain the
+ following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
+ HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<style type="text/css"><!--
+A:link {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:active {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:visited {
+ text-decoration: none;
+ color: #6666cc;
+}
+#sf {
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H1 {
+ font-weight: bold;
+ font-size: 24pt;
+ line-height: 24pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H2 {
+ font-weight: bold;
+ font-size: 18pt;
+ line-height: 18pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H3 {
+ font-weight: bold;
+ font-size: 14pt;
+ line-height: 14pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H4 {
+ font-weight: bold;
+ font-size: 12pt;
+ line-height: 12pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#H {
+}
+#D {
+ background-color: #f0f0f0;
+}
+#faq {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#howto {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#term {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+--></style>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+function ro_imgNormal(imgName) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_n.src');
+ self.status = '';
+ }
+}
+function ro_imgOver(imgName, descript) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_o.src');
+ self.status = descript;
+ }
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_unknown1_n = new Image();
+ ro_img_unknown1_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_unknown1_o = new Image();
+ ro_img_unknown1_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
+<div align="center">
+<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+<br>
+<table cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+ <table cellspacing="0" cellpadding="0" border="0" summary="">
+ <tr>
+ <td>
+ <img
+ src="ssl_cover_title.jpg"
+ alt="User Manual"
+ width="421" height="73">
+ </td>
+ </tr>
+ <tr>
+ <td align="right">
+ <font face="Arial,Helvetica">mod_ssl version 2.8</font>
+ </td>
+ </tr>
+ </table>
+ <br>
+ </td>
+</tr>
+<tr>
+ <td>
+ <a
+ href="http://www.modssl.org/"
+><img
+ src="ssl_cover_logo.jpg"
+ alt="mod_ssl - The Apache Interface to OpenSSL"
+ border="0"
+ width="504" height="231"></a>
+ </td>
+</tr>
+<tr>
+ <td align="right">
+ <table summary="">
+ <tr>
+ <td>
+ <tt>Ralf S. Engelschall</tt><br>
+ <tt>rse@engelschall.com</tt><br>
+ <tt>www.engelschall.com</tt><br>
+ </td>
+ <td>
+
+ </td>
+ <td align="right" valign="bottom">
+<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_unknown1', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_unknown1'); return true" onfocus="ro_imgOver('ro_img_unknown1', 'next page'); return true" onblur="ro_imgNormal('ro_img_unknown1'); return true"><img name="ro_img_unknown1" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br>Overview
+ </td>
+ <td>
+ <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="30" height="1" align="bottom" border="0">
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+ </td>
+</tr>
+</table>
+</div>
+</body>
+</html>
--- /dev/null
+<html>
+<head>
+<title>mod_ssl: Compatibility</title>
+
+<!--
+ Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials
+ provided with the distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ 4. The name "mod_ssl" must not be used to endorse or promote
+ products derived from this software without prior written
+ permission.
+
+ 5. Redistributions of any form whatsoever must retain the
+ following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
+ HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<style type="text/css"><!--
+A:link {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:active {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:visited {
+ text-decoration: none;
+ color: #6666cc;
+}
+#sf {
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H1 {
+ font-weight: bold;
+ font-size: 24pt;
+ line-height: 24pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H2 {
+ font-weight: bold;
+ font-size: 18pt;
+ line-height: 18pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H3 {
+ font-weight: bold;
+ font-size: 14pt;
+ line-height: 14pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H4 {
+ font-weight: bold;
+ font-size: 12pt;
+ line-height: 12pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#H {
+}
+#D {
+ background-color: #f0f0f0;
+}
+#faq {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#howto {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#term {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+--></style>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+function ro_imgNormal(imgName) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_n.src');
+ self.status = '';
+ }
+}
+function ro_imgOver(imgName, descript) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_o.src');
+ self.status = descript;
+ }
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_top_n = new Image();
+ ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_top_o = new Image();
+ ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_bot_n = new Image();
+ ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_bot_o = new Image();
+ ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_top_n = new Image();
+ ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_top_o = new Image();
+ ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_bot_n = new Image();
+ ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_bot_o = new Image();
+ ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
+<div align="center">
+<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+ <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
+ <table width="600" cellspacing="0" cellpadding="0" summary="">
+ <tr>
+ <td>
+ <table width="600" summary="">
+ <tr>
+ <td align="left" valign="bottom">
+ <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
+ </td>
+ <td align="right">
+ <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-4.gif" alt="4" width="74" height="89">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <br>
+ <img src="ssl_template.title-compat.gif" alt="Compatibility" width="456" height="60">
+ </td>
+ </tr>
+ </table>
+<div align="right">
+<table cellspacing="0" cellpadding="0" width="200" summary="">
+<tr>
+<td>
+<em>
+All PCs are compatible. But some of
+them are more compatible than others.
+</em>
+</td>
+</tr>
+<tr>
+<td align="right">
+<font size="-1">
+Unknown
+</font>
+</td>
+</tr>
+</table>
+</div>
+<p>
+<table cellspacing="0" cellpadding="0" border="0" summary="">
+<tr valign="bottom">
+<td>
+<img src="ssl_compat.gfont000.gif" alt="H" width="40" height="34" border="0" align="left">
+ere we talk about backward compatibility to other SSL solutions. As you
+perhaps know, mod_ssl is not the only existing SSL solution for Apache.
+Actually there are four additional major products available on the market: Ben
+Laurie's freely available <a href="http://www.apache-ssl.org/">Apache-SSL</a>
+(from where mod_ssl were originally derived in 1998), RedHat's commercial <a
+href="http://www.redhat.com/products/product-details.phtml?id=rhsa">Secure Web
+Server</a> (which is based on mod_ssl), Covalent's commercial <a
+href="http://raven.covalent.net/">Raven SSL Module</a> (also based on mod_ssl)
+and finally C2Net's commercial product <a
+href="http://www.c2.net/products/stronghold/">Stronghold</a> (based on a
+different evolution branch named Sioux up to Stronghold 2.x and based on
+mod_ssl since Stronghold 3.x).
+</td>
+<td>
+
+</td>
+<td>
+<div align="right">
+<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
+<tr>
+<td bgcolor="#333399">
+<font face="Arial,Helvetica" color="#ccccff">
+<b>Table Of Contents</b>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<font face="Arial,Helvetica" size="-1">
+ <a href="#ToC1"><strong>Configuration Directives</strong></a><br>
+ <a href="#ToC2"><strong>Environment Variables</strong></a><br>
+ <a href="#ToC3"><strong>Custom Log Functions</strong></a><br>
+</font>
+</td>
+</tr>
+</table>
+</div>
+</td>
+</tr>
+</table>
+<p>
+The idea in mod_ssl is mainly the following: because mod_ssl provides mostly a
+superset of the functionality of all other solutions we can easily provide
+backward compatibility for most of the cases. Actually there are three
+compatibility areas we currently address: configuration directives,
+environment variables and custom log functions.
+<h2><a name="ToC1">Configuration Directives</a></h2>
+For backward compatibility to the configuration directives of other SSL
+solutions we do an on-the-fly mapping: directives which have a direct
+counterpart in mod_ssl are mapped silently while other directives lead to a
+warning message in the logfiles. The currently implemented directive mapping
+is listed in <a href="#table1">Table 1</a>. Currently full backward
+compatibilty is provided only for Apache-SSL 1.x and mod_ssl 2.0.x.
+Compatibility to Sioux 1.x and Stronghold 2.x is only partial because of
+special functionality in these interfaces which mod_ssl (still) doesn't
+provide.
+<p>
+<div align="center">
+<a name="table1"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 1: Configuration Directive Mapping</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="D">
+<td><strong>Old Directive</strong></td>
+<td><strong>mod_ssl Directive</strong></td>
+<td><strong>Comment</strong></td>
+</tr>
+<tr id="H"><td colspan="3"><b>Apache-SSL 1.x & mod_ssl 2.0.x compatibility:</b></td></tr>
+<tr id="D"><td><code>SSLEnable</code></td><td><code>SSLEngine on</code></td><td>compactified</td></tr>
+<tr id="H"><td><code>SSLDisable</code></td><td><code>SSLEngine off</code></td><td>compactified</td></tr>
+<tr id="D"><td><code>SSLLogFile</code> <em>file</em></td><td><code>SSLLog</code> <em>file</em></td><td>compactified</td></tr>
+<tr id="H"><td><code>SSLRequiredCiphers</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSLRequireCipher</code> <em>c1</em> ...</td><td><code>SSLRequire %{SSL_CIPHER} in {"</code><em>c1</em><code>", ...}</code></td><td>generalized</td></tr>
+<tr id="H"><td><code>SSLBanCipher</code> <em>c1</em> ...</td><td><code>SSLRequire not (%{SSL_CIPHER} in {"</code><em>c1</em><code>", ...})</code></td><td>generalized</td></tr>
+<tr id="D"><td><code>SSLFakeBasicAuth</td><td><code>SSLOptions +FakeBasicAuth</code></td><td>merged</td></tr>
+<tr id="H"><td><code>SSLCacheServerPath</code> <em>dir</em></td><td>-</td><td>functionality removed</td></tr>
+<tr id="D"><td><code>SSLCacheServerPort</code> <em>integer</em></td><td>-</td><td>functionality removed</td></tr>
+<tr id="H"><td colspan="3"><b>Apache-SSL 1.x compatibility:</b></td></tr>
+<tr id="D"><td><code>SSLExportClientCertificates</td><td><code>SSLOptions +ExportCertData</code></td><td>merged</td></tr>
+<tr id="H"><td><code>SSLCacheServerRunDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="D"><td colspan="3"><b>Sioux 1.x compatibility:</b></td></tr>
+<tr id="H"><td><code>SSL_CertFile</code> <em>file</em></td><td><code>SSLCertificateFile</code> <em>file</em></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_KeyFile</code> <em>file</em></td><td><code>SSLCertificateKeyFile</code> <em>file</em></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CipherSuite</code> <em>arg</em></td><td><code>SSLCipherSuite</code> <em>arg</em></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_X509VerifyDir</code> <em>arg</em></td><td><code>SSLCACertificatePath</code> <em>arg</em></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_Log</code> <em>file</em></td><td><code>SSLLogFile</code> <em>file</em></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_Connect</code> <em>flag</em></td><td><code>SSLEngine</code> <em>flag</em></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_ClientAuth</code> <em>arg</em></td><td><code>SSLVerifyClient</code> <em>arg</em></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_X509VerifyDepth</code> <em>arg</em></td><td><code>SSLVerifyDepth</code> <em>arg</em></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_FetchKeyPhraseFrom</code> <em>arg</em></td><td>-</td><td>not directly mappable; use SSLPassPhraseDialog</td></tr>
+<tr id="D"><td><code>SSL_SessionDir</code> <em>dir</em></td><td>-</td><td>not directly mappable; use SSLSessionCache</td></tr>
+<tr id="H"><td><code>SSL_Require</code> <em>expr</em></td><td>-</td><td>not directly mappable; use SSLRequire</td></tr>
+<tr id="D"><td><code>SSL_CertFileType</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>SSL_KeyFileType</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="D"><td><code>SSL_X509VerifyPolicy</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>SSL_LogX509Attributes</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="D"><td colspan="3"><b>Stronghold 2.x compatibility:</b></td></tr>
+<tr id="H"><td><code>StrongholdAccelerator</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>StrongholdKey</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>StrongholdLicenseFile</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>SSLFlag</code> <em>flag</em></td><td><code>SSLEngine</code> <em>flag</em></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSLSessionLockFile</code> <em>file</em></td><td><code>SSLMutex</code> <em>file</em></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSLCipherList</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
+<tr id="D"><td><code>RequireSSL</code></td><td><code>SSLRequireSSL</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSLErrorFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>SSLRoot</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="D"><td><code>SSL_CertificateLogDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>AuthCertDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="D"><td><code>SSL_Group</code> <em>name</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>SSLProxyMachineCertPath</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="D"><td><code>SSLProxyMachineCertFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>SSLProxyCACertificatePath</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="D"><td><code>SSLProxyCACertificateFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="H"><td><code>SSLProxyVerifyDepth</code> <em>number</em></td><td>-</td><td>functionality not supported</td></tr>
+<tr id="D"><td><code>SSLProxyCipherList</code> <em>spec</em></td><td>-</td><td>functionality not supported</td></tr>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+<br>
+<h2><a name="ToC2">Environment Variables</a></h2>
+When you use ``<code>SSLOptions +CompatEnvVars</code>'' additional environment
+variables are generated. They all correspond to existing official mod_ssl
+variables. The currently implemented variable derivation is listed in <a
+href="#table2">Table 2</a>.
+<p>
+<div align="center">
+<a name="table2"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 2: Environment Variable Derivation</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="D">
+<td><strong>Old Variable</strong></td>
+<td><strong>mod_ssl Variable</strong></td>
+<td><strong>Comment</strong></td>
+</tr>
+<tr id="H"><td><code>SSL_PROTOCOL_VERSION</code></td><td><code>SSL_PROTOCOL</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSLEAY_VERSION</code></td><td><code>SSL_VERSION_LIBRARY</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>HTTPS_SECRETKEYSIZE</code></td><td><code>SSL_CIPHER_USEKEYSIZE</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>HTTPS_KEYSIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>HTTPS_CIPHER</code></td><td><code>SSL_CIPHER</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>HTTPS_EXPORT</code></td><td><code>SSL_CIPHER_EXPORT</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_KEY_SIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_CERTIFICATE</code></td><td><code>SSL_SERVER_CERT</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_CERT_START</code></td><td><code>SSL_SERVER_V_START</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_CERT_END</code></td><td><code>SSL_SERVER_V_END</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_CERT_SERIAL</code></td><td><code>SSL_SERVER_M_SERIAL</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_SIGNATURE_ALGORITHM</code></td><td><code>SSL_SERVER_A_SIG</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_DN</code></td><td><code>SSL_SERVER_S_DN</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_CN</code></td><td><code>SSL_SERVER_S_DN_CN</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_EMAIL</code></td><td><code>SSL_SERVER_S_DN_Email</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_O</code></td><td><code>SSL_SERVER_S_DN_O</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_OU</code></td><td><code>SSL_SERVER_S_DN_OU</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_C</code></td><td><code>SSL_SERVER_S_DN_C</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_SP</code></td><td><code>SSL_SERVER_S_DN_SP</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_L</code></td><td><code>SSL_SERVER_S_DN_L</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_IDN</code></td><td><code>SSL_SERVER_I_DN</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_ICN</code></td><td><code>SSL_SERVER_I_DN_CN</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_IEMAIL</code></td><td><code>SSL_SERVER_I_DN_Email</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_IO</code></td><td><code>SSL_SERVER_I_DN_O</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_IOU</code></td><td><code>SSL_SERVER_I_DN_OU</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_IC</code></td><td><code>SSL_SERVER_I_DN_C</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SERVER_ISP</code></td><td><code>SSL_SERVER_I_DN_SP</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_SERVER_IL</code></td><td><code>SSL_SERVER_I_DN_L</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_CERTIFICATE</code></td><td><code>SSL_CLIENT_CERT</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_CERT_START</code></td><td><code>SSL_CLIENT_V_START</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_CERT_END</code></td><td><code>SSL_CLIENT_V_END</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_CERT_SERIAL</code></td><td><code>SSL_CLIENT_M_SERIAL</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_SIGNATURE_ALGORITHM</code></td><td><code>SSL_CLIENT_A_SIG</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_DN</code></td><td><code>SSL_CLIENT_S_DN</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_CN</code></td><td><code>SSL_CLIENT_S_DN_CN</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_EMAIL</code></td><td><code>SSL_CLIENT_S_DN_Email</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_O</code></td><td><code>SSL_CLIENT_S_DN_O</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_OU</code></td><td><code>SSL_CLIENT_S_DN_OU</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_C</code></td><td><code>SSL_CLIENT_S_DN_C</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_SP</code></td><td><code>SSL_CLIENT_S_DN_SP</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_L</code></td><td><code>SSL_CLIENT_S_DN_L</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_IDN</code></td><td><code>SSL_CLIENT_I_DN</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_ICN</code></td><td><code>SSL_CLIENT_I_DN_CN</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_IEMAIL</code></td><td><code>SSL_CLIENT_I_DN_Email</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_IO</code></td><td><code>SSL_CLIENT_I_DN_O</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_IOU</code></td><td><code>SSL_CLIENT_I_DN_OU</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_IC</code></td><td><code>SSL_CLIENT_I_DN_C</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_ISP</code></td><td><code>SSL_CLIENT_I_DN_SP</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_IL</code></td><td><code>SSL_CLIENT_I_DN_L</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_EXPORT</code></td><td><code>SSL_CIPHER_EXPORT</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_KEYSIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SECKEYSIZE</code></td><td><code>SSL_CIPHER_USEKEYSIZE</code></td><td>renamed</td></tr>
+<tr id="H"><td><code>SSL_SSLEAY_VERSION</code></td><td><code>SSL_VERSION_LIBRARY</code></td><td>renamed</td></tr>
+<tr id="D"><td><code>SSL_STRONG_CRYPTO</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="D"><td><code>SSL_SERVER_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="H"><td><code>SSL_SERVER_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="D"><td><code>SSL_SERVER_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="H"><td><code>SSL_SERVER_SESSIONDIR</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="D"><td><code>SSL_SERVER_CERTIFICATELOGDIR</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="H"><td><code>SSL_SERVER_CERTFILE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="D"><td><code>SSL_SERVER_KEYFILE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="H"><td><code>SSL_SERVER_KEYFILETYPE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="H"><td><code>SSL_CLIENT_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+<tr id="D"><td><code>SSL_CLIENT_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+<br>
+<h2><a name="ToC3">Custom Log Functions</a></h2>
+When mod_ssl is built into Apache or at least loaded (under DSO situation)
+additional functions exist for the <a
+href="../mod_log_config.html#formats">Custom Log Format</a> of <a
+href="../mod_log_config.html">mod_log_config</a> as documented in the Reference
+Chapter. Beside the ``<code>%{</code><em>varname</em><code>}x</code>''
+eXtension format function which can be used to expand any variables provided
+by any module, an additional Cryptography
+``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
+exists for backward compatibility. The currently implemented function calls
+are listed in <a href="#table3">Table 3</a>.
+<p>
+<div align="center">
+<a name="table3"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 3: Custom Log Cryptography Function</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
+<tr id="H">
+ <td><strong>Function Call</strong></td>
+ <td><strong>Description</strong></td>
+</tr>
+<tr id="D"><td><code>%...{version}c</code></td> <td>SSL protocol version</td></tr>
+<tr id="H"><td><code>%...{cipher}c</code></td> <td>SSL cipher</td></tr>
+<tr id="D"><td><code>%...{subjectdn}c</code></td> <td>Client Certificate Subject Distinguished Name</td></tr>
+<tr id="H"><td><code>%...{issuerdn}c</code></td> <td>Client Certificate Issuer Distinguished Name</td></tr>
+<tr id="D"><td><code>%...{errcode}c</code></td> <td>Certificate Verification Error (numerical)</td></tr>
+<tr id="H"><td><code>%...{errstr}c</code></td> <td>Certificate Verification Error (string)</td></tr>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+ <p>
+ <br>
+ <table summary="">
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td><table width="598" summary="">
+ <tr>
+ <td align="left"><font face="Arial,Helvetica">
+ <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
+ The Apache Interface to OpenSSL
+ </font>
+ </td>
+ <td align="right"><font face="Arial,Helvetica">
+ Copyright © 1998-2001
+ <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
+ All Rights Reserved<br>
+ </font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</div>
+</body>
+</html>
--- /dev/null
+<html>
+<head>
+<title>mod_ssl: F.A.Q.</title>
+
+<!--
+ Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials
+ provided with the distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ 4. The name "mod_ssl" must not be used to endorse or promote
+ products derived from this software without prior written
+ permission.
+
+ 5. Redistributions of any form whatsoever must retain the
+ following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
+ HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<style type="text/css"><!--
+A:link {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:active {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:visited {
+ text-decoration: none;
+ color: #6666cc;
+}
+#sf {
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H1 {
+ font-weight: bold;
+ font-size: 24pt;
+ line-height: 24pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H2 {
+ font-weight: bold;
+ font-size: 18pt;
+ line-height: 18pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H3 {
+ font-weight: bold;
+ font-size: 14pt;
+ line-height: 14pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H4 {
+ font-weight: bold;
+ font-size: 12pt;
+ line-height: 12pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#H {
+}
+#D {
+ background-color: #f0f0f0;
+}
+#faq {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#howto {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#term {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+--></style>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+function ro_imgNormal(imgName) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_n.src');
+ self.status = '';
+ }
+}
+function ro_imgOver(imgName, descript) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_o.src');
+ self.status = descript;
+ }
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_top_n = new Image();
+ ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_top_o = new Image();
+ ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_bot_n = new Image();
+ ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_bot_o = new Image();
+ ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_top_n = new Image();
+ ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_top_o = new Image();
+ ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_bot_n = new Image();
+ ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_bot_o = new Image();
+ ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
+<div align="center">
+<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+ <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
+ <table width="600" cellspacing="0" cellpadding="0" summary="">
+ <tr>
+ <td>
+ <table width="600" summary="">
+ <tr>
+ <td align="left" valign="bottom">
+ <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
+ </td>
+ <td align="right">
+ <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-6.gif" alt="6" width="74" height="89">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_glossary.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Glossary</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <br>
+ <img src="ssl_template.title-faq.gif" alt="F.A.Q." width="456" height="60">
+ </td>
+ </tr>
+ </table>
+<div align="right">
+<table cellspacing="0" cellpadding="0" width="200" summary="">
+<tr>
+<td>
+<em>
+``The wise man doesn't give the right answers,
+he poses the right questions.''
+</em>
+</td>
+</tr>
+<tr>
+<td align="right">
+<font size="-1">
+Claude Levi-Strauss
+</font>
+</td>
+</tr>
+</table>
+</div>
+<p>
+<table cellspacing="0" cellpadding="0" border="0" summary="">
+<tr valign="bottom">
+<td>
+<img src="ssl_faq.gfont000.gif" alt="T" width="34" height="34" border="0" align="left">
+his chapter is a collection of frequently asked questions (FAQ) and
+corresponding answers following the popular USENET tradition. Most of these
+questions occured on the Newsgroup <a
+href="news:comp.infosystems.www.servers.unix">
+<code>comp.infosystems.www.servers.unix</code></a> or the mod_ssl Support
+Mailing List <a href="mailto:modssl-users@modssl.org">
+<code>modssl-users@modssl.org</code></a>. They are collected at this place
+to avoid answering the same questions over and over.
+<p>
+Please read this chapter at least once when installing mod_ssl or at least
+search for your problem here before submitting a problem report to the
+author.
+</td>
+<td>
+
+</td>
+<td>
+<div align="right">
+<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="350" summary="">
+<tr>
+<td bgcolor="#333399">
+<font face="Arial,Helvetica" color="#ccccff">
+<b>Table Of Contents</b>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<font face="Arial,Helvetica" size="-1">
+ <a href="#ToC1"><strong>About the module</strong></a><br>
+ <a href="#ToC2"><strong>What is the history of mod_ssl?</strong></a><br>
+ <a href="#ToC3"><strong>Apache-SSL vs. mod_ssl: differences?</strong></a><br>
+ <a href="#ToC4"><strong>mod_ssl vs. commercial alternatives?</strong></a><br>
+ <a href="#ToC5"><strong>mod_ssl/Apache versions?</strong></a><br>
+ <a href="#ToC6"><strong>mod_ssl and Year 2000?</strong></a><br>
+ <a href="#ToC7"><strong>mod_ssl and Wassenaar Arrangement?</strong></a><br>
+ <a href="#ToC8"><strong>About Installation</strong></a><br>
+ <a href="#ToC9"><strong>Core dumps for HTTPS requests?</strong></a><br>
+ <a href="#ToC10"><strong>Core dumps for Apache+mod_ssl+PHP3?</strong></a><br>
+ <a href="#ToC11"><strong>Undefined symbols on startup?</strong></a><br>
+ <a href="#ToC12"><strong>Permission problem on SSLMutex</strong></a><br>
+ <a href="#ToC13"><strong>Shared memory and process size?</strong></a><br>
+ <a href="#ToC14"><strong>Shared memory and pathname?</strong></a><br>
+ <a href="#ToC15"><strong>PRNG and not enough entropy?</strong></a><br>
+ <a href="#ToC16"><strong>About Configuration</strong></a><br>
+ <a href="#ToC17"><strong>HTTP and HTTPS with a single server?</strong></a><br>
+ <a href="#ToC18"><strong>Where is the HTTPS port?</strong></a><br>
+ <a href="#ToC19"><strong>How to test HTTPS manually?</strong></a><br>
+ <a href="#ToC20"><strong>Why does my connection hang?</strong></a><br>
+ <a href="#ToC21"><strong>Why do I get connection refused?</strong></a><br>
+ <a href="#ToC22"><strong>Why are the SSL_XXX variables missing?</strong></a><br>
+ <a href="#ToC23"><strong>How to switch with relative hyperlinks?</strong></a><br>
+ <a href="#ToC24"><strong>About Certificates</strong></a><br>
+ <a href="#ToC25"><strong>What are Keys, CSRs and Certs?</strong></a><br>
+ <a href="#ToC26"><strong>Difference on startup?</strong></a><br>
+ <a href="#ToC27"><strong>How to create a dummy cert?</strong></a><br>
+ <a href="#ToC28"><strong>How to create a real cert?</strong></a><br>
+ <a href="#ToC29"><strong>How to create my own CA?</strong></a><br>
+ <a href="#ToC30"><strong>How to change a pass phrase?</strong></a><br>
+ <a href="#ToC31"><strong>How to remove a pass phrase?</strong></a><br>
+ <a href="#ToC32"><strong>How to verify a key/cert pair?</strong></a><br>
+ <a href="#ToC33"><strong>Bad Certificate Error?</strong></a><br>
+ <a href="#ToC34"><strong>Why does a 2048-bit key not work?</strong></a><br>
+ <a href="#ToC35"><strong>Why is client auth broken?</strong></a><br>
+ <a href="#ToC36"><strong>How to convert from PEM to DER?</strong></a><br>
+ <a href="#ToC37"><strong>Verisign and the magic getca program?</strong></a><br>
+ <a href="#ToC38"><strong>Global IDs or SGC?</strong></a><br>
+ <a href="#ToC39"><strong>Global IDs and Cert Chain?</strong></a><br>
+ <a href="#ToC40"><strong>About SSL Protocol</strong></a><br>
+ <a href="#ToC41"><strong>Random SSL errors under heavy load?</strong></a><br>
+ <a href="#ToC42"><strong>Why has the server a higher load?</strong></a><br>
+ <a href="#ToC43"><strong>Why are connections horribly slow?</strong></a><br>
+ <a href="#ToC44"><strong>Which ciphers are supported?</strong></a><br>
+ <a href="#ToC45"><strong>How to use Anonymous-DH ciphers</strong></a><br>
+ <a href="#ToC46"><strong>Why do I get 'no shared ciphers'?</strong></a><br>
+ <a href="#ToC47"><strong>HTTPS and name-based vhosts</strong></a><br>
+ <a href="#ToC48"><strong>The lock icon in Netscape locks very late</strong></a><br>
+ <a href="#ToC49"><strong>Why do I get I/O errors with MSIE clients?</strong></a><br>
+ <a href="#ToC50"><strong>Why do I get I/O errors with NS clients?</strong></a><br>
+ <a href="#ToC51"><strong>About Support</strong></a><br>
+ <a href="#ToC52"><strong>Resources in case of problems?</strong></a><br>
+ <a href="#ToC53"><strong>Support in case of problems?</strong></a><br>
+ <a href="#ToC54"><strong>How to write a problem report?</strong></a><br>
+ <a href="#ToC55"><strong>I got a core dump, can you help me?</strong></a><br>
+ <a href="#ToC56"><strong>How to get a backtrace?</strong></a><br>
+</font>
+</td>
+</tr>
+</table>
+</div>
+</td>
+</tr>
+</table>
+<h2><a name="ToC1">About the module</a></h2>
+<ul>
+<p>
+<li><a name="ToC2"></a>
+ <a name="history"></a>
+ <strong id="faq">
+What is the history of mod_ssl?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#history"><b>L</b></a>]
+ <p>
+ The mod_ssl v1 package was initially created in April 1998 by <a
+ href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> via porting <a
+ href="mailto:ben@algroup.co.uk">Ben Laurie</a>'s <a
+ href="http://www.apache-ssl.org/">Apache-SSL</a> 1.17 source patches for
+ Apache 1.2.6 to Apache 1.3b6. Because of conflicts with Ben
+ Laurie's development cycle it then was re-assembled from scratch for
+ Apache 1.3.0 by merging the old mod_ssl 1.x with the newer Apache-SSL
+ 1.18. From this point on mod_ssl lived its own life as mod_ssl v2. The
+ first publically released version was mod_ssl 2.0.0 from August 10th,
+ 1998. As of this writing (August 1999) the current mod_ssl version is 2.4.0.
+ <p>
+ After one year of very active development with over 1000 working hours and
+ over 40 releases mod_ssl reached its current state. The result is an
+ already very clean source base implementing a very rich functionality.
+ The code size increased by a factor of 4 to currently a total of over
+ 10.000 lines of ANSI C consisting of approx. 70% code and 30% code
+ documentation. From the original Apache-SSL code currently approx. 5% is
+ remaining only.
+<p>
+<li><a name="ToC3"></a>
+ <a name="apssl-diff"></a>
+ <strong id="faq">
+What are the functional differences between mod_ssl and Apache-SSL, from where
+it is originally derived?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>]
+ <p>
+ This neither can be answered in short (there were too many code changes)
+ nor can be answered at all by the author (there would immediately be flame
+ wars with no reasonable results at the end). But as you easily can guess
+ from the 5% of remaining Apache-SSL code, a lot of differences exists,
+ although user-visible backward compatibility exists for most things.
+ <p>
+ When you really want a detailed comparison you have to read the entries in
+ the large <code>CHANGES</code> file that is in the mod_ssl
+ distribution. Usually this is much too hard-core. So I recommend you to
+ either believe in the opinion and recommendations of other users (the
+ simplest approach) or do a comparison yourself (the most reasonable
+ approach). For the latter, grab distributions of mod_ssl (from <a
+ href="http://www.modssl.org/">http://www.modssl.org</a>) and Apache-SSL
+ (from <a href="http://www.apache-ssl.org/">http://www.apache-ssl.org</a>),
+ install both packages, read their documentation and try them out yourself.
+ Then choose the one which pleases you most.
+ <p>
+ A few final hints to help direct your comparison: quality of documentation
+ ("can you easily find answers and are they sufficient?"), quality of
+ source code ("is the source code reviewable so you can make sure there
+ aren't any trapdoors or inherent security risks because of bad programming
+ style?"), easy and clean installation ("can the SSL functionality easily
+ added to an Apache source tree without manual editing or patching?"),
+ clean integration into Apache ("is the SSL functionality encapsulated and
+ cleanly separated from the remaining Apache functionality?"), support for
+ Dynamic Shared Object (DSO) facility ("can the SSL functionality built as
+ a separate DSO for maximum flexibility?"), Win32 port ("is the SSL
+ functionality available also under the Win32 platform?"), amount and
+ quality of functionality ("is the provided SSL functionality and control
+ possibilities sufficient for your situation?"), quality of problem tracing
+ ("is it possible for you to easily trace down the problems via logfiles,
+ etc?"), etc. pp.
+<p>
+<li><a name="ToC4"></a>
+ <a name="apssl-diff"></a>
+ <strong id="faq">
+What are the major differences between mod_ssl and
+the commercial alternatives like Raven or Stronghold?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>]
+ <p>
+ In the past (until September 20th, 2000) the major difference was
+ the RSA license which one received (very cheaply in contrast to
+ a direct licensing from RSA DSI) with the commercial Apache SSL
+ products. On the other hand, one needed this license only in the US,
+ of course. So for non-US citizens this point was useless. But now
+ even for US citizens the situations changed because the RSA patent
+ expired on September 20th, 2000 and RSA DSI also placed the RSA
+ algorithm explicitly into the public domain.
+ <p>
+ Second, there is the point that one has guaranteed support from
+ the commercial vendors. On the other hand, if you monitored the
+ Open Source quality of mod_ssl and the support activities
+ found on <a href="mailto:modssl-users@modssl.org">
+ <code>modssl-users@modssl.org</code></a>, you could ask yourself
+ whether you are really convinced that you can get better support
+ from a commercial vendor.
+ <p>
+ Third, people often think they would receive perhaps at least a
+ better technical SSL solution than mod_ssl from the commercial
+ vendors. But this is not really true, because all commercial
+ alternatives (Raven 1.4.x, Stronghold 3.x, RedHat SWS 2.x, etc.)
+ <i>are</i> actually based on mod_ssl and OpenSSL. The reason for
+ this common misunderstanding is mainly because some vendors make no
+ attempt to make it reasonably clear that their product is actually
+ mod_ssl based. So, do not think, just because the commercial
+ alternatives are usually more expensive, that you are also receiving
+ an alternative <i>technical</i> SSL solution. This is usually not
+ the case. Actually the vendor versions of Apache, mod_ssl and OpenSSL
+ often stay behind the latest free versions and perhaps this way still do not
+ include important bug and security fixes. On the other hand,
+ it sometimes occurs that a vendor version includes useful changes
+ which are not available through the official freely available
+ packages. But most vendors play fair and contribute back those
+ changes to the free software world, of course.
+ <p>
+ So, in short: There are lots of commercial versions of the popular
+ Apache+mod_ssl+OpenSSL server combination available. Every user
+ should decide carefully whether they really need to buy a commercial
+ version or whether it would not be sufficient to directly use the
+ free and official versions of the Apache, mod_ssl and OpenSSL
+ packages.
+<p>
+<li><a name="ToC5"></a>
+ <a name="what-version"></a>
+ <strong id="faq">
+How do I know which mod_ssl version is for which Apache version?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-version"><b>L</b></a>]
+ <p>
+ That's trivial: mod_ssl uses version strings of the syntax
+ <em><mod_ssl-version></em>-<em><apache-version></em>, for
+ instance <code>2.4.0-1.3.9</code>. This directly indicates that it's
+ mod_ssl version 2.4.0 for Apache version 1.3.9. And this also means you
+ <em>only</em> can apply this mod_ssl version to exactly this Apache
+ version (unless you use the <code>--force</code> option to mod_ssl's
+ <code>configure</code> command ;-).
+<p>
+<li><a name="ToC6"></a>
+ <a name="y2k"></a>
+ <strong id="faq">
+Is mod_ssl Year 2000 compliant?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#y2k"><b>L</b></a>]
+ <p>
+ Yes, mod_ssl is Year 2000 compliant.
+ <p>
+ Because first mod_ssl internally never stores years as two digits.
+ Instead it always uses the ANSI C & POSIX numerical data type
+ <code>time_t</code> type, which on almost all Unix platforms at the moment
+ is a <code>signed long</code> (usually 32-bits) representing seconds since
+ epoch of January 1st, 1970, 00:00 UTC. This signed value overflows in
+ early January 2038 and not in the year 2000. Second, date and time
+ presentations (for instance the variable ``<code>%{TIME_YEAR}</code>'')
+ are done with full year value instead of abbreviating to two digits.
+ <p>
+ Additionally according to a <a
+ href="http://www.apache.org/docs/misc/FAQ.html#year2000">Year 2000
+ statement</a> from the Apache Group, the Apache webserver is Year 2000
+ compliant, too. But whether OpenSSL or the underlaying Operating System
+ (either a Unix or Win32 platform) is Year 2000 compliant is a different
+ question which cannot be answered here.
+<p>
+<li><a name="ToC7"></a>
+ <a name="wassenaar"></a>
+ <strong id="faq">
+What about mod_ssl and the Wassenaar Arrangement?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#wassenaar"><b>L</b></a>]
+ <p>
+ First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on
+ Export Controls for Conventional Arms and Dual-Use Goods and
+ Technologies</i> is: This is a international regime, established 1995, to
+ control trade in conventional arms and dual-use goods and technology. It
+ replaced the previous <i>CoCom</i> regime. 33 countries are signatories:
+ Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic,
+ Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan,
+ Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic
+ of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden,
+ Switzerland, Turkey, Ukraine, United Kingdom and United States. For more
+ details look at <a
+ href="http://www.wassenaar.org/">http://www.wassenaar.org/</a>.
+ <p>
+ In short: The aim of the Wassenaar Arrangement is to prevent the build up
+ of military capabilities that threaten regional and international security
+ and stability. The Wassenaar Arrangement controls the export of
+ cryptography as a dual-use good, i.e., one that has both military and
+ civilian applications. However, the Wassenaar Arrangement also provides an
+ exemption from export controls for mass-market software and free software.
+ <p>
+ In the current Wassenaar ``<i>List of Dual Use Goods and Technologies And
+ Munitions</i>'', under ``<i>GENERAL SOFTWARE NOTE</i>'' (GSN) it says
+ ``<i>The Lists do not control "software" which is either: 1. [...] 2. "in
+ the public domain".</i>'' And under ``<i>DEFINITIONS OF TERMS USED IN
+ THESE LISTS</i>'' one can find the definition: ``<i>"In the public
+ domain": This means "technology" or "software" which has been made
+ available without restrictions upon its further dissemination. N.B.
+ Copyright restrictions do not remove "technology" or "software" from being
+ "in the public domain".</i>''
+ <p>
+ So, both mod_ssl and OpenSSL are ``in the public domain'' for the purposes
+ of the Wassenaar Agreement and its ``<i>List of Dual Use Goods and
+ Technologies And Munitions List</i>''.
+ <p>
+ Additionally the Wassenaar Agreement itself has no direct consequence for
+ exporting cryptography software. What is actually allowed or forbidden to
+ be exported from the countries has still to be defined in the local laws
+ of each country. And at least according to official press releases from
+ the German BMWi (see <a
+ href="http://www.bmwi.de/presse/1998/1208prm2.html">here</a>) and the
+ Switzerland Bawi (see <a href="http://jya.com/wass-ch.htm">here</a>) there
+ will be no forthcoming export restriction for free cryptography software
+ for their countries. Remember that mod_ssl is created in Germany and
+ distributed from Switzerland.
+ <p>
+ So, mod_ssl and OpenSSL are not affected by the Wassenaar Agreement.
+</ul>
+<p>
+<br>
+<h2><a name="ToC8">About Installation</a></h2>
+<ul>
+<p>
+<li><a name="ToC9"></a>
+ <a name="core-dbm"></a>
+ <strong id="faq">
+When I access my website the first time via HTTPS I get a core dump?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dbm"><b>L</b></a>]
+ <p>
+ There can be a lot of reasons why a core dump can occur, of course.
+ Ranging from buggy third-party modules, over buggy vendor libraries up to
+ a buggy mod_ssl version. But the above situation is often caused by old or
+ broken vendor DBM libraries. To solve it either build mod_ssl with the
+ built-in SDBM library (specify <tt>--enable-rule=SSL_SDBM</tt> at the
+ APACI command line) or switch from ``<tt>SSLSessionCache dbm:</tt>'' to the
+ newer ``<tt>SSLSessionCache shm:</tt>'' variant (after you have rebuilt
+ Apache with MM, of course).
+<p>
+<li><a name="ToC10"></a>
+ <a name="core-php3"></a>
+ <strong id="faq">
+My Apache dumps core when I add both mod_ssl and PHP3?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-php3"><b>L</b></a>]
+ <p>
+ Make sure you add mod_ssl to the Apache source tree first and then do a
+ fresh configuration and installation of PHP3. For SSL support EAPI patches
+ are required which have to change internal Apache structures. PHP3 needs
+ to know about these in order to work correctly. Always make sure that
+ <tt>-DEAPI</tt> is contained in the compiler flags when PHP3 is build.
+<p>
+<li><a name="ToC11"></a>
+ <a name="dso-sym"></a>
+ <strong id="faq">
+When I startup Apache I get errors about undefined symbols like ap_global_ctx?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#dso-sym"><b>L</b></a>]
+ <p>
+ This actually means you installed mod_ssl as a DSO, but without rebuilding
+ Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an
+ extra patched Apache (containing the EAPI patches) and you have to build
+ this Apache with EAPI enabled (explicitly specify
+ <tt>--enable-rule=EAPI</tt> at the APACI command line).
+<p>
+<li><a name="ToC12"></a>
+ <a name="mutex-perm"></a>
+ <strong id="faq">
+When I startup Apache I get permission errors related to SSLMutex?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mutex-perm"><b>L</b></a>]
+ <p>
+ When you receive entries like ``<code>mod_ssl: Child could not open
+ SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows)
+ [...] System: Permission denied (errno: 13)</code>'' this is usually
+ caused by to restrictive permissions on the <i>parent</i> directories.
+ Make sure that all parent directories (here <code>/opt</code>,
+ <code>/opt/apache</code> and <code>/opt/apache/logs</code>) have the x-bit
+ set at least for the UID under which Apache's children are running (see
+ the <code>User</code> directive of Apache).
+<p>
+<li><a name="ToC13"></a>
+ <a name="mm"></a>
+ <strong id="faq">
+When I use the MM library and the shared memory cache each process grows
+1.5MB according to `top' although I specified 512000 as the cache size?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mm"><b>L</b></a>]
+ <p>
+ The additional 1MB are caused by the global shared memory pool EAPI
+ allocates for all modules and which is not used by mod_ssl for
+ various reasons. So the actually allocated shared memory is always
+ 1MB more than what you specify on <code>SSLSessionCache</code>.
+ But don't be confused by the display of `top': although is
+ indicates that <i>each</i> process grow, this is not reality, of
+ course. Instead the additional memory consumption is shared by
+ all processes, i.e. the 1.5MB are allocated only once per Apache
+ instance and not once per Apache server process.
+<p>
+<li><a name="ToC14"></a>
+ <a name="mmpath"></a>
+ <strong id="faq">
+Apache creates files in a directory declared by the internal
+EAPI_MM_CORE_PATH define. Is there a way to override the path using a
+configuration directive?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mmpath"><b>L</b></a>]
+ <p>
+ No, there is not configuration directive, because for technical
+ bootstrapping reasons, a directive not possible at all. Instead
+ use ``<code>CFLAGS='-DEAPI_MM_CORE_PATH="/path/to/wherever/"'
+ ./configure ...</code>'' when building Apache or use option
+ <b>-d</b> when starting <code>httpd</code>.
+<p>
+<li><a name="ToC15"></a>
+ <a name="entropy"></a>
+ <strong id="faq">
+When I fire up the server, mod_ssl stops with the error
+"Failed to generate temporary 512 bit RSA private key", why?
+And a "PRNG not seeded" error occurs if I try "make certificate".
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#entropy"><b>L</b></a>]
+ <p>
+ Cryptographic software needs a source of unpredictable data
+ to work correctly. Many open source operating systems provide
+ a "randomness device" that serves this purpose (usually named
+ <code>/dev/random</code>). On other systems, applications have to
+ seed the OpenSSL Pseudo Random Number Generator (PRNG) manually with
+ appropriate data before generating keys or performing public key
+ encryption. As of version 0.9.5, the OpenSSL functions that need
+ randomness report an error if the PRNG has not been seeded with
+ at least 128 bits of randomness. So mod_ssl has to provide enough
+ entropy to the PRNG to work correctly. For this one has to use the
+ <code>SSLRandomSeed</code> directives (to solve the run-time problem)
+ and create a <code>$HOME/.rnd</code> file to make sure enough
+ entropy is available also for the "<code>make certificate</code>"
+ step (in case the "<code>make certificate</code>" procedure is not
+ able to gather enough entropy theirself by searching for system
+ files).
+</ul>
+<p>
+<br>
+<h2><a name="ToC16">About Configuration</a></h2>
+<ul>
+<p>
+<li><a name="ToC17"></a>
+ <a name="https-parallel"></a>
+ <strong id="faq">
+Is it possible to provide HTTP and HTTPS with a single server?</strong>
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-parallel"><b>L</b></a>]
+ <p>
+ Yes, HTTP and HTTPS use different server ports, so there is no direct
+ conflict between them. Either run two separate server instances (one binds
+ to port 80, the other to port 443) or even use Apache's elegant virtual
+ hosting facility where you can easily create two virtual servers which
+ Apache dispatches: one responding to port 80 and speaking HTTP and one
+ responding to port 443 speaking HTTPS.
+<p>
+<li><a name="ToC18"></a>
+ <a name="https-port"></a>
+ <strong id="faq">
+I know that HTTP is on port 80, but where is HTTPS?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-port"><b>L</b></a>]
+ <p>
+ You can run HTTPS on any port, but the standards specify port 443, which
+ is where any HTTPS compliant browser will look by default. You can force
+ your browser to look on a different port by specifying it in the URL like
+ this (for port 666): <code>https://secure.server.dom:666/</code>
+<p>
+<li><a name="ToC19"></a>
+ <a name="https-test"></a>
+ <strong id="faq">
+How can I speak HTTPS manually for testing purposes?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-test"><b>L</b></a>]
+ <p>
+ While you usually just use
+ <p>
+ <code><b>$ telnet localhost 80</b></code><br>
+ <code><b>GET / HTTP/1.0</b></code>
+ <p>
+ for simple testing the HTTP protocol of Apache, it's not such easy for
+ HTTPS because of the SSL protocol between TCP and HTTP. But with the
+ help of OpenSSL's <code>s_client</code> command you can do a similar
+ check even for HTTPS:
+ <p>
+ <code><b>$ openssl s_client -connect localhost:443 -state -debug</b></code><br>
+ <code><b>GET / HTTP/1.0</b></code>
+ <p>
+ Before the actual HTTP response you receive detailed information about the
+ SSL handshake. For a more general command line client which directly
+ understands both the HTTP and HTTPS scheme, can perform GET and POST
+ methods, can use a proxy, supports byte ranges, etc. you should have a
+ look at nifty <a href="http://curl.haxx.nu/">cURL</a>
+ tool. With it you can directly check if your Apache is running fine on
+ Port 80 and 443 as following:
+ <p>
+ <code><b>$ curl http://localhost/</b></code><br>
+ <code><b>$ curl https://localhost/</b></code><br>
+<p>
+<li><a name="ToC20"></a>
+ <a name="hang"></a>
+ <strong id="faq">
+Why does the connection hang when I connect to my SSL-aware Apache server?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>]
+ <p>
+ Because you connected with HTTP to the HTTPS port, i.e. you used an URL of
+ the form ``<code>http://</code>'' instead of ``<code>https://</code>''.
+ This also happens the other way round when you connect via HTTPS to a HTTP
+ port, i.e. when you try to use ``<code>https://</code>'' on a server that
+ doesn't support SSL (on this port). Make sure you are connecting to a
+ virtual server that supports SSL, which is probably the IP associated with
+ your hostname, not localhost (127.0.0.1).
+<p>
+<li><a name="ToC21"></a>
+ <a name="hang"></a>
+ <strong id="faq">
+Why do I get ``Connection Refused'' messages when trying to access my freshly
+installed Apache+mod_ssl server via HTTPS?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>]
+ <p>
+ There can be various reasons. Some of the common mistakes is that people
+ start Apache with just ``<tt>apachectl start</tt>'' (or
+ ``<tt>httpd</tt>'') instead of ``<tt>apachectl startssl</tt>'' (or
+ ``<tt>httpd -DSSL</tt>''. Or you're configuration is not correct. At
+ least make sure that your ``<tt>Listen</tt>'' directives match your
+ ``<tt><VirtualHost></tt>'' directives. And if all fails, please do
+ yourself a favor and start over with the default configuration mod_ssl
+ provides you.
+<p>
+<li><a name="ToC22"></a>
+ <a name="env-vars"></a>
+ <strong id="faq">
+In my CGI programs and SSI scripts the various documented
+<code>SSL_XXX</code> variables do not exists. Why?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#env-vars"><b>L</b></a>]
+ <p>
+ Just make sure you have ``<code>SSLOptions +StdEnvVars</code>''
+ enabled for the context of your CGI/SSI requests.
+<p>
+<li><a name="ToC23"></a>
+ <a name="relative-links"></a>
+ <strong id="faq">
+How can I use relative hyperlinks to switch between HTTP and HTTPS?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#relative-links"><b>L</b></a>]
+ <p>
+ Usually you have to use fully-qualified hyperlinks because
+ you have to change the URL scheme. But with the help of some URL
+ manipulations through mod_rewrite you can achieve the same effect while
+ you still can use relative URLs:
+ <pre>
+ RewriteEngine on
+ RewriteRule ^/(.*):SSL$ https://%{SERVER_NAME}/$1 [R,L]
+ RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]
+ </pre>
+ This rewrite ruleset lets you use hyperlinks of the form
+ <pre>
+ <a href="document.html:SSL">
+ </pre>
+</ul>
+<p>
+<br>
+<h2><a name="ToC24">About Certificates</a></h2>
+<ul>
+<p>
+<li><a name="ToC25"></a>
+ <a name="what-is"></a>
+ <strong id="faq">
+What are RSA Private Keys, CSRs and Certificates?</strong>
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-is"><b>L</b></a>]
+ <p>
+ The RSA private key file is a digital file that you can use to decrypt
+ messages sent to you. It has a public component which you distribute (via
+ your Certificate file) which allows people to encrypt those messages to
+ you. A Certificate Signing Request (CSR) is a digital file which contains
+ your public key and your name. You send the CSR to a Certifying Authority
+ (CA) to be converted into a real Certificate. A Certificate contains your
+ RSA public key, your name, the name of the CA, and is digitally signed by
+ your CA. Browsers that know the CA can verify the signature on that
+ Certificate, thereby obtaining your RSA public key. That enables them to
+ send messages which only you can decrypt.
+ See the <a href="ssl_intro.html">Introduction</a> chapter for a general
+ description of the SSL protocol.
+<p>
+<li><a name="ToC26"></a>
+ <a name="startup"></a>
+ <strong id="faq">
+Seems like there is a difference on startup between the original Apache and an SSL-aware Apache?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#startup"><b>L</b></a>]
+ <p>
+ Yes, in general, starting Apache with a built-in mod_ssl is just like
+ starting an unencumbered Apache, except for the fact that when you have a
+ pass phrase on your SSL private key file. Then a startup dialog pops up
+ asking you to enter the pass phrase.
+ <p>
+ To type in the pass phrase manually when starting the server can be
+ problematic, for instance when starting the server from the system boot
+ scripts. As an alternative to this situation you can follow the steps
+ below under ``How can I get rid of the pass-phrase dialog at Apache
+ startup time?''.
+<p>
+<li><a name="ToC27"></a>
+ <a name="cert-dummy"></a>
+ <strong id="faq">
+How can I create a dummy SSL server Certificate for testing purposes?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy"><b>L</b></a>]
+ <p>
+ A Certificate does not have to be signed by a public CA. You can use your
+ private key to sign the Certificate which contains your public key. You
+ can install this Certificate into your server, and people using Netscape
+ Navigator (not MSIE) will be able to connect after clicking OK to a
+ warning dialogue. You can get MSIE to work, and your customers can
+ eliminate the dialogue, by installing that Certificate manually into their
+ browsers.
+ <p>
+ Just use the ``<code>make certificate</code>'' command at the top-level
+ directory of the Apache source tree right before installing Apache via
+ ``<code>make install</code>''. This creates a self-signed SSL Certificate
+ which expires after 30 days and isn't encrypted (which means you don't
+ need to enter a pass-phrase at Apache startup time).
+ <p>
+ BUT REMEMBER: YOU REALLY HAVE TO CREATE A REAL CERTIFICATE FOR THE LONG
+ RUN! HOW THIS IS DONE IS DESCRIBED IN THE NEXT ANSWER.
+<p>
+<li><a name="ToC28"></a>
+ <a name="cert-real"></a>
+ <strong id="faq">
+Ok, I've got my server installed and want to create a real SSL
+server Certificate for it. How do I do it?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real"><b>L</b></a>]
+ <p>
+ Here is a step-by-step description:
+ <p>
+ <ol>
+ <li>Make sure OpenSSL is really installed and in your <code>PATH</code>.
+ But some commands even work ok when you just run the
+ ``<code>openssl</code>'' program from within the OpenSSL source tree as
+ ``<code>./apps/openssl</code>''.
+ <p>
+ <li>Create a RSA private key for your Apache server
+ (will be Triple-DES encrypted and PEM formatted):
+ <p>
+ <code><strong>$ openssl genrsa -des3 -out server.key 1024</strong></code>
+ <p>
+ Please backup this <code>server.key</code> file and remember the
+ pass-phrase you had to enter at a secure location.
+ You can see the details of this RSA private key via the command:
+ <p>
+ <code><strong>$ openssl rsa -noout -text -in server.key</strong></code>
+ <p>
+ And you could create a decrypted PEM version (not recommended)
+ of this RSA private key via:
+ <p>
+ <code><strong>$ openssl rsa -in server.key -out server.key.unsecure</strong></code>
+ <p>
+ <li>Create a Certificate Signing Request (CSR) with the server RSA private
+ key (output will be PEM formatted):
+ <p>
+ <code><strong>$ openssl req -new -key server.key -out server.csr</strong></code>
+ <p>
+ Make sure you enter the FQDN ("Fully Qualified Domain Name") of the
+ server when OpenSSL prompts you for the "CommonName", i.e. when you
+ generate a CSR for a website which will be later accessed via
+ <code>https://www.foo.dom/</code>, enter "www.foo.dom" here.
+ You can see the details of this CSR via the command
+ <p>
+ <code><strong>$ openssl req -noout -text -in server.csr</strong></code>
+ <p>
+ <li>You now have to send this Certificate Signing Request (CSR) to
+ a Certifying Authority (CA) for signing. The result is then a real
+ Certificate which can be used for Apache. Here you have two options:
+ First you can let the CSR sign by a commercial CA like Verisign or
+ Thawte. Then you usually have to post the CSR into a web form, pay for
+ the signing and await the signed Certificate you then can store into a
+ server.crt file. For more information about commercial CAs have a look
+ at the following locations:
+ <p>
+ <ul>
+ <li> Verisign<br>
+ <a href="http://digitalid.verisign.com/server/apacheNotice.htm">
+ http://digitalid.verisign.com/server/apacheNotice.htm
+ </a>
+ <li> Thawte Consulting<br>
+ <a href="http://www.thawte.com/certs/server/request.html">
+ http://www.thawte.com/certs/server/request.html
+ </a>
+ <li> CertiSign Certificadora Digital Ltda.<br>
+ <a href="http://www.certisign.com.br">
+ http://www.certisign.com.br
+ </a>
+ <li> IKS GmbH<br>
+ <a href="http://www.iks-jena.de/produkte/ca/">
+ http://www.iks-jena.de/produkte/ca/
+ </a>
+ <li> Uptime Commerce Ltd.<br>
+ <a href="http://www.uptimecommerce.com">
+ http://www.uptimecommerce.com
+ </a>
+ <li> BelSign NV/SA<br>
+ <a href="http://www.belsign.be">
+ http://www.belsign.be
+ </a>
+ </ul>
+ <p>
+ Second you can use your own CA and now have to sign the CSR yourself by
+ this CA. Read the next answer in this FAQ on how to sign a CSR with
+ your CA yourself.
+ You can see the details of the received Certificate via the command:
+ <p>
+ <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code>
+ <p>
+ <li>Now you have two files: <code>server.key</code> and
+ <code>server.crt</code>. These now can be used as following inside your
+ Apache's <code>httpd.conf</code> file:
+ <pre>
+ SSLCertificateFile /path/to/this/server.crt
+ SSLCertificateKeyFile /path/to/this/server.key
+ </pre>
+ The <code>server.csr</code> file is no longer needed.
+ </ol>
+<p>
+<li><a name="ToC29"></a>
+ <a name="cert-ownca"></a>
+ <strong id="faq">
+How can I create and use my own Certificate Authority (CA)?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-ownca"><b>L</b></a>]
+ <p>
+ The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code>
+ script provided by OpenSSL. The long and manual answer is this:
+ <p>
+ <ol>
+ <li>Create a RSA private key for your CA
+ (will be Triple-DES encrypted and PEM formatted):
+ <p>
+ <code><strong>$ openssl genrsa -des3 -out ca.key 1024</strong></code>
+ <p>
+ Please backup this <code>ca.key</code> file and remember the
+ pass-phrase you currently entered at a secure location.
+ You can see the details of this RSA private key via the command
+ <p>
+ <code><strong>$ openssl rsa -noout -text -in ca.key</strong></code>
+ <p>
+ And you can create a decrypted PEM version (not recommended) of this
+ private key via:
+ <p>
+ <code><strong>$ openssl rsa -in ca.key -out ca.key.unsecure</strong></code>
+ <p>
+ <li>Create a self-signed CA Certificate (X509 structure)
+ with the RSA key of the CA (output will be PEM formatted):
+ <p>
+ <code><strong>$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt</strong></code>
+ <p>
+ You can see the details of this Certificate via the command:
+ <p>
+ <code><strong>$ openssl x509 -noout -text -in ca.crt</strong></code>
+ <p>
+ <li>Prepare a script for signing which is needed because
+ the ``<code>openssl ca</code>'' command has some strange requirements
+ and the default OpenSSL config doesn't allow one easily to use
+ ``<code>openssl ca</code>'' directly. So a script named
+ <code>sign.sh</code> is distributed with the mod_ssl distribution
+ (subdir <code>pkg.contrib/</code>). Use this script for signing.
+ <p>
+ <li>Now you can use this CA to sign server CSR's in order to create real
+ SSL Certificates for use inside an Apache webserver (assuming
+ you already have a <code>server.csr</code> at hand):
+ <p>
+ <code><strong>$ ./sign.sh server.csr</strong></code>
+ <p>
+ This signs the server CSR and results in a <code>server.crt</code> file.
+ </ol>
+<p>
+<li><a name="ToC30"></a>
+ <a name="change-passphrase"></a>
+ <strong id="faq">
+How can I change the pass-phrase on my private key file?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#change-passphrase"><b>L</b></a>]
+ <p>
+ You simply have to read it with the old pass-phrase and write it again
+ by specifying the new pass-phrase. You can accomplish this with the following
+ commands:
+ <p>
+ <code><strong>$ openssl rsa -des3 -in server.key -out server.key.new</strong></code><br>
+ <code><strong>$ mv server.key.new server.key</strong></code><br>
+ <p>
+ Here you're asked two times for a PEM pass-phrase. At the first
+ prompt enter the old pass-phrase and at the second prompt
+ enter the new pass-phrase.
+<p>
+<li><a name="ToC31"></a>
+ <a name="remove-passphrase"></a>
+ <strong id="faq">
+How can I get rid of the pass-phrase dialog at Apache startup time?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#remove-passphrase"><b>L</b></a>]
+ <p>
+ The reason why this dialog pops up at startup and every re-start
+ is that the RSA private key inside your server.key file is stored in
+ encrypted format for security reasons. The pass-phrase is needed to be
+ able to read and parse this file. When you can be sure that your server is
+ secure enough you perform two steps:
+ <p>
+ <ol>
+ <li>Remove the encryption from the RSA private key (while
+ preserving the original file):
+ <p>
+ <code><strong>$ cp server.key server.key.org</strong></code><br>
+ <code><strong>$ openssl rsa -in server.key.org -out server.key</strong></code>
+ <p>
+ <li>Make sure the server.key file is now only readable by root:
+ <p>
+ <code><strong>$ chmod 400 server.key</strong></code>
+ </ol>
+ <p>
+ Now <code>server.key</code> will contain an unencrypted copy of the key.
+ If you point your server at this file it will not prompt you for a
+ pass-phrase. HOWEVER, if anyone gets this key they will be able to
+ impersonate you on the net. PLEASE make sure that the permissions on that
+ file are really such that only root or the web server user can read it
+ (preferably get your web server to start as root but run as another
+ server, and have the key readable only by root).
+ <p>
+ As an alternative approach you can use the ``<code>SSLPassPhraseDialog
+ exec:/path/to/program</code>'' facility. But keep in mind that this is
+ neither more nor less secure, of course.
+<p>
+<li><a name="ToC32"></a>
+ <a name="verify-key"></a>
+ <strong id="faq">
+How do I verify that a private key matches its Certificate?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verify-key"><b>L</b></a>]
+ <p>
+ The private key contains a series of numbers. Two of those numbers form
+ the "public key", the others are part of your "private key". The "public
+ key" bits are also embedded in your Certificate (we get them from your
+ CSR). To check that the public key in your cert matches the public
+ portion of your private key, you need to view the cert and the key and
+ compare the numbers. To view the Certificate and the key run the
+ commands:
+ <p>
+ <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br>
+ <code><strong>$ openssl rsa -noout -text -in server.key</strong></code>
+ <p>
+ The `modulus' and the `public exponent' portions in the key and the
+ Certificate must match. But since the public exponent is usually 65537
+ and it's bothering comparing long modulus you can use the following
+ approach:
+ <p>
+ <code><strong>$ openssl x509 -noout -modulus -in server.crt | openssl md5</strong></code><br>
+ <code><strong>$ openssl rsa -noout -modulus -in server.key | openssl md5</strong></code>
+ <p>
+ And then compare these really shorter numbers. With overwhelming
+ probability they will differ if the keys are different. BTW, if I want to
+ check to which key or certificate a particular CSR belongs you can compute
+ <p>
+ <code><strong>$ openssl req -noout -modulus -in server.csr | openssl md5</strong></code>
+<p>
+<li><a name="ToC33"></a>
+ <a name="keysize1"></a>
+ <strong id="faq">
+What does it mean when my connections fail with an "alert bad certificate"
+error?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize1"><b>L</b></a>]
+ <p>
+ Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL
+ routines:SSL3_READ_BYTES:sslv3 alert bad certificate</tt>'' in the SSL
+ logfile, this means that the browser was unable to handle the server
+ certificate/private-key which perhaps contain a RSA-key not equal to 1024
+ bits. For instance Netscape Navigator 3.x is one of those browsers.
+<p>
+<li><a name="ToC34"></a>
+ <a name="keysize2"></a>
+ <strong id="faq">
+Why does my 2048-bit private key not work?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize2"><b>L</b></a>]
+ <p>
+ The private key sizes for SSL must be either 512 or 1024 for compatibility
+ with certain web browsers. A keysize of 1024 bits is recommended because
+ keys larger than 1024 bits are incompatible with some versions of Netscape
+ Navigator and Microsoft Internet Explorer, and with other browsers that
+ use RSA's BSAFE cryptography toolkit.
+<p>
+<li><a name="ToC35"></a>
+ <a name="hash-symlinks"></a>
+ <strong id="faq">
+Why is client authentication broken after upgrading from
+SSLeay version 0.8 to 0.9?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hash-symlinks"><b>L</b></a>]
+ <p>
+ The CA certificates under the path you configured with
+ <code>SSLCACertificatePath</code> are found by SSLeay through hash
+ symlinks. These hash values are generated by the `<code>openssl x509 -noout
+ -hash</code>' command. But the algorithm used to calculate the hash for a
+ certificate has changed between SSLeay 0.8 and 0.9. So you have to remove
+ all old hash symlinks and re-create new ones after upgrading. Use the
+ <code>Makefile</code> mod_ssl placed into this directory.
+<p>
+<li><a name="ToC36"></a>
+ <a name="pem-to-der"></a>
+ <strong id="faq">
+How can I convert a certificate from PEM to DER format?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#pem-to-der"><b>L</b></a>]
+ <p>
+ The default certificate format for SSLeay/OpenSSL is PEM, which actually
+ is Base64 encoded DER with header and footer lines. For some applications
+ (e.g. Microsoft Internet Explorer) you need the certificate in plain DER
+ format. You can convert a PEM file <code>cert.pem</code> into the
+ corresponding DER file <code>cert.der</code> with the following command:
+ <code><strong>$ openssl x509 -in cert.pem -out cert.der -outform DER</strong></code>
+<p>
+<li><a name="ToC37"></a>
+ <a name="verisign-getca"></a>
+ <strong id="faq">
+I try to install a Verisign certificate. Why can't I find neither the
+<code>getca</code> nor <code>getverisign</code> programs Verisign mentions?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verisign-getca"><b>L</b></a>]
+ <p>
+ This is because Verisign has never provided specific instructions
+ for Apache+mod_ssl. Rather they tell you what you should do
+ if you were using C2Net's Stronghold (a commercial Apache
+ based server with SSL support). The only thing you have to do
+ is to save the certificate into a file and give the name of
+ that file to the <code>SSLCertificateFile</code> directive.
+ Remember that you need to give the key file in as well (see
+ <code>SSLCertificateKeyFile</code> directive). For a better
+ CA-related overview on SSL certificate fiddling you can look at <a
+ href="http://www.thawte.com/certs/server/keygen/mod_ssl.html">
+ Thawte's mod_ssl instructions</a>.
+<p>
+<li><a name="ToC38"></a>
+ <a name="gid"></a>
+ <strong id="faq">
+Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global
+ID) also with mod_ssl?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>]
+ <p>
+ Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have
+ to configure anything special for this, just use a Global ID as your
+ server certificate. The <i>step up</i> of the clients are then
+ automatically handled by mod_ssl under run-time. For details please read
+ the <tt>README.GlobalID</tt> document in the mod_ssl distribution.
+<p>
+<li><a name="ToC39"></a>
+ <a name="gid"></a>
+ <strong id="faq">
+After I have installed my new Verisign Global ID server certificate, the
+browsers complain that they cannot verify the server certificate?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>]
+ <p>
+ That is because Verisign uses an intermediate CA certificate between
+ the root CA certificate (which is installed in the browsers) and
+ the server certificate (which you installed in the server). You
+ should have received this additional CA certificate from Verisign.
+ If not, complain to them. Then configure this certificate with the
+ <code>SSLCertificateChainFile</code> directive in the server. This
+ makes sure the intermediate CA certificate is send to the browser
+ and this way fills the gap in the certificate chain.
+</ul>
+<p>
+<br>
+<h2><a name="ToC40">About SSL Protocol</a></h2>
+<ul>
+<p>
+<li><a name="ToC41"></a>
+ <a name="random-errors"></a>
+ <strong id="faq">
+Why do I get lots of random SSL protocol errors under heavy server load?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random-errors"><b>L</b></a>]
+ <p>
+ There can be a number of reasons for this, but the main one
+ is problems with the SSL session Cache specified by the
+ <tt>SSLSessionCache</tt> directive. The DBM session cache is most
+ likely the source of the problem, so trying the SHM session cache or
+ no cache at all may help.
+<p>
+<li><a name="ToC42"></a>
+ <a name="load"></a>
+ <strong id="faq">
+Why has my webserver a higher load now that I run SSL there?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#load"><b>L</b></a>]
+ <p>
+ Because SSL uses strong cryptographic encryption and this needs a lot of
+ number crunching. And because when you request a webpage via HTTPS even
+ the images are transfered encrypted. So, when you have a lot of HTTPS
+ traffic the load increases.
+<p>
+<li><a name="ToC43"></a>
+ <a name="random"></a>
+ <strong id="faq">
+Often HTTPS connections to my server require up to 30 seconds for establishing
+the connection, although sometimes it works faster?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random"><b>L</b></a>]
+ <p>
+ Usually this is caused by using a <code>/dev/random</code> device for
+ <code>SSLRandomSeed</code> which is blocking in read(2) calls if not
+ enough entropy is available. Read more about this problem in the refernce
+ chapter under <code>SSLRandomSeed</code>.
+<p>
+<li><a name="ToC44"></a>
+ <a name="ciphers"></a>
+ <strong id="faq">
+What SSL Ciphers are supported by mod_ssl?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#ciphers"><b>L</b></a>]
+ <p>
+ Usually just all SSL ciphers which are supported by the
+ version of OpenSSL in use (can depend on the way you built
+ OpenSSL). Typically this at least includes the following:
+ <p>
+ <ul>
+ <li>RC4 with MD5
+ <li>RC4 with MD5 (export version restricted to 40-bit key)
+ <li>RC2 with MD5
+ <li>RC2 with MD5 (export version restricted to 40-bit key)
+ <li>IDEA with MD5
+ <li>DES with MD5
+ <li>Triple-DES with MD5
+ </ul>
+ <p>
+ To determine the actual list of supported ciphers you can
+ run the following command:
+ <p>
+ <code><strong>$ openssl ciphers -v</strong></code><br>
+<p>
+<li><a name="ToC45"></a>
+ <a name="cipher-adh"></a>
+ <strong id="faq">
+I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no
+shared cipher'' errors?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-adh"><b>L</b></a>]
+ <p>
+ In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough
+ to just put ``<code>ADH</code>'' into your <code>SSLCipherSuite</code>.
+ Additionally you have to build OpenSSL with
+ ``<code>-DSSL_ALLOW_ADH</code>''. Because per default OpenSSL does not
+ allow ADH ciphers for security reasons. So if you are actually enabling
+ these ciphers make sure you are informed about the side-effects.
+<p>
+<li><a name="ToC46"></a>
+ <a name="cipher-shared"></a>
+ <strong id="faq">
+I always just get a 'no shared ciphers' error if
+I try to connect to my freshly installed server?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-shared"><b>L</b></a>]
+ <p>
+ Either you have messed up your <code>SSLCipherSuite</code>
+ directive (compare it with the pre-configured example in
+ <code>httpd.conf-dist</code>) or you have choosen the DSA/DH
+ algorithms instead of RSA under "<code>make certificate</code>"
+ and ignored or overseen the warnings. Because if you have choosen
+ DSA/DH, then your server no longer speaks RSA-based SSL ciphers
+ (at least not until you also configure an additional RSA-based
+ certificate/key pair). But current browsers like NS or IE only speak
+ RSA ciphers. The result is the "no shared ciphers" error. To fix
+ this, regenerate your server certificate/key pair and this time
+ choose the RSA algorithm.
+<p>
+<li><a name="ToC47"></a>
+ <a name="vhosts"></a>
+ <strong id="faq">
+Why can't I use SSL with name-based/non-IP-based virtual hosts?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts"><b>L</b></a>]
+ <p>
+ The reason is very technical. Actually it's some sort of a chicken and
+ egg problem: The SSL protocol layer stays below the HTTP protocol layer
+ and encapsulates HTTP. When an SSL connection (HTTPS) is established
+ Apache/mod_ssl has to negotiate the SSL protocol parameters with the
+ client. For this mod_ssl has to consult the configuration of the virtual
+ server (for instance it has to look for the cipher suite, the server
+ certificate, etc.). But in order to dispatch to the correct virtual server
+ Apache has to know the <code>Host</code> HTTP header field. For this the
+ HTTP request header has to be read. This cannot be done before the SSL
+ handshake is finished. But the information is already needed at the SSL
+ handshake phase. Bingo!
+<p>
+<li><a name="ToC48"></a>
+ <a name="lock-icon"></a>
+ <strong id="faq">
+When I use Basic Authentication over HTTPS the lock icon in Netscape browsers
+still show the unlocked state when the dialog pops up. Does this mean the
+username/password is still transmitted unencrypted?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#lock-icon"><b>L</b></a>]
+ <p>
+ No, the username/password is already transmitted encrypted. The icon in
+ Netscape browsers is just not really synchronized with the SSL/TLS layer
+ (it toggles to the locked state when the first part of the actual webpage
+ data is transferred which is not quite correct) and this way confuses
+ people. The Basic Authentication facility is part of the HTTP layer and
+ this layer is above the SSL/TLS layer in HTTPS. And before any HTTP data
+ communication takes place in HTTPS the SSL/TLS layer has already done the
+ handshake phase and switched to encrypted communication. So, don't get
+ confused by this icon.
+<p>
+<li><a name="ToC49"></a>
+ <a name="io-ie"></a>
+ <strong id="faq">
+When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet
+Explorer (MSIE) I get various I/O errors. What is the reason?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie"><b>L</b></a>]
+ <p>
+ The first reason is that the SSL implementation in some MSIE versions has
+ some subtle bugs related to the HTTP keep-alive facility and the SSL close
+ notify alerts on socket connection close. Additionally the interaction
+ between SSL and HTTP/1.1 features are problematic with some MSIE versions,
+ too. You've to work-around these problems by forcing
+ Apache+mod_ssl+OpenSSL to not use HTTP/1.1, keep-alive connections or
+ sending the SSL close notify messages to MSIE clients. This can be done by
+ using the following directive in your SSL-aware virtual host section:
+ <pre>
+ SetEnvIf User-Agent ".*MSIE.*" \
+ <b>nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0</b></pre>
+ Additionally it is known some MSIE versions have also problems
+ with particular ciphers. Unfortunately one cannot workaround these
+ bugs only for those MSIE particular clients, because the ciphers
+ are already used in the SSL handshake phase. So a MSIE-specific
+ <tt>SetEnvIf</tt> doesn't work to solve these problems. Instead one
+ has to do more drastic adjustments to the global parameters. But
+ before you decide to do this, make sure your clients really have
+ problems. If not, do not do this, because it affects all(!) your
+ clients, i.e., also your non-MSIE clients.
+ <p>
+ The next problem is that 56bit export versions of MSIE 5.x browsers have a
+ broken SSLv3 implementation which badly interacts with OpenSSL versions
+ greater than 0.9.4. You can either accept this and force your clients to
+ upgrade their browsers, or you downgrade to OpenSSL 0.9.4 (hmmm), or you
+ can decide to workaround it by accepting the drawback that your workaround
+ will horribly affect also other browsers:
+ <pre>
+ SSLProtocol all <b>-SSLv3</b></pre>
+ This completely disables the SSLv3 protocol and lets those browsers work.
+ But usually this is an even less acceptable workaround. A more reasonable
+ workaround is to address the problem more closely and disable only the
+ ciphers which cause trouble.
+ <pre>
+ SSLCipherSuite ALL:!ADH:<b>!EXPORT56</b>:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</pre>
+ This also lets the broken MSIE versions work, but only removes the
+ newer 56bit TLS ciphers.
+ <p>
+ Another problem with MSIE 5.x clients is that they refuse to connect to
+ URLs of the form <tt>https://12.34.56.78/</tt> (IP-addresses are used
+ instead of the hostname), if the server is using the Server Gated
+ Cryptography (SGC) facility. This can only be avoided by using the fully
+ qualified domain name (FQDN) of the website in hyperlinks instead, because
+ MSIE 5.x has an error in the way it handles the SGC negotiation.
+ <p>
+ And finally there are versions of MSIE which seem to require that
+ an SSL session can be reused (a totally non standard-conforming
+ behaviour, of course). Connection with those MSIE versions only work
+ if a SSL session cache is used. So, as a work-around, make sure you
+ are using a session cache (see <tt>SSLSessionCache</tt> directive).
+<p>
+<li><a name="ToC50"></a>
+ <a name="io-ns"></a>
+ <strong id="faq">
+When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I
+get I/O errors and the message "Netscape has encountered bad data from the
+server" What's the reason?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ns"><b>L</b></a>]
+ <p>
+ The problem usually is that you had created a new server certificate with
+ the same DN, but you had told your browser to accept forever the old
+ server certificate. Once you clear the entry in your browser for the old
+ certificate, everything usually will work fine. Netscape's SSL
+ implementation is correct, so when you encounter I/O errors with Netscape
+ Navigator it is most of the time caused by the configured certificates.
+</ul>
+<p>
+<br>
+<h2><a name="ToC51">About Support</a></h2>
+<ul>
+<p>
+<li><a name="ToC52"></a>
+ <a name="resources"></a>
+ <strong id="faq">
+What information resources are available in case of mod_ssl problems?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#resources"><b>L</b></a>]
+ <p>
+The following information resources are available.
+In case of problems you should search here first.
+<p>
+<ol>
+<li><em>Answers in the User Manual's F.A.Q. List (this)</em><br>
+ <a href="http://www.modssl.org/docs/2.8/ssl_faq.html">
+ http://www.modssl.org/docs/2.8/ssl_faq.html</a><br>
+ First look inside the F.A.Q. (this text), perhaps your problem is such
+ popular that it was already answered a lot of times in the past.
+<p>
+<li><em>Postings from the modssl-users Support Mailing List</em>
+ <a href="http://www.modssl.org/support/">
+ http://www.modssl.org/support/</a><br>
+ Second search for your problem in one of the existing archives of the
+ modssl-users mailing list. Perhaps your problem popped up at least once for
+ another user, too.
+<p>
+<li><em>Problem Reports in the Bug Database</em>
+ <a href="http://www.modssl.org/support/bugdb/">
+ http://www.modssl.org/support/bugdb/</a><br>
+ Third look inside the mod_ssl Bug Database. Perhaps
+ someone else already has reported the problem.
+</ol>
+<p>
+<li><a name="ToC53"></a>
+ <a name="contact"></a>
+ <strong id="faq">
+What support contacts are available in case of mod_ssl problems?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#contact"><b>L</b></a>]
+ <p>
+The following lists all support possibilities for mod_ssl, in order of
+preference, i.e. start in this order and do not pick the support possibility
+you just like most, please.
+<p>
+<ol>
+<li><em>Write a Problem Report into the Bug Database</em><br>
+ <a href="http://www.modssl.org/support/bugdb/">
+ http://www.modssl.org/support/bugdb/</a><br>
+ This is the preferred way of submitting your problem report, because this
+ way it gets filed into the bug database (it cannot be lost) <em>and</em>
+ send to the modssl-users mailing list (others see the current problems and
+ learn from answers).
+<p>
+<li><em>Write a Problem Report to the modssl-users Support Mailing List</em><br>
+ <a href="mailto:modssl-users@modssl.org">
+ modssl-users @ modssl.org</a><br>
+ This is the second way of submitting your problem report. You have to
+ subscribe to the list first, but then you can easily discuss your problem
+ with both the author and the whole mod_ssl user community.
+<p>
+<li><em>Write a Problem Report to the author</em><br>
+ <a href="mailto:rse@engelschall.com">
+ rse @ engelschall.com</a><br>
+ This is the last way of submitting your problem report. Please avoid this
+ in your own interest because the author is really a very busy men. Your
+ mail will always be filed to one of his various mail-folders and is
+ usually not processed as fast as a posting on modssl-users.
+</ol>
+<p>
+<li><a name="ToC54"></a>
+ <a name="report-details"></a>
+ <strong id="faq">
+What information and details I've to provide to
+the author when writing a bug report?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-details"><b>L</b></a>]
+ <p>
+You have to at least always provide the following information:
+<p>
+<ul>
+<li><em>Apache, mod_ssl and OpenSSL version information</em><br>
+ The mod_ssl version you should really know. For instance, it's the version
+ number in the distribution tarball. The Apache version can be determined
+ by running ``<code>httpd -v</code>''. The OpenSSL version can be
+ determined by running ``<code>openssl version</code>''. Alternatively when
+ you have Lynx installed you can run the command ``<code>lynx -mime_header
+ http://localhost/ | grep Server</code>'' to determine all information in a
+ single step.
+<p>
+<li><em>The details on how you built and installed Apache+mod_ssl+OpenSSL</em><br>
+ For this you can provide a logfile of your terminal session which shows
+ the configuration and install steps. Alternatively you can at least
+ provide the author with the APACI `<code>configure</code>'' command line
+ you used (assuming you used APACI, of course).
+<p>
+<li><em>In case of core dumps please include a Backtrace</em><br>
+ In case your Apache+mod_ssl+OpenSSL should really dumped core please attach
+ a stack-frame ``backtrace'' (see the next question on how to get it).
+ Without this information the reason for your core dump cannot be found.
+ So you have to provide the backtrace, please.
+<p>
+<li><em>A detailed description of your problem</em><br>
+ Don't laugh, I'm totally serious. I already got a lot of problem reports
+ where the people not really said what's the actual problem is. So, in your
+ own interest (you want the problem be solved, don't you?) include as much
+ details as possible, please. But start with the essentials first, of
+ course.
+</ul>
+<p>
+<li><a name="ToC55"></a>
+ <a name="core-dumped"></a>
+ <strong id="faq">
+I got a core dump, can you help me?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dumped"><b>L</b></a>]
+ <p>
+ In general no, at least not unless you provide more details about the code
+ location where Apache dumped core. What is usually always required in
+ order to help you is a backtrace (see next question). Without this
+ information it is mostly impossible to find the problem and help you in
+ fixing it.
+<p>
+<li><a name="ToC56"></a>
+ <a name="report-backtrace"></a>
+ <strong id="faq">
+Ok, I got a core dump but how do I get a backtrace to find out the reason for it?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-backtrace"><b>L</b></a>]
+ <p>
+Follow the following steps:
+<p>
+<ol>
+<li>Make sure you have debugging symbols available in at least
+ Apache and mod_ssl. On platforms where you use GCC/GDB you have to build
+ Apache+mod_ssl with ``<code>OPTIM="-g -ggdb3"</code>'' to achieve this. On
+ other platforms at least ``<code>OPTIM="-g"</code>'' is needed.
+<p>
+<li>Startup the server and try to produce the core-dump. For this you perhaps
+ want to use a directive like ``<code>CoreDumpDirectory /tmp</code>'' to
+ make sure that the core-dump file can be written. You then should get a
+ <code>/tmp/core</code> or <code>/tmp/httpd.core</code> file. When you
+ don't get this, try to run your server under an UID != 0 (root), because
+ most "current" kernels do not allow a process to dump core after it has
+ done a <code>setuid()</code> (unless it does an <code>exec()</code>) for
+ security reasons (there can be privileged information left over in
+ memory). Additionally you can run ``<code>/path/to/httpd -X</code>''
+ manually to force Apache to not fork.
+<p>
+<li>Analyze the core-dump. For this run ``<code>gdb /path/to/httpd
+ /tmp/httpd.core</code>'' or a similar command has to run. In GDB you then
+ just have to enter the ``<code>bt</code>'' command and, voila, you get the
+ backtrace. For other debuggers consult your local debugger manual. Send
+ this backtrace to the author.
+</ol>
+</ul>
+ <p>
+ <br>
+ <table summary="">
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_glossary.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Glossary</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td><table width="598" summary="">
+ <tr>
+ <td align="left"><font face="Arial,Helvetica">
+ <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
+ The Apache Interface to OpenSSL
+ </font>
+ </td>
+ <td align="right"><font face="Arial,Helvetica">
+ Copyright © 1998-2001
+ <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
+ All Rights Reserved<br>
+ </font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</div>
+</body>
+</html>
--- /dev/null
+<html>
+<head>
+<title>mod_ssl: HowTo</title>
+
+<!--
+ Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials
+ provided with the distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ 4. The name "mod_ssl" must not be used to endorse or promote
+ products derived from this software without prior written
+ permission.
+
+ 5. Redistributions of any form whatsoever must retain the
+ following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
+ HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<style type="text/css"><!--
+A:link {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:active {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:visited {
+ text-decoration: none;
+ color: #6666cc;
+}
+#sf {
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H1 {
+ font-weight: bold;
+ font-size: 24pt;
+ line-height: 24pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H2 {
+ font-weight: bold;
+ font-size: 18pt;
+ line-height: 18pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H3 {
+ font-weight: bold;
+ font-size: 14pt;
+ line-height: 14pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H4 {
+ font-weight: bold;
+ font-size: 12pt;
+ line-height: 12pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#H {
+}
+#D {
+ background-color: #f0f0f0;
+}
+#faq {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#howto {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#term {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+--></style>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+function ro_imgNormal(imgName) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_n.src');
+ self.status = '';
+ }
+}
+function ro_imgOver(imgName, descript) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_o.src');
+ self.status = descript;
+ }
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_top_n = new Image();
+ ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_top_o = new Image();
+ ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_bot_n = new Image();
+ ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_bot_o = new Image();
+ ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_top_n = new Image();
+ ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_top_o = new Image();
+ ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_bot_n = new Image();
+ ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_bot_o = new Image();
+ ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
+<div align="center">
+<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+ <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
+ <table width="600" cellspacing="0" cellpadding="0" summary="">
+ <tr>
+ <td>
+ <table width="600" summary="">
+ <tr>
+ <td align="left" valign="bottom">
+ <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
+ </td>
+ <td align="right">
+ <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-5.gif" alt="5" width="74" height="89">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <br>
+ <img src="ssl_template.title-howto.gif" alt="HowTo" width="456" height="60">
+ </td>
+ </tr>
+ </table>
+<div align="right">
+<table cellspacing="0" cellpadding="0" width="200" summary="">
+<tr>
+<td>
+<em>
+``The solution of this problem is trivial
+ and is left as an exercise for the reader.''
+</em>
+</td>
+</tr>
+<tr>
+<td align="right">
+<font size="-1">
+Standard textbook cookie
+</font>
+</td>
+</tr>
+</table>
+</div>
+<p>
+<table cellspacing="0" cellpadding="0" border="0" summary="">
+<tr valign="bottom">
+<td>
+<img src="ssl_howto.gfont000.gif" alt="H" width="40" height="34" border="0" align="left">
+ow to solve particular security constraints for an SSL-aware webserver
+is not always obvious because of the coherences between SSL, HTTP and Apache's
+way of processing requests. This chapter gives instructions on how to solve
+such typical situations. Treat is as a first step to find out the final
+solution, but always try to understand the stuff before you use it. Nothing is
+worse than using a security solution without knowing it's restrictions and
+coherences.
+</td>
+<td>
+
+</td>
+<td>
+<div align="right">
+<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="300" summary="">
+<tr>
+<td bgcolor="#333399">
+<font face="Arial,Helvetica" color="#ccccff">
+<b>Table Of Contents</b>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<font face="Arial,Helvetica" size="-1">
+ <a href="#ToC1"><strong>Cipher Suites and Enforced Strong Security</strong></a><br>
+ <a href="#ToC2"><strong>SSLv2 only server</strong></a><br>
+ <a href="#ToC3"><strong>strong encryption only server</strong></a><br>
+ <a href="#ToC4"><strong>server gated cryptography</strong></a><br>
+ <a href="#ToC5"><strong>stronger per-directory requirements</strong></a><br>
+ <a href="#ToC6"><strong>Client Authentication and Access Control</strong></a><br>
+ <a href="#ToC7"><strong>simple certificate-based client authentication</strong></a><br>
+ <a href="#ToC8"><strong>selective certificate-based client authentication</strong></a><br>
+ <a href="#ToC9"><strong>particular certificate-based client authentication</strong></a><br>
+ <a href="#ToC10"><strong>intranet vs. internet authentication</strong></a><br>
+</font>
+</td>
+</tr>
+</table>
+</div>
+</td>
+</tr>
+</table>
+<h2><a name="ToC1">Cipher Suites and Enforced Strong Security</a></h2>
+<ul>
+<p>
+<li><a name="ToC2"></a>
+ <a name="cipher-sslv2"></a>
+ <strong id="howto">
+How can I create a real SSLv2-only server?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sslv2"><b>L</b></a>]
+ <p>
+The following creates an SSL server which speaks only the SSLv2 protocol and
+its ciphers.
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+SSLProtocol -all +SSLv2
+SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+<p>
+<li><a name="ToC3"></a>
+ <a name="cipher-strong"></a>
+ <strong id="howto">
+How can I create an SSL server which accepts strong encryption only?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-strong"><b>L</b></a>]
+ <p>
+The following enables only the seven strongest ciphers:
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+SSLProtocol all
+SSLCipherSuite HIGH:MEDIUM
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+<p>
+<li><a name="ToC4"></a>
+ <a name="cipher-sgc"></a>
+ <strong id="howto">
+How can I create an SSL server which accepts strong encryption only,
+but allows export browsers to upgrade to stronger encryption?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sgc"><b>L</b></a>]
+ <p>
+This facility is called Server Gated Cryptography (SGC) and details you can
+find in the <code>README.GlobalID</code> document in the mod_ssl distribution.
+In short: The server has a Global ID server certificate, signed by a special
+CA certificate from Verisign which enables strong encryption in export
+browsers. This works as following: The browser connects with an export cipher,
+the server sends it's Global ID certificate, the browser verifies it and
+subsequently upgrades the cipher suite before any HTTP communication takes
+place. The question now is: How can we allow this upgrade, but enforce strong
+encryption. Or in other words: Browser either have to initially connect with
+strong encryption or have to upgrade to strong encryption, but are not allowed
+to keep the export ciphers. The following does the trick:
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+# allow all ciphers for the inital handshake,
+# so export browsers can upgrade via SGC facility
+SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+<Directory /usr/local/apache/htdocs>
+# but finally deny all browsers which haven't upgraded
+SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
+</Directory>
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+<p>
+<li><a name="ToC5"></a>
+ <a name="cipher-perdir"></a>
+ <strong id="howto">
+How can I create an SSL server which accepts all types of ciphers in general,
+but requires a strong ciphers for access to a particular URL?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-perdir"><b>L</b></a>]
+ <p>
+Obviously you cannot just use a server-wide <code>SSLCipherSuite</code> which
+restricts the ciphers to the strong variants. But mod_ssl allows you to
+reconfigure the cipher suite in per-directory context and automatically forces
+a renegotiation of the SSL parameters to meet the new configuration. So, the
+solution is:
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+# be liberal in general
+SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+<Location /strong/area>
+# but https://hostname/strong/area/ and below requires strong ciphers
+SSLCipherSuite HIGH:MEDIUM
+</Location>
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+</ul>
+<h2><a name="ToC6">Client Authentication and Access Control</a></h2>
+<ul>
+<p>
+<li><a name="ToC7"></a>
+ <a name="auth-simple"></a>
+ <strong id="howto">
+How can I authenticate clients based on certificates when I know all my
+clients?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-simple"><b>L</b></a>]
+ <p>
+When you know your user community (i.e. a closed user group situation), as
+it's the case for instance in an Intranet, you can use plain certificate
+authentication. All you have to do is to create client certificates signed by
+your own CA certificate <code>ca.crt</code> and then verifiy the clients
+against this certificate.
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+# require a client certificate which has to be directly
+# signed by our CA certificate in ca.crt
+SSLVerifyClient require
+SSLVerifyDepth 1
+SSLCACertificateFile conf/ssl.crt/ca.crt
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+<p>
+<li><a name="ToC8"></a>
+ <a name="auth-selective"></a>
+ <strong id="howto">
+How can I authenticate my clients for a particular URL based on certificates
+but still allow arbitrary clients to access the remaining parts of the server?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-selective"><b>L</b></a>]
+ <p>
+For this we again use the per-directory reconfiguration feature of mod_ssl:
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+SSLVerifyClient none
+SSLCACertificateFile conf/ssl.crt/ca.crt
+<Location /secure/area>
+SSLVerifyClient require
+SSLVerifyDepth 1
+</Location>
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+<p>
+<li><a name="ToC9"></a>
+ <a name="auth-particular"></a>
+ <strong id="howto">
+How can I authenticate only particular clients for a some URLs based
+on certificates but still allow arbitrary clients to access the remaining
+parts of the server?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular"><b>L</b></a>]
+ <p>
+The key is to check for various ingredients of the client certficate. Usually
+this means to check the whole or part of the Distinguished Name (DN) of the
+Subject. For this two methods exists: The <code>mod_auth</code> based variant
+and the <code>SSLRequire</code> variant. The first method is good when the
+clients are of totally different type, i.e. when their DNs have no common
+fields (usually the organisation, etc.). In this case you've to establish a
+password database containing <em>all</em> clients. The second method is better
+when your clients are all part of a common hierarchy which is encoded into the
+DN. Then you can match them more easily.
+<p>
+The first method:
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">/usr/local/apache/conf/httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+SSLVerifyClient none
+<Directory /usr/local/apache/htdocs/secure/area>
+SSLVerifyClient require
+SSLVerifyDepth 5
+SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificatePath conf/ssl.crt
+SSLOptions +FakeBasicAuth
+SSLRequireSSL
+AuthName "Snake Oil Authentication"
+AuthType Basic
+AuthUserFile /usr/local/apache/conf/httpd.passwd
+require valid-user
+</Directory>
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">/usr/local/apache/conf/httpd.passwd</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+/C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA
+/C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA
+/C=US/L=L.A./O=Snake Oil, Ltd./OU=Dev/CN=Quux:xxj31ZMTZzkVA
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+<p>
+The second method:
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+SSLVerifyClient none
+<Directory /usr/local/apache/htdocs/secure/area>
+SSLVerifyClient require
+SSLVerifyDepth 5
+SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificatePath conf/ssl.crt
+SSLOptions +FakeBasicAuth
+SSLRequireSSL
+SSLRequire %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." and \
+ %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}
+</Directory>
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+<p>
+<li><a name="ToC10"></a>
+ <a name="auth-intranet"></a>
+ <strong id="howto"> How can
+I require HTTPS with strong ciphers and either basic authentication or client
+certificates for access to a subarea on the Intranet website for clients
+coming from the Internet but still allow plain HTTP access for clients on the
+Intranet?
+</strong>
+ [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-intranet"><b>L</b></a>]
+ <p>
+Let us assume the Intranet can be distinguished through the IP network
+192.160.1.0/24 and the subarea on the Intranet website has the URL
+<tt>/subarea</tt>. Then configure the following outside your HTTPS virtual
+host (so it applies to both HTTPS and HTTP):
+<p>
+<table border="0" cellpadding="0" cellspacing="0" summary="">
+ <tr>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
+ <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td>
+ <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ <td colspan="3" bgcolor="#ffffff">
+ <table border="0" cellspacing="4" summary="">
+ <tr>
+ <td>
+<pre>
+
+SSLCACertificateFile conf/ssl.crt/company-ca.crt
+
+<Directory /usr/local/apache/htdocs>
+# Outside the subarea only Intranet access is granted
+Order deny,allow
+Deny from all
+Allow from 192.168.1.0/24
+</Directory>
+
+<Directory /usr/local/apache/htdocs/subarea>
+# Inside the subarea any Intranet access is allowed
+# but from the Internet only HTTPS + Strong-Cipher + Password
+# or the alternative HTTPS + Strong-Cipher + Client-Certificate
+
+# If HTTPS is used, make sure a strong cipher is used.
+# Additionally allow client certs as alternative to basic auth.
+SSLVerifyClient optional
+SSLVerifyDepth 1
+SSLOptions +FakeBasicAuth +StrictRequire
+SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
+
+# Force clients from the Internet to use HTTPS
+RewriteEngine on
+RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
+RewriteCond %{HTTPS} !=on
+RewriteRule .* - [F]
+
+# Allow Network Access and/or Basic Auth
+Satisfy any
+
+# Network Access Control
+Order deny,allow
+Deny from all
+Allow 192.168.1.0/24
+
+# HTTP Basic Authentication
+AuthType basic
+AuthName "Protected Intranet Area"
+AuthUserFile conf/protected.passwd
+Require valid-user
+</Directory>
+
+</pre>
+</td>
+ </tr>
+ </table>
+ </td>
+ <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
+ </tr>
+</table>
+</ul>
+ <p>
+ <br>
+ <table summary="">
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td><table width="598" summary="">
+ <tr>
+ <td align="left"><font face="Arial,Helvetica">
+ <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
+ The Apache Interface to OpenSSL
+ </font>
+ </td>
+ <td align="right"><font face="Arial,Helvetica">
+ Copyright © 1998-2001
+ <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
+ All Rights Reserved<br>
+ </font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</div>
+</body>
+</html>
--- /dev/null
+<html>
+<head>
+<title>mod_ssl: Introduction</title>
+
+<!--
+ Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials
+ provided with the distribution.
+
+ 3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ 4. The name "mod_ssl" must not be used to endorse or promote
+ products derived from this software without prior written
+ permission.
+
+ 5. Redistributions of any form whatsoever must retain the
+ following acknowledgment:
+ "This product includes software developed by
+ Ralf S. Engelschall <rse@engelschall.com> for use in the
+ mod_ssl project (http://www.modssl.org/)."
+
+ THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
+ EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
+ HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<style type="text/css"><!--
+A:link {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:active {
+ text-decoration: none;
+ color: #6666cc;
+}
+A:visited {
+ text-decoration: none;
+ color: #6666cc;
+}
+#sf {
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H1 {
+ font-weight: bold;
+ font-size: 24pt;
+ line-height: 24pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H2 {
+ font-weight: bold;
+ font-size: 18pt;
+ line-height: 18pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H3 {
+ font-weight: bold;
+ font-size: 14pt;
+ line-height: 14pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+H4 {
+ font-weight: bold;
+ font-size: 12pt;
+ line-height: 12pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#H {
+}
+#D {
+ background-color: #f0f0f0;
+}
+#faq {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#howto {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+#term {
+ font-weight: bold;
+ font-size: 16pt;
+ line-height: 16pt;
+ font-family: arial,helvetica;
+ font-variant: normal;
+ font-style: normal;
+}
+--></style>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+function ro_imgNormal(imgName) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_n.src');
+ self.status = '';
+ }
+}
+function ro_imgOver(imgName, descript) {
+ if (document.images) {
+ document[imgName].src = eval(imgName + '_o.src');
+ self.status = descript;
+ }
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_top_n = new Image();
+ ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_top_o = new Image();
+ ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_prev_bot_n = new Image();
+ ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
+ ro_img_prev_bot_o = new Image();
+ ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_top_n = new Image();
+ ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_top_o = new Image();
+ ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+<script type="text/javascript" language="JavaScript">
+<!-- Hiding the code
+if (document.images) {
+ ro_img_next_bot_n = new Image();
+ ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
+ ro_img_next_bot_o = new Image();
+ ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
+}
+// done hiding -->
+</script>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
+<div align="center">
+<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
+<tr>
+ <td>
+ <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
+ <table width="600" cellspacing="0" cellpadding="0" summary="">
+ <tr>
+ <td>
+ <table width="600" summary="">
+ <tr>
+ <td align="left" valign="bottom">
+ <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
+ </td>
+ <td align="right">
+ <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-2.gif" alt="2" width="74" height="89">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <br>
+ <img src="ssl_template.title-intro.gif" alt="Introduction" width="456" height="60">
+ </td>
+ </tr>
+ </table>
+<div align="right">
+<table cellspacing="0" cellpadding="0" width="400" summary="">
+<tr>
+<td>
+<em>
+``The nice thing about standards is that there are so many to choose from.
+And if you really don't like all the standards you just have to wait another
+year until the one arises you are looking for.''
+</em>
+</td>
+</tr>
+<tr>
+<td align="right">
+<font size="-1">
+A. Tanenbaum, ``Introduction to Computer Networks''
+</font>
+</td>
+</tr>
+</table>
+</div>
+<p>
+<table cellspacing="0" cellpadding="0" border="0" summary="">
+<tr valign="bottom">
+<td>
+<img src="ssl_intro.gfont000.gif" alt="A" width="37" height="35" border="0" align="left">
+s an introduction this chapter is aimed at readers who are familiar
+with the Web, HTTP, and Apache, but are not security experts. It is not
+intended to be a definitive guide to the SSL protocol, nor does it discuss
+specific techniques for managing certificates in an organization, or the
+important legal issues of patents and import and export restrictions. Rather,
+it is intended to provide a common background to mod_ssl users by pulling
+together various concepts, definitions, and examples as a starting point for
+further exploration.
+<p>
+The presented content is mainly derived, with permission by the author, from
+the article <a
+href="http://www.ultranet.com/~fhirsch/Papers/wwwj/index.html"><em>Introducing SSL
+and Certificates using SSLeay</em></a> from <a
+href="http://www.ultranet.com/~fhirsch/">Frederick J. Hirsch</a>, of The Open
+Group Research Institute, which was published in <a
+href="http://www.ora.com/catalog/wjsum97/"><em>Web Security: A Matter of
+Trust</em></a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997.
+Please send any postive feedback to <a
+href="mailto:fjh@alum.mit.edu">Frederick Hirsch</a> (the original
+article author) and all negative feedback to <a
+href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (the mod_ssl
+author).
+</td>
+<td>
+
+</td>
+<td>
+<div align="right">
+<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
+<tr>
+<td bgcolor="#333399">
+<font face="Arial,Helvetica" color="#ccccff">
+<b>Table Of Contents</b>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<font face="Arial,Helvetica" size="-1">
+ <a href="#ToC1"><strong>Cryptographic Techniques</strong></a><br>
+ <a href="#ToC2"><strong>Cryptographic Algorithms</strong></a><br>
+ <a href="#ToC3"><strong>Message Digests</strong></a><br>
+ <a href="#ToC4"><strong>Digital Signatures</strong></a><br>
+ <a href="#ToC5"><strong>Certificates</strong></a><br>
+ <a href="#ToC6"><strong>Certificate Contents</strong></a><br>
+ <a href="#ToC7"><strong>Certificate Authorities</strong></a><br>
+ <a href="#ToC8"><strong>Certificate Chains</strong></a><br>
+ <a href="#ToC9"><strong>Creating a Root-Level CA</strong></a><br>
+ <a href="#ToC10"><strong>Certificate Management</strong></a><br>
+ <a href="#ToC11"><strong>Secure Sockets Layer (SSL)</strong></a><br>
+ <a href="#ToC12"><strong>Session Establishment</strong></a><br>
+ <a href="#ToC13"><strong>Key Exchange Method</strong></a><br>
+ <a href="#ToC14"><strong>Cipher for Data Transfer</strong></a><br>
+ <a href="#ToC15"><strong>Digest Function</strong></a><br>
+ <a href="#ToC16"><strong>Handshake Sequence Protocol</strong></a><br>
+ <a href="#ToC17"><strong>Data Transfer</strong></a><br>
+ <a href="#ToC18"><strong>Securing HTTP Communication</strong></a><br>
+ <a href="#ToC19"><strong>References</strong></a><br>
+</font>
+</td>
+</tr>
+</table>
+</div>
+</td>
+</tr>
+</table>
+<h2><a name="ToC1">Cryptographic Techniques</a></h2>
+Understanding SSL requires an understanding of cryptographic algorithms,
+message digest functions (aka. one-way or hash functions), and digital
+signatures. These techniques are the subject of entire books (see for instance
+[<a href="#AC96">AC96</a>]) and provide the basis for privacy, integrity, and
+authentication.
+<h3><a name="ToC2">Cryptographic Algorithms</a></h3>
+Suppose Alice wants to send a message to her bank to transfer some money.
+Alice would like the message to be private, since it will include information
+such as her account number and transfer amount. One solution is to use a
+cryptographic algorithm, a technique that would transform her message into an
+encrypted form, unreadable except by those it is intended for. Once in this
+form, the message may only be interpreted through the use of a secret key.
+Without the key the message is useless: good cryptographic algorithms make it
+so difficult for intruders to decode the original text that it isn't worth
+their effort.
+<p>
+There are two categories of cryptographic algorithms:
+conventional and public key.
+<ul>
+<li><em>Conventional cryptography</em>, also known as symmetric
+cryptography, requires the sender and receiver to share a key: a secret
+piece of information that may be used to encrypt or decrypt a message.
+If this key is secret, then nobody other than the sender or receiver may
+read the message. If Alice and the bank know a secret key, then they
+may send each other private messages. The task of privately choosing a key
+before communicating, however, can be problematic.
+<p>
+<li><em>Public key cryptography</em>, also known as asymmetric cryptography,
+solves the key exchange problem by defining an algorithm which uses two keys,
+each of which may be used to encrypt a message. If one key is used to encrypt
+a message then the other must be used to decrypt it. This makes it possible
+to receive secure messages by simply publishing one key (the public key) and
+keeping the other secret (the private key).
+<p>
+Anyone may encrypt a message using the public key, but only the owner of the
+private key will be able to read it. In this way, Alice may send private
+messages to the owner of a key-pair (the bank), by encrypting it using their
+public key. Only the bank will be able to decrypt it.
+</ul>
+<h3><a name="ToC3">Message Digests</a></h3>
+Although Alice may encrypt her message to make it private, there is still a
+concern that someone might modify her original message or substitute
+it with a different one, in order to transfer the money to themselves, for
+instance. One way of guaranteeing the integrity of Alice's message is to
+create a concise summary of her message and send this to the bank as well.
+Upon receipt of the message, the bank creates its own summary and compares it
+with the one Alice sent. If they agree then the message was received intact.
+<p>
+A summary such as this is called a <em>message digest</em>, <em>one-way
+function</em> or <em>hash function</em>. Message digests are used to create
+short, fixed-length representations of longer, variable-length messages.
+Digest algorithms are designed to produce unique digests for different
+messages. Message digests are designed to make it too difficult to determine
+the message from the digest, and also impossible to find two different
+messages which create the same digest -- thus eliminating the possibility of
+substituting one message for another while maintaining the same digest.
+<p>
+Another challenge that Alice faces is finding a way to send the digest to the
+bank securely; when this is achieved, the integrity of the associated message
+is assured. One way to to this is to include the digest in a digital
+signature.
+<h3><a name="ToC4">Digital Signatures</a></h3>
+When Alice sends a message to the bank, the bank needs to ensure that the
+message is really from her, so an intruder does not request a transaction
+involving her account. A <em>digital signature</em>, created by Alice and
+included with the message, serves this purpose.
+<p>
+Digital signatures are created by encrypting a digest of the message,
+and other information (such as a sequence number) with the sender's
+private key. Though anyone may <em>decrypt</em> the signature using the public
+key, only the signer knows the private key. This means that only they may
+have signed it. Including the digest in the signature means the signature is
+only good for that message; it also ensures the integrity of the message since
+no one can change the digest and still sign it.
+<p>
+To guard against interception and reuse of the signature by an intruder at a
+later date, the signature contains a unique sequence number. This protects
+the bank from a fraudulent claim from Alice that she did not send the message
+-- only she could have signed it (non-repudiation).
+<h2><a name="ToC5">Certificates</a></h2>
+Although Alice could have sent a private message to the bank, signed it, and
+ensured the integrity of the message, she still needs to be sure that she is
+really communicating with the bank. This means that she needs to be sure that
+the public key she is using corresponds to the bank's private key. Similarly,
+the bank also needs to verify that the message signature really corresponds to
+Alice's signature.
+<p>
+If each party has a certificate which validates the other's identity, confirms
+the public key, and is signed by a trusted agency, then they both will be
+assured that they are communicating with whom they think they are. Such a
+trusted agency is called a <em>Certificate Authority</em>, and certificates are
+used for authentication.
+<h3><a name="ToC6">Certificate Contents</a></h3>
+A certificate associates a public key with the real identity of an individual,
+server, or other entity, known as the subject. As shown in <a
+href="#table1">Table 1</a>, information about the subject includes identifying
+information (the distinguished name), and the public key. It also includes
+the identification and signature of the Certificate Authority that issued the
+certificate, and the period of time during which the certificate is valid. It
+may have additional information (or extensions) as well as administrative
+information for the Certificate Authority's use, such as a serial number.
+<p>
+<div align="center">
+<a name="table1"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 1: Certificate Information</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table summary="">
+<tr valign="top"><td><b>Subject:</b></td>
+<td>Distinguished Name, Public Key</td></tr>
+<tr valign="top"><td><b>Issuer:</b></td>
+<td>Distinguished Name, Signature</td></tr>
+<tr><td><b>Period of Validity:</b></td>
+<td>Not Before Date, Not After Date</td></tr>
+<tr><td><b>Administrative Information:</b></td>
+<td>Version, Serial Number</td></TR>
+<tr><td><b>Extended Information:</b></td>
+<td>Basic Contraints, Netscape Flags, etc.</td></TR>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+A distinguished name is used to provide an identity in a specific context --
+for instance, an individual might have a personal certificate as well as one
+for their identity as an employee. Distinguished names are defined by the
+X.509 standard [<a href="#X509">X509</A>], which defines the fields, field
+names, and abbreviations used to refer to the fields
+(see <a href="#table2">Table 2</a>).
+<p>
+<div align="center">
+<a name="table2"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 2: Distinguished Name Information</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table summary="">
+<tr valign="top"><td><b>DN Field:</b></td><td><b>Abbrev.:</b></td><td><b>Description:</b></td>
+<td><b>Example:</b></td>
+</t>
+<tr valign="top"><td>Common Name</td><td>CN</td>
+<td>Name being certified</td><td>CN=Joe Average</td></tr>
+<tr valign="top"><td>Organization or Company</td><td>O</td>
+<td>Name is associated with this<br>organization</td><td>O=Snake Oil, Ltd.</td></tr>
+<tr valign="top"><td>Organizational Unit</td><td>OU</td>
+<td>Name is associated with this <br>organization unit, such as a department</td><td>OU=Research Institute</td></tr>
+<tr valign="top"><td>City/Locality</td><td>L</td>
+<td>Name is located in this City</td><td>L=Snake City</td></tr>
+<tr valign="top"><td>State/Province</td><td>ST</td>
+<td>Name is located in this State/Province</td><td>ST=Desert</td></tr>
+<tr valign="top"><td>Country</td><td>C</td>
+<td>Name is located in this Country (ISO code)</td><td>C=XZ</td></tr>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+A Certificate Authority may define a policy specifying which distinguished
+field names are optional, and which are required. It may also place
+requirements upon the field contents, as may users of certificates. As an
+example, a Netscape browser requires that the Common Name for a certificate
+representing a server has a name which matches a wildcard pattern for the
+domain name of that server, such as <code>*.snakeoil.com</code>.
+<p>
+The binary format of a certificate is defined using the ASN.1 notation [ <a
+href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>]. This notation defines how to
+specify the contents, and encoding rules define how this information is
+translated into binary form. The binary encoding of the certificate is
+defined using Distinguished Encoding Rules (DER), which are based on the more
+general Basic Encoding Rules (BER). For those transmissions which cannot
+handle binary, the binary form may be translated into an ASCII form by using
+Base64 encoding [<a href="#MIME">MIME</a>]. This encoded version is called PEM
+encoded (the name comes from "Privacy Enhanced Mail"), when placed between
+begin and end delimiter lines as illustrated in <a href="#table3">Table 3</a>.
+<p>
+<div align="center">
+<a name="table3"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 3: Example of a PEM-encoded certificate (snakeoil.crt)</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table cellspacing="0" cellpadding="0" summary=""><tr><td>
+<div class="code"><pre>
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAlegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
+FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
+A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
+cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
+bmFrZW9pbC5kb20wHhcNOTgxMDIxMDg1ODM2WhcNOTkxMDIxMDg1ODM2WjCBpzEL
+MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
+a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl
+cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN
+AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDH9Ge/s2zcH+da+rPTx/DPRp3xGjHZ4GG6pCmvADIEtBtKBFAcZ64n+Dy7Np8b
+vKR+yy5DGQiijsH1D/j8HlGE+q4TZ8OFk7BNBFazHxFbYI4OKMiCxdKzdif1yfaa
+lWoANFlAzlSdbxeGVHoT0K+gT5w3UxwZKv2DLbCTzLZyPwIDAQABoyYwJDAPBgNV
+HRMECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQQFAAOB
+gQAZUIHAL4D09oE6Lv2k56Gp38OBDuILvwLg1v1KL8mQR+KFjghCrtpqaztZqcDt
+2q2QoyulCgSzHbEGmi0EsdkPfg6mp0penssIFePYNI+/8u9HT4LuKMJX15hxBam7
+dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==
+-----END CERTIFICATE-----</pre></div>
+</td></tr></table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<h3><a name="ToC7">Certificate Authorities</a></h3>
+By first verifying the information in a certificate request before granting
+the certificate, the Certificate Authority assures the identity of the private
+key owner of a key-pair. For instance, if Alice requests a personal
+certificate, the Certificate Authority must first make sure that Alice really
+is the person the certificate request claims.
+<h4><a name="ToC8">Certificate Chains</a></h4>
+A Certificate Authority may also issue a certificate for another Certificate
+Authority. When examining a certificate, Alice may need to examine the
+certificate of the issuer, for each parent Certificate Authority, until
+reaching one which she has confidence in. She may decide to trust only
+certificates with a limited chain of issuers, to reduce her risk of a "bad"
+certificate in the chain.
+<h4><a name="ToC9">Creating a Root-Level CA</a></h4>
+As noted earlier, each certificate requires an issuer to assert the validity
+of the identity of the certificate subject, up to the top-level Certificate
+Authority (CA). This presents a problem: Since this is who vouches for the
+certificate of the top-level authority, which has no issuer?
+In this unique case, the certificate is "self-signed", so the issuer of the
+certificate is the same as the subject. As a result, one must exercise extra
+care in trusting a self-signed certificate. The wide publication of a public
+key by the root authority reduces the risk in trusting this key -- it would be
+obvious if someone else publicized a key claiming to be the authority.
+Browsers are preconfigured to trust well-known certificate authorities.
+<p>
+A number of companies, such as <a href="http://www.thawte.com/">Thawte</a> and
+<a href="http://www.verisign.com/">VeriSign</a> have established themselves as
+Certificate Authorities. These companies provide the following services:
+<ul>
+<li>Verifying certificate requests
+<li>Processing certificate requests
+<li>Issuing and managing certificates
+</ul>
+<p>
+It is also possible to create your own Certificate Authority. Although risky
+in the Internet environment, it may be useful within an Intranet where the
+organization can easily verify the identities of individuals and servers.
+<h4><a name="ToC10">Certificate Management</a></h4>
+Establishing a Certificate Authority is a responsibility which requires a
+solid administrative, technical, and management framework.
+Certificate Authorities not only issue certificates, they also manage them --
+that is, they determine how long certificates are valid, they renew them, and
+they keep lists of certificates that have already been issued but are no
+longer valid (Certificate Revocation Lists, or CRLs).
+Say Alice is entitled to a certificate as an employee of a company. Say too,
+that the certificate needs to be revoked when Alice leaves the company. Since
+certificates are objects that get passed around, it is impossible to tell from
+the certificate alone that it has been revoked.
+When examining certificates for validity, therefore, it is necessary to
+contact the issuing Certificate Authority to check CRLs -- this is not usually
+an automated part of the process.
+<p>
+<div align="center"><B>Note:</B></div>
+If you use a Certificate Authority that is not configured into browsers by
+default, it is necessary to load the Certificate Authority certificate into
+the browser, enabling the browser to validate server certificates signed by
+that Certificate Authority. Doing so may be dangerous, since once loaded, the
+browser will accept all certificates signed by that Certificate Authority.
+<h2><a name="ToC11">Secure Sockets Layer (SSL)</a></h2>
+The Secure Sockets Layer protocol is a protocol layer which may be placed
+between a reliable connection-oriented network layer protocol (e.g. TCP/IP)
+and the application protocol layer (e.g. HTTP). SSL provides for secure
+communication between client and server by allowing mutual authentication, the
+use of digital signatures for integrity, and encryption for privacy.
+<p>
+The protocol is designed to support a range of choices for specific algorithms
+used for cryptography, digests, and signatures. This allows algorithm
+selection for specific servers to be made based on legal, export or other
+concerns, and also enables the protocol to take advantage of new algorithms.
+Choices are negotiated between client and server at the start of establishing
+a protocol session.
+<p>
+<div align="center">
+<a name="table4"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Table 4: Versions of the SSL protocol</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<table summary="">
+<tr valign="top">
+<td><b>Version:</b></td>
+<td><b>Source:</b></td>
+<td><b>Description:</b></td>
+<td><b>Browser Support:</b></td>
+</tr>
+<tr valign="top">
+<td>SSL v2.0</td>
+<td>Vendor Standard (from Netscape Corp.) [<a href="#SSL2">SSL2</a>]</td>
+<td>First SSL protocol for which implementations exists</td>
+<td>- NS Navigator 1.x/2.x<br>
+ - MS IE 3.x<br>
+ - Lynx/2.8+OpenSSL
+</td>
+</tr>
+<tr valign="top">
+<td>SSL v3.0</td>
+<td>Expired Internet Draft (from Netscape Corp.) [<a href="#SSL3">SSL3</a>]</td>
+<td>Revisions to prevent specific security attacks, add non-RSA ciphers, and support for certificate chains</td>
+<td>- NS Navigator 2.x/3.x/4.x<br>
+ - MS IE 3.x/4.x<br>
+ - Lynx/2.8+OpenSSL
+</td>
+</tr>
+<tr valign="top">
+<td>TLS v1.0</td>
+<td>Proposed Internet Standard (from IETF) [<a href="#TLS1">TLS1</a>]</td>
+<td>Revision of SSL 3.0 to update the MAC layer to HMAC, add block padding for
+ block ciphers, message order standardization and more alert messages.
+</td>
+<td>- Lynx/2.8+OpenSSL</td>
+</table>
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+There are a number of versions of the SSL protocol, as shown in <a
+href="#table4">Table 4</a>. As noted there, one of the benefits in SSL 3.0 is
+that it adds support of certificate chain loading. This feature allows a
+server to pass a server certificate along with issuer certificates to the
+browser. Chain loading also permits the browser to validate the server
+certificate, even if Certificate Authority certificates are not installed for
+the intermediate issuers, since they are included in the certificate chain.
+SSL 3.0 is the basis for the Transport Layer Security [<A
+HREF="#TLS1">TLS</A>] protocol standard, currently in development by the
+Internet Engineering Task Force (IETF).
+<h3><a name="ToC12">Session Establishment</a></h3>
+The SSL session is established by following a <I>handshake sequence</I>
+between client and server, as shown in <a href="#figure1">Figure 1</a>. This
+sequence may vary, depending on whether the server is configured to provide a
+server certificate or request a client certificate. Though cases exist where
+additional handshake steps are required for management of cipher information,
+this article summarizes one common scenario: see the SSL specification for the
+full range of possibilities.
+<p>
+<div align="center"><b>Note</b></div>
+Once an SSL session has been established it may be reused, thus avoiding the
+performance penalty of repeating the many steps needed to start a session.
+For this the server assigns each SSL session a unique session identifier which
+is cached in the server and which the client can use on forthcoming
+connections to reduce the handshake (until the session identifer expires in
+the cache of the server).
+<p>
+<div align="center">
+<a name="figure1"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Figure 1: Simplified SSL Handshake Sequence</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<img src="ssl_intro_fig1.gif" alt="" width="423" height="327">
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+The elements of the handshake sequence, as used by the client and server, are
+listed below:
+<ol>
+<li>Negotiate the Cipher Suite to be used during data transfer
+<li>Establish and share a session key between client and server
+<li>Optionally authenticate the server to the client
+<li>Optionally authenticate the client to the server
+</ol>
+<p>
+The first step, Cipher Suite Negotiation, allows the client and server to
+choose a Cipher Suite supportable by both of them. The SSL3.0 protocol
+specification defines 31 Cipher Suites. A Cipher Suite is defined by the
+following components:
+<ul>
+<li>Key Exchange Method
+<li>Cipher for Data Transfer
+<li>Message Digest for creating the Message Authentication Code (MAC)
+</ul>
+These three elements are described in the sections that follow.
+<h3><a name="ToC13">Key Exchange Method</a></h3>
+The key exchange method defines how the shared secret symmetric cryptography
+key used for application data transfer will be agreed upon by client and
+server. SSL 2.0 uses RSA key exchange only, while SSL 3.0 supports a choice of
+key exchange algorithms including the RSA key exchange when certificates are
+used, and Diffie-Hellman key exchange for exchanging keys without certificates
+and without prior communication between client and server.
+<p>
+One variable in the choice of key exchange methods is digital signatures --
+whether or not to use them, and if so, what kind of signatures to use.
+Signing with a private key provides assurance against a
+man-in-the-middle-attack during the information exchange used in generating
+the shared key [<a href="#AC96">AC96</a>, p516].
+<h3><a name="ToC14">Cipher for Data Transfer</a></h3>
+SSL uses the conventional cryptography algorithm (symmetric cryptography)
+described earlier for encrypting messages in a session. There are nine
+choices, including the choice to perform no encryption:
+<ul>
+<li>No encryption
+<li>Stream Ciphers
+ <ul>
+ <li>RC4 with 40-bit keys
+ <li>RC4 with 128-bit keys
+ </ul>
+<li>CBC Block Ciphers
+ <ul>
+ <li>RC2 with 40 bit key
+ <li>DES with 40 bit key
+ <li>DES with 56 bit key
+ <li>Triple-DES with 168 bit key
+ <li>Idea (128 bit key)
+ <li>Fortezza (96 bit key)
+ </ul>
+</ul>
+Here "CBC" refers to Cipher Block Chaining, which means that a portion of the
+previously encrypted cipher text is used in the encryption of the current
+block. "DES" refers to the Data Encryption Standard [<a href="#AC96">AC96</a>,
+ch12], which has a number of variants (including DES40 and 3DES_EDE). "Idea"
+is one of the best and cryptographically strongest available algorithms, and
+"RC2" is a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>,
+ch13].
+<h3><a name="ToC15">Digest Function</a></h3>
+The choice of digest function determines how a digest is created from a record
+unit. SSL supports the following:
+<ul>
+<li>No digest (Null choice)
+<li>MD5, a 128-bit hash
+<li>Secure Hash Algorithm (SHA-1), a 160-bit hash
+</ul>
+The message digest is used to create a Message Authentication Code (MAC) which
+is encrypted with the message to provide integrity and to prevent against
+replay attacks.
+<h3><a name="ToC16">Handshake Sequence Protocol</a></h3>
+The handshake sequence uses three protocols:
+<ul>
+<li>The <em>SSL Handshake Protocol</em>
+ for performing the client and server SSL session establishment.
+<li>The <em>SSL Change Cipher Spec Protocol</em> for actually establishing agreement
+ on the Cipher Suite for the session.
+<li>The <em>SSL Alert Protocol</em> for
+ conveying SSL error messages between client and server.
+</ul>
+These protocols, as well as application protocol data, are encapsulated in the
+<em>SSL Record Protocol</em>, as shown in <a href="#figure2">Figure 2</a>. An
+encapsulated protocol is transferred as data by the lower layer protocol,
+which does not examine the data. The encapsulated protocol has no knowledge of
+the underlying protocol.
+<p>
+<div align="center">
+<a name="figure2"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Figure 2: SSL Protocol Stack</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<img src="ssl_intro_fig2.gif" alt="" width="428" height="217">
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<p>
+The encapsulation of SSL control protocols by the record protocol means that
+if an active session is renegotiated the control protocols will be transmitted
+securely. If there were no session before, then the Null cipher suite is
+used, which means there is no encryption and messages have no integrity
+digests until the session has been established.
+<h3><a name="ToC17">Data Transfer</a></h3>
+The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>, is used to
+transfer application and SSL Control data between the client and server,
+possibly fragmenting this data into smaller units, or combining multiple
+higher level protocol data messages into single units. It may compress, attach
+digest signatures, and encrypt these units before transmitting them using the
+underlying reliable transport protocol (Note: currently all major SSL
+implementations lack support for compression).
+<p>
+<div align="center">
+<a name="figure3"></a>
+<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
+<caption align="bottom" id="sf">Figure 3: SSL Record Protocol</caption>
+<tr><td bgcolor="#cccccc">
+<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
+<tr><td valign="top" align="center" bgcolor="#ffffff">
+<img src="ssl_intro_fig3.gif" alt="" width="423" height="323">
+</td>
+</tr></table>
+</td></tr></table>
+</div>
+<h3><a name="ToC18">Securing HTTP Communication</a></h3>
+One common use of SSL is to secure Web HTTP communication between a browser
+and a webserver. This case does not preclude the use of non-secured HTTP. The
+secure version is mainly plain HTTP over SSL (named HTTPS), but with one major
+difference: it uses the URL scheme <code>https</code> rather than
+<code>http</code> and a different server port (by default 443). This mainly
+is what mod_ssl provides to you for the Apache webserver...
+<h2><a name="ToC19">References</a></h2>
+<ul>
+<p>
+<li><a name="AC96"></a>
+[AC96] Bruce Schneier, <em>Applied Cryptography</em>, 2nd Edition, Wiley,
+ 1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for
+ various other materials by Bruce Schneier.
+<p>
+<li><a name="X208"></a>
+[X208] ITU-T Recommendation X.208, <em>Specification of Abstract Syntax Notation
+ One (ASN.1)</em>, 1988. See for instance <a
+ href="ftp://ftp.neda.com/pub/itu/x.series/x208.ps">
+ ftp://ftp.neda.com/pub/itu/x.series/x208.ps</a>.
+<p>
+<li><a name="X509"></a>
+[X509] ITU-T Recommendation X.509, <em>The Directory - Authentication
+ Framework</em>, 1988. See for instance <a
+ href="ftp://ftp.bull.com/pub/OSIdirectory/ITUnov96/X.509/97x509final.doc">
+ ftp://ftp.bull.com/pub/OSIdirectory/ITUnov96/X.509/97x509final.doc</a>.
+<p>
+<li><a name="PKCS"></a>
+[PKCS] Kaliski, Burton S., Jr., <em>An Overview of the PKCS Standards</em>, An RSA
+ Laboratories Technical Note, revised November 1, 1993.
+ See <a href="http://www.rsa.com/rsalabs/pubs/PKCS/">
+ http://www.rsa.com/rsalabs/pubs/PKCS/</a>.
+<p>
+<li><a name="MIME"></a>
+[MIME] N. Freed, N. Borenstein, <em>Multipurpose Internet Mail Extensions
+ (MIME) Part One: Format of Internet Message Bodies</em>, RFC2045.
+ See for instance <a href="ftp://ftp.isi.edu/in-notes/rfc2045.txt">
+ ftp://ftp.isi.edu/in-notes/rfc2045.txt</a>.
+<p>
+<li><a name="SSL2"></a>
+[SSL2] Kipp E.B. Hickman, <em>The SSL Protocol</em>, 1995.
+ See <a href="http://www.netscape.com/eng/security/SSL_2.html">
+ http://www.netscape.com/eng/security/SSL_2.html</a>.
+<p>
+<li><a name="SSL3"></a>
+[SSL3] Alan O. Freier, Philip Karlton, Paul C. Kocher, <em>The SSL Protocol
+ Version 3.0</em>, 1996. See <a
+ href="http://www.netscape.com/eng/ssl3/draft302.txt">
+ http://www.netscape.com/eng/ssl3/draft302.txt</a>.
+<p>
+<li><a name="TLS1"></a>
+[TLS1] Tim Dierks, Christopher Allen, <em>The TLS Protocol Version 1.0</em>,
+ 1997. See <a
+ href="ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt">
+ ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt</a>.
+</ul>
+ <p>
+ <br>
+ <table summary="">
+ <tr>
+ <td>
+ <table width="600" border="0" summary="">
+ <tr>
+ <td valign="top" align="left" width="250">
+<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font>
+ </td>
+ <td valign="top" align="right" width="250">
+<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
+ </tr>
+ <tr>
+ <td><table width="598" summary="">
+ <tr>
+ <td align="left"><font face="Arial,Helvetica">
+ <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
+ The Apache Interface to OpenSSL
+ </font>
+ </td>
+ <td align="right"><font face="Arial,Helvetica">
+ Copyright © 1998-2001
+ <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
+ All Rights Reserved<br>
+ </font>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</div>
+</body>
+</html>
--- /dev/null
+<?xml version='1.0' encoding='UTF-8' ?>
+
+<!ENTITY nbsp " ">
+
+<!ENTITY % inlinetags "em | strong | code | a | br | directive | module">
+
+<!ENTITY % blocktags "p | example | note | table | ul | ol | dl | pre
+| blockquote">
+
+<!ENTITY % Block "(%blocktags;)*">
+
+<!ENTITY % Inline "(#PCDATA | %inlinetags;)*">
+
+<!ENTITY % BlockOrInline "(#PCDATA | %inlinetags; | %blocktags;)*">
+
+<!ELEMENT modulesynopsis (name , description, status , sourcefile?,
+identifier? , compatibility? , summary? , seealso* , section*,
+directivesynopsis+)>
+
+<!ELEMENT directivesynopsis (name , description? , syntax? , default?
+, contextlist? , override? , modulelist?, compatibility? , usage?, seealso*)>
+
+<!ELEMENT name (#PCDATA)>
+
+<!ELEMENT status (#PCDATA)>
+
+<!ELEMENT identifier (#PCDATA)>
+
+<!ELEMENT sourcefile (#PCDATA)>
+
+<!ELEMENT compatibility %Inline;>
+
+<!ELEMENT description %Inline;>
+
+<!ELEMENT section (section | title | %blocktags;)*>
+
+<!ELEMENT module (#PCDATA)>
+
+<!ELEMENT example (#PCDATA | title | %inlinetags; | %blocktags;)*>
+
+<!ELEMENT seealso %Inline;>
+
+<!ELEMENT a %Inline;>
+
+<!ATTLIST a href CDATA #REQUIRED >
+
+<!ATTLIST directivesynopsis type CDATA #IMPLIED
+ location CDATA #IMPLIED >
+
+<!ELEMENT syntax %Inline;>
+
+<!ELEMENT default (#PCDATA)>
+
+<!ELEMENT contextlist (context+)+>
+
+<!ELEMENT modulelist (module)+>
+
+<!ELEMENT context (#PCDATA)>
+
+<!ELEMENT override (#PCDATA)>
+
+<!ELEMENT note (#PCDATA | title | %inlinetags; | %blocktags;)*>
+<!ATTLIST note type CDATA #IMPLIED>
+
+<!ELEMENT title %Inline;>
+
+<!ELEMENT p %Inline;>
+
+<!ELEMENT ul (li+)>
+
+<!ELEMENT ol (li+)>
+
+<!ELEMENT li %BlockOrInline;>
+
+<!ELEMENT strong %Inline;>
+
+<!ELEMENT br EMPTY>
+
+<!ELEMENT table (tr)+>
+
+<!ELEMENT tr (td)+>
+
+<!ELEMENT td %BlockOrInline;>
+
+<!ATTLIST td colspan CDATA #IMPLIED
+ rowspan CDATA #IMPLIED
+ class CDATA #IMPLIED >
+<!ELEMENT directive (#PCDATA)>
+
+<!ATTLIST directive module CDATA #IMPLIED
+ type CDATA #IMPLIED >
+
+<!ELEMENT code %Inline;>
+
+<!ELEMENT dl (dd | dt)+>
+
+<!ELEMENT dt %Inline;>
+
+<!ELEMENT dd %BlockOrInline;>
+
+<!ELEMENT em %Inline;>
+
+<!ELEMENT usage %Block;>
+
+<!ELEMENT summary %Block;>
+
+<!ELEMENT blockquote %BlockOrInline;>
+
+<!ELEMENT pre %Inline;>
\ No newline at end of file
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ aaa \
+ dav\main \
+ dav\fs \
+ echo \
+ generators \
+ mappers \
+ metadata \
+ proxy \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+ifeq "$(wildcard NWGNUmakefile.mak)" "NWGNUmakefile.mak"
+include NWGNUmakefile.mak
+endif
+
+#
+# You can use this target if all that is needed is to copy files to the
+# installation area
+#
+install :: nlms FORCE
+
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME =
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION =
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME =
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE =
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM =
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM =
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS =
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/authanon.nlm \
+ $(OBJDIR)/authdbm.nlm \
+ $(OBJDIR)/digest.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\modules\*.*
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+/*------------------------------------------------------------------
+ These functions are to be called when the shared NLM starts and
+ stops. By using these functions instead of defining a main()
+ and calling ExitThread(TSR_THREAD, 0), the load time of the
+ shared NLM is faster and memory size reduced.
+
+ You may also want to override these in your own Apache module
+ to do any cleanup other than the mechanism Apache modules
+ provide.
+------------------------------------------------------------------*/
+#include <netware.h>
+//#include "stddef.h"
+#include "ws2nlm.h"
+
+int _NonAppStart
+(
+ void *NLMHandle,
+ void *errorScreen,
+ const char *cmdLine,
+ const char *loadDirPath,
+ size_t uninitializedDataLength,
+ void *NLMFileHandle,
+ int (*readRoutineP)( int conn, void *fileHandle, size_t offset,
+ size_t nbytes, size_t *bytesRead, void *buffer ),
+ size_t customDataOffset,
+ size_t customDataSize,
+ int messageCount,
+ const char **messages
+)
+{
+#pragma unused(cmdLine)
+#pragma unused(loadDirPath)
+#pragma unused(uninitializedDataLength)
+#pragma unused(NLMFileHandle)
+#pragma unused(readRoutineP)
+#pragma unused(customDataOffset)
+#pragma unused(customDataSize)
+#pragma unused(messageCount)
+#pragma unused(messages)
+
+ WSADATA wsaData;
+
+ return WSAStartup((WORD) MAKEWORD(2, 0), &wsaData);
+}
+
+void _NonAppStop( void )
+{
+ WSACleanup();
+}
+
+int _NonAppCheckUnload( void )
+{
+ return 0;
+}
--- /dev/null
+EXPORT auth_digest_module
--- /dev/null
+EXPORT cache_module
+EXPORT cache_hook_create_entity
+EXPORT cache_hook_open_entity
+EXPORT cache_hook_remove_url
+
+
--- /dev/null
+EXPORT cern_meta_module
--- /dev/null
+EXPORT dav_module
+EXPORT @dav.imp
+
--- /dev/null
+EXPORT echo_module
+
--- /dev/null
+EXPORT expires_module
--- /dev/null
+EXPORT file_cache_module
+
--- /dev/null
+EXPORT headers_module
--- /dev/null
+EXPORT info_module
--- /dev/null
+IMPORT cache_hook_create_entity
+IMPORT cache_hook_open_entity
+IMPORT cache_hook_remove_url
+EXPORT mem_cache_module
+
--- /dev/null
+EXPORT mime_magic_module
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+/*
+ * mod_tls.c - Apache SSL/TLS module for NetWare by Mike Gardiner.
+ *
+ * This module gives Apache the ability to do SSL/TLS with a minimum amount
+ * of effort. All of the SSL/TLS logic is already on NetWare versions 5 and
+ * above and is interfaced through WinSock on NetWare. As you can see in
+ * the code below SSL/TLS sockets can be created with three WinSock calls.
+ *
+ * To load, simply place the module in the modules directory under the main
+ * apache tree. Then add a "SecureListen" with two arguments. The first
+ * argument is an address and/or port. The second argument is the key pair
+ * name as created in ConsoleOne.
+ *
+ * Examples:
+ *
+ * SecureListen 443 "SSL CertificateIP"
+ * SecureListen 123.45.67.89:443 mycert
+ */
+
+#define WS_SSL
+
+#define MAX_ADDRESS 512
+#define MAX_KEY 80
+
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_log.h"
+#include "ap_listen.h"
+#include "apr_strings.h"
+
+module AP_MODULE_DECLARE_DATA nwssl_module;
+
+typedef struct NWSSLSrvConfigRec NWSSLSrvConfigRec;
+typedef struct seclisten_rec seclisten_rec;
+
+struct seclisten_rec {
+ seclisten_rec *next;
+ struct sockaddr_in local_addr; /* local IP address and port */
+ int fd;
+ int used; /* Only used during restart */
+ char key[MAX_KEY];
+ int mutual;
+ char *addr;
+ int port;
+};
+
+struct NWSSLSrvConfigRec {
+ apr_table_t *sltable;
+};
+
+static seclisten_rec* ap_seclisteners = NULL;
+
+#define get_nwssl_cfg(srv) (NWSSLSrvConfigRec *) ap_get_module_config(srv->module_config, &nwssl_module)
+
+/*
+ * Parses a host of the form <address>[:port]
+ * :port is permitted if 'port' is not NULL
+ */
+static unsigned long parse_addr(const char *w, unsigned short *ports)
+{
+ struct hostent *hep;
+ unsigned long my_addr;
+ char *p;
+
+ p = strchr(w, ':');
+ if (ports != NULL) {
+ *ports = 0;
+ if (p != NULL && strcmp(p + 1, "*") != 0)
+ *ports = atoi(p + 1);
+ }
+
+ if (p != NULL)
+ *p = '\0';
+ if (strcmp(w, "*") == 0) {
+ if (p != NULL)
+ *p = ':';
+ return htonl(INADDR_ANY);
+ }
+
+ my_addr = apr_inet_addr((char *)w);
+ if (my_addr != INADDR_NONE) {
+ if (p != NULL)
+ *p = ':';
+ return my_addr;
+ }
+
+ hep = gethostbyname(w);
+
+ if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) {
+ fprintf(stderr, "Cannot resolve host name %s --- exiting!\n", w);
+ exit(1);
+ }
+
+ if (hep->h_addr_list[1]) {
+ fprintf(stderr, "Host %s has multiple addresses ---\n", w);
+ fprintf(stderr, "you must choose one explicitly for use as\n");
+ fprintf(stderr, "a secure port. Exiting!!!\n");
+ exit(1);
+ }
+
+ if (p != NULL)
+ *p = ':';
+
+ return ((struct in_addr *) (hep->h_addr))->s_addr;
+}
+
+static int find_secure_listener(seclisten_rec *lr)
+{
+ seclisten_rec *sl;
+
+ for (sl = ap_seclisteners; sl; sl = sl->next) {
+ if (!memcmp(&sl->local_addr, &lr->local_addr, sizeof(sl->local_addr))) {
+ sl->used = 1;
+ return sl->fd;
+ }
+ }
+ return -1;
+}
+
+
+static int make_secure_socket(apr_pool_t *pconf, const struct sockaddr_in *server,
+ char* key, int mutual, server_rec *server_conf)
+{
+ int s;
+ int one = 1;
+ char addr[MAX_ADDRESS];
+ struct sslserveropts opts;
+ unsigned int optParam;
+ WSAPROTOCOL_INFO SecureProtoInfo;
+ int no = 1;
+
+ if (server->sin_addr.s_addr != htonl(INADDR_ANY))
+ apr_snprintf(addr, sizeof(addr), "address %s port %d",
+ inet_ntoa(server->sin_addr), ntohs(server->sin_port));
+ else
+ apr_snprintf(addr, sizeof(addr), "port %d", ntohs(server->sin_port));
+
+ /* note that because we're about to slack we don't use psocket */
+ memset(&SecureProtoInfo, 0, sizeof(WSAPROTOCOL_INFO));
+
+ SecureProtoInfo.iAddressFamily = AF_INET;
+ SecureProtoInfo.iSocketType = SOCK_STREAM;
+ SecureProtoInfo.iProtocol = IPPROTO_TCP;
+ SecureProtoInfo.iSecurityScheme = SECURITY_PROTOCOL_SSL;
+
+ s = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP,
+ (LPWSAPROTOCOL_INFO)&SecureProtoInfo, 0, 0);
+
+ if (s == INVALID_SOCKET) {
+ errno = WSAGetLastError();
+ ap_log_error(APLOG_MARK, APLOG_CRIT, errno, server_conf,
+ "make_secure_socket: failed to get a socket for %s", addr);
+ return -1;
+ }
+
+ if (!mutual) {
+ optParam = SO_SSL_ENABLE | SO_SSL_SERVER;
+
+ if (WSAIoctl(s, SO_SSL_SET_FLAGS, (char *)&optParam,
+ sizeof(optParam), NULL, 0, NULL, NULL, NULL)) {
+ errno = WSAGetLastError();
+ ap_log_error(APLOG_MARK, APLOG_CRIT, errno, server_conf,
+ "make_secure_socket: for %s, WSAIoctl: (SO_SSL_SET_FLAGS)", addr);
+ return -1;
+ }
+ }
+
+ opts.cert = key;
+ opts.certlen = strlen(key);
+ opts.sidtimeout = 0;
+ opts.sidentries = 0;
+ opts.siddir = NULL;
+
+ if (WSAIoctl(s, SO_SSL_SET_SERVER, (char *)&opts, sizeof(opts),
+ NULL, 0, NULL, NULL, NULL) != 0) {
+ errno = WSAGetLastError();
+ ap_log_error(APLOG_MARK, APLOG_CRIT, errno, server_conf,
+ "make_secure_socket: for %s, WSAIoctl: (SO_SSL_SET_SERVER)", addr);
+ return -1;
+ }
+
+ if (mutual) {
+ optParam = 0x07; // SO_SSL_AUTH_CLIENT
+
+ if(WSAIoctl(s, SO_SSL_SET_FLAGS, (char*)&optParam,
+ sizeof(optParam), NULL, 0, NULL, NULL, NULL)) {
+ errno = WSAGetLastError();
+ ap_log_error( APLOG_MARK, APLOG_CRIT, errno, server_conf,
+ "make_secure_socket: for %s, WSAIoctl: (SO_SSL_SET_FLAGS)", addr );
+ return -1;
+ }
+ }
+
+ return s;
+}
+
+static const char *set_secure_listener(cmd_parms *cmd, void *dummy,
+ const char *ips, const char* key,
+ const char* mutual)
+{
+ NWSSLSrvConfigRec* sc = get_nwssl_cfg(cmd->server);
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ char *ports, *addr;
+ unsigned short port;
+ seclisten_rec *new;
+
+
+ if (err != NULL)
+ return err;
+
+ ports = strchr(ips, ':');
+
+ if (ports != NULL) {
+ if (ports == ips)
+ return "Missing IP address";
+ else if (ports[1] == '\0')
+ return "Address must end in :<port-number>";
+
+ *(ports++) = '\0';
+ }
+ else {
+ ports = (char*)ips;
+ }
+
+ new = apr_pcalloc(cmd->pool, sizeof(seclisten_rec));
+ new->local_addr.sin_family = AF_INET;
+
+ if (ports == ips) {
+ new->local_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+ addr = apr_pstrdup(cmd->pool, "0.0.0.0");
+ }
+ else {
+ new->local_addr.sin_addr.s_addr = parse_addr(ips, NULL);
+ addr = apr_pstrdup(cmd->pool, ips);
+ }
+
+ port = atoi(ports);
+
+ if (!port)
+ return "Port must be numeric";
+
+ apr_table_set(sc->sltable, ports, "T");
+
+ new->local_addr.sin_port = htons(port);
+ new->fd = -1;
+ new->used = 0;
+ new->next = ap_seclisteners;
+ strcpy(new->key, key);
+ new->mutual = (mutual) ? 1 : 0;
+ new->addr = addr;
+ new->port = port;
+ ap_seclisteners = new;
+ return NULL;
+}
+
+static apr_status_t nwssl_socket_cleanup(void *data)
+{
+ ap_listen_rec* slr = (ap_listen_rec*)data;
+ ap_listen_rec* lr;
+
+ /* Remove our secure listener from the listener list */
+ for (lr = ap_listeners; lr; lr = lr->next) {
+ /* slr is at the head of the list */
+ if (lr == slr) {
+ ap_listeners = slr->next;
+ break;
+ }
+ /* slr is somewhere in between or at the end*/
+ if (lr->next == slr) {
+ lr->next = slr->next;
+ break;
+ }
+ }
+ return APR_SUCCESS;
+}
+
+static void nwssl_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
+ apr_pool_t *ptemp)
+{
+ ap_seclisteners = NULL;
+}
+
+static void nwssl_post_config(apr_pool_t *pconf, apr_pool_t *plog,
+ apr_pool_t *ptemp, server_rec *s)
+{
+ seclisten_rec* sl;
+ ap_listen_rec* lr;
+ apr_socket_t* sd;
+ apr_status_t status;
+
+ for (sl = ap_seclisteners; sl != NULL; sl = sl->next) {
+ sl->fd = find_secure_listener(sl);
+
+ if (sl->fd < 0)
+ sl->fd = make_secure_socket(pconf, &sl->local_addr, sl->key, sl->mutual, s);
+
+ if (sl->fd >= 0) {
+ apr_os_sock_info_t sock_info;
+
+ sock_info.os_sock = &(sl->fd);
+ sock_info.local = (struct sockaddr*)&(sl->local_addr);
+ sock_info.remote = NULL;
+ sock_info.family = APR_INET;
+ sock_info.type = SOCK_STREAM;
+
+ apr_os_sock_make(&sd, &sock_info, pconf);
+
+ lr = apr_pcalloc(pconf, sizeof(ap_listen_rec));
+
+ if (lr) {
+ lr->sd = sd;
+ if ((status = apr_sockaddr_info_get(&lr->bind_addr, sl->addr, APR_UNSPEC, sl->port, 0,
+ pconf)) != APR_SUCCESS) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, status, pconf,
+ "alloc_listener: failed to set up sockaddr for %s:%d", sl->addr, sl->port);
+ exit(1);
+ }
+ lr->next = ap_listeners;
+ ap_listeners = lr;
+ apr_pool_cleanup_register(pconf, lr, nwssl_socket_cleanup, apr_pool_cleanup_null);
+ }
+ } else {
+ exit(1);
+ }
+ }
+}
+
+static void *nwssl_config_server_create(apr_pool_t *p, server_rec *s)
+{
+ NWSSLSrvConfigRec *new = apr_palloc(p, sizeof(NWSSLSrvConfigRec));
+ new->sltable = apr_table_make(p, 5);
+ return new;
+}
+
+static void *nwssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
+{
+ NWSSLSrvConfigRec *base = (NWSSLSrvConfigRec *)basev;
+ NWSSLSrvConfigRec *add = (NWSSLSrvConfigRec *)addv;
+ NWSSLSrvConfigRec *merged = (NWSSLSrvConfigRec *)apr_palloc(p, sizeof(NWSSLSrvConfigRec));
+ return merged;
+}
+
+static int isSecure (const request_rec *r)
+{
+ NWSSLSrvConfigRec *sc = get_nwssl_cfg(r->server);
+ const char *s_secure = NULL;
+ char port[8];
+ int ret = 0;
+
+ itoa(((r->connection)->local_addr)->port, port, 10);
+ s_secure = apr_table_get(sc->sltable, port);
+ if (s_secure)
+ ret = 1;
+
+ return ret;
+}
+
+static int nwssl_hook_Fixup(request_rec *r)
+{
+ apr_table_t *e = r->subprocess_env;
+ if (!isSecure(r))
+ return DECLINED;
+
+ apr_table_set(e, "HTTPS", "on");
+
+ return DECLINED;
+}
+
+static const char *nwssl_hook_http_method (const request_rec *r)
+{
+ if (isSecure(r))
+ return "https";
+
+ return NULL;
+}
+
+static const command_rec nwssl_module_cmds[] =
+{
+ AP_INIT_TAKE23("SecureListen", set_secure_listener, NULL, RSRC_CONF,
+ "specify an address and/or port with a key pair name.\n"
+ "Optional third parameter of MUTUAL configures the port for mutual authentication."),
+ {NULL}
+};
+
+static void register_hooks(apr_pool_t *p)
+{
+ ap_hook_pre_config(nwssl_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_post_config(nwssl_post_config, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_fixups(nwssl_hook_Fixup, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_http_method(nwssl_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA nwssl_module =
+{
+ STANDARD20_MODULE_STUFF,
+ NULL, /* dir config creater */
+ NULL, /* dir merger --- default is to override */
+ nwssl_config_server_create, /* server config */
+ nwssl_config_server_merge, /* merge server config */
+ nwssl_module_cmds, /* command apr_table_t */
+ register_hooks
+};
+
--- /dev/null
+EXPORT proxy_module
--- /dev/null
+EXPORT rewrite_module
--- /dev/null
+EXPORT speling_module
--- /dev/null
+EXPORT status_module
+
--- /dev/null
+EXPORT unique_id_module
--- /dev/null
+EXPORT usertrack_module
--- /dev/null
+EXPORT vhost_alias_module
+
--- /dev/null
+EXPORT dav_fs_module
--- /dev/null
+Debug
+Release
+*.mak
+*.rc
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_isapi" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_isapi - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_isapi.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_isapi.mak" CFG="mod_isapi - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_isapi - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_isapi - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_isapi - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../../include" /I "../../../srclib/apr/include" /I "../../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_isapi" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_isapi.so" /base:@..\..\..\os\win32\BaseAddr.ref,mod_isapi
+# ADD LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_isapi.so" /base:@..\..\..\os\win32\BaseAddr.ref,mod_isapi
+
+!ELSEIF "$(CFG)" == "mod_isapi - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../../include" /I "../../../srclib/apr/include" /I "../../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_isapi" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_isapi.so" /base:@..\..\..\os\win32\BaseAddr.ref,mod_isapi
+# ADD LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /debug /machine:I386 /out:"Debug/mod_isapi.so" /base:@..\..\..\os\win32\BaseAddr.ref,mod_isapi
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_isapi - Win32 Release"
+# Name "mod_isapi - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_isapi.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_isapi.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_isapi - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\..\build\win32\win32ver.awk
+
+".\mod_isapi.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../../build/win32/win32ver.awk mod_isapi "isapi_module for Apache" ../../../include/ap_release.h > .\mod_isapi.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_isapi - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\..\build\win32\win32ver.awk
+
+".\mod_isapi.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../../build/win32/win32ver.awk mod_isapi "isapi_module for Apache" ../../../include/ap_release.h > .\mod_isapi.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+
+#include "apr_strings.h"
+#include "apr_portable.h"
+#include "apr_buckets.h"
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_protocol.h"
+#include "http_request.h"
+#include "http_log.h"
+#include "util_script.h"
+#include "mod_core.h"
+#include "apr_optional.h"
+#include "apr_lib.h"
+
+#ifdef WIN32
+
+/*
+ * CGI Script stuff for Win32...
+ */
+typedef enum { eFileTypeUNKNOWN, eFileTypeBIN, eFileTypeEXE16, eFileTypeEXE32,
+ eFileTypeSCRIPT } file_type_e;
+typedef enum { INTERPRETER_SOURCE_UNSET, INTERPRETER_SOURCE_REGISTRY_STRICT,
+ INTERPRETER_SOURCE_REGISTRY, INTERPRETER_SOURCE_SHEBANG
+ } interpreter_source_e;
+AP_DECLARE(file_type_e) ap_get_win32_interpreter(const request_rec *,
+ char **interpreter,
+ char **arguments);
+
+module AP_MODULE_DECLARE_DATA win32_module;
+
+typedef struct {
+ /* Where to find interpreter to run scripts */
+ interpreter_source_e script_interpreter_source;
+} win32_dir_conf;
+
+static void *create_win32_dir_config(apr_pool_t *p, char *dir)
+{
+ win32_dir_conf *conf = (win32_dir_conf*)apr_palloc(p, sizeof(win32_dir_conf));
+ conf->script_interpreter_source = INTERPRETER_SOURCE_UNSET;
+ return conf;
+}
+
+static void *merge_win32_dir_configs(apr_pool_t *p, void *basev, void *addv)
+{
+ win32_dir_conf *new = (win32_dir_conf *) apr_pcalloc(p, sizeof(win32_dir_conf));
+ win32_dir_conf *base = (win32_dir_conf *) basev;
+ win32_dir_conf *add = (win32_dir_conf *) addv;
+
+ new->script_interpreter_source = (add->script_interpreter_source
+ != INTERPRETER_SOURCE_UNSET)
+ ? add->script_interpreter_source
+ : base->script_interpreter_source;
+ return new;
+}
+
+static const char *set_interpreter_source(cmd_parms *cmd, void *dv,
+ char *arg)
+{
+ win32_dir_conf *d = (win32_dir_conf *)dv;
+ if (!strcasecmp(arg, "registry")) {
+ d->script_interpreter_source = INTERPRETER_SOURCE_REGISTRY;
+ } else if (!strcasecmp(arg, "registry-strict")) {
+ d->script_interpreter_source = INTERPRETER_SOURCE_REGISTRY_STRICT;
+ } else if (!strcasecmp(arg, "script")) {
+ d->script_interpreter_source = INTERPRETER_SOURCE_SHEBANG;
+ } else {
+ return apr_pstrcat(cmd->temp_pool, "ScriptInterpreterSource \"", arg,
+ "\" must be \"registry\", \"registry-strict\" or "
+ "\"script\"", NULL);
+ }
+ return NULL;
+}
+
+/* Pretty unexciting ... yank a registry value, and explode any envvars
+ * that the system has configured (e.g. %SystemRoot%/someapp.exe)
+ *
+ * XXX: Need Unicode versions for i18n
+ */
+static apr_status_t get_win32_registry_default_value(apr_pool_t *p, HKEY hkey,
+ char* relativepath,
+ char **value)
+{
+ HKEY hkeyOpen;
+ DWORD type;
+ DWORD size = 0;
+ DWORD result = RegOpenKeyEx(hkey, relativepath, 0,
+ KEY_QUERY_VALUE, &hkeyOpen);
+
+ if (result != ERROR_SUCCESS)
+ return APR_FROM_OS_ERROR(result);
+
+ /* Read to NULL buffer to determine value size */
+ result = RegQueryValueEx(hkeyOpen, "", 0, &type, NULL, &size);
+
+ if (result == ERROR_SUCCESS) {
+ if ((size < 2) || (type != REG_SZ && type != REG_EXPAND_SZ)) {
+ result = ERROR_INVALID_PARAMETER;
+ }
+ else {
+ *value = apr_palloc(p, size);
+ /* Read value based on size query above */
+ result = RegQueryValueEx(hkeyOpen, "", 0, &type, *value, &size);
+ }
+ }
+
+ /* TODO: This might look fine, but we need to provide some warning
+ * somewhere that some environment variables may -not- be translated,
+ * seeing as we may have chopped the environment table down somewhat.
+ */
+ if ((result == ERROR_SUCCESS) && (type == REG_EXPAND_SZ))
+ {
+ char *tmp = *value;
+ size = ExpandEnvironmentStrings(tmp, *value, 0);
+ if (size) {
+ *value = apr_palloc(p, size);
+ size = ExpandEnvironmentStrings(tmp, *value, size);
+ }
+ }
+
+ RegCloseKey(hkeyOpen);
+ return APR_FROM_OS_ERROR(result);
+}
+
+/* Somewhat more exciting ... figure out where the registry has stashed the
+ * ExecCGI or Open command - it may be nested one level deep (or more???)
+ */
+static char* get_interpreter_from_win32_registry(apr_pool_t *p,
+ const char* ext,
+ int strict)
+{
+ char execcgi_path[] = "SHELL\\EXECCGI\\COMMAND";
+ char execopen_path[] = "SHELL\\OPEN\\COMMAND";
+ char typeName[MAX_PATH];
+ int cmdOfName = FALSE;
+ HKEY hkeyName;
+ HKEY hkeyType;
+ DWORD type;
+ int size;
+ int result;
+ char *buffer;
+
+ if (!ext)
+ return NULL;
+ /*
+ * Future optimization:
+ * When the registry is successfully searched, store the strings for
+ * interpreter and arguments in an ext hash to speed up subsequent look-ups
+ */
+
+ /* Open the key associated with the script filetype extension */
+ result = RegOpenKeyEx(HKEY_CLASSES_ROOT, ext, 0, KEY_QUERY_VALUE,
+ &hkeyType);
+
+ if (result != ERROR_SUCCESS)
+ return NULL;
+
+ /* Retrieve the name of the script filetype extension */
+ size = sizeof(typeName);
+ result = RegQueryValueEx(hkeyType, "", NULL, &type, typeName, &size);
+
+ if (result == ERROR_SUCCESS && type == REG_SZ && typeName[0]) {
+ /* Open the key associated with the script filetype extension */
+ result = RegOpenKeyEx(HKEY_CLASSES_ROOT, typeName, 0,
+ KEY_QUERY_VALUE, &hkeyName);
+
+ if (result == ERROR_SUCCESS)
+ cmdOfName = TRUE;
+ }
+
+ /* Open the key for the script command path by:
+ *
+ * 1) the 'named' filetype key for ExecCGI/Command
+ * 2) the extension's type key for ExecCGI/Command
+ *
+ * and if the strict arg is false, then continue trying:
+ *
+ * 3) the 'named' filetype key for Open/Command
+ * 4) the extension's type key for Open/Command
+ */
+
+ if (cmdOfName) {
+ result = get_win32_registry_default_value(p, hkeyName,
+ execcgi_path, &buffer);
+ }
+
+ if (!cmdOfName || (result != ERROR_SUCCESS)) {
+ result = get_win32_registry_default_value(p, hkeyType,
+ execcgi_path, &buffer);
+ }
+
+ if (!strict && cmdOfName && (result != ERROR_SUCCESS)) {
+ result = get_win32_registry_default_value(p, hkeyName,
+ execopen_path, &buffer);
+ }
+
+ if (!strict && (result != ERROR_SUCCESS)) {
+ result = get_win32_registry_default_value(p, hkeyType,
+ execopen_path, &buffer);
+ }
+
+ if (cmdOfName)
+ RegCloseKey(hkeyName);
+
+ RegCloseKey(hkeyType);
+
+ if (result != ERROR_SUCCESS || !buffer[0])
+ return NULL;
+
+ return buffer;
+}
+
+
+static apr_array_header_t *split_argv(apr_pool_t *p, const char *interp, const char *cgiprg, const char *cgiargs)
+{
+ apr_array_header_t *args = apr_array_make(p, 8, sizeof(char*));
+ char *d = apr_palloc(p, strlen(interp));
+ const char *ch = interp;
+ const char **arg;
+ int prgtaken = 0;
+ int argtaken = 0;
+ int inquo;
+ int sl;
+
+ while (*ch) {
+ /* Skip on through Deep Space */
+ if (isspace(*ch)) {
+ ++ch; continue;
+ }
+ /* One Arg */
+ if (((*ch == '$') || (*ch == '%')) && (*(ch + 1) == '*')) {
+ const char *cgiarg = cgiargs;
+ argtaken = 1;
+ for (;;) {
+ char *w = ap_getword_nulls(p, &cgiarg, '+');
+ if (!*w)
+ break;
+ ap_unescape_url(w);
+ arg = (const char**)apr_array_push(args);
+ *arg = ap_escape_shell_cmd(p, w);
+ }
+ ch += 2;
+ continue;
+ }
+ if (((*ch == '$') || (*ch == '%')) && (*(ch + 1) == '1')) {
+ prgtaken = 1;
+ arg = (const char**)apr_array_push(args);
+ *arg = cgiprg;
+ ch += 2;
+ continue;
+ }
+ if ((*ch == '\"') && ((*(ch + 1) == '$')
+ || (*(ch + 1) == '%')) && (*(ch + 2) == '1')
+ && (*(ch + 3) == '\"')) {
+ prgtaken = 1;
+ arg = (const char**)apr_array_push(args);
+ *arg = cgiprg;
+ ch += 4;
+ continue;
+ }
+ arg = (const char**)apr_array_push(args);
+ *arg = d;
+ inquo = 0;
+ while (*ch) {
+ if (isspace(*ch) && !inquo) {
+ ++ch; break;
+ }
+ /* Get 'em backslashes */
+ for (sl = 0; *ch == '\\'; ++sl)
+ *d++ = *ch++;
+ if (sl & 1) {
+ /* last unmatched '\' + '"' sequence is a '"' */
+ if (*ch == '\"')
+ *(d - 1) = *ch++;
+ continue;
+ }
+ if (*ch == '\"') {
+ /* '""' sequence within quotes is a '"' */
+ if (*++ch == '\"' && inquo) {
+ *d++ = *ch++; continue;
+ }
+ /* Flip quote state */
+ inquo = !inquo;
+ if (isspace(*ch) && !inquo) {
+ ++ch; break;
+ }
+ /* All other '"'s are Munched */
+ continue;
+ }
+ /* Anything else is, well, something else */
+ *d++ = *ch++;
+ }
+ /* Term that arg, already pushed on args */
+ *d++ = '\0';
+ }
+
+ if (!prgtaken) {
+ arg = (const char**)apr_array_push(args);
+ *arg = cgiprg;
+ }
+
+ if (!argtaken) {
+ char *cgiargs = cgiarg;
+ for (;;) {
+ char *w = ap_getword_nulls(p, &cgiargs, '+');
+ if (!*w)
+ break;
+ ap_unescape_url(w);
+ arg = (const char**)apr_array_push(args);
+ *arg = ap_escape_shell_cmd(p, w);
+ }
+ }
+
+ arg = (const char**)apr_array_push(args);
+ *arg = NULL;
+
+ return args;
+}
+
+
+static apr_status_t ap_cgi_build_command(const char **cmd, const char ***argv,
+ request_rec *r, apr_pool_t *p)
+{
+ const char *ext = NULL;
+ const char *interpreter = NULL;
+ win32_dir_conf *d =
+ (win32_dir_conf *)ap_get_module_config(r->per_dir_config,
+ &win32_module);
+ apr_file_t *fh;
+ const char *args = r->args;
+
+ /* Handle the complete file name, we DON'T want to follow suexec, since
+ * an unrooted command is as predictable as shooting craps in Win32.
+ *
+ * Notice that unlike most mime extension parsing, we have to use the
+ * win32 parsing here, therefore the final extension is the only one
+ * we will consider
+ */
+ ext = strrchr(apr_filename_of_pathname(r->filename), '.');
+ if (ext)
+ ++ext;
+
+ /* If the file has an extension and it is not .com and not .exe and
+ * we've been instructed to search the registry, then do so.
+ */
+ if (ext && (!strcasecmp(ext,".exe") || !strcasecmp(ext,".com")
+ || !strcasecmp(ext,".bat") || !strcasecmp(ext,".cmd"))) {
+ interpreter = "";
+ }
+ if (!interpreter)
+ {
+ apr_status_t rv;
+ char buffer[1024];
+ apr_size_t bytes = sizeof(buffer);
+ int i;
+
+ /* Need to peek into the file figure out what it really is...
+ * ### aught to go back and build a cache for this one of these days.
+ */
+ if (((rv = apr_file_open(&fh, r->filename, APR_READ | APR_BUFFERED,
+ APR_OS_DEFAULT, r->pool)) != APR_SUCCESS)
+ || ((rv = apr_file_read(fh, buffer, &bytes)) != APR_SUCCESS)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "Failed to read cgi file %s for testing", r->filename);
+ return rv;
+ }
+ apr_file_close(fh);
+
+ /* Script or executable, that is the question... */
+ if ((buffer[0] == '#') && (buffer[1] == '!')) {
+ /* Assuming file is a script since it starts with a shebang */
+ for (i = 2; i < sizeof(buffer); i++) {
+ if ((buffer[i] == '\r') || (buffer[i] == '\n')) {
+ buffer[i] = '\0';
+ break;
+ }
+ }
+ if (i < sizeof(buffer)) {
+ interpreter = buffer + 2;
+ while (isspace(*interpreter))
+ ++interpreter;
+ }
+ }
+ else {
+ /* Not a script, is it an executable? */
+ IMAGE_DOS_HEADER *hdr = (IMAGE_DOS_HEADER*)buffer;
+ if ((bytes >= sizeof(IMAGE_DOS_HEADER)) && (hdr->e_magic == IMAGE_DOS_SIGNATURE)) {
+ if (hdr->e_lfarlc < 0x40)
+ /* Aught to invoke this 16 bit exe by a stub, (cmd /c?) */
+ interpreter = "";
+ else
+ interpreter = "";
+ }
+ }
+ }
+ if (!interpreter && ext &&
+ (d->script_interpreter_source == INTERPRETER_SOURCE_REGISTRY ||
+ d->script_interpreter_source == INTERPRETER_SOURCE_REGISTRY_STRICT)) {
+ /* Check the registry */
+ int strict = (d->script_interpreter_source
+ == INTERPRETER_SOURCE_REGISTRY_STRICT);
+ interpreter = get_interpreter_from_win32_registry(r->pool, ext, strict);
+ if (!interpreter) {
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, r->server,
+ strict ? "No ExecCGI verb found for files of type '%s'."
+ : "No ExecCGI or Open verb found for files of type '%s'.",
+ ext);
+ }
+ }
+ if (!interpreter) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
+ "%s is not executable; ensure interpreted scripts have "
+ "\"#!\" first line",
+ r->filename);
+ return APR_EBADF;
+ }
+
+ if (!args || ap_strchr_c(args, '='))
+ args = "";
+
+ *argv = (const char **)(split_argv(p, interpreter, r->filename, args)->elts);
+ *cmd = (*argv)[0];
+ return APR_SUCCESS;
+}
+
+APR_DECLARE_OPTIONAL_FN(apr_status_t, ap_cgi_build_command, (const char **cmd,
+ const char ***argv, request_rec *r, apr_pool_t *p));
+
+static void register_hooks(apr_pool_t *p)
+{
+ APR_REGISTER_OPTIONAL_FN(ap_cgi_build_command);
+}
+
+static const command_rec win32_cmds[] = {
+AP_INIT_TAKE1("ScriptInterpreterSource", set_interpreter_source, NULL,
+ OR_FILEINFO,
+ "Where to find interpreter to run Win32 scripts (Registry or script shebang line)"),
+{ NULL }
+};
+
+module AP_MODULE_DECLARE_DATA win32_module = {
+ STANDARD20_MODULE_STUFF,
+ create_win32_dir_config, /* create per-dir config */
+ merge_win32_dir_configs, /* merge per-dir config */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ win32_cmds, /* command apr_table_t */
+ register_hooks /* register hooks */
+};
+
+#endif
\ No newline at end of file
--- /dev/null
+file_cache_module
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/include/arch/NetWare \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/include \
+ $(AP_WORK)/os/NetWare \
+ $(AP_WORK)/server/mpm/NetWare \
+ $(AP_WORK)/srclib/pcre \
+ $(AP_WORK)/modules/dav/main \
+ $(NWOS) \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ XDCData $(NWOS)\apache.xdc \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = modDAVFS
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Apache DAV_FS module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = modDAVFS Thread
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 65536
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If this is specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# Declare all target files (you must add your files here)
+#
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/moddavfs.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_dav_fs.o \
+ $(OBJDIR)/dbm.o \
+ $(OBJDIR)/lock.o \
+ $(OBJDIR)/repos.o \
+ $(OBJDIR)/libprews.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ Apache2 \
+ Libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @libc.imp \
+ @$(APR)/aprlib.imp \
+ @httpd.imp \
+ @ws2nlm.imp \
+ @../main/dav.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ dav_fs_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\moddavfs.nlm $(INSTALL)\Apache2\modules
+#
+# Any specialized rules here
+#
+
+$(OBJDIR)/%.o: ../../arch/netware/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
+
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/include/arch/NetWare \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/include \
+ $(AP_WORK)/os/NetWare \
+ $(AP_WORK)/server/mpm/NetWare \
+ $(AP_WORK)/srclib/pcre \
+ $(NWOS) \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = mod_DAV
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Apache DAV module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = mod_DAV
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 65536
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If this is specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# Declare all target files (you must add your files here)
+#
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/mod_dav.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_dav.o \
+ $(OBJDIR)/props.o \
+ $(OBJDIR)/util.o \
+ $(OBJDIR)/util_lock.o \
+ $(OBJDIR)/liveprop.o \
+ $(OBJDIR)/providers.o \
+ $(OBJDIR)/std_liveprop.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ Apache2 \
+ Libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @libc.imp \
+ @$(APR)/aprlib.imp \
+ @httpd.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ dav_module \
+ @dav.imp \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\mod_dav.nlm $(INSTALL)\Apache2\modules\*.*
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
+
--- /dev/null
+(mod_dav)
+dav_hook_gather_propsets,
+dav_hook_find_liveprop,
+dav_hook_insert_all_liveprops,
+dav_new_error,
+dav_set_bufsize,
+dav_xmlns_add,
+dav_check_bufsize,
+dav_push_error,
+dav_buffer_init,
+dav_buffer_place,
+dav_buffer_append,
+dav_add_response,
+dav_buffer_place_mem,
+dav_lock_query,
+dav_get_liveprop_info,
+dav_do_find_liveprop,
+dav_register_liveprop_group,
+dav_register_provider
\ No newline at end of file
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = echo
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Echo Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Echo Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/echo.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_echo.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ echo_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\modules\*.*
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
+
--- /dev/null
+IMPORT util_ldap_connection_find
+IMPORT util_ldap_connection_close
+IMPORT util_ldap_cache_checkuserid
+IMPORT util_ldap_cache_compare
+IMPORT util_ldap_cache_comparedn
+EXPORT auth_ldap_module
--- /dev/null
+charset_lite_module
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_disk_cache" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_disk_cache - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_disk_cache.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_disk_cache.mak" CFG="mod_disk_cache - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_disk_cache - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_disk_cache - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_disk_cache - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "MOD_DISK_CACHE_EXPORTS" /YX /FD /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "../../srclib/apr-util/include" /I "../../srclib/apr/include" /I "../../include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "MOD_DISK_CACHE_EXPORTS" /YX /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
+
+!ELSEIF "$(CFG)" == "mod_disk_cache - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "MOD_DISK_CACHE_EXPORTS" /YX /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "../../srclib/apr-util/include" /I "../../srclib/apr/include" /I "../../include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "MOD_DISK_CACHE_EXPORTS" /YX /FD /GZ /c
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_disk_cache - Win32 Release"
+# Name "mod_disk_cache - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=.\mod_disk_cache.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=.\mod_cache.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_mem_cache" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_mem_cache - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_mem_cache.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_mem_cache.mak" CFG="mod_mem_cache - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_mem_cache - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_mem_cache - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_mem_cache - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "mod_mem_cache_EXPORTS" /YX /FD /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "../../srclib/apr-util/include" /I "../../srclib/apr/include" /I "../../include" /I "../../os/win32" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 /out:"Release/mod_mem_cache.so"
+
+!ELSEIF "$(CFG)" == "mod_mem_cache - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "mod_mem_cache_EXPORTS" /YX /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "../../srclib/apr-util/include" /I "../../srclib/apr/include" /I "../../include" /I "../../os/win32" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /GZ /c
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /out:"Debug/mod_mem_cache.so" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_mem_cache - Win32 Release"
+# Name "mod_mem_cache - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=.\mod_mem_cache.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=.\mod_cache.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
--- /dev/null
+EXPORT ldap_module
+EXPORT util_ldap_connection_find
+EXPORT util_ldap_connection_close
+EXPORT util_ldap_cache_checkuserid
+EXPORT util_ldap_cache_compare
+EXPORT util_ldap_cache_comparedn
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_include" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_include - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_include.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_include.mak" CFG="mod_include - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_include - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_include - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_include - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_include" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_include.so" /base:@..\..\os\win32\BaseAddr.ref,mod_include
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_include.so" /base:@..\..\os\win32\BaseAddr.ref,mod_include
+
+!ELSEIF "$(CFG)" == "mod_include - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_include" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_include.so" /base:@..\..\os\win32\BaseAddr.ref,mod_include
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_include.so" /base:@..\..\os\win32\BaseAddr.ref,mod_include
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_include - Win32 Release"
+# Name "mod_include - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_include.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_include.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_include.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_include - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_include.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_include "include_module for Apache" ../../include/ap_release.h > .\mod_include.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_include - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_include.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_include "include_module for Apache" ../../include/ap_release.h > .\mod_include.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = info
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Info Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Info Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/info.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_info.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ info_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME =
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION =
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME =
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE =
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM =
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM =
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS =
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/info.nlm \
+ $(OBJDIR)/status.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\modules\*.*
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = status
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Status Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Status Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/status.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_status.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ status_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_asis" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_asis - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_asis.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_asis.mak" CFG="mod_asis - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_asis - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_asis - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_asis - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_asis" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_asis.so" /base:@..\..\os\win32\BaseAddr.ref,mod_asis
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_asis.so" /base:@..\..\os\win32\BaseAddr.ref,mod_asis
+
+!ELSEIF "$(CFG)" == "mod_asis - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_asis" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_asis.so" /base:@..\..\os\win32\BaseAddr.ref,mod_asis
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_asis.so" /base:@..\..\os\win32\BaseAddr.ref,mod_asis
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_asis - Win32 Release"
+# Name "mod_asis - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_asis.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_asis.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_asis - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_asis.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_asis "asis_module for Apache" ../../include/ap_release.h > .\mod_asis.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_asis - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_asis.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_asis "asis_module for Apache" ../../include/ap_release.h > .\mod_asis.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_autoindex" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_autoindex - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_autoindex.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_autoindex.mak" CFG="mod_autoindex - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_autoindex - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_autoindex - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_autoindex - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_autoindex" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_autoindex.so" /base:@..\..\os\win32\BaseAddr.ref,mod_autoindex
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_autoindex.so" /base:@..\..\os\win32\BaseAddr.ref,mod_autoindex
+
+!ELSEIF "$(CFG)" == "mod_autoindex - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_autoindex" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_autoindex.so" /base:@..\..\os\win32\BaseAddr.ref,mod_autoindex
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_autoindex.so" /base:@..\..\os\win32\BaseAddr.ref,mod_autoindex
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_autoindex - Win32 Release"
+# Name "mod_autoindex - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_autoindex.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_autoindex.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_autoindex - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_autoindex.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_autoindex "autoindex_module for Apache" ../../include/ap_release.h > .\mod_autoindex.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_autoindex - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_autoindex.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_autoindex "autoindex_module for Apache" ../../include/ap_release.h > .\mod_autoindex.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_cgi" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_cgi - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_cgi.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_cgi.mak" CFG="mod_cgi - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_cgi - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_cgi - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_cgi - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_cgi" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_cgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_cgi
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_cgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_cgi
+
+!ELSEIF "$(CFG)" == "mod_cgi - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_cgi" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_cgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_cgi
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_cgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_cgi
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_cgi - Win32 Release"
+# Name "mod_cgi - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_cgi.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_cgi.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_cgi.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_cgi - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_cgi.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_cgi "cgi_module for Apache" ../../include/ap_release.h > .\mod_cgi.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_cgi - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_cgi.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_cgi "cgi_module for Apache" ../../include/ap_release.h > .\mod_cgi.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+cgid_module
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_mime" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_mime - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_mime.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_mime.mak" CFG="mod_mime - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_mime - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_mime - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_mime - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_mime" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_mime.so" /base:@..\..\os\win32\BaseAddr.ref,mod_mime
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_mime.so" /base:@..\..\os\win32\BaseAddr.ref,mod_mime
+
+!ELSEIF "$(CFG)" == "mod_mime - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_mime" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_mime.so" /base:@..\..\os\win32\BaseAddr.ref,mod_mime
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_mime.so" /base:@..\..\os\win32\BaseAddr.ref,mod_mime
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_mime - Win32 Release"
+# Name "mod_mime - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_mime.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_mime.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_mime - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_mime.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_mime "mime_module for Apache" ../../include/ap_release.h > .\mod_mime.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_mime - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_mime.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_mime "mime_module for Apache" ../../include/ap_release.h > .\mod_mime.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_log_config" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_log_config - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_log_config.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_log_config.mak" CFG="mod_log_config - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_log_config - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_log_config - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_log_config - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_log_config" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_log_config.so" /base:@..\..\os\win32\BaseAddr.ref,mod_log_config
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_log_config.so" /base:@..\..\os\win32\BaseAddr.ref,mod_log_config
+
+!ELSEIF "$(CFG)" == "mod_log_config - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_log_config" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_log_config.so" /base:@..\..\os\win32\BaseAddr.ref,mod_log_config
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_log_config.so" /base:@..\..\os\win32\BaseAddr.ref,mod_log_config
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_log_config - Win32 Release"
+# Name "mod_log_config - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_log_config.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_log_config.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_log_config - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_log_config.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_log_config "log_config_module for Apache" ../../include/ap_release.h > .\mod_log_config.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_log_config - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_log_config.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_log_config "log_config_module for Apache" ../../include/ap_release.h > .\mod_log_config.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME =
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION =
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME =
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE =
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM =
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM =
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS =
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/rewrite.nlm \
+ $(OBJDIR)/speling.nlm \
+ $(OBJDIR)/vhost.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\modules\*.*
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = rewrite
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Rewrite Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Rewrite Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/rewrite.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_rewrite.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ rewrite_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = speling
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Speling Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Speling Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/speling.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_speling.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ speling_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = vhost
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Vhost Alias Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Vhost Alias Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/vhost.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_vhost_alias.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ vhost_alias_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_actions" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_actions - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_actions.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_actions.mak" CFG="mod_actions - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_actions - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_actions - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_actions - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_actions" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_actions.so" /base:@..\..\os\win32\BaseAddr.ref,mod_actions
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_actions.so" /base:@..\..\os\win32\BaseAddr.ref,mod_actions
+
+!ELSEIF "$(CFG)" == "mod_actions - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_actions" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_actions.so" /base:@..\..\os\win32\BaseAddr.ref,mod_actions
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_actions.so" /base:@..\..\os\win32\BaseAddr.ref,mod_actions
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_actions - Win32 Release"
+# Name "mod_actions - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_actions.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_actions.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_actions - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_actions.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_actions "actions_module for Apache" ../../include/ap_release.h > .\mod_actions.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_actions - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_actions.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_actions "actions_module for Apache" ../../include/ap_release.h > .\mod_actions.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_alias" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_alias - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_alias.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_alias.mak" CFG="mod_alias - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_alias - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_alias - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_alias - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_alias" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_alias.so" /base:@..\..\os\win32\BaseAddr.ref,mod_alias
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_alias.so" /base:@..\..\os\win32\BaseAddr.ref,mod_alias
+
+!ELSEIF "$(CFG)" == "mod_alias - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_alias" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_alias.so" /base:@..\..\os\win32\BaseAddr.ref,mod_alias
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_alias.so" /base:@..\..\os\win32\BaseAddr.ref,mod_alias
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_alias - Win32 Release"
+# Name "mod_alias - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_alias.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_alias.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_alias - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_alias.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_alias "alias_module for Apache" ../../include/ap_release.h > .\mod_alias.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_alias - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_alias.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_alias "alias_module for Apache" ../../include/ap_release.h > .\mod_alias.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_dir" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_dir - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_dir.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_dir.mak" CFG="mod_dir - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_dir - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_dir - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_dir - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_dir" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_dir.so" /base:@..\..\os\win32\BaseAddr.ref,mod_dir
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_dir.so" /base:@..\..\os\win32\BaseAddr.ref,mod_dir
+
+!ELSEIF "$(CFG)" == "mod_dir - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_dir" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_dir.so" /base:@..\..\os\win32\BaseAddr.ref,mod_dir
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_dir.so" /base:@..\..\os\win32\BaseAddr.ref,mod_dir
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_dir - Win32 Release"
+# Name "mod_dir - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_dir.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_dir.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_dir - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_dir.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_dir "dir_module for Apache" ../../include/ap_release.h > .\mod_dir.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_dir - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_dir.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_dir "dir_module for Apache" ../../include/ap_release.h > .\mod_dir.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_imap" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_imap - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_imap.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_imap.mak" CFG="mod_imap - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_imap - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_imap - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_imap - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_imap" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_imap.so" /base:@..\..\os\win32\BaseAddr.ref,mod_imap
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_imap.so" /base:@..\..\os\win32\BaseAddr.ref,mod_imap
+
+!ELSEIF "$(CFG)" == "mod_imap - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_imap" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_imap.so" /base:@..\..\os\win32\BaseAddr.ref,mod_imap
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_imap.so" /base:@..\..\os\win32\BaseAddr.ref,mod_imap
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_imap - Win32 Release"
+# Name "mod_imap - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_imap.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_imap.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_imap - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_imap.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_imap "imap_module for Apache" ../../include/ap_release.h > .\mod_imap.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_imap - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_imap.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_imap "imap_module for Apache" ../../include/ap_release.h > .\mod_imap.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_negotiation" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_negotiation - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_negotiation.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_negotiation.mak" CFG="mod_negotiation - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_negotiation - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_negotiation - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_negotiation - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_negotiation" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_negotiation.so" /base:@..\..\os\win32\BaseAddr.ref,mod_negotiation
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_negotiation.so" /base:@..\..\os\win32\BaseAddr.ref,mod_negotiation
+
+!ELSEIF "$(CFG)" == "mod_negotiation - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_negotiation" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_negotiation.so" /base:@..\..\os\win32\BaseAddr.ref,mod_negotiation
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_negotiation.so" /base:@..\..\os\win32\BaseAddr.ref,mod_negotiation
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_negotiation - Win32 Release"
+# Name "mod_negotiation - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_negotiation.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_negotiation.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_negotiation - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_negotiation.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_negotiation "negotiation_module for Apache" ../../include/ap_release.h > .\mod_negotiation.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_negotiation - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_negotiation.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_negotiation "negotiation_module for Apache" ../../include/ap_release.h > .\mod_negotiation.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_userdir" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_userdir - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_userdir.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_userdir.mak" CFG="mod_userdir - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_userdir - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_userdir - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_userdir - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_userdir" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_userdir.so" /base:@..\..\os\win32\BaseAddr.ref,mod_userdir
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_userdir.so" /base:@..\..\os\win32\BaseAddr.ref,mod_userdir
+
+!ELSEIF "$(CFG)" == "mod_userdir - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_userdir" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_userdir.so" /base:@..\..\os\win32\BaseAddr.ref,mod_userdir
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_userdir.so" /base:@..\..\os\win32\BaseAddr.ref,mod_userdir
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_userdir - Win32 Release"
+# Name "mod_userdir - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_userdir.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_userdir.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_userdir - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_userdir.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_userdir "userdir_module for Apache" ../../include/ap_release.h > .\mod_userdir.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_userdir - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_userdir.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_userdir "userdir_module for Apache" ../../include/ap_release.h > .\mod_userdir.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+vhost_alias_module
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = cernmeta
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = CERN Meta Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = CERN Meta Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/cernmeta.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_cern_meta.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ cern_meta_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = expires
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Expires Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Expires Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/expires.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_expires.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ expires_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = headers
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Headers Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Headers Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/headers.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_headers.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ headers_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME =
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION =
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME =
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE =
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM =
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM =
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS =
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/cernmeta.nlm \
+ $(OBJDIR)/expires.nlm \
+ $(OBJDIR)/headers.nlm \
+ $(OBJDIR)/mimemagi.nlm \
+ $(OBJDIR)/uniqueid.nlm \
+ $(OBJDIR)/usertrk.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\modules\*.*
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = mimemagi
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = CERN Meta Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = CERN Meta Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/mimemagi.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_mime_magic.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ mime_magic_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = uniqueid
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Unique ID Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Unique ID Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/uniqueid.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_unique_id.o \
+ $(OBJDIR)/libprews.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ @ws2nlm.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ unique_id_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+$(OBJDIR)/%.o: ../arch/netware/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = usertrk
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = User Track Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = User Track Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/usertrk.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_usertrack.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ usertrack_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_env" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_env - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_env.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_env.mak" CFG="mod_env - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_env - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_env - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_env - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_env" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_env.so" /base:@..\..\os\win32\BaseAddr.ref,mod_env
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_env.so" /base:@..\..\os\win32\BaseAddr.ref,mod_env
+
+!ELSEIF "$(CFG)" == "mod_env - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_env" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_env.so" /base:@..\..\os\win32\BaseAddr.ref,mod_env
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_env.so" /base:@..\..\os\win32\BaseAddr.ref,mod_env
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_env - Win32 Release"
+# Name "mod_env - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_env.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_env.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_env - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_env.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_env "env_module for Apache" ../../include/ap_release.h > .\mod_env.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_env - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_env.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_env "env_module for Apache" ../../include/ap_release.h > .\mod_env.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_setenvif" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_setenvif - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_setenvif.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_setenvif.mak" CFG="mod_setenvif - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_setenvif - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_setenvif - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_setenvif - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_setenvif" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_setenvif.so" /base:@..\..\os\win32\BaseAddr.ref,mod_setenvif
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_setenvif.so" /base:@..\..\os\win32\BaseAddr.ref,mod_setenvif
+
+!ELSEIF "$(CFG)" == "mod_setenvif - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_setenvif" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_setenvif.so" /base:@..\..\os\win32\BaseAddr.ref,mod_setenvif
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_setenvif.so" /base:@..\..\os\win32\BaseAddr.ref,mod_setenvif
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_setenvif - Win32 Release"
+# Name "mod_setenvif - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_setenvif.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_setenvif.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_setenvif - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_setenvif.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_setenvif "setenvif_module for Apache" ../../include/ap_release.h > .\mod_setenvif.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_setenvif - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_setenvif.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_setenvif "setenvif_module for Apache" ../../include/ap_release.h > .\mod_setenvif.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+#
+# Make sure all needed macro's are defined
+#
+
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(AP_WORK)/modules/http \
+ $(AP_WORK)/modules/arch/netware \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ -prefix pre_nw.h \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = proxy
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Proxy Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Proxy Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/proxy.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_proxy.o \
+ $(OBJDIR)/proxy_connect.o \
+ $(OBJDIR)/proxy_ftp.o \
+ $(OBJDIR)/proxy_http.o \
+ $(OBJDIR)/proxy_util.o \
+ $(OBJDIR)/libprews.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ @ws2nlm.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ proxy_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\modules\*.*
+
+#
+# Any specialized rules here
+#
+
+$(OBJDIR)/%.o: ../arch/netware/%.c $(OBJDIR)\cc.opt
+ @echo compiling $<
+ $(CC) $< -o=$(OBJDIR)\$(@F) @$(OBJDIR)\cc.opt
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_proxy_connect" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_proxy_connect - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_proxy_connect.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_proxy_connect.mak" CFG="mod_proxy_connect - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_proxy_connect - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_proxy_connect - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_proxy_connect - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_proxy_connect" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x809 /d "NDEBUG"
+# ADD RSC /l 0x809 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_proxy_connect.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_connect
+# ADD LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_proxy_connect.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_connect
+
+!ELSEIF "$(CFG)" == "mod_proxy_connect - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_proxy_connect" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x809 /d "_DEBUG"
+# ADD RSC /l 0x809 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_proxy_connect.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_connect
+# ADD LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_proxy_connect.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_connect
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_proxy_connect - Win32 Release"
+# Name "mod_proxy_connect - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\proxy_connect.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter ".h"
+# Begin Source File
+
+SOURCE=.\mod_proxy.h
+# End Source File
+# End Group
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_proxy_connect - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_proxy_connect.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_proxy_connect "proxy_connect_module for Apache" ../../include/ap_release.h > .\mod_proxy_connect.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_proxy_connect - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_proxy_connect.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_proxy_connect "proxy_connect_module for Apache" ../../include/ap_release.h > .\mod_proxy_connect.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_proxy_ftp" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_proxy_ftp - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_proxy_ftp.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_proxy_ftp.mak" CFG="mod_proxy_ftp - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_proxy_ftp - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_proxy_ftp - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_proxy_ftp - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_proxy_ftp" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x809 /d "NDEBUG"
+# ADD RSC /l 0x809 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_proxy_ftp.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_ftp
+# ADD LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_proxy_ftp.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_ftp
+
+!ELSEIF "$(CFG)" == "mod_proxy_ftp - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_proxy_ftp" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x809 /d "_DEBUG"
+# ADD RSC /l 0x809 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_proxy_ftp.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_ftp
+# ADD LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_proxy_ftp.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_ftp
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_proxy_ftp - Win32 Release"
+# Name "mod_proxy_ftp - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\proxy_ftp.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter ".h"
+# Begin Source File
+
+SOURCE=.\mod_proxy.h
+# End Source File
+# End Group
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_proxy_ftp - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_proxy_ftp.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_proxy_ftp "proxy_ftp_module for Apache" ../../include/ap_release.h > .\mod_proxy_ftp.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_proxy_ftp - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_proxy_ftp.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_proxy_ftp "proxy_ftp_module for Apache" ../../include/ap_release.h > .\mod_proxy_ftp.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_proxy_http" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_proxy_http - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_proxy_http.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_proxy_http.mak" CFG="mod_proxy_http - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_proxy_http - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_proxy_http - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_proxy_http - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_proxy_http" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x809 /d "NDEBUG"
+# ADD RSC /l 0x809 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_proxy_http.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_http
+# ADD LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_proxy_http.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_http
+
+!ELSEIF "$(CFG)" == "mod_proxy_http - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_proxy_http" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x809 /d "_DEBUG"
+# ADD RSC /l 0x809 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_proxy_http.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_http
+# ADD LINK32 kernel32.lib ws2_32.lib mswsock.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_proxy_http.so" /base:@..\..\os\win32\BaseAddr.ref,mod_proxy_http
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_proxy_http - Win32 Release"
+# Name "mod_proxy_http - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\proxy_http.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter ".h"
+# Begin Source File
+
+SOURCE=.\mod_proxy.h
+# End Source File
+# End Group
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_proxy_http - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_proxy_http.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_proxy_http "proxy_http_module for Apache" ../../include/ap_release.h > .\mod_proxy_http.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_proxy_http - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_proxy_http.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_proxy_http "proxy_http_module for Apache" ../../include/ap_release.h > .\mod_proxy_http.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * (zlib functions gz_open and gzwrite)
+ */
+
+/*
+ * mod_bucketeer.c: split buckets whenever we find a control-char
+ *
+ * Written by Ian Holsman (IanH@apache.org)
+ *
+ */
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_log.h"
+#include "apr_strings.h"
+#include "apr_general.h"
+#include "util_filter.h"
+#include "apr_buckets.h"
+#include "http_request.h"
+
+
+static const char bucketeerFilterName[] = "BUCKETEER";
+module AP_MODULE_DECLARE_DATA bucketeer_module;
+
+typedef struct bucketeer_filter_config_t
+{
+ char bucketdelimter;
+ char flushdelimiter;
+
+} bucketeer_filter_config_t;
+
+
+static void *create_bucketeer_server_config(apr_pool_t *p, server_rec *s)
+{
+ bucketeer_filter_config_t *c = apr_pcalloc(p, sizeof *c);
+
+ c->bucketdelimter = 0x02; /* ^B */
+ c->flushdelimiter = 0x06; /* ^F */
+
+ return c;
+}
+
+
+typedef struct bucketeer_ctx_t
+{
+ apr_bucket_brigade *bb;
+} bucketeer_ctx_t;
+
+static apr_status_t bucketeer_out_filter(ap_filter_t *f,
+ apr_bucket_brigade *bb)
+{
+ apr_bucket *e;
+ request_rec *r = f->r;
+ bucketeer_ctx_t *ctx = f->ctx;
+
+ bucketeer_filter_config_t *c = ap_get_module_config(r->server->module_config,
+ &bucketeer_module);
+
+ /* If we don't have a context, we need to ensure that it is okay to send
+ * the deflated content. If we have a context, that means we've done
+ * this before and we liked it.
+ * This could be not so nice if we always fail. But, if we succeed,
+ * we're in better shape.
+ */
+ if (!ctx) {
+ if (strncmp(r->content_type, "text/", 5)) {
+ ap_remove_output_filter(f);
+ return ap_pass_brigade(f->next, bb);
+ }
+
+ /* We're cool with filtering this. */
+ ctx = f->ctx = apr_pcalloc(f->r->pool, sizeof(*ctx));
+ ctx->bb = apr_brigade_create(f->r->pool);
+ }
+
+ APR_BRIGADE_FOREACH(e, bb) {
+ const char *data;
+ apr_size_t len;
+
+ int done = 0;
+ apr_size_t i;
+ apr_size_t lastpos;
+
+ if (APR_BUCKET_IS_EOS(e)) {
+
+ APR_BUCKET_REMOVE(e);
+ APR_BRIGADE_INSERT_TAIL(ctx->bb, e);
+
+ /* Okay, we've seen the EOS.
+ * Time to pass it along down the chain.
+ */
+ return ap_pass_brigade(f->next, ctx->bb);
+ }
+
+ if (APR_BUCKET_IS_FLUSH(e)) {
+ /*
+ * Ignore flush buckets for the moment..
+ * we decide what to stream
+ */
+ continue;
+ }
+
+ /* read */
+ apr_bucket_read(e, &data, &len, APR_BLOCK_READ);
+ if (len>0) {
+ lastpos=0;
+ for (i=0; i<len;i++) {
+ if ( data[i] == c->flushdelimiter ) {
+ apr_bucket *p;
+ if ( i-lastpos>0) {
+ p = apr_bucket_pool_create(apr_pmemdup( f->r->pool,
+ &data[lastpos],
+ i-lastpos),
+ i-lastpos,
+ f->r->pool);
+ APR_BRIGADE_INSERT_TAIL(ctx->bb,p);
+ }
+ lastpos=i+1;
+
+ p = apr_bucket_flush_create();
+ APR_BRIGADE_INSERT_TAIL(ctx->bb,p);
+
+ }
+ else {
+ if (data[i] == c->bucketdelimter) {
+ apr_bucket *p;
+ if ( i-lastpos>0) {
+ p = apr_bucket_pool_create(apr_pmemdup( f->r->pool,
+ &data[lastpos],
+ i-lastpos),
+ i-lastpos,
+ f->r->pool);
+
+ APR_BRIGADE_INSERT_TAIL(ctx->bb,p);
+ }
+ lastpos=i+1;
+ }
+ }
+ }
+ /* XXX: really should append this to the next 'real' bucket */
+ if ( lastpos < i ) {
+ apr_bucket *p;
+ p = apr_bucket_pool_create(apr_pmemdup( f->r->pool,&data[lastpos],i-lastpos),i-lastpos,f->r->pool);
+ lastpos=i;
+ APR_BRIGADE_INSERT_TAIL(ctx->bb,p);
+ }
+ }
+ }
+
+ return APR_SUCCESS;
+}
+
+static void register_hooks(apr_pool_t * p)
+{
+ ap_register_output_filter(bucketeerFilterName, bucketeer_out_filter,
+ AP_FTYPE_CONTENT-1);
+}
+
+static const command_rec bucketeer_filter_cmds[] = {
+ {NULL}
+};
+
+module AP_MODULE_DECLARE_DATA bucketeer_module = {
+ STANDARD20_MODULE_STUFF,
+ NULL,
+ NULL,
+ create_bucketeer_server_config,
+ NULL,
+ bucketeer_filter_cmds,
+ register_hooks
+};
--- /dev/null
+#MODULE APRLIB.NLM
+MODULE LIBC.NLM
+MODULE WS2_32.NLM
+FLAG_ON 3
--- /dev/null
+/* modules.c --- major modules compiled into Apache for NetWare.
+ * Only insert an entry for a module if it must be compiled into
+ * the core server
+ */
+
+#define CORE_PRIVATE
+#include "httpd.h"
+#include "http_config.h"
+
+extern module core_module;
+extern module mpm_netware_module;
+extern module http_module;
+extern module so_module;
+extern module mime_module;
+extern module access_module;
+extern module auth_module;
+extern module negotiation_module;
+extern module include_module;
+extern module autoindex_module;
+extern module dir_module;
+extern module cgi_module;
+extern module userdir_module;
+extern module alias_module;
+extern module env_module;
+extern module log_config_module;
+extern module asis_module;
+extern module imap_module;
+extern module actions_module;
+extern module setenvif_module;
+
+module *ap_prelinked_modules[] = {
+ &core_module,
+ &mpm_netware_module,
+ &http_module,
+ &so_module,
+ &mime_module,
+ &access_module,
+ &auth_module,
+ &negotiation_module,
+ &include_module,
+ &autoindex_module,
+ &dir_module,
+ &cgi_module,
+ &userdir_module,
+ &alias_module,
+ &env_module,
+ &log_config_module,
+ &asis_module,
+ &imap_module,
+ &actions_module,
+ &setenvif_module,
+ NULL
+};
+
+module *ap_preloaded_modules[] = {
+ &core_module,
+ &mpm_netware_module,
+ &http_module,
+ &so_module,
+ &mime_module,
+ &access_module,
+ &auth_module,
+ &negotiation_module,
+ &include_module,
+ &autoindex_module,
+ &dir_module,
+ &cgi_module,
+ &userdir_module,
+ &alias_module,
+ &env_module,
+ &log_config_module,
+ &asis_module,
+ &imap_module,
+ &actions_module,
+ &setenvif_module,
+ NULL
+};
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+#ifndef APACHE_OS_H
+#define APACHE_OS_H
+
+#ifndef PLATFORM
+#define PLATFORM "NETWARE"
+#endif
+
+#define CASE_BLIND_FILESYSTEM
+#define NO_WRITEV
+
+#define APACHE_MPM_DIR "server/mpm/netware" /* generated on unix */
+
+#define getpid NXThreadGetId
+//#define exit(s) _exit(s)
+
+#endif /* ! APACHE_OS_H */
--- /dev/null
+#ifndef __pre_nw__
+#define __pre_nw__
+
+#pragma precompile_target "precomp.mch"
+#define NETWARE
+
+
+#define N_PLAT_NLM
+
+/* hint for MSL C++ that we're on NetWare platform */
+#define __NETWARE__
+
+/* the FAR keyword has no meaning in a 32-bit environment
+ but is used in the SDK headers so we take it out */
+#define FAR
+#define far
+
+/* no-op for Codewarrior C compiler; a functions are cdecl
+ by default */
+#define cdecl
+
+/* if we have wchar_t enabled in C++, predefine this type to avoid
+ a conflict in Novell's header files */
+#if (__option(cplusplus) && __option(wchar_type))
+#define _WCHAR_T
+#endif
+
+/* C9X defintion used by MSL C++ library */
+#define DECIMAL_DIG 17
+
+/* define long long typedefs for Watcom compatiblity */
+typedef long long int64_t;
+typedef unsigned long long uint64_t;
+
+/* some code may want to use the MS convention for long long */
+#ifndef __int64
+#define __int64 long long
+#endif
+
+#endif
+
+
+
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+#include "httpd.h"
+#include "http_log.h"
+#include "apr_strings.h"
+
+#include <stdarg.h>
+#include <time.h>
+#include <stdlib.h>
+
+
+AP_DECLARE(apr_status_t) ap_os_create_privileged_process(
+ const request_rec *r,
+ apr_proc_t *newproc, const char *progname,
+ const char * const *args,
+ const char * const *env,
+ apr_procattr_t *attr, apr_pool_t *p)
+{
+ return APR_ENOTIMPL;
+}
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(NWOS) \
+ $(APR)/include \
+ $(AP_WORK)/include \
+ $(APRUTIL)/include \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = genchars
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Generate Test Characters
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = genchars
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\NWGNUNetWare.rul
+#
+NLM_VERSION = 1,0,0
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM =_LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM =_LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If this is specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# Declare all target files (you must add your files here)
+#
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+$(OBJDIR)/genchars.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/gen_test_char.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ Libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place.
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+#include "scoreboard.h"
+//#include "unixd.h"
+
+#ifndef APACHE_MPM_THREADED_H
+#define APACHE_MPM_THREADED_H
+
+#define THREADED_MPM
+
+#define MPM_NAME "NetWare_Threaded"
+
+//#define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
+#define AP_MPM_WANT_WAIT_OR_TIMEOUT
+//#define AP_MPM_WANT_PROCESS_CHILD_STATUS
+#define AP_MPM_WANT_SET_PIDFILE
+#define AP_MPM_WANT_SET_SCOREBOARD
+#define AP_MPM_WANT_SET_LOCKFILE
+#define AP_MPM_WANT_SET_MAX_REQUESTS
+#define AP_MPM_WANT_SET_COREDUMPDIR
+//#define AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
+
+#define MPM_SYNC_CHILD_TABLE() (ap_sync_scoreboard_image())
+#define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
+#define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
+
+extern int ap_threads_per_child;
+extern int ap_thread_stack_size;
+extern int ap_max_workers_limit;
+extern server_rec *ap_server_conf;
+
+#endif /* APACHE_MPM_THREADED_H */
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+#ifndef APACHE_MPM_DEFAULT_H
+#define APACHE_MPM_DEFAULT_H
+
+#define AP_ID_FROM_CHILD_THREAD(c, t) ((c * HARD_THREAD_LIMIT) + t)
+#define AP_CHILD_THREAD_FROM_ID(i) (0), (i)
+
+/* Number of servers to spawn off by default --- also, if fewer than
+ * this free when the caretaker checks, it will spawn more.
+ */
+#ifndef DEFAULT_START_DAEMON
+#define DEFAULT_START_DAEMON 1
+#endif
+
+/* Maximum number of *free* server processes --- more than this, and
+ * they will die off.
+ */
+
+#ifndef DEFAULT_MAX_FREE_DAEMON
+#define DEFAULT_MAX_FREE_DAEMON 1
+#endif
+
+/* Minimum --- fewer than this, and more will be created */
+
+#ifndef DEFAULT_MIN_FREE_DAEMON
+#define DEFAULT_MIN_FREE_DAEMON 1
+#endif
+
+/* Limit on the total --- clients will be locked out if more servers than
+ * this are needed. It is intended solely to keep the server from crashing
+ * when things get out of hand.
+ *
+ * We keep a hard maximum number of servers, for two reasons --- first off,
+ * in case something goes seriously wrong, we want to stop the fork bomb
+ * short of actually crashing the machine we're running on by filling some
+ * kernel table. Secondly, it keeps the size of the scoreboard file small
+ * enough that we can read the whole thing without worrying too much about
+ * the overhead.
+ */
+#ifndef HARD_SERVER_LIMIT
+#define HARD_SERVER_LIMIT 1
+#endif
+
+/* Limit on the threads per process. Clients will be locked out if more than
+ * this * HARD_SERVER_LIMIT are needed.
+ *
+ * We keep this for one reason it keeps the size of the scoreboard file small
+ * enough that we can read the whole thing without worrying too much about
+ * the overhead.
+ */
+#ifndef HARD_THREAD_LIMIT
+#define HARD_THREAD_LIMIT 2048
+#endif
+
+#ifndef DEFAULT_THREADS_PER_CHILD
+#define DEFAULT_THREADS_PER_CHILD 50
+#endif
+
+/* File used for accept locking, when we use a file */
+#ifndef DEFAULT_LOCKFILE
+#define DEFAULT_LOCKFILE "logs/accept.lock"
+#endif
+
+/* Scoreboard file, if there is one */
+#ifndef DEFAULT_SCOREBOARD
+#define DEFAULT_SCOREBOARD "logs/apache_runtime_status"
+#endif
+
+/* Where the main/parent process's pid is logged */
+#ifndef DEFAULT_PIDLOG
+#define DEFAULT_PIDLOG "logs/httpd.pid"
+#endif
+
+/*
+ * Interval, in microseconds, between scoreboard maintenance.
+ */
+#ifndef SCOREBOARD_MAINTENANCE_INTERVAL
+#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000
+#endif
+
+/* Number of requests to try to handle in a single process. If <= 0,
+ * the children don't die off.
+ */
+#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD
+#define DEFAULT_MAX_REQUESTS_PER_CHILD 10000
+#endif
+
+#endif /* AP_MPM_DEFAULT_H */
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+/*
+ * httpd.c: simple http daemon for answering WWW file requests
+ *
+ *
+ * 03-21-93 Rob McCool wrote original code (up to NCSA HTTPd 1.3)
+ *
+ * 03-06-95 blong
+ * changed server number for child-alone processes to 0 and changed name
+ * of processes
+ *
+ * 03-10-95 blong
+ * Added numerous speed hacks proposed by Robert S. Thau (rst@ai.mit.edu)
+ * including set group before fork, and call gettime before to fork
+ * to set up libraries.
+ *
+ * 04-14-95 rst / rh
+ * Brandon's code snarfed from NCSA 1.4, but tinkered to work with the
+ * Apache server, and also to have child processes do accept() directly.
+ *
+ * April-July '95 rst
+ * Extensive rework for Apache.
+ */
+
+/* TODO: this is a cobbled together prefork MPM example... it should mostly
+ * TODO: behave like apache-1.3... here's a short list of things I think
+ * TODO: need cleaning up still:
+ */
+
+#include "apr.h"
+#include "apr_portable.h"
+#include "apr_strings.h"
+#include "apr_thread_proc.h"
+#include "apr_signal.h"
+#include "apr_tables.h"
+#include "apr_getopt.h"
+
+#define APR_WANT_STDIO
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
+#if APR_HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#if APR_HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#define CORE_PRIVATE
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "mpm_default.h"
+#include "http_main.h"
+#include "http_log.h"
+#include "http_config.h"
+#include "http_core.h" /* for get_remote_host */
+#include "http_connection.h"
+#include "scoreboard.h"
+#include "ap_mpm.h"
+#include "mpm_common.h"
+#include "ap_listen.h"
+#include "ap_mmn.h"
+
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+#include <signal.h>
+
+#define WORKER_DEAD SERVER_DEAD
+#define WORKER_STARTING SERVER_STARTING
+#define WORKER_READY SERVER_READY
+
+/* config globals */
+
+int ap_threads_per_child=0; /* Worker threads per child */
+int ap_thread_stack_size=65536;
+static apr_lock_t *accept_lock;
+static int ap_threads_to_start=0;
+static int ap_threads_min_free=0;
+static int ap_threads_max_free=0;
+static int ap_threads_limit=0;
+
+/*
+ * The max child slot ever assigned, preserved across restarts. Necessary
+ * to deal with MaxClients changes across SIGWINCH restarts. We use this
+ * value to optimize routines that have to scan the entire scoreboard.
+ */
+int ap_max_workers_limit = -1;
+server_rec *ap_server_conf;
+
+/* *Non*-shared http_main globals... */
+
+static apr_socket_t *sd;
+static fd_set listenfds;
+static int listenmaxfd;
+
+/* one_process --- debugging mode variable; can be set from the command line
+ * with the -X flag. If set, this gets you the child_main loop running
+ * in the process which originally started up (no detach, no make_child),
+ * which is a pretty nice debugging environment. (You'll get a SIGHUP
+ * early in standalone_main; just continue through. This is the server
+ * trying to kill off any child processes which it might have lying
+ * around --- Apache doesn't keep track of their pids, it just sends
+ * SIGHUP to the process group, ignoring it in the root process.
+ * Continue through and you'll be fine.).
+ */
+
+static int one_process = 0;
+
+static apr_pool_t *pconf; /* Pool for config stuff */
+static apr_pool_t *pmain; /* Pool for httpd child stuff */
+
+static pid_t ap_my_pid; /* it seems silly to call getpid all the time */
+static pid_t parent_pid;
+#ifndef MULTITHREAD
+static int my_child_num;
+#endif
+
+static int die_now = 0;
+static apr_lock_t *accept_mutex = NULL;
+
+/* Keep track of the number of worker threads currently active */
+static int worker_thread_count;
+static apr_lock_t *worker_thread_count_mutex;
+
+
+#ifdef GPROF
+/*
+ * change directory for gprof to plop the gmon.out file
+ * configure in httpd.conf:
+ * GprofDir logs/ -> $ServerRoot/logs/gmon.out
+ * GprofDir logs/% -> $ServerRoot/logs/gprof.$pid/gmon.out
+ */
+static void chdir_for_gprof(void)
+{
+ core_server_config *sconf =
+ ap_get_module_config(ap_server_conf->module_config, &core_module);
+ char *dir = sconf->gprof_dir;
+ const char *use_dir;
+
+ if(dir) {
+ apr_status_t res;
+ char buf[512];
+ int len = strlen(sconf->gprof_dir) - 1;
+ if(*(dir + len) == '%') {
+ dir[len] = '\0';
+ apr_snprintf(buf, sizeof(buf), "%sgprof.%d", dir, (int)getpid());
+ }
+ use_dir = ap_server_root_relative(pconf, buf[0] ? buf : dir);
+ res = apr_dir_make(use_dir, 0755, pconf);
+ if(res != APR_SUCCESS && !APR_STATUS_IS_EEXIST(res)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, errno, ap_server_conf,
+ "gprof: error creating directory %s", dir);
+ }
+ }
+ else {
+ use_dir = ap_server_root_relative(pconf, "logs");
+ }
+
+ chdir(dir);
+}
+#else
+#define chdir_for_gprof()
+#endif
+
+/* XXX - I don't know if TPF will ever use this module or not, so leave
+ * the ap_check_signals calls in but disable them - manoj */
+#define ap_check_signals()
+
+/* a clean exit from a child with proper cleanup */
+static void clean_child_exit(int code) __attribute__ ((noreturn));
+static void clean_child_exit(int code)
+{
+ apr_thread_mutex_lock(worker_thread_count_mutex);
+ worker_thread_count--;
+ apr_thread_mutex_unlock(worker_thread_count_mutex);
+ NXThreadExit((void*)&code);
+}
+
+static apr_status_t accept_mutex_child_cleanup(void *foo)
+{
+ return apr_thread_mutex_unlock(accept_mutex);
+}
+
+/* Initialize mutex lock.
+ * Done by each child at its birth
+ */
+static void accept_mutex_child_init(apr_pool_t *p)
+{
+ apr_pool_cleanup_register(p, NULL, accept_mutex_child_cleanup, apr_pool_cleanup_null);
+}
+
+static void accept_mutex_on(void)
+{
+ apr_status_t rc = apr_thread_mutex_lock(accept_mutex);
+
+ if (rc != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, rc, ap_server_conf,
+ "Error getting accept lock. Exiting!");
+ clean_child_exit(APEXIT_CHILDFATAL);
+ }
+}
+
+static void accept_mutex_off(void)
+{
+ apr_status_t rc = apr_thread_mutex_unlock(accept_mutex);
+
+ if (rc != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, rc, ap_server_conf,
+ "Error freeing accept lock. Exiting!");
+ clean_child_exit(APEXIT_CHILDFATAL);
+ }
+}
+
+/* On some architectures it's safe to do unserialized accept()s in the single
+ * Listen case. But it's never safe to do it in the case where there's
+ * multiple Listen statements. Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
+ * when it's safe in the single Listen case.
+ */
+#ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT
+#define SAFE_ACCEPT(stmt) do {if (ap_listeners->next) {stmt;}} while(0)
+#else
+#define SAFE_ACCEPT(stmt) do {stmt;} while(0)
+#endif
+
+//#ifdef NO_SERIALIZED_ACCEPT
+//#define SAFE_ACCEPT(stmt) APR_SUCCESS
+//#else
+//#define SAFE_ACCEPT(stmt) (stmt)
+//#endif
+
+AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result)
+{
+ switch(query_code){
+ case AP_MPMQ_MAX_DAEMON_USED:
+ *result = ap_threads_limit;
+ return APR_SUCCESS;
+ case AP_MPMQ_IS_THREADED:
+ *result = AP_MPMQ_NOT_SUPPORTED;
+ return APR_SUCCESS;
+ case AP_MPMQ_IS_FORKED:
+ *result = AP_MPMQ_DYNAMIC;
+ return APR_SUCCESS;
+ case AP_MPMQ_HARD_LIMIT_DAEMONS:
+ *result = HARD_SERVER_LIMIT;
+ return APR_SUCCESS;
+ case AP_MPMQ_HARD_LIMIT_THREADS:
+ *result = HARD_THREAD_LIMIT;
+ return APR_SUCCESS;
+ case AP_MPMQ_MAX_THREADS:
+ *result = 0;
+ return APR_SUCCESS;
+ case AP_MPMQ_MIN_SPARE_DEAMONS:
+ *result = ap_threads_min_free;
+ return APR_SUCCESS;
+ case AP_MPMQ_MIN_SPARE_THREADS:
+ *result = 0;
+ return APR_SUCCESS;
+ case AP_MPMQ_MAX_SPARE_DAEMONS:
+ *result = ap_threads_max_free;
+ return APR_SUCCESS;
+ case AP_MPMQ_MAX_SPARE_THREADS:
+ *result = 0;
+ return APR_SUCCESS;
+ case AP_MPMQ_MAX_REQUESTS_DEAMON:
+ *result = ap_max_requests_per_child;
+ return APR_SUCCESS;
+ case AP_MPMQ_MAX_DAEMONS:
+ *result = ap_threads_limit;
+ return APR_SUCCESS;
+ }
+ return APR_ENOTIMPL;
+}
+
+
+/*****************************************************************
+ * Connection structures and accounting...
+ */
+
+static void just_die(int sig)
+{
+ clean_child_exit(0);
+}
+
+/* volatile just in case */
+static int volatile shutdown_pending;
+static int volatile restart_pending;
+static int volatile is_graceful;
+static int volatile wait_to_finish=1;
+ap_generation_t volatile ap_my_generation=0;
+
+static void sig_term(int sig)
+{
+ if (shutdown_pending == 1) {
+ /* Um, is this _probably_ not an error, if the user has
+ * tried to do a shutdown twice quickly, so we won't
+ * worry about reporting it.
+ */
+ return;
+ }
+ shutdown_pending = 1;
+
+ while (wait_to_finish)
+ delay(500);
+// NXThreadYield();
+ delay(2000);
+// The shut down flag wait_to_finish needs to be set in
+// the atexit() routine when it is finally working.
+}
+
+/* restart() is the signal handler for SIGHUP and SIGWINCH
+ * in the parent process, unless running in ONE_PROCESS mode
+ */
+static void restart(int sig)
+{
+ if (restart_pending == 1) {
+ /* Probably not an error - don't bother reporting it */
+ return;
+ }
+ restart_pending = 1;
+}
+
+static void set_signals(void)
+{
+ apr_signal(SIGTERM, sig_term);
+}
+
+/*****************************************************************
+ * Child process main loop.
+ * The following vars are static to avoid getting clobbered by longjmp();
+ * they are really private to child_main.
+ */
+
+//static int srv;
+//static apr_socket_t *csd;
+//static int requests_this_child;
+static fd_set main_fds;
+
+int ap_graceful_stop_signalled(void)
+{
+ /* not ever called anymore... */
+ return 0;
+}
+
+static int setup_listen_poll(apr_pool_t *pmain, apr_pollfd_t **listen_poll)
+{
+ ap_listen_rec *lr;
+ int numfds = 0;
+
+ for (lr = ap_listeners; lr; lr = lr->next) {
+ numfds++;
+ }
+
+ apr_poll_setup(listen_poll, numfds, pmain);
+
+ for (lr = ap_listeners; lr; lr = lr->next) {
+ apr_poll_socket_add(*listen_poll, lr->sd, APR_POLLIN);
+ }
+ return 0;
+}
+
+
+static void worker_main(void *arg)
+{
+ ap_listen_rec *lr;
+ ap_listen_rec *last_lr;
+ ap_listen_rec *first_lr;
+ apr_pool_t *ptrans;
+ conn_rec *current_conn;
+ apr_status_t stat = APR_EINIT;
+ int sockdes;
+ int worker_num_arg = *((int*)arg);
+ apr_pollfd_t *listen_poll;
+ int nsds, rv;
+
+ int my_worker_num = worker_num_arg;
+ apr_socket_t *csd = NULL;
+ int requests_this_child = 0;
+ int srv;
+ struct timeval tv;
+
+ last_lr = NULL;
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+
+ apr_pool_create(&ptrans, pmain);
+
+ apr_thread_mutex_lock(worker_thread_count_mutex);
+ worker_thread_count++;
+ apr_thread_mutex_unlock(worker_thread_count_mutex);
+
+ if (setup_listen_poll(pmain, &listen_poll)) {
+ clean_child_exit(1);
+ }
+
+ ap_update_child_status(AP_CHILD_THREAD_FROM_ID(my_child_num), WORKER_READY, (request_rec *) NULL);
+
+// ap_sync_scoreboard_image();
+ while (!die_now) {
+ /*
+ * (Re)initialize this child to a pre-connection state.
+ */
+ current_conn = NULL;
+ apr_pool_clear(ptrans);
+
+ if ((ap_max_requests_per_child > 0
+ && requests_this_child++ >= ap_max_requests_per_child)) {
+ clean_child_exit(0);
+ }
+
+ ap_update_child_status(AP_CHILD_THREAD_FROM_ID(my_child_num), WORKER_READY, (request_rec *) NULL);
+
+ /*
+ * Wait for an acceptable connection to arrive.
+ */
+
+ /* Lock around "accept", if necessary */
+ SAFE_ACCEPT(accept_mutex_on());
+
+ for (;;) {
+ if (shutdown_pending) {
+printf ("Thread %d is shutting down\n", getpid());
+ SAFE_ACCEPT(accept_mutex_off());
+ clean_child_exit(0);
+ }
+
+ /* more than one socket */
+ memcpy(&main_fds, &listenfds, sizeof(fd_set));
+ srv = select(listenmaxfd + 1, &main_fds, NULL, NULL, &tv);
+
+ if (srv < 0 && h_errno != EINTR) {
+ /* Single Unix documents select as returning errnos
+ * EBADF, EINTR, and EINVAL... and in none of those
+ * cases does it make sense to continue. In fact
+ * on Linux 2.0.x we seem to end up with EFAULT
+ * occasionally, and we'd loop forever due to it.
+ */
+ ap_log_error(APLOG_MARK, APLOG_ERR, h_errno, ap_server_conf, "select: (listen)");
+ clean_child_exit(1);
+ }
+
+ if (srv <= 0)
+ continue;
+
+ /* we remember the last_lr we searched last time around so that
+ we don't end up starving any particular listening socket */
+ if (last_lr == NULL) {
+ lr = ap_listeners;
+ }
+ else {
+ lr = last_lr->next;
+ if (!lr)
+ lr = ap_listeners;
+ }
+ first_lr = lr;
+ do {
+ apr_os_sock_get(&sockdes, lr->sd);
+ if (FD_ISSET(sockdes, &main_fds))
+ goto got_listener;
+ lr = lr->next;
+ if (!lr)
+ lr = ap_listeners;
+ } while (lr != first_lr);
+ /* FIXME: if we get here, something bad has happened, and we're
+ probably gonna spin forever.
+ */
+ continue;
+got_listener:
+ last_lr = lr;
+ sd = lr->sd;
+
+ /* if we accept() something we don't want to die, so we have to
+ * defer the exit
+ */
+ for (;;) {
+// ap_sync_scoreboard_image();
+ stat = apr_accept(&csd, sd, ptrans);
+ if (stat == APR_SUCCESS || !APR_STATUS_IS_EINTR(stat))
+ break;
+ }
+
+ if (stat == APR_SUCCESS)
+ break; /* We have a socket ready for reading */
+ else {
+ /* Our old behaviour here was to continue after accept()
+ * errors. But this leads us into lots of troubles
+ * because most of the errors are quite fatal. For
+ * example, EMFILE can be caused by slow descriptor
+ * leaks (say in a 3rd party module, or libc). It's
+ * foolish for us to continue after an EMFILE. We also
+ * seem to tickle kernel bugs on some platforms which
+ * lead to never-ending loops here. So it seems best
+ * to just exit in most cases.
+ */
+ switch (stat) {
+
+ /* Linux generates the rest of these, other tcp
+ * stacks (i.e. bsd) tend to hide them behind
+ * getsockopt() interfaces. They occur when
+ * the net goes sour or the client disconnects
+ * after the three-way handshake has been done
+ * in the kernel but before userland has picked
+ * up the socket.
+ */
+ case ECONNRESET:
+ case ETIMEDOUT:
+ case EHOSTUNREACH:
+ case ENETUNREACH:
+ break;
+
+ case ENETDOWN:
+ /*
+ * When the network layer has been shut down, there
+ * is not much use in simply exiting: the parent
+ * would simply re-create us (and we'd fail again).
+ * Use the CHILDFATAL code to tear the server down.
+ * @@@ Martin's idea for possible improvement:
+ * A different approach would be to define
+ * a new APEXIT_NETDOWN exit code, the reception
+ * of which would make the parent shutdown all
+ * children, then idle-loop until it detected that
+ * the network is up again, and restart the children.
+ * Ben Hyde noted that temporary ENETDOWN situations
+ * occur in mobile IP.
+ */
+ ap_log_error(APLOG_MARK, APLOG_EMERG, stat, ap_server_conf,
+ "apr_accept: giving up.");
+ clean_child_exit(APEXIT_CHILDFATAL);
+
+ default:
+ ap_log_error(APLOG_MARK, APLOG_ERR, stat, ap_server_conf,
+ "apr_accept: (client socket)");
+ clean_child_exit(1);
+ }
+ }
+
+// ap_sync_scoreboard_image();
+ }
+
+ SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */
+
+ /*
+ * We now have a connection, so set it up with the appropriate
+ * socket options, file descriptors, and read/write buffers.
+ */
+
+ apr_os_sock_get(&sockdes, csd);
+
+ if (sockdes >= FD_SETSIZE) {
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, NULL,
+ "new file descriptor %d is too large; you probably need "
+ "to rebuild Apache with a larger FD_SETSIZE "
+ "(currently %d)",
+ sockdes, FD_SETSIZE);
+ apr_socket_close(csd);
+// ap_sync_scoreboard_image();
+ continue;
+ }
+
+ ap_sock_disable_nagle(csd);
+
+ current_conn = ap_new_connection(ptrans, ap_server_conf, csd,
+ my_child_num);
+ if (current_conn) {
+ ap_process_connection(current_conn);
+ ap_lingering_close(current_conn);
+ }
+
+// ap_sync_scoreboard_image();
+ }
+ clean_child_exit(0);
+}
+
+
+static int make_child(server_rec *s, int slot)
+{
+ int tid;
+ int err=0;
+ NXContext_t ctx;
+
+ if (slot + 1 > ap_max_workers_limit) {
+ ap_max_workers_limit = slot + 1;
+ }
+
+ if (one_process) {
+ apr_signal(SIGINT, just_die);
+ apr_signal(SIGTERM, just_die);
+ worker_main((void*)&slot);
+ }
+
+ ap_update_child_status(AP_CHILD_THREAD_FROM_ID(slot), WORKER_STARTING, (request_rec *) NULL);
+
+ if (ctx = NXContextAlloc((void (*)(void *)) worker_main, &slot, NX_PRIO_MED, ap_thread_stack_size, NX_CTX_NORMAL, &err)) {
+ char threadName[32];
+
+ sprintf (threadName, "Apache_Worker %d", slot);
+ NXContextSetName(ctx, threadName);
+ err = NXThreadCreate(ctx, NX_THR_BIND_CONTEXT, &tid);
+ if (err) {
+ NXContextFree (ctx);
+ }
+ }
+
+ if (err) {
+ /* create thread didn't succeed. Fix the scoreboard or else
+ * it will say SERVER_STARTING forever and ever
+ */
+ ap_update_child_status(AP_CHILD_THREAD_FROM_ID(slot), WORKER_DEAD, (request_rec *) NULL);
+
+ /* In case system resources are maxxed out, we don't want
+ Apache running away with the CPU trying to fork over and
+ over and over again. */
+ apr_thread_yield();
+
+ return -1;
+ }
+
+ ap_scoreboard_image->servers[0][slot].tid = tid;
+
+ return 0;
+}
+
+
+/* start up a bunch of worker threads */
+static void startup_workers(int number_to_start)
+{
+ int i;
+
+ for (i = 0; number_to_start && i < ap_threads_limit; ++i) {
+ if (ap_scoreboard_image->servers[0][i].status != WORKER_DEAD) {
+ continue;
+ }
+ if (make_child(ap_server_conf, i) < 0) {
+ break;
+ }
+ --number_to_start;
+ }
+}
+
+
+/*
+ * idle_spawn_rate is the number of children that will be spawned on the
+ * next maintenance cycle if there aren't enough idle servers. It is
+ * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
+ * without the need to spawn.
+ */
+static int idle_spawn_rate = 1;
+#ifndef MAX_SPAWN_RATE
+#define MAX_SPAWN_RATE (32)
+#endif
+static int hold_off_on_exponential_spawning;
+
+static void perform_idle_server_maintenance(apr_pool_t *p)
+{
+ int i;
+ int to_kill;
+ int idle_count;
+ worker_score *ws;
+ int free_length;
+ int free_slots[MAX_SPAWN_RATE];
+ int last_non_dead;
+ int total_non_dead;
+
+ /* initialize the free_list */
+ free_length = 0;
+
+ to_kill = -1;
+ idle_count = 0;
+ last_non_dead = -1;
+ total_non_dead = 0;
+
+ ap_sync_scoreboard_image();
+ for (i = 0; i < ap_threads_limit; ++i) {
+ int status;
+
+ if (i >= ap_max_workers_limit && free_length == idle_spawn_rate)
+ break;
+ ws = &ap_scoreboard_image->servers[i][0];
+ status = ws->status;
+ if (status == WORKER_DEAD) {
+ /* try to keep children numbers as low as possible */
+ if (free_length < idle_spawn_rate) {
+ free_slots[free_length] = i;
+ ++free_length;
+ }
+ }
+ else {
+ /* We consider a starting server as idle because we started it
+ * at least a cycle ago, and if it still hasn't finished starting
+ * then we're just going to swamp things worse by forking more.
+ * So we hopefully won't need to fork more if we count it.
+ * This depends on the ordering of SERVER_READY and SERVER_STARTING.
+ */
+ if (status <= SERVER_READY) {
+ ++ idle_count;
+ /* always kill the highest numbered child if we have to...
+ * no really well thought out reason ... other than observing
+ * the server behaviour under linux where lower numbered children
+ * tend to service more hits (and hence are more likely to have
+ * their data in cpu caches).
+ */
+ to_kill = i;
+ }
+
+ ++total_non_dead;
+ last_non_dead = i;
+ }
+ }
+ ap_max_workers_limit = last_non_dead + 1;
+ if (idle_count > ap_threads_max_free) {
+ /* kill off one child... we use the pod because that'll cause it to
+ * shut down gracefully, in case it happened to pick up a request
+ * while we were counting
+ */
+ idle_spawn_rate = 1;
+ }
+ else if (idle_count < ap_threads_min_free) {
+ /* terminate the free list */
+ if (free_length == 0) {
+ /* only report this condition once */
+ static int reported = 0;
+
+ if (!reported) {
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, ap_server_conf,
+ "server reached MaxClients setting, consider"
+ " raising the MaxClients setting");
+ reported = 1;
+ }
+ idle_spawn_rate = 1;
+ }
+ else {
+ if (idle_spawn_rate >= 8) {
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, ap_server_conf,
+ "server seems busy, (you may need "
+ "to increase StartServers, or Min/MaxSpareServers), "
+ "spawning %d children, there are %d idle, and "
+ "%d total children", idle_spawn_rate,
+ idle_count, total_non_dead);
+ }
+ for (i = 0; i < free_length; ++i) {
+ make_child(ap_server_conf, free_slots[i]);
+ }
+ /* the next time around we want to spawn twice as many if this
+ * wasn't good enough, but not if we've just done a graceful
+ */
+ if (hold_off_on_exponential_spawning) {
+ --hold_off_on_exponential_spawning;
+ }
+ else if (idle_spawn_rate < MAX_SPAWN_RATE) {
+ idle_spawn_rate *= 2;
+ }
+ }
+ }
+ else {
+ idle_spawn_rate = 1;
+ }
+}
+
+static int setup_listeners(server_rec *s)
+{
+ ap_listen_rec *lr;
+ int sockdes;
+
+ if (ap_setup_listeners(s) < 1 ) {
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, 0, s,
+ "no listening sockets available, shutting down");
+ return -1;
+ }
+
+ listenmaxfd = -1;
+ FD_ZERO(&listenfds);
+ for (lr = ap_listeners; lr; lr = lr->next) {
+ apr_os_sock_get(&sockdes, lr->sd);
+ FD_SET(sockdes, &listenfds);
+ if (sockdes > listenmaxfd) {
+ listenmaxfd = sockdes;
+ }
+ }
+ return 0;
+}
+
+/*****************************************************************
+ * Executive routines.
+ */
+
+int ap_mpm_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
+{
+ int index;
+ int remaining_workers_to_start;
+ apr_status_t status=0;
+
+ pconf = _pconf;
+ ap_server_conf = s;
+
+ if (setup_listeners(s)) {
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, status, s,
+ "no listening sockets available, shutting down");
+ return -1;
+ }
+
+ ap_log_pid(pconf, ap_pid_fname);
+
+ worker_thread_count = 0;
+ apr_thread_mutex_create(&worker_thread_count_mutex, pconf);
+ apr_thread_mutex_create(&accept_mutex, pconf);
+ if (!is_graceful) {
+ ap_run_pre_mpm(pconf, SB_NOT_SHARED);
+ }
+
+ set_signals();
+
+/* Normal child main stuff */
+
+ apr_pool_create(&pmain, pconf);
+
+ /* needs to be done before we switch UIDs so we have permissions */
+ reopen_scoreboard(pmain);
+
+ ap_run_child_init(pmain, ap_server_conf);
+
+
+/* End Normal child main stuff */
+
+ if (ap_threads_max_free < ap_threads_min_free + 1) /* Don't thrash... */
+ ap_threads_max_free = ap_threads_min_free + 1;
+
+ /* If we're doing a graceful_restart then we're going to see a lot
+ * of children exiting immediately when we get into the main loop
+ * below (because we just sent them SIGWINCH). This happens pretty
+ * rapidly... and for each one that exits we'll start a new one until
+ * we reach at least daemons_min_free. But we may be permitted to
+ * start more than that, so we'll just keep track of how many we're
+ * supposed to start up without the 1 second penalty between each fork.
+ */
+ remaining_workers_to_start = ap_threads_to_start;
+ if (remaining_workers_to_start > ap_threads_limit) {
+ remaining_workers_to_start = ap_threads_limit;
+ }
+ if (!is_graceful) {
+ startup_workers(remaining_workers_to_start);
+ remaining_workers_to_start = 0;
+ }
+ else {
+ /* give the system some time to recover before kicking into
+ * exponential mode */
+ hold_off_on_exponential_spawning = 10;
+ }
+
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 0, ap_server_conf,
+ "%s configured -- resuming normal operations",
+ ap_get_server_version());
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, ap_server_conf,
+ "Server built: %s", ap_get_server_built());
+ restart_pending = shutdown_pending = 0;
+
+ printf("%s \n", ap_get_server_version());
+
+ while (!restart_pending && !shutdown_pending) {
+ int worker_slot;
+ apr_wait_t status;
+
+// /* this is a memory leak, but I'll fix it later. */
+// apr_proc_t pid;
+//
+// ap_wait_or_timeout(&status, &pid, pconf);
+//
+// /* XXX: if it takes longer than 1 second for all our children
+// * to start up and get into IDLE state then we may spawn an
+// * extra child
+// */
+// if (pid.pid != -1) {
+// ap_process_child_status(&pid, status);
+// /* non-fatal death... note that it's gone in the scoreboard. */
+// ap_sync_scoreboard_image();
+// child_slot = find_child_by_pid(&pid);
+// if (child_slot >= 0) {
+// ap_update_child_status(AP_CHILD_THREAD_FROM_ID(child_slot), WORKER_DEAD,
+// (request_rec *) NULL);
+// if (remaining_workers_to_start && child_slot < ap_threads_limit) {
+// /* we're still doing a 1-for-1 replacement of dead
+// * children with new children
+// */
+// make_child(ap_server_conf, child_slot);
+// --remaining_workers_to_start;
+// }
+//#if APR_HAS_OTHER_CHILD
+// }
+// else if (apr_proc_other_child_read(&pid, status) == 0) {
+// /* handled */
+//#endif
+// }
+// else if (is_graceful) {
+// /* Great, we've probably just lost a slot in the
+// * scoreboard. Somehow we don't know about this
+// * child.
+// */
+// ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
+// 0, ap_server_conf,
+// "long lost child came home! (pid %ld)", (long)pid.pid);
+// }
+// /* Don't perform idle maintenance when a child dies,
+// * only do it when there's a timeout. Remember only a
+// * finite number of children can die, and it's pretty
+// * pathological for a lot to die suddenly.
+// */
+// continue;
+// }
+// else if (remaining_workers_to_start) {
+// /* we hit a 1 second timeout in which none of the previous
+// * generation of children needed to be reaped... so assume
+// * they're all done, and pick up the slack if any is left.
+// */
+// startup_children(remaining_workers_to_start);
+// remaining_workers_to_start = 0;
+// /* In any event we really shouldn't do the code below because
+// * few of the servers we just started are in the IDLE state
+// * yet, so we'd mistakenly create an extra server.
+// */
+// continue;
+// }
+
+// perform_idle_server_maintenance(pconf);
+ apr_thread_yield();
+ }
+
+ if (shutdown_pending) {
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 0, ap_server_conf,
+ "caught SIGTERM, shutting down");
+
+ while (worker_thread_count > 0)
+ apr_thread_yield();
+
+ printf ("Press any key to continue...");
+ getc(stdin);
+ wait_to_finish = 0;
+ return 1;
+ }
+
+ /* we've been told to restart */
+// apr_signal(SIGHUP, SIG_IGN);
+ if (one_process) {
+ /* not worth thinking about */
+ return 1;
+ }
+
+ /* advance to the next generation */
+ /* XXX: we really need to make sure this new generation number isn't in
+ * use by any of the children.
+ */
+ ++ap_my_generation;
+ ap_scoreboard_image->global.running_generation = ap_my_generation;
+ update_scoreboard_global();
+
+ if (is_graceful) {
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 0, ap_server_conf,
+ "Graceful restart requested, doing restart");
+
+ /* kill off the idle ones */
+
+#ifndef SCOREBOARD_FILE
+ /* This is mostly for debugging... so that we know what is still
+ * gracefully dealing with existing request. But we can't really
+ * do it if we're in a SCOREBOARD_FILE because it'll cause
+ * corruption too easily.
+ */
+ ap_sync_scoreboard_image();
+ for (index = 0; index < ap_threads_limit; ++index) {
+ if (ap_scoreboard_image->servers[0][index].status != WORKER_DEAD) {
+ ap_scoreboard_image->servers[0][index].status = SERVER_GRACEFUL;
+ }
+ }
+#endif
+ }
+ else {
+ /* Kill 'em off */
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 0, ap_server_conf,
+ "SIGHUP received. Attempting to restart");
+ }
+
+ return 0;
+}
+
+static void netware_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
+{
+ static int restart_num = 0;
+ int no_detach, debug;
+
+ debug = ap_exists_config_define("DEBUG");
+
+ if (debug)
+ no_detach = one_process = 1;
+ else
+ {
+ no_detach = ap_exists_config_define("NO_DETACH");
+ one_process = ap_exists_config_define("ONE_PROCESS");
+ }
+
+ /* sigh, want this only the second time around */
+ if (restart_num++ == 1) {
+ is_graceful = 0;
+
+ if (!one_process && !no_detach) {
+ apr_proc_detach();
+ }
+
+ parent_pid = ap_my_pid = getpid();
+ }
+
+ ap_listen_pre_config();
+ ap_threads_to_start = DEFAULT_START_DAEMON;
+ ap_threads_min_free = DEFAULT_MIN_FREE_DAEMON;
+ ap_threads_max_free = DEFAULT_MAX_FREE_DAEMON;
+ ap_threads_limit = HARD_THREAD_LIMIT;
+ ap_pid_fname = DEFAULT_PIDLOG;
+ ap_scoreboard_fname = DEFAULT_SCOREBOARD;
+ ap_lock_fname = DEFAULT_LOCKFILE;
+ ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD;
+ ap_extended_status = 0;
+
+ apr_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir));
+}
+
+static void netware_mpm_hooks(apr_pool_t *p)
+{
+ ap_hook_pre_config(netware_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+void netware_rewrite_args(process_rec *process)
+{
+ char *def_server_root;
+ char optbuf[3];
+ const char *optarg;
+ apr_getopt_t *opt;
+ apr_array_header_t *mpm_new_argv;
+
+
+ /* Rewrite process->argv[];
+ *
+ * add default -d serverroot from the path of this executable
+ *
+ * The end result will look like:
+ * The -d serverroot default from the running executable
+ */
+ if (process->argc > 0) {
+ char *s = apr_pstrdup (process->pconf, process->argv[0]);
+ if (s) {
+ int i, len = strlen(s);
+
+ for (i=len; i; i--) {
+ if (s[i] == '\\' || s[i] == '/') {
+ s[i] = NULL;
+ apr_filepath_merge(&def_server_root, NULL, s,
+ APR_FILEPATH_TRUENAME, process->pool);
+ break;
+ }
+ }
+ /* Use process->pool so that the rewritten argv
+ * lasts for the lifetime of the server process,
+ * because pconf will be destroyed after the
+ * initial pre-flight of the config parser.
+ */
+ mpm_new_argv = apr_array_make(process->pool, process->argc + 2,
+ sizeof(const char *));
+ *(const char **)apr_array_push(mpm_new_argv) = process->argv[0];
+ *(const char **)apr_array_push(mpm_new_argv) = "-d";
+ *(const char **)apr_array_push(mpm_new_argv) = def_server_root;
+
+ optbuf[0] = '-';
+ optbuf[2] = '\0';
+ apr_getopt_init(&opt, process->pool, process->argc, (char**) process->argv);
+ while (apr_getopt(opt, AP_SERVER_BASEARGS, optbuf + 1, &optarg) == APR_SUCCESS) {
+ switch (optbuf[1]) {
+ default:
+ *(const char **)apr_array_push(mpm_new_argv) =
+ apr_pstrdup(process->pool, optbuf);
+
+ if (optarg) {
+ *(const char **)apr_array_push(mpm_new_argv) = optarg;
+ }
+ break;
+ }
+ }
+ process->argc = mpm_new_argv->nelts;
+ process->argv = (const char * const *) mpm_new_argv->elts;
+ }
+ }
+}
+
+static const char *set_threads_to_start(cmd_parms *cmd, void *dummy, const char *arg)
+{
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+
+ ap_threads_to_start = atoi(arg);
+ return NULL;
+}
+
+static const char *set_min_free_threads(cmd_parms *cmd, void *dummy, const char *arg)
+{
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+
+ ap_threads_min_free = atoi(arg);
+ if (ap_threads_min_free <= 0) {
+ ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL,
+ "WARNING: detected MinSpareServers set to non-positive.");
+ ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL,
+ "Resetting to 1 to avoid almost certain Apache failure.");
+ ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL,
+ "Please read the documentation.");
+ ap_threads_min_free = 1;
+ }
+
+ return NULL;
+}
+
+static const char *set_max_free_threads(cmd_parms *cmd, void *dummy, const char *arg)
+{
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+
+ ap_threads_max_free = atoi(arg);
+ return NULL;
+}
+
+static const char *set_thread_limit (cmd_parms *cmd, void *dummy, const char *arg)
+{
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+
+ ap_threads_limit = atoi(arg);
+ if (ap_threads_limit > HARD_THREAD_LIMIT) {
+ ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL,
+ "WARNING: MaxClients of %d exceeds compile time limit "
+ "of %d servers,", ap_threads_limit, HARD_SERVER_LIMIT);
+ ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL,
+ " lowering MaxClients to %d. To increase, please "
+ "see the", HARD_SERVER_LIMIT);
+ ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL,
+ " HARD_SERVER_LIMIT define in %s.",
+ AP_MPM_HARD_LIMITS_FILE);
+ ap_threads_limit = HARD_THREAD_LIMIT;
+ }
+ else if (ap_threads_limit < 1) {
+ ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL,
+ "WARNING: Require MaxClients > 0, setting to 1");
+ ap_threads_limit = 1;
+ }
+ return NULL;
+}
+
+static const char *set_thread_stacksize(cmd_parms *cmd, void *dummy,
+ const char *arg)
+{
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+
+ ap_thread_stack_size = atoi(arg);
+ return NULL;
+}
+
+static const command_rec netware_mpm_cmds[] = {
+AP_INIT_TAKE1("ThreadStackSize", set_thread_stacksize, NULL, RSRC_CONF,
+ "Stack size each created thread will use."),
+LISTEN_COMMANDS
+AP_INIT_TAKE1("StartThreads", set_threads_to_start, NULL, RSRC_CONF,
+ "Number of worker threads launched at server startup"),
+AP_INIT_TAKE1("MinSpareThreads", set_min_free_threads, NULL, RSRC_CONF,
+ "Minimum number of idle threads, to handle request spikes"),
+AP_INIT_TAKE1("MaxSpareThreads", set_max_free_threads, NULL, RSRC_CONF,
+ "Maximum number of idle threads"),
+AP_INIT_TAKE1("MaxThreads", set_thread_limit, NULL, RSRC_CONF,
+ "Maximum number of worker threads alive at the same time"),
+{ NULL }
+};
+
+module AP_MODULE_DECLARE_DATA mpm_netware_module = {
+ MPM20_MODULE_STUFF,
+ netware_rewrite_args, /* hook to run before apache parses args */
+ NULL, /* create per-directory config structure */
+ NULL, /* merge per-directory config structures */
+ NULL, /* create per-server config structure */
+ NULL, /* merge per-server config structures */
+ netware_mpm_cmds, /* command apr_table_t */
+ netware_mpm_hooks, /* register hooks */
+};
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+#define CORE_PRIVATE
+
+#include "httpd.h"
+#include "http_log.h"
+#include "mpm_winnt.h"
+#include "apr_strings.h"
+#include "apr_lib.h"
+
+#include "apr_dbg_win32_handles.h"
+
+
+static char *display_name = NULL;
+static HANDLE stderr_thread = NULL;
+static HANDLE stderr_ready;
+
+static DWORD WINAPI service_stderr_thread(LPVOID hPipe)
+{
+ HANDLE hPipeRead = (HANDLE) hPipe;
+ HANDLE hEventSource;
+ char errbuf[256];
+ char *errmsg = errbuf;
+ const char *errarg[9];
+ DWORD errres;
+ HKEY hk;
+
+ errarg[0] = "The Apache service named";
+ errarg[1] = display_name;
+ errarg[2] = "reported the following error:\r\n>>>";
+ errarg[3] = errbuf;
+ errarg[4] = NULL;
+ errarg[5] = NULL;
+ errarg[6] = NULL;
+ errarg[7] = NULL;
+ errarg[8] = NULL;
+
+ /* What are we going to do in here, bail on the user? not. */
+ if (!RegCreateKey(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services"
+ "\\EventLog\\Application\\Apache Service", &hk))
+ {
+ /* The stock message file */
+ char *netmsgkey = "%SystemRoot%\\System32\\netmsg.dll";
+ DWORD dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE |
+ EVENTLOG_INFORMATION_TYPE;
+
+ RegSetValueEx(hk, "EventMessageFile", 0, REG_EXPAND_SZ,
+ (LPBYTE) netmsgkey, strlen(netmsgkey) + 1);
+
+ RegSetValueEx(hk, "TypesSupported", 0, REG_DWORD,
+ (LPBYTE) &dwData, sizeof(dwData));
+ RegCloseKey(hk);
+ }
+
+ hEventSource = RegisterEventSource(NULL, "Apache Service");
+
+ SetEvent(stderr_ready);
+
+ while (ReadFile(hPipeRead, errmsg, 1, &errres, NULL) && (errres == 1))
+ {
+ if ((errmsg > errbuf) || !isspace(*errmsg))
+ {
+ ++errmsg;
+ if ((*(errmsg - 1) == '\n')
+ || (errmsg >= errbuf + sizeof(errbuf) - 1))
+ {
+ while ((errmsg > errbuf) && isspace(*(errmsg - 1))) {
+ --errmsg;
+ }
+ *errmsg = '\0';
+
+ /* Generic message: '%1 %2 %3 %4 %5 %6 %7 %8 %9'
+ * The event code in netmsg.dll is 3299
+ */
+ ReportEvent(hEventSource, EVENTLOG_ERROR_TYPE, 0,
+ 3299, NULL, 9, 0, errarg, NULL);
+ errmsg = errbuf;
+ }
+ }
+ }
+
+ if ((errres = GetLastError()) != ERROR_BROKEN_PIPE) {
+ apr_snprintf(errbuf, sizeof(errbuf),
+ "Win32 error %d reading stderr pipe stream\r\n",
+ GetLastError());
+
+ ReportEvent(hEventSource, EVENTLOG_ERROR_TYPE, 0,
+ 3299, NULL, 9, 0, errarg, NULL);
+ }
+
+ CloseHandle(hPipeRead);
+ DeregisterEventSource(hEventSource);
+ CloseHandle(stderr_thread);
+ stderr_thread = NULL;
+ return 0;
+}
+
+
+void mpm_nt_eventlog_stderr_flush(void)
+{
+ HANDLE cleanup_thread = stderr_thread;
+
+ if (cleanup_thread) {
+ HANDLE hErr = GetStdHandle(STD_ERROR_HANDLE);
+ fclose(stderr);
+ CloseHandle(hErr);
+ WaitForSingleObject(cleanup_thread, 30000);
+ CloseHandle(cleanup_thread);
+ }
+}
+
+
+void mpm_nt_eventlog_stderr_open(char *argv0, apr_pool_t *p)
+{
+ SECURITY_ATTRIBUTES sa;
+ HANDLE hProc = GetCurrentProcess();
+ HANDLE hPipeRead = NULL;
+ HANDLE hPipeWrite = NULL;
+ HANDLE hDup = NULL;
+ DWORD threadid;
+ int fd;
+
+ display_name = argv0;
+
+ /* Create a pipe to send stderr messages to the system error log.
+ *
+ * _dup2() duplicates the write handle inheritable for us.
+ */
+ sa.nLength = sizeof(sa);
+ sa.lpSecurityDescriptor = NULL;
+ sa.bInheritHandle = FALSE;
+ CreatePipe(&hPipeRead, &hPipeWrite, NULL, 0);
+ ap_assert(hPipeRead && hPipeWrite);
+
+ stderr_ready = CreateEvent(NULL, FALSE, FALSE, NULL);
+ stderr_thread = CreateThread(NULL, 0, service_stderr_thread,
+ (LPVOID) hPipeRead, 0, &threadid);
+ ap_assert(stderr_ready && stderr_thread);
+
+ WaitForSingleObject(stderr_ready, INFINITE);
+
+ /* Flush stderr and unset its buffer, then commit and replace stderr.
+ * This is typically a noop for Win2K/XP since services with NULL std
+ * handles [but valid FILE *'s, oddly enough], but is required
+ * for NT 4.0 and to use this code outside of services.
+ */
+ fflush(stderr);
+ setvbuf(stderr, NULL, _IONBF, 0);
+ _commit(2 /* stderr */);
+ fd = _open_osfhandle((long) hPipeWrite,
+ _O_WRONLY | _O_BINARY);
+ _dup2(fd, 2);
+ _close(fd);
+ _setmode(2, _O_BINARY);
+
+ /* hPipeWrite was _close()'ed above, and _dup2()'ed
+ * to fd 2 creating a new, inherited Win32 handle.
+ * Recover that real handle from fd 2.
+ */
+ hPipeWrite = (HANDLE)_get_osfhandle(2);
+
+ SetStdHandle(STD_ERROR_HANDLE, hPipeWrite);
+
+ /* The code above _will_ corrupt the StdHandle...
+ * and we must do so anyways. We set this up only
+ * after we initialized the posix stderr API.
+ */
+ ap_open_stderr_log(p);
+}
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+#include "apr.h"
+#include "apr_strings.h"
+#include "apr_lock.h"
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_log.h"
+#include "http_main.h"
+#include "mpm.h"
+#include "pod.h"
+#include "mpm_common.h"
+#include "ap_mpm.h"
+#include "ap_listen.h"
+#include "mpm_default.h"
+
+AP_DECLARE(apr_status_t) ap_mpm_pod_open(apr_pool_t *p, ap_pod_t **pod)
+{
+ apr_status_t rv;
+
+ *pod = apr_palloc(p, sizeof(**pod));
+ rv = apr_file_pipe_create(&((*pod)->pod_in), &((*pod)->pod_out), p);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+/*
+ apr_file_pipe_timeout_set((*pod)->pod_in, 0);
+*/
+ (*pod)->p = p;
+
+ apr_sockaddr_info_get(&(*pod)->sa, ap_listeners->bind_addr->hostname,
+ APR_UNSPEC, ap_listeners->bind_addr->port, 0, p);
+
+ return APR_SUCCESS;
+}
+
+AP_DECLARE(int) ap_mpm_pod_check(ap_pod_t *pod)
+{
+ char c;
+ apr_size_t len = 1;
+ apr_status_t rv;
+
+ rv = apr_file_read(pod->pod_in, &c, &len);
+
+ if ((rv == APR_SUCCESS) && (len ==1)) {
+ if (c == RESTART_CHAR) {
+ return AP_RESTART;
+ }
+ if (c == GRACEFUL_CHAR) {
+ return AP_GRACEFUL;
+ }
+ }
+ else if (rv != APR_SUCCESS) {
+ return rv;
+ }
+ return AP_NORESTART;
+}
+
+AP_DECLARE(apr_status_t) ap_mpm_pod_close(ap_pod_t *pod)
+{
+ apr_status_t rv;
+
+ rv = apr_file_close(pod->pod_out);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ rv = apr_file_close(pod->pod_in);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+ return rv;
+}
+
+static apr_status_t pod_signal_internal(ap_pod_t *pod, int graceful)
+{
+ apr_status_t rv;
+ char char_of_death = graceful ? GRACEFUL_CHAR : RESTART_CHAR;
+ apr_size_t one = 1;
+
+ do {
+ rv = apr_file_write(pod->pod_out, &char_of_death, &one);
+ } while (APR_STATUS_IS_EINTR(rv));
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
+ "write pipe_of_death");
+ }
+ return rv;
+}
+
+/* This function connects to the server, then immediately closes the connection.
+ * This permits the MPM to skip the poll when there is only one listening
+ * socket, because it provides a alternate way to unblock an accept() when
+ * the pod is used.
+ */
+
+static apr_status_t dummy_connection(ap_pod_t *pod)
+{
+ apr_status_t rv;
+ apr_socket_t *sock;
+ apr_pool_t *p;
+
+ /* create a temporary pool for the socket. pconf stays around too long */
+ rv = apr_pool_create(&p, pod->p);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ rv = apr_socket_create(&sock, pod->sa->family, SOCK_STREAM, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
+ "get socket to connect to listener");
+ return rv;
+ }
+ /* on some platforms (e.g., FreeBSD), the kernel won't accept many
+ * queued connections before it starts blocking local connects...
+ * we need to keep from blocking too long and instead return an error,
+ * because the MPM won't want to hold up a graceful restart for a
+ * long time
+ */
+ rv = apr_setsocketopt(sock, APR_SO_TIMEOUT, 3 * APR_USEC_PER_SEC);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
+ "set timeout on socket to connect to listener");
+ return rv;
+ }
+
+ rv = apr_connect(sock, pod->sa);
+ if (rv != APR_SUCCESS) {
+ int log_level = APLOG_WARNING;
+
+ if (APR_STATUS_IS_TIMEUP(rv)) {
+ /* probably some server processes bailed out already and there
+ * is nobody around to call accept and clear out the kernel
+ * connection queue; usually this is not worth logging
+ */
+ log_level = APLOG_DEBUG;
+ }
+
+ ap_log_error(APLOG_MARK, log_level, rv, ap_server_conf,
+ "connect to listener");
+ }
+
+ apr_socket_close(sock);
+ apr_pool_destroy(p);
+
+ return rv;
+}
+
+AP_DECLARE(apr_status_t) ap_mpm_pod_signal(ap_pod_t *pod, int graceful)
+{
+ apr_status_t rv;
+
+ rv = pod_signal_internal(pod, graceful);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+ return dummy_connection(pod);
+}
+
+AP_DECLARE(void) ap_mpm_pod_killpg(ap_pod_t *pod, int num, int graceful)
+{
+ int i;
+ apr_status_t rv = APR_SUCCESS;
+
+ for (i = 0; i < num && rv == APR_SUCCESS; i++) {
+ rv = pod_signal_internal(pod, graceful);
+ }
+ if (rv == APR_SUCCESS) {
+ for (i = 0; i < num && rv == APR_SUCCESS; i++) {
+ rv = dummy_connection(pod);
+ }
+ }
+}
+
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+#include "apr.h"
+#include "apr_strings.h"
+#include "apr_lock.h"
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_log.h"
+#include "http_main.h"
+#include "mpm.h"
+#include "mpm_common.h"
+#include "ap_mpm.h"
+#include "ap_listen.h"
+#include "mpm_default.h"
+
+#define RESTART_CHAR '$'
+#define GRACEFUL_CHAR '!'
+
+#define AP_RESTART 0
+#define AP_GRACEFUL 1
+
+typedef struct ap_pod_t ap_pod_t;
+
+struct ap_pod_t {
+ apr_file_t *pod_in;
+ apr_file_t *pod_out;
+ apr_pool_t *p;
+ apr_sockaddr_t *sa;
+};
+
+AP_DECLARE(apr_status_t) ap_mpm_pod_open(apr_pool_t *p, ap_pod_t **pod);
+AP_DECLARE(int) ap_mpm_pod_check(ap_pod_t *pod);
+AP_DECLARE(apr_status_t) ap_mpm_pod_close(ap_pod_t *pod);
+AP_DECLARE(apr_status_t) ap_mpm_pod_signal(ap_pod_t *pod, int graceful);
+AP_DECLARE(void) ap_mpm_pod_killpg(ap_pod_t *pod, int num, int graceful);
--- /dev/null
+#! /bin/sh
+
+# This file is generated by configure from RunTest.in. Make any changes
+# to that file.
+
+# Run PCRE tests
+
+cf=diff
+testdata=@top_srcdir@/testdata
+
+# Select which tests to run; if no selection, run all
+
+do1=no
+do2=no
+do3=no
+do4=no
+do5=no
+do6=no
+
+while [ $# -gt 0 ] ; do
+ case $1 in
+ 1) do1=yes;;
+ 2) do2=yes;;
+ 3) do3=yes;;
+ 4) do4=yes;;
+ 5) do5=yes;;
+ 6) do6=yes;;
+ *) echo "Unknown test number $1"; exit 1;;
+ esac
+ shift
+done
+
+if [ "@UTF8@" = "" ] ; then
+ if [ $do5 = yes ] ; then
+ echo "Can't run test 5 because UFT8 support is not configured"
+ exit 1
+ fi
+ if [ $do6 = yes ] ; then
+ echo "Can't run test 6 because UFT8 support is not configured"
+ exit 1
+ fi
+fi
+
+if [ $do1 = no -a $do2 = no -a $do3 = no -a $do4 = no -a\
+ $do5 = no -a $do6 = no ] ; then
+ do1=yes
+ do2=yes
+ do3=yes
+ do4=yes
+ if [ "@UTF8@" != "" ] ; then do5=yes; fi
+ if [ "@UTF8@" != "" ] ; then do6=yes; fi
+fi
+
+# Primary test, Perl-compatible
+
+if [ $do1 = yes ] ; then
+ echo "Testing main functionality (Perl compatible)"
+ ./pcretest $testdata/testinput1 testtry
+ if [ $? = 0 ] ; then
+ $cf testtry $testdata/testoutput1
+ if [ $? != 0 ] ; then exit 1; fi
+ else exit 1
+ fi
+fi
+
+# PCRE tests that are not Perl-compatible - API & error tests, mostly
+
+if [ $do2 = yes ] ; then
+ echo "Testing API and error handling (not Perl compatible)"
+ ./pcretest -i $testdata/testinput2 testtry
+ if [ $? = 0 ] ; then
+ $cf testtry $testdata/testoutput2
+ if [ $? != 0 ] ; then exit 1; fi
+ else exit 1
+ fi
+fi
+
+# Additional Perl-compatible tests for Perl 5.005's new features
+
+if [ $do3 = yes ] ; then
+ echo "Testing Perl 5.005 features (Perl 5.005 compatible)"
+ ./pcretest $testdata/testinput3 testtry
+ if [ $? = 0 ] ; then
+ $cf testtry $testdata/testoutput3
+ if [ $? != 0 ] ; then exit 1; fi
+ else exit 1
+ fi
+fi
+
+if [ $do1 = yes -a $do2 = yes -a $do3 = yes ] ; then
+ echo " "
+ echo "The three main tests all ran OK"
+ echo " "
+fi
+
+# Locale-specific tests, provided the "fr" locale is available
+
+if [ $do4 = yes ] ; then
+ locale -a | grep '^fr$' >/dev/null
+ if [ $? -eq 0 ] ; then
+ echo "Testing locale-specific features (using 'fr' locale)"
+ ./pcretest $testdata/testinput4 testtry
+ if [ $? = 0 ] ; then
+ $cf testtry $testdata/testoutput4
+ if [ $? != 0 ] ; then
+ echo " "
+ echo "Locale test did not run entirely successfully."
+ echo "This usually means that there is a problem with the locale"
+ echo "settings rather than a bug in PCRE."
+ else
+ echo "Locale test ran OK"
+ fi
+ echo " "
+ else exit 1
+ fi
+ else
+ echo "Cannot test locale-specific features - 'fr' locale not found,"
+ echo "or the \"locale\" command is not available to check for it."
+ echo " "
+ fi
+fi
+
+# Additional tests for UTF8 support
+
+if [ $do5 = yes ] ; then
+ echo "Testing experimental, incomplete UTF8 support (Perl compatible)"
+ ./pcretest $testdata/testinput5 testtry
+ if [ $? = 0 ] ; then
+ $cf testtry $testdata/testoutput5
+ if [ $? != 0 ] ; then exit 1; fi
+ else exit 1
+ fi
+ echo "UTF8 test ran OK"
+ echo " "
+fi
+
+if [ $do6 = yes ] ; then
+ echo "Testing API and internals for UTF8 support (not Perl compatible)"
+ ./pcretest $testdata/testinput6 testtry
+ if [ $? = 0 ] ; then
+ $cf testtry $testdata/testoutput6
+ if [ $? != 0 ] ; then exit 1; fi
+ else exit 1
+ fi
+ echo "UTF8 internals test ran OK"
+ echo " "
+fi
+
+# End
--- /dev/null
+.TH PCREGREP 1
+.SH NAME
+pcregrep - a grep with Perl-compatible regular expressions.
+.SH SYNOPSIS
+.B pcregrep [-Vcfhilnrsvx] pattern [file] ...
+
+
+.SH DESCRIPTION
+\fBpcregrep\fR searches files for character patterns, in the same way as other
+grep commands do, but it uses the PCRE regular expression library to support
+patterns that are compatible with the regular expressions of Perl 5. See
+\fBpcre(3)\fR for a full description of syntax and semantics.
+
+If no files are specified, \fBpcregrep\fR reads the standard input. By default,
+each line that matches the pattern is copied to the standard output, and if
+there is more than one file, the file name is printed before each line of
+output. However, there are options that can change how \fBpcregrep\fR behaves.
+
+Lines are limited to BUFSIZ characters. BUFSIZ is defined in \fB<stdio.h>\fR.
+The newline character is removed from the end of each line before it is matched
+against the pattern.
+
+
+.SH OPTIONS
+.TP 10
+\fB-V\fR
+Write the version number of the PCRE library being used to the standard error
+stream.
+.TP
+\fB-c\fR
+Do not print individual lines; instead just print a count of the number of
+lines that would otherwise have been printed. If several files are given, a
+count is printed for each of them.
+.TP
+\fB-f\fIfilename\fR
+Read patterns from the file, one per line, and match all patterns against each
+line. There is a maximum of 100 patterns. Trailing white space is removed, and
+blank lines are ignored. An empty file contains no patterns and therefore
+matches nothing.
+.TP
+\fB-h\fR
+Suppress printing of filenames when searching multiple files.
+.TP
+\fB-i\fR
+Ignore upper/lower case distinctions during comparisons.
+.TP
+\fB-l\fR
+Instead of printing lines from the files, just print the names of the files
+containing lines that would have been printed. Each file name is printed
+once, on a separate line.
+.TP
+\fB-n\fR
+Precede each line by its line number in the file.
+.TP
+\fB-r\fR
+If any file is a directory, recursively scan the files it contains. Without
+\fB-r\fR a directory is scanned as a normal file.
+.TP
+\fB-s\fR
+Work silently, that is, display nothing except error messages.
+The exit status indicates whether any matches were found.
+.TP
+\fB-v\fR
+Invert the sense of the match, so that lines which do \fInot\fR match the
+pattern are now the ones that are found.
+.TP
+\fB-x\fR
+Force the pattern to be anchored (it must start matching at the beginning of
+the line) and in addition, require it to match the entire line. This is
+equivalent to having ^ and $ characters at the start and end of each
+alternative branch in the regular expression.
+
+
+.SH SEE ALSO
+\fBpcre(3)\fR, Perl 5 documentation
+
+
+.SH DIAGNOSTICS
+Exit status is 0 if any matches were found, 1 if no matches were found, and 2
+for syntax errors or inacessible files (even if matches were found).
+
+
+.SH AUTHOR
+Philip Hazel <ph10@cam.ac.uk>
+
+Last updated: 15 August 2001
+.br
+Copyright (c) 1997-2001 University of Cambridge.
--- /dev/null
+<HTML>
+<HEAD>
+<TITLE>pcregrep specification</TITLE>
+</HEAD>
+<body bgcolor="#FFFFFF" text="#00005A">
+<H1>pcregrep specification</H1>
+This HTML document has been generated automatically from the original man page.
+If there is any nonsense in it, please consult the man page in case the
+conversion went wrong.
+<UL>
+<LI><A NAME="TOC1" HREF="#SEC1">NAME</A>
+<LI><A NAME="TOC2" HREF="#SEC2">SYNOPSIS</A>
+<LI><A NAME="TOC3" HREF="#SEC3">DESCRIPTION</A>
+<LI><A NAME="TOC4" HREF="#SEC4">OPTIONS</A>
+<LI><A NAME="TOC5" HREF="#SEC5">SEE ALSO</A>
+<LI><A NAME="TOC6" HREF="#SEC6">DIAGNOSTICS</A>
+<LI><A NAME="TOC7" HREF="#SEC7">AUTHOR</A>
+</UL>
+<LI><A NAME="SEC1" HREF="#TOC1">NAME</A>
+<P>
+pcregrep - a grep with Perl-compatible regular expressions.
+</P>
+<LI><A NAME="SEC2" HREF="#TOC1">SYNOPSIS</A>
+<P>
+<B>pcregrep [-Vcfhilnrsvx] pattern [file] ...</B>
+</P>
+<LI><A NAME="SEC3" HREF="#TOC1">DESCRIPTION</A>
+<P>
+<B>pcregrep</B> searches files for character patterns, in the same way as other
+grep commands do, but it uses the PCRE regular expression library to support
+patterns that are compatible with the regular expressions of Perl 5. See
+<B>pcre(3)</B> for a full description of syntax and semantics.
+</P>
+<P>
+If no files are specified, <B>pcregrep</B> reads the standard input. By default,
+each line that matches the pattern is copied to the standard output, and if
+there is more than one file, the file name is printed before each line of
+output. However, there are options that can change how <B>pcregrep</B> behaves.
+</P>
+<P>
+Lines are limited to BUFSIZ characters. BUFSIZ is defined in <B><stdio.h></B>.
+The newline character is removed from the end of each line before it is matched
+against the pattern.
+</P>
+<LI><A NAME="SEC4" HREF="#TOC1">OPTIONS</A>
+<P>
+<B>-V</B>
+Write the version number of the PCRE library being used to the standard error
+stream.
+</P>
+<P>
+<B>-c</B>
+Do not print individual lines; instead just print a count of the number of
+lines that would otherwise have been printed. If several files are given, a
+count is printed for each of them.
+</P>
+<P>
+\fB-f<I>filename</I>
+Read patterns from the file, one per line, and match all patterns against each
+line. There is a maximum of 100 patterns. Trailing white space is removed, and
+blank lines are ignored. An empty file contains no patterns and therefore
+matches nothing.
+</P>
+<P>
+<B>-h</B>
+Suppress printing of filenames when searching multiple files.
+</P>
+<P>
+<B>-i</B>
+Ignore upper/lower case distinctions during comparisons.
+</P>
+<P>
+<B>-l</B>
+Instead of printing lines from the files, just print the names of the files
+containing lines that would have been printed. Each file name is printed
+once, on a separate line.
+</P>
+<P>
+<B>-n</B>
+Precede each line by its line number in the file.
+</P>
+<P>
+<B>-r</B>
+If any file is a directory, recursively scan the files it contains. Without
+<B>-r</B> a directory is scanned as a normal file.
+</P>
+<P>
+<B>-s</B>
+Work silently, that is, display nothing except error messages.
+The exit status indicates whether any matches were found.
+</P>
+<P>
+<B>-v</B>
+Invert the sense of the match, so that lines which do <I>not</I> match the
+pattern are now the ones that are found.
+</P>
+<P>
+<B>-x</B>
+Force the pattern to be anchored (it must start matching at the beginning of
+the line) and in addition, require it to match the entire line. This is
+equivalent to having ^ and $ characters at the start and end of each
+alternative branch in the regular expression.
+</P>
+<LI><A NAME="SEC5" HREF="#TOC1">SEE ALSO</A>
+<P>
+<B>pcre(3)</B>, Perl 5 documentation
+</P>
+<LI><A NAME="SEC6" HREF="#TOC1">DIAGNOSTICS</A>
+<P>
+Exit status is 0 if any matches were found, 1 if no matches were found, and 2
+for syntax errors or inacessible files (even if matches were found).
+</P>
+<LI><A NAME="SEC7" HREF="#TOC1">AUTHOR</A>
+<P>
+Philip Hazel <ph10@cam.ac.uk>
+</P>
+<P>
+Last updated: 15 August 2001
+<BR>
+Copyright (c) 1997-2001 University of Cambridge.
--- /dev/null
+NAME
+ pcregrep - a grep with Perl-compatible regular expressions.
+
+
+
+SYNOPSIS
+ pcregrep [-Vcfhilnrsvx] pattern [file] ...
+
+
+
+DESCRIPTION
+ pcregrep searches files for character patterns, in the same
+ way as other grep commands do, but it uses the PCRE regular
+ expression library to support patterns that are compatible
+ with the regular expressions of Perl 5. See pcre(3) for a
+ full description of syntax and semantics.
+
+ If no files are specified, pcregrep reads the standard
+ input. By default, each line that matches the pattern is
+ copied to the standard output, and if there is more than one
+ file, the file name is printed before each line of output.
+ However, there are options that can change how pcregrep
+ behaves.
+
+ Lines are limited to BUFSIZ characters. BUFSIZ is defined in
+ <stdio.h>. The newline character is removed from the end of
+ each line before it is matched against the pattern.
+
+
+
+OPTIONS
+ -V Write the version number of the PCRE library being
+ used to the standard error stream.
+
+ -c Do not print individual lines; instead just print
+ a count of the number of lines that would other-
+ wise have been printed. If several files are
+ given, a count is printed for each of them.
+
+ -ffilename
+ Read patterns from the file, one per line, and
+ match all patterns against each line. There is a
+ maximum of 100 patterns. Trailing white space is
+ removed, and blank lines are ignored. An empty
+ file contains no patterns and therefore matches
+ nothing.
+
+ -h Suppress printing of filenames when searching mul-
+ tiple files.
+
+ -i Ignore upper/lower case distinctions during com-
+ parisons.
+
+ -l Instead of printing lines from the files, just
+
+ print the names of the files containing lines that
+ would have been printed. Each file name is printed
+ once, on a separate line.
+
+ -n Precede each line by its line number in the file.
+
+ -r If any file is a directory, recursively scan the
+ files it contains. Without -r a directory is
+ scanned as a normal file.
+
+ -s Work silently, that is, display nothing except
+ error messages. The exit status indicates whether
+ any matches were found.
+
+ -v Invert the sense of the match, so that lines which
+ do not match the pattern are now the ones that are
+ found.
+
+ -x Force the pattern to be anchored (it must start
+ matching at the beginning of the line) and in
+ addition, require it to match the entire line.
+ This is equivalent to having ^ and $ characters at
+ the start and end of each alternative branch in
+ the regular expression.
+
+
+
+SEE ALSO
+ pcre(3), Perl 5 documentation
+
+
+
+
+
+DIAGNOSTICS
+ Exit status is 0 if any matches were found, 1 if no matches
+ were found, and 2 for syntax errors or inacessible files
+ (even if matches were found).
+
+
+
+AUTHOR
+ Philip Hazel <ph10@cam.ac.uk>
+
+ Last updated: 15 August 2001
+ Copyright (c) 1997-2001 University of Cambridge.
--- /dev/null
+.TH PCRETEST 1
+.SH NAME
+pcretest - a program for testing Perl-compatible regular expressions.
+.SH SYNOPSIS
+.B pcretest "[-d] [-i] [-m] [-o osize] [-p] [-t] [source] [destination]"
+
+\fBpcretest\fR was written as a test program for the PCRE regular expression
+library itself, but it can also be used for experimenting with regular
+expressions. This man page describes the features of the test program; for
+details of the regular expressions themselves, see the \fBpcre\fR man page.
+
+.SH OPTIONS
+.TP 10
+\fB-d\fR
+Behave as if each regex had the \fB/D\fR modifier (see below); the internal
+form is output after compilation.
+.TP 10
+\fB-i\fR
+Behave as if each regex had the \fB/I\fR modifier; information about the
+compiled pattern is given after compilation.
+.TP 10
+\fB-m\fR
+Output the size of each compiled pattern after it has been compiled. This is
+equivalent to adding /M to each regular expression. For compatibility with
+earlier versions of pcretest, \fB-s\fR is a synonym for \fB-m\fR.
+.TP 10
+\fB-o\fR \fIosize\fR
+Set the number of elements in the output vector that is used when calling PCRE
+to be \fIosize\fR. The default value is 45, which is enough for 14 capturing
+subexpressions. The vector size can be changed for individual matching calls by
+including \\O in the data line (see below).
+.TP 10
+\fB-p\fR
+Behave as if each regex has \fB/P\fR modifier; the POSIX wrapper API is used
+to call PCRE. None of the other options has any effect when \fB-p\fR is set.
+.TP 10
+\fB-t\fR
+Run each compile, study, and match 20000 times with a timer, and output
+resulting time per compile or match (in milliseconds). Do not set \fB-t\fR with
+\fB-m\fR, because you will then get the size output 20000 times and the timing
+will be distorted.
+
+
+.SH DESCRIPTION
+
+If \fBpcretest\fR is given two filename arguments, it reads from the first and
+writes to the second. If it is given only one filename argument, it reads from
+that file and writes to stdout. Otherwise, it reads from stdin and writes to
+stdout, and prompts for each line of input, using "re>" to prompt for regular
+expressions, and "data>" to prompt for data lines.
+
+The program handles any number of sets of input on a single input file. Each
+set starts with a regular expression, and continues with any number of data
+lines to be matched against the pattern. An empty line signals the end of the
+data lines, at which point a new regular expression is read. The regular
+expressions are given enclosed in any non-alphameric delimiters other than
+backslash, for example
+
+ /(a|bc)x+yz/
+
+White space before the initial delimiter is ignored. A regular expression may
+be continued over several input lines, in which case the newline characters are
+included within it. It is possible to include the delimiter within the pattern
+by escaping it, for example
+
+ /abc\\/def/
+
+If you do so, the escape and the delimiter form part of the pattern, but since
+delimiters are always non-alphameric, this does not affect its interpretation.
+If the terminating delimiter is immediately followed by a backslash, for
+example,
+
+ /abc/\\
+
+then a backslash is added to the end of the pattern. This is done to provide a
+way of testing the error condition that arises if a pattern finishes with a
+backslash, because
+
+ /abc\\/
+
+is interpreted as the first line of a pattern that starts with "abc/", causing
+pcretest to read the next line as a continuation of the regular expression.
+
+
+.SH PATTERN MODIFIERS
+
+The pattern may be followed by \fBi\fR, \fBm\fR, \fBs\fR, or \fBx\fR to set the
+PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options,
+respectively. For example:
+
+ /caseless/i
+
+These modifier letters have the same effect as they do in Perl. There are
+others which set PCRE options that do not correspond to anything in Perl:
+\fB/A\fR, \fB/E\fR, and \fB/X\fR set PCRE_ANCHORED, PCRE_DOLLAR_ENDONLY, and
+PCRE_EXTRA respectively.
+
+Searching for all possible matches within each subject string can be requested
+by the \fB/g\fR or \fB/G\fR modifier. After finding a match, PCRE is called
+again to search the remainder of the subject string. The difference between
+\fB/g\fR and \fB/G\fR is that the former uses the \fIstartoffset\fR argument to
+\fBpcre_exec()\fR to start searching at a new point within the entire string
+(which is in effect what Perl does), whereas the latter passes over a shortened
+substring. This makes a difference to the matching process if the pattern
+begins with a lookbehind assertion (including \\b or \\B).
+
+If any call to \fBpcre_exec()\fR in a \fB/g\fR or \fB/G\fR sequence matches an
+empty string, the next call is done with the PCRE_NOTEMPTY and PCRE_ANCHORED
+flags set in order to search for another, non-empty, match at the same point.
+If this second match fails, the start offset is advanced by one, and the normal
+match is retried. This imitates the way Perl handles such cases when using the
+\fB/g\fR modifier or the \fBsplit()\fR function.
+
+There are a number of other modifiers for controlling the way \fBpcretest\fR
+operates.
+
+The \fB/+\fR modifier requests that as well as outputting the substring that
+matched the entire pattern, pcretest should in addition output the remainder of
+the subject string. This is useful for tests where the subject contains
+multiple copies of the same substring.
+
+The \fB/L\fR modifier must be followed directly by the name of a locale, for
+example,
+
+ /pattern/Lfr
+
+For this reason, it must be the last modifier letter. The given locale is set,
+\fBpcre_maketables()\fR is called to build a set of character tables for the
+locale, and this is then passed to \fBpcre_compile()\fR when compiling the
+regular expression. Without an \fB/L\fR modifier, NULL is passed as the tables
+pointer; that is, \fB/L\fR applies only to the expression on which it appears.
+
+The \fB/I\fR modifier requests that \fBpcretest\fR output information about the
+compiled expression (whether it is anchored, has a fixed first character, and
+so on). It does this by calling \fBpcre_fullinfo()\fR after compiling an
+expression, and outputting the information it gets back. If the pattern is
+studied, the results of that are also output.
+
+The \fB/D\fR modifier is a PCRE debugging feature, which also assumes \fB/I\fR.
+It causes the internal form of compiled regular expressions to be output after
+compilation.
+
+The \fB/S\fR modifier causes \fBpcre_study()\fR to be called after the
+expression has been compiled, and the results used when the expression is
+matched.
+
+The \fB/M\fR modifier causes the size of memory block used to hold the compiled
+pattern to be output.
+
+The \fB/P\fR modifier causes \fBpcretest\fR to call PCRE via the POSIX wrapper
+API rather than its native API. When this is done, all other modifiers except
+\fB/i\fR, \fB/m\fR, and \fB/+\fR are ignored. REG_ICASE is set if \fB/i\fR is
+present, and REG_NEWLINE is set if \fB/m\fR is present. The wrapper functions
+force PCRE_DOLLAR_ENDONLY always, and PCRE_DOTALL unless REG_NEWLINE is set.
+
+The \fB/8\fR modifier causes \fBpcretest\fR to call PCRE with the PCRE_UTF8
+option set. This turns on the (currently incomplete) support for UTF-8
+character handling in PCRE, provided that it was compiled with this support
+enabled. This modifier also causes any non-printing characters in output
+strings to be printed using the \\x{hh...} notation if they are valid UTF-8
+sequences.
+
+
+.SH DATA LINES
+
+Before each data line is passed to \fBpcre_exec()\fR, leading and trailing
+whitespace is removed, and it is then scanned for \\ escapes. The following are
+recognized:
+
+ \\a alarm (= BEL)
+ \\b backspace
+ \\e escape
+ \\f formfeed
+ \\n newline
+ \\r carriage return
+ \\t tab
+ \\v vertical tab
+ \\nnn octal character (up to 3 octal digits)
+ \\xhh hexadecimal character (up to 2 hex digits)
+ \\x{hh...} hexadecimal UTF-8 character
+
+ \\A pass the PCRE_ANCHORED option to \fBpcre_exec()\fR
+ \\B pass the PCRE_NOTBOL option to \fBpcre_exec()\fR
+ \\Cdd call pcre_copy_substring() for substring dd
+ after a successful match (any decimal number
+ less than 32)
+ \\Gdd call pcre_get_substring() for substring dd
+ after a successful match (any decimal number
+ less than 32)
+ \\L call pcre_get_substringlist() after a
+ successful match
+ \\N pass the PCRE_NOTEMPTY option to \fBpcre_exec()\fR
+ \\Odd set the size of the output vector passed to
+ \fBpcre_exec()\fR to dd (any number of decimal
+ digits)
+ \\Z pass the PCRE_NOTEOL option to \fBpcre_exec()\fR
+
+When \\O is used, it may be higher or lower than the size set by the \fB-O\fR
+option (or defaulted to 45); \\O applies only to the call of \fBpcre_exec()\fR
+for the line in which it appears.
+
+A backslash followed by anything else just escapes the anything else. If the
+very last character is a backslash, it is ignored. This gives a way of passing
+an empty line as data, since a real empty line terminates the data input.
+
+If \fB/P\fR was present on the regex, causing the POSIX wrapper API to be used,
+only \fB\B\fR, and \fB\Z\fR have any effect, causing REG_NOTBOL and REG_NOTEOL
+to be passed to \fBregexec()\fR respectively.
+
+The use of \\x{hh...} to represent UTF-8 characters is not dependent on the use
+of the \fB/8\fR modifier on the pattern. It is recognized always. There may be
+any number of hexadecimal digits inside the braces. The result is from one to
+six bytes, encoded according to the UTF-8 rules.
+
+
+.SH OUTPUT FROM PCRETEST
+
+When a match succeeds, pcretest outputs the list of captured substrings that
+\fBpcre_exec()\fR returns, starting with number 0 for the string that matched
+the whole pattern. Here is an example of an interactive pcretest run.
+
+ $ pcretest
+ PCRE version 2.06 08-Jun-1999
+
+ re> /^abc(\\d+)/
+ data> abc123
+ 0: abc123
+ 1: 123
+ data> xyz
+ No match
+
+If the strings contain any non-printing characters, they are output as \\0x
+escapes, or as \\x{...} escapes if the \fB/8\fR modifier was present on the
+pattern. If the pattern has the \fB/+\fR modifier, then the output for
+substring 0 is followed by the the rest of the subject string, identified by
+"0+" like this:
+
+ re> /cat/+
+ data> cataract
+ 0: cat
+ 0+ aract
+
+If the pattern has the \fB/g\fR or \fB/G\fR modifier, the results of successive
+matching attempts are output in sequence, like this:
+
+ re> /\\Bi(\\w\\w)/g
+ data> Mississippi
+ 0: iss
+ 1: ss
+ 0: iss
+ 1: ss
+ 0: ipp
+ 1: pp
+
+"No match" is output only if the first match attempt fails.
+
+If any of the sequences \fB\\C\fR, \fB\\G\fR, or \fB\\L\fR are present in a
+data line that is successfully matched, the substrings extracted by the
+convenience functions are output with C, G, or L after the string number
+instead of a colon. This is in addition to the normal full list. The string
+length (that is, the return from the extraction function) is given in
+parentheses after each string for \fB\\C\fR and \fB\\G\fR.
+
+Note that while patterns can be continued over several lines (a plain ">"
+prompt is used for continuations), data lines may not. However newlines can be
+included in data by means of the \\n escape.
+
+
+.SH AUTHOR
+Philip Hazel <ph10@cam.ac.uk>
+.br
+University Computing Service,
+.br
+New Museums Site,
+.br
+Cambridge CB2 3QG, England.
+.br
+Phone: +44 1223 334714
+
+Last updated: 15 August 2001
+.br
+Copyright (c) 1997-2001 University of Cambridge.
--- /dev/null
+<HTML>
+<HEAD>
+<TITLE>pcretest specification</TITLE>
+</HEAD>
+<body bgcolor="#FFFFFF" text="#00005A">
+<H1>pcretest specification</H1>
+This HTML document has been generated automatically from the original man page.
+If there is any nonsense in it, please consult the man page in case the
+conversion went wrong.
+<UL>
+<LI><A NAME="TOC1" HREF="#SEC1">NAME</A>
+<LI><A NAME="TOC2" HREF="#SEC2">SYNOPSIS</A>
+<LI><A NAME="TOC3" HREF="#SEC3">OPTIONS</A>
+<LI><A NAME="TOC4" HREF="#SEC4">DESCRIPTION</A>
+<LI><A NAME="TOC5" HREF="#SEC5">PATTERN MODIFIERS</A>
+<LI><A NAME="TOC6" HREF="#SEC6">DATA LINES</A>
+<LI><A NAME="TOC7" HREF="#SEC7">OUTPUT FROM PCRETEST</A>
+<LI><A NAME="TOC8" HREF="#SEC8">AUTHOR</A>
+</UL>
+<LI><A NAME="SEC1" HREF="#TOC1">NAME</A>
+<P>
+pcretest - a program for testing Perl-compatible regular expressions.
+</P>
+<LI><A NAME="SEC2" HREF="#TOC1">SYNOPSIS</A>
+<P>
+<B>pcretest [-d] [-i] [-m] [-o osize] [-p] [-t] [source] [destination]</B>
+</P>
+<P>
+<B>pcretest</B> was written as a test program for the PCRE regular expression
+library itself, but it can also be used for experimenting with regular
+expressions. This man page describes the features of the test program; for
+details of the regular expressions themselves, see the <B>pcre</B> man page.
+</P>
+<LI><A NAME="SEC3" HREF="#TOC1">OPTIONS</A>
+<P>
+<B>-d</B>
+Behave as if each regex had the <B>/D</B> modifier (see below); the internal
+form is output after compilation.
+</P>
+<P>
+<B>-i</B>
+Behave as if each regex had the <B>/I</B> modifier; information about the
+compiled pattern is given after compilation.
+</P>
+<P>
+<B>-m</B>
+Output the size of each compiled pattern after it has been compiled. This is
+equivalent to adding /M to each regular expression. For compatibility with
+earlier versions of pcretest, <B>-s</B> is a synonym for <B>-m</B>.
+</P>
+<P>
+<B>-o</B> <I>osize</I>
+Set the number of elements in the output vector that is used when calling PCRE
+to be <I>osize</I>. The default value is 45, which is enough for 14 capturing
+subexpressions. The vector size can be changed for individual matching calls by
+including \O in the data line (see below).
+</P>
+<P>
+<B>-p</B>
+Behave as if each regex has <B>/P</B> modifier; the POSIX wrapper API is used
+to call PCRE. None of the other options has any effect when <B>-p</B> is set.
+</P>
+<P>
+<B>-t</B>
+Run each compile, study, and match 20000 times with a timer, and output
+resulting time per compile or match (in milliseconds). Do not set <B>-t</B> with
+<B>-m</B>, because you will then get the size output 20000 times and the timing
+will be distorted.
+</P>
+<LI><A NAME="SEC4" HREF="#TOC1">DESCRIPTION</A>
+<P>
+If <B>pcretest</B> is given two filename arguments, it reads from the first and
+writes to the second. If it is given only one filename argument, it reads from
+that file and writes to stdout. Otherwise, it reads from stdin and writes to
+stdout, and prompts for each line of input, using "re>" to prompt for regular
+expressions, and "data>" to prompt for data lines.
+</P>
+<P>
+The program handles any number of sets of input on a single input file. Each
+set starts with a regular expression, and continues with any number of data
+lines to be matched against the pattern. An empty line signals the end of the
+data lines, at which point a new regular expression is read. The regular
+expressions are given enclosed in any non-alphameric delimiters other than
+backslash, for example
+</P>
+<P>
+<PRE>
+ /(a|bc)x+yz/
+</PRE>
+</P>
+<P>
+White space before the initial delimiter is ignored. A regular expression may
+be continued over several input lines, in which case the newline characters are
+included within it. It is possible to include the delimiter within the pattern
+by escaping it, for example
+</P>
+<P>
+<PRE>
+ /abc\/def/
+</PRE>
+</P>
+<P>
+If you do so, the escape and the delimiter form part of the pattern, but since
+delimiters are always non-alphameric, this does not affect its interpretation.
+If the terminating delimiter is immediately followed by a backslash, for
+example,
+</P>
+<P>
+<PRE>
+ /abc/\
+</PRE>
+</P>
+<P>
+then a backslash is added to the end of the pattern. This is done to provide a
+way of testing the error condition that arises if a pattern finishes with a
+backslash, because
+</P>
+<P>
+<PRE>
+ /abc\/
+</PRE>
+</P>
+<P>
+is interpreted as the first line of a pattern that starts with "abc/", causing
+pcretest to read the next line as a continuation of the regular expression.
+</P>
+<LI><A NAME="SEC5" HREF="#TOC1">PATTERN MODIFIERS</A>
+<P>
+The pattern may be followed by <B>i</B>, <B>m</B>, <B>s</B>, or <B>x</B> to set the
+PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options,
+respectively. For example:
+</P>
+<P>
+<PRE>
+ /caseless/i
+</PRE>
+</P>
+<P>
+These modifier letters have the same effect as they do in Perl. There are
+others which set PCRE options that do not correspond to anything in Perl:
+<B>/A</B>, <B>/E</B>, and <B>/X</B> set PCRE_ANCHORED, PCRE_DOLLAR_ENDONLY, and
+PCRE_EXTRA respectively.
+</P>
+<P>
+Searching for all possible matches within each subject string can be requested
+by the <B>/g</B> or <B>/G</B> modifier. After finding a match, PCRE is called
+again to search the remainder of the subject string. The difference between
+<B>/g</B> and <B>/G</B> is that the former uses the <I>startoffset</I> argument to
+<B>pcre_exec()</B> to start searching at a new point within the entire string
+(which is in effect what Perl does), whereas the latter passes over a shortened
+substring. This makes a difference to the matching process if the pattern
+begins with a lookbehind assertion (including \b or \B).
+</P>
+<P>
+If any call to <B>pcre_exec()</B> in a <B>/g</B> or <B>/G</B> sequence matches an
+empty string, the next call is done with the PCRE_NOTEMPTY and PCRE_ANCHORED
+flags set in order to search for another, non-empty, match at the same point.
+If this second match fails, the start offset is advanced by one, and the normal
+match is retried. This imitates the way Perl handles such cases when using the
+<B>/g</B> modifier or the <B>split()</B> function.
+</P>
+<P>
+There are a number of other modifiers for controlling the way <B>pcretest</B>
+operates.
+</P>
+<P>
+The <B>/+</B> modifier requests that as well as outputting the substring that
+matched the entire pattern, pcretest should in addition output the remainder of
+the subject string. This is useful for tests where the subject contains
+multiple copies of the same substring.
+</P>
+<P>
+The <B>/L</B> modifier must be followed directly by the name of a locale, for
+example,
+</P>
+<P>
+<PRE>
+ /pattern/Lfr
+</PRE>
+</P>
+<P>
+For this reason, it must be the last modifier letter. The given locale is set,
+<B>pcre_maketables()</B> is called to build a set of character tables for the
+locale, and this is then passed to <B>pcre_compile()</B> when compiling the
+regular expression. Without an <B>/L</B> modifier, NULL is passed as the tables
+pointer; that is, <B>/L</B> applies only to the expression on which it appears.
+</P>
+<P>
+The <B>/I</B> modifier requests that <B>pcretest</B> output information about the
+compiled expression (whether it is anchored, has a fixed first character, and
+so on). It does this by calling <B>pcre_fullinfo()</B> after compiling an
+expression, and outputting the information it gets back. If the pattern is
+studied, the results of that are also output.
+</P>
+<P>
+The <B>/D</B> modifier is a PCRE debugging feature, which also assumes <B>/I</B>.
+It causes the internal form of compiled regular expressions to be output after
+compilation.
+</P>
+<P>
+The <B>/S</B> modifier causes <B>pcre_study()</B> to be called after the
+expression has been compiled, and the results used when the expression is
+matched.
+</P>
+<P>
+The <B>/M</B> modifier causes the size of memory block used to hold the compiled
+pattern to be output.
+</P>
+<P>
+The <B>/P</B> modifier causes <B>pcretest</B> to call PCRE via the POSIX wrapper
+API rather than its native API. When this is done, all other modifiers except
+<B>/i</B>, <B>/m</B>, and <B>/+</B> are ignored. REG_ICASE is set if <B>/i</B> is
+present, and REG_NEWLINE is set if <B>/m</B> is present. The wrapper functions
+force PCRE_DOLLAR_ENDONLY always, and PCRE_DOTALL unless REG_NEWLINE is set.
+</P>
+<P>
+The <B>/8</B> modifier causes <B>pcretest</B> to call PCRE with the PCRE_UTF8
+option set. This turns on the (currently incomplete) support for UTF-8
+character handling in PCRE, provided that it was compiled with this support
+enabled. This modifier also causes any non-printing characters in output
+strings to be printed using the \x{hh...} notation if they are valid UTF-8
+sequences.
+</P>
+<LI><A NAME="SEC6" HREF="#TOC1">DATA LINES</A>
+<P>
+Before each data line is passed to <B>pcre_exec()</B>, leading and trailing
+whitespace is removed, and it is then scanned for \ escapes. The following are
+recognized:
+</P>
+<P>
+<PRE>
+ \a alarm (= BEL)
+ \b backspace
+ \e escape
+ \f formfeed
+ \n newline
+ \r carriage return
+ \t tab
+ \v vertical tab
+ \nnn octal character (up to 3 octal digits)
+ \xhh hexadecimal character (up to 2 hex digits)
+ \x{hh...} hexadecimal UTF-8 character
+</PRE>
+</P>
+<P>
+<PRE>
+ \A pass the PCRE_ANCHORED option to <B>pcre_exec()</B>
+ \B pass the PCRE_NOTBOL option to <B>pcre_exec()</B>
+ \Cdd call pcre_copy_substring() for substring dd
+ after a successful match (any decimal number
+ less than 32)
+ \Gdd call pcre_get_substring() for substring dd
+ after a successful match (any decimal number
+ less than 32)
+ \L call pcre_get_substringlist() after a
+ successful match
+ \N pass the PCRE_NOTEMPTY option to <B>pcre_exec()</B>
+ \Odd set the size of the output vector passed to
+ <B>pcre_exec()</B> to dd (any number of decimal
+ digits)
+ \Z pass the PCRE_NOTEOL option to <B>pcre_exec()</B>
+</PRE>
+</P>
+<P>
+When \O is used, it may be higher or lower than the size set by the <B>-O</B>
+option (or defaulted to 45); \O applies only to the call of <B>pcre_exec()</B>
+for the line in which it appears.
+</P>
+<P>
+A backslash followed by anything else just escapes the anything else. If the
+very last character is a backslash, it is ignored. This gives a way of passing
+an empty line as data, since a real empty line terminates the data input.
+</P>
+<P>
+If <B>/P</B> was present on the regex, causing the POSIX wrapper API to be used,
+only <B>\B</B>, and <B>\Z</B> have any effect, causing REG_NOTBOL and REG_NOTEOL
+to be passed to <B>regexec()</B> respectively.
+</P>
+<P>
+The use of \x{hh...} to represent UTF-8 characters is not dependent on the use
+of the <B>/8</B> modifier on the pattern. It is recognized always. There may be
+any number of hexadecimal digits inside the braces. The result is from one to
+six bytes, encoded according to the UTF-8 rules.
+</P>
+<LI><A NAME="SEC7" HREF="#TOC1">OUTPUT FROM PCRETEST</A>
+<P>
+When a match succeeds, pcretest outputs the list of captured substrings that
+<B>pcre_exec()</B> returns, starting with number 0 for the string that matched
+the whole pattern. Here is an example of an interactive pcretest run.
+</P>
+<P>
+<PRE>
+ $ pcretest
+ PCRE version 2.06 08-Jun-1999
+</PRE>
+</P>
+<P>
+<PRE>
+ re> /^abc(\d+)/
+ data> abc123
+ 0: abc123
+ 1: 123
+ data> xyz
+ No match
+</PRE>
+</P>
+<P>
+If the strings contain any non-printing characters, they are output as \0x
+escapes, or as \x{...} escapes if the <B>/8</B> modifier was present on the
+pattern. If the pattern has the <B>/+</B> modifier, then the output for
+substring 0 is followed by the the rest of the subject string, identified by
+"0+" like this:
+</P>
+<P>
+<PRE>
+ re> /cat/+
+ data> cataract
+ 0: cat
+ 0+ aract
+</PRE>
+</P>
+<P>
+If the pattern has the <B>/g</B> or <B>/G</B> modifier, the results of successive
+matching attempts are output in sequence, like this:
+</P>
+<P>
+<PRE>
+ re> /\Bi(\w\w)/g
+ data> Mississippi
+ 0: iss
+ 1: ss
+ 0: iss
+ 1: ss
+ 0: ipp
+ 1: pp
+</PRE>
+</P>
+<P>
+"No match" is output only if the first match attempt fails.
+</P>
+<P>
+If any of the sequences <B>\C</B>, <B>\G</B>, or <B>\L</B> are present in a
+data line that is successfully matched, the substrings extracted by the
+convenience functions are output with C, G, or L after the string number
+instead of a colon. This is in addition to the normal full list. The string
+length (that is, the return from the extraction function) is given in
+parentheses after each string for <B>\C</B> and <B>\G</B>.
+</P>
+<P>
+Note that while patterns can be continued over several lines (a plain ">"
+prompt is used for continuations), data lines may not. However newlines can be
+included in data by means of the \n escape.
+</P>
+<LI><A NAME="SEC8" HREF="#TOC1">AUTHOR</A>
+<P>
+Philip Hazel <ph10@cam.ac.uk>
+<BR>
+University Computing Service,
+<BR>
+New Museums Site,
+<BR>
+Cambridge CB2 3QG, England.
+<BR>
+Phone: +44 1223 334714
+</P>
+<P>
+Last updated: 15 August 2001
+<BR>
+Copyright (c) 1997-2001 University of Cambridge.
--- /dev/null
+#include <stdio.h>
+#include <string.h>
+#include <pcre.h>
+
+/* Compile thuswise:
+ gcc -Wall pcredemo.c -I/opt/local/include -L/opt/local/lib \
+ -R/opt/local/lib -lpcre
+*/
+
+#define OVECCOUNT 30 /* should be a multiple of 3 */
+
+int main(int argc, char **argv)
+{
+pcre *re;
+const char *error;
+int erroffset;
+int ovector[OVECCOUNT];
+int rc, i;
+
+if (argc != 3)
+ {
+ printf("Two arguments required: a regex and a subject string\n");
+ return 1;
+ }
+
+/* Compile the regular expression in the first argument */
+
+re = pcre_compile(
+ argv[1], /* the pattern */
+ 0, /* default options */
+ &error, /* for error message */
+ &erroffset, /* for error offset */
+ NULL); /* use default character tables */
+
+/* Compilation failed: print the error message and exit */
+
+if (re == NULL)
+ {
+ printf("PCRE compilation failed at offset %d: %s\n", erroffset, error);
+ return 1;
+ }
+
+/* Compilation succeeded: match the subject in the second argument */
+
+rc = pcre_exec(
+ re, /* the compiled pattern */
+ NULL, /* no extra data - we didn't study the pattern */
+ argv[2], /* the subject string */
+ (int)strlen(argv[2]), /* the length of the subject */
+ 0, /* start at offset 0 in the subject */
+ 0, /* default options */
+ ovector, /* output vector for substring information */
+ OVECCOUNT); /* number of elements in the output vector */
+
+/* Matching failed: handle error cases */
+
+if (rc < 0)
+ {
+ switch(rc)
+ {
+ case PCRE_ERROR_NOMATCH: printf("No match\n"); break;
+ /*
+ Handle other special cases if you like
+ */
+ default: printf("Matching error %d\n", rc); break;
+ }
+ return 1;
+ }
+
+/* Match succeded */
+
+printf("Match succeeded\n");
+
+/* The output vector wasn't big enough */
+
+if (rc == 0)
+ {
+ rc = OVECCOUNT/3;
+ printf("ovector only has room for %d captured substrings\n", rc - 1);
+ }
+
+/* Show substrings stored in the output vector */
+
+for (i = 0; i < rc; i++)
+ {
+ char *substring_start = argv[2] + ovector[2*i];
+ int substring_length = ovector[2*i+1] - ovector[2*i];
+ printf("%2d: %.*s\n", i, substring_length, substring_start);
+ }
+
+return 0;
+}
+
+
--- /dev/null
+/*************************************************
+* pcregrep program *
+*************************************************/
+
+/* This is a grep program that uses the PCRE regular expression library to do
+its pattern matching. On a Unix system it can recurse into directories. */
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "config.h"
+#include "pcre.h"
+
+#define FALSE 0
+#define TRUE 1
+
+typedef int BOOL;
+
+#define VERSION "2.0 01-Aug-2001"
+#define MAX_PATTERN_COUNT 100
+
+
+/*************************************************
+* Global variables *
+*************************************************/
+
+static char *pattern_filename = NULL;
+static int pattern_count = 0;
+static pcre **pattern_list;
+static pcre_extra **hints_list;
+
+static BOOL count_only = FALSE;
+static BOOL filenames = TRUE;
+static BOOL filenames_only = FALSE;
+static BOOL invert = FALSE;
+static BOOL number = FALSE;
+static BOOL recurse = FALSE;
+static BOOL silent = FALSE;
+static BOOL whole_lines = FALSE;
+
+/* Structure for options and list of them */
+
+typedef struct option_item {
+ int one_char;
+ char *long_name;
+ char *help_text;
+} option_item;
+
+static option_item optionlist[] = {
+ { -1, "help", "display this help and exit" },
+ { 'c', "count", "print only a count of matching lines per FILE" },
+ { 'h', "no-filename", "suppress the prefixing filename on output" },
+ { 'i', "ignore-case", "ignore case distinctions" },
+ { 'l', "files-with-matches", "print only FILE names containing matches" },
+ { 'n', "line-number", "print line number with output lines" },
+ { 'r', "recursive", "recursively scan sub-directories" },
+ { 's', "no-messages", "suppress error messages" },
+ { 'V', "version", "print version information and exit" },
+ { 'v', "invert-match", "select non-matching lines" },
+ { 'x', "line-regex", "force PATTERN to match only whole lines" },
+ { 'x', "line-regexp", "force PATTERN to match only whole lines" },
+ { 0, NULL, NULL }
+};
+
+
+/*************************************************
+* Functions for directory scanning *
+*************************************************/
+
+/* These functions are defined so that they can be made system specific,
+although at present the only ones are for Unix, and for "no directory recursion
+support". */
+
+
+/************* Directory scanning in Unix ***********/
+
+#if IS_UNIX
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+
+typedef DIR directory_type;
+
+int
+isdirectory(char *filename)
+{
+struct stat statbuf;
+if (stat(filename, &statbuf) < 0)
+ return 0; /* In the expectation that opening as a file will fail */
+return ((statbuf.st_mode & S_IFMT) == S_IFDIR)? '/' : 0;
+}
+
+directory_type *
+opendirectory(char *filename)
+{
+return opendir(filename);
+}
+
+char *
+readdirectory(directory_type *dir)
+{
+for (;;)
+ {
+ struct dirent *dent = readdir(dir);
+ if (dent == NULL) return NULL;
+ if (strcmp(dent->d_name, ".") != 0 && strcmp(dent->d_name, "..") != 0)
+ return dent->d_name;
+ }
+return NULL; /* Keep compiler happy; never executed */
+}
+
+void
+closedirectory(directory_type *dir)
+{
+closedir(dir);
+}
+
+
+#else
+
+
+/************* Directory scanning when we can't do it ***********/
+
+/* The type is void, and apart from isdirectory(), the functions do nothing. */
+
+typedef void directory_type;
+
+int isdirectory(char *filename) { return FALSE; }
+directory_type * opendirectory(char *filename) {}
+char *readdirectory(directory_type *dir) {}
+void closedirectory(directory_type *dir) {}
+
+#endif
+
+
+
+#if ! HAVE_STRERROR
+/*************************************************
+* Provide strerror() for non-ANSI libraries *
+*************************************************/
+
+/* Some old-fashioned systems still around (e.g. SunOS4) don't have strerror()
+in their libraries, but can provide the same facility by this simple
+alternative function. */
+
+extern int sys_nerr;
+extern char *sys_errlist[];
+
+char *
+strerror(int n)
+{
+if (n < 0 || n >= sys_nerr) return "unknown error number";
+return sys_errlist[n];
+}
+#endif /* HAVE_STRERROR */
+
+
+
+/*************************************************
+* Grep an individual file *
+*************************************************/
+
+static int
+pcregrep(FILE *in, char *name)
+{
+int rc = 1;
+int linenumber = 0;
+int count = 0;
+int offsets[99];
+char buffer[BUFSIZ];
+
+while (fgets(buffer, sizeof(buffer), in) != NULL)
+ {
+ BOOL match = FALSE;
+ int i;
+ int length = (int)strlen(buffer);
+ if (length > 0 && buffer[length-1] == '\n') buffer[--length] = 0;
+ linenumber++;
+
+ for (i = 0; !match && i < pattern_count; i++)
+ {
+ match = pcre_exec(pattern_list[i], hints_list[i], buffer, length, 0, 0,
+ offsets, 99) >= 0;
+ if (match && whole_lines && offsets[1] != length) match = FALSE;
+ }
+
+ if (match != invert)
+ {
+ if (count_only) count++;
+
+ else if (filenames_only)
+ {
+ fprintf(stdout, "%s\n", (name == NULL)? "<stdin>" : name);
+ return 0;
+ }
+
+ else if (silent) return 0;
+
+ else
+ {
+ if (name != NULL) fprintf(stdout, "%s:", name);
+ if (number) fprintf(stdout, "%d:", linenumber);
+ fprintf(stdout, "%s\n", buffer);
+ }
+
+ rc = 0;
+ }
+ }
+
+if (count_only)
+ {
+ if (name != NULL) fprintf(stdout, "%s:", name);
+ fprintf(stdout, "%d\n", count);
+ }
+
+return rc;
+}
+
+
+
+
+/*************************************************
+* Grep a file or recurse into a directory *
+*************************************************/
+
+static int
+grep_or_recurse(char *filename, BOOL recurse, BOOL show_filenames,
+ BOOL only_one_at_top)
+{
+int rc = 1;
+int sep;
+FILE *in;
+
+/* If the file is a directory and we are recursing, scan each file within it.
+The scanning code is localized so it can be made system-specific. */
+
+if ((sep = isdirectory(filename)) != 0 && recurse)
+ {
+ char buffer[1024];
+ char *nextfile;
+ directory_type *dir = opendirectory(filename);
+
+ if (dir == NULL)
+ {
+ fprintf(stderr, "pcregrep: Failed to open directory %s: %s\n", filename,
+ strerror(errno));
+ return 2;
+ }
+
+ while ((nextfile = readdirectory(dir)) != NULL)
+ {
+ int frc;
+ sprintf(buffer, "%.512s%c%.128s", filename, sep, nextfile);
+ frc = grep_or_recurse(buffer, recurse, TRUE, FALSE);
+ if (frc == 0 && rc == 1) rc = 0;
+ }
+
+ closedirectory(dir);
+ return rc;
+ }
+
+/* If the file is not a directory, or we are not recursing, scan it. If this is
+the first and only argument at top level, we don't show the file name.
+Otherwise, control is via the show_filenames variable. */
+
+in = fopen(filename, "r");
+if (in == NULL)
+ {
+ fprintf(stderr, "pcregrep: Failed to open %s: %s\n", filename, strerror(errno));
+ return 2;
+ }
+
+rc = pcregrep(in, (show_filenames && !only_one_at_top)? filename : NULL);
+fclose(in);
+return rc;
+}
+
+
+
+
+/*************************************************
+* Usage function *
+*************************************************/
+
+static int
+usage(int rc)
+{
+fprintf(stderr, "Usage: pcregrep [-Vcfhilnrsvx] [long-options] pattern [file] ...\n");
+fprintf(stderr, "Type `pcregrep --help' for more information.\n");
+return rc;
+}
+
+
+
+
+/*************************************************
+* Help function *
+*************************************************/
+
+static void
+help(void)
+{
+option_item *op;
+
+printf("Usage: pcregrep [OPTION]... PATTERN [FILE] ...\n");
+printf("Search for PATTERN in each FILE or standard input.\n");
+printf("Example: pcregrep -i 'hello.*world' menu.h main.c\n\n");
+
+printf("Options:\n");
+
+for (op = optionlist; op->one_char != 0; op++)
+ {
+ int n;
+ char s[4];
+ if (op->one_char > 0) sprintf(s, "-%c,", op->one_char); else strcpy(s, " ");
+ printf(" %s --%s%n", s, op->long_name, &n);
+ n = 30 - n;
+ if (n < 1) n = 1;
+ printf("%.*s%s\n", n, " ", op->help_text);
+ }
+
+printf("\n -f<filename> or --file=<filename>\n");
+printf(" Read patterns from <filename> instead of using a command line option.\n");
+printf(" Trailing white space is removed; blanks lines are ignored.\n");
+printf(" There is a maximum of %d patterns.\n", MAX_PATTERN_COUNT);
+
+printf("\nWith no FILE, read standard input. If fewer than two FILEs given, assume -h.\n");
+printf("Exit status is 0 if any matches, 1 if no matches, and 2 if trouble.\n");
+}
+
+
+
+
+/*************************************************
+* Handle an option *
+*************************************************/
+
+static int
+handle_option(int letter, int options)
+{
+switch(letter)
+ {
+ case -1: help(); exit(0);
+ case 'c': count_only = TRUE; break;
+ case 'h': filenames = FALSE; break;
+ case 'i': options |= PCRE_CASELESS; break;
+ case 'l': filenames_only = TRUE;
+ case 'n': number = TRUE; break;
+ case 'r': recurse = TRUE; break;
+ case 's': silent = TRUE; break;
+ case 'v': invert = TRUE; break;
+ case 'x': whole_lines = TRUE; options |= PCRE_ANCHORED; break;
+
+ case 'V':
+ fprintf(stderr, "pcregrep version %s using ", VERSION);
+ fprintf(stderr, "PCRE version %s\n", pcre_version());
+ exit(0);
+ break;
+
+ default:
+ fprintf(stderr, "pcregrep: Unknown option -%c\n", letter);
+ exit(usage(2));
+ }
+
+return options;
+}
+
+
+
+
+/*************************************************
+* Main program *
+*************************************************/
+
+int
+main(int argc, char **argv)
+{
+int i, j;
+int rc = 1;
+int options = 0;
+int errptr;
+const char *error;
+BOOL only_one_at_top;
+
+/* Process the options */
+
+for (i = 1; i < argc; i++)
+ {
+ if (argv[i][0] != '-') break;
+
+ /* Long name options */
+
+ if (argv[i][1] == '-')
+ {
+ option_item *op;
+
+ if (strncmp(argv[i]+2, "file=", 5) == 0)
+ {
+ pattern_filename = argv[i] + 7;
+ continue;
+ }
+
+ for (op = optionlist; op->one_char != 0; op++)
+ {
+ if (strcmp(argv[i]+2, op->long_name) == 0)
+ {
+ options = handle_option(op->one_char, options);
+ break;
+ }
+ }
+ if (op->one_char == 0)
+ {
+ fprintf(stderr, "pcregrep: Unknown option %s\n", argv[i]);
+ exit(usage(2));
+ }
+ }
+
+ /* One-char options */
+
+ else
+ {
+ char *s = argv[i] + 1;
+ while (*s != 0)
+ {
+ if (*s == 'f')
+ {
+ pattern_filename = s + 1;
+ if (pattern_filename[0] == 0)
+ {
+ if (i >= argc - 1)
+ {
+ fprintf(stderr, "pcregrep: File name missing after -f\n");
+ exit(usage(2));
+ }
+ pattern_filename = argv[++i];
+ }
+ break;
+ }
+ else options = handle_option(*s++, options);
+ }
+ }
+ }
+
+pattern_list = malloc(MAX_PATTERN_COUNT * sizeof(pcre *));
+hints_list = malloc(MAX_PATTERN_COUNT * sizeof(pcre_extra *));
+
+if (pattern_list == NULL || hints_list == NULL)
+ {
+ fprintf(stderr, "pcregrep: malloc failed\n");
+ return 2;
+ }
+
+/* Compile the regular expression(s). */
+
+if (pattern_filename != NULL)
+ {
+ FILE *f = fopen(pattern_filename, "r");
+ char buffer[BUFSIZ];
+ if (f == NULL)
+ {
+ fprintf(stderr, "pcregrep: Failed to open %s: %s\n", pattern_filename,
+ strerror(errno));
+ return 2;
+ }
+ while (fgets(buffer, sizeof(buffer), f) != NULL)
+ {
+ char *s = buffer + (int)strlen(buffer);
+ if (pattern_count >= MAX_PATTERN_COUNT)
+ {
+ fprintf(stderr, "pcregrep: Too many patterns in file (max %d)\n",
+ MAX_PATTERN_COUNT);
+ return 2;
+ }
+ while (s > buffer && isspace((unsigned char)(s[-1]))) s--;
+ if (s == buffer) continue;
+ *s = 0;
+ pattern_list[pattern_count] = pcre_compile(buffer, options, &error,
+ &errptr, NULL);
+ if (pattern_list[pattern_count++] == NULL)
+ {
+ fprintf(stderr, "pcregrep: Error in regex number %d at offset %d: %s\n",
+ pattern_count, errptr, error);
+ return 2;
+ }
+ }
+ fclose(f);
+ }
+
+/* If no file name, a single regex must be given inline */
+
+else
+ {
+ if (i >= argc) return usage(0);
+ pattern_list[0] = pcre_compile(argv[i++], options, &error, &errptr, NULL);
+ if (pattern_list[0] == NULL)
+ {
+ fprintf(stderr, "pcregrep: Error in regex at offset %d: %s\n", errptr,
+ error);
+ return 2;
+ }
+ pattern_count++;
+ }
+
+/* Study the regular expressions, as we will be running them may times */
+
+for (j = 0; j < pattern_count; j++)
+ {
+ hints_list[j] = pcre_study(pattern_list[j], 0, &error);
+ if (error != NULL)
+ {
+ char s[16];
+ if (pattern_count == 1) s[0] = 0; else sprintf(s, " number %d", j);
+ fprintf(stderr, "pcregrep: Error while studying regex%s: %s\n", s, error);
+ return 2;
+ }
+ }
+
+/* If there are no further arguments, do the business on stdin and exit */
+
+if (i >= argc) return pcregrep(stdin, NULL);
+
+/* Otherwise, work through the remaining arguments as files or directories.
+Pass in the fact that there is only one argument at top level - this suppresses
+the file name if the argument is not a directory. */
+
+only_one_at_top = (i == argc - 1);
+if (filenames_only) filenames = TRUE;
+
+for (; i < argc; i++)
+ {
+ int frc = grep_or_recurse(argv[i], recurse, filenames, only_one_at_top);
+ if (frc == 0 && rc == 1) rc = 0;
+ }
+
+return rc;
+}
+
+/* End */
--- /dev/null
+#! /usr/bin/perl
+
+# Program for testing regular expressions with perl to check that PCRE handles
+# them the same. This is the version that supports /8 for UTF-8 testing. It
+# requires at least Perl 5.6.
+
+
+# Function for turning a string into a string of printing chars. There are
+# currently problems with UTF-8 strings; this fudges round them.
+
+sub pchars {
+my($t) = "";
+
+if ($utf8)
+ {
+ use utf8;
+ @p = unpack('U*', $_[0]);
+ foreach $c (@p)
+ {
+ if ($c >= 32 && $c < 127) { $t .= chr $c; }
+ else { $t .= sprintf("\\x{%02x}", $c); }
+ }
+ }
+
+else
+ {
+ foreach $c (split(//, $_[0]))
+ {
+ if (ord $c >= 32 && ord $c < 127) { $t .= $c; }
+ else { $t .= sprintf("\\x%02x", ord $c); }
+ }
+ }
+
+$t;
+}
+
+
+
+# Read lines from named file or stdin and write to named file or stdout; lines
+# consist of a regular expression, in delimiters and optionally followed by
+# options, followed by a set of test data, terminated by an empty line.
+
+# Sort out the input and output files
+
+if (@ARGV > 0)
+ {
+ open(INFILE, "<$ARGV[0]") || die "Failed to open $ARGV[0]\n";
+ $infile = "INFILE";
+ }
+else { $infile = "STDIN"; }
+
+if (@ARGV > 1)
+ {
+ open(OUTFILE, ">$ARGV[1]") || die "Failed to open $ARGV[1]\n";
+ $outfile = "OUTFILE";
+ }
+else { $outfile = "STDOUT"; }
+
+printf($outfile "Perl $] Regular Expressions\n\n");
+
+# Main loop
+
+NEXT_RE:
+for (;;)
+ {
+ printf " re> " if $infile eq "STDIN";
+ last if ! ($_ = <$infile>);
+ printf $outfile "$_" if $infile ne "STDIN";
+ next if ($_ eq "");
+
+ $pattern = $_;
+
+ while ($pattern !~ /^\s*(.).*\1/s)
+ {
+ printf " > " if $infile eq "STDIN";
+ last if ! ($_ = <$infile>);
+ printf $outfile "$_" if $infile ne "STDIN";
+ $pattern .= $_;
+ }
+
+ chomp($pattern);
+ $pattern =~ s/\s+$//;
+
+ # The private /+ modifier means "print $' afterwards".
+
+ $showrest = ($pattern =~ s/\+(?=[a-z]*$)//);
+
+ # The private /8 modifier means "operate in UTF-8". Currently, Perl
+ # has bugs that we try to work around using this flag.
+
+ $utf8 = ($pattern =~ s/8(?=[a-z]*$)//);
+
+ # Check that the pattern is valid
+
+ if ($utf8)
+ {
+ use utf8;
+ eval "\$_ =~ ${pattern}";
+ }
+ else
+ {
+ eval "\$_ =~ ${pattern}";
+ }
+
+ if ($@)
+ {
+ printf $outfile "Error: $@";
+ next NEXT_RE;
+ }
+
+ # If the /g modifier is present, we want to put a loop round the matching;
+ # otherwise just a single "if".
+
+ $cmd = ($pattern =~ /g[a-z]*$/)? "while" : "if";
+
+ # If the pattern is actually the null string, Perl uses the most recently
+ # executed (and successfully compiled) regex is used instead. This is a
+ # nasty trap for the unwary! The PCRE test suite does contain null strings
+ # in places - if they are allowed through here all sorts of weird and
+ # unexpected effects happen. To avoid this, we replace such patterns with
+ # a non-null pattern that has the same effect.
+
+ $pattern = "/(?#)/$2" if ($pattern =~ /^(.)\1(.*)$/);
+
+ # Read data lines and test them
+
+ for (;;)
+ {
+ printf "data> " if $infile eq "STDIN";
+ last NEXT_RE if ! ($_ = <$infile>);
+ chomp;
+ printf $outfile "$_\n" if $infile ne "STDIN";
+
+ s/\s+$//;
+ s/^\s+//;
+
+ last if ($_ eq "");
+
+ $x = eval "\"$_\""; # To get escapes processed
+
+ # Empty array for holding results, then do the matching.
+
+ @subs = ();
+
+ $pushes = "push \@subs,\$&;" .
+ "push \@subs,\$1;" .
+ "push \@subs,\$2;" .
+ "push \@subs,\$3;" .
+ "push \@subs,\$4;" .
+ "push \@subs,\$5;" .
+ "push \@subs,\$6;" .
+ "push \@subs,\$7;" .
+ "push \@subs,\$8;" .
+ "push \@subs,\$9;" .
+ "push \@subs,\$10;" .
+ "push \@subs,\$11;" .
+ "push \@subs,\$12;" .
+ "push \@subs,\$13;" .
+ "push \@subs,\$14;" .
+ "push \@subs,\$15;" .
+ "push \@subs,\$16;" .
+ "push \@subs,\$'; }";
+
+ if ($utf8)
+ {
+ use utf8;
+ eval "${cmd} (\$x =~ ${pattern}) {" . $pushes;
+ }
+ else
+ {
+ eval "${cmd} (\$x =~ ${pattern}) {" . $pushes;
+ }
+
+ if ($@)
+ {
+ printf $outfile "Error: $@\n";
+ next NEXT_RE;
+ }
+ elsif (scalar(@subs) == 0)
+ {
+ printf $outfile "No match\n";
+ }
+ else
+ {
+ while (scalar(@subs) != 0)
+ {
+ printf $outfile (" 0: %s\n", &pchars($subs[0]));
+ printf $outfile (" 0+ %s\n", &pchars($subs[17])) if $showrest;
+ $last_printed = 0;
+ for ($i = 1; $i <= 16; $i++)
+ {
+ if (defined $subs[$i])
+ {
+ while ($last_printed++ < $i-1)
+ { printf $outfile ("%2d: <unset>\n", $last_printed); }
+ printf $outfile ("%2d: %s\n", $i, &pchars($subs[$i]));
+ $last_printed = $i;
+ }
+ }
+ splice(@subs, 0, 18);
+ }
+ }
+ }
+ }
+
+printf $outfile "\n";
+
+# End
--- /dev/null
+/-- Because of problems with Perl 5.6 in handling UTF-8 vs non UTF-8 --/
+/-- strings automatically, do not use the \x{} construct except with --/
+/-- patterns that have the /8 option set, and don't use them without! --/
+
+/a.b/8
+ acb
+ a\x7fb
+ a\x{100}b
+ *** Failers
+ a\nb
+
+/a(.{3})b/8
+ a\x{4000}xyb
+ a\x{4000}\x7fyb
+ a\x{4000}\x{100}yb
+ *** Failers
+ a\x{4000}b
+ ac\ncb
+
+/a(.*?)(.)/
+ a\xc0\x88b
+
+/a(.*?)(.)/8
+ a\x{100}b
+
+/a(.*)(.)/
+ a\xc0\x88b
+
+/a(.*)(.)/8
+ a\x{100}b
+
+/a(.)(.)/
+ a\xc0\x92bcd
+
+/a(.)(.)/8
+ a\x{240}bcd
+
+/a(.?)(.)/
+ a\xc0\x92bcd
+
+/a(.?)(.)/8
+ a\x{240}bcd
+
+/a(.??)(.)/
+ a\xc0\x92bcd
+
+/a(.??)(.)/8
+ a\x{240}bcd
+
+/a(.{3})b/8
+ a\x{1234}xyb
+ a\x{1234}\x{4321}yb
+ a\x{1234}\x{4321}\x{3412}b
+ *** Failers
+ a\x{1234}b
+ ac\ncb
+
+/a(.{3,})b/8
+ a\x{1234}xyb
+ a\x{1234}\x{4321}yb
+ a\x{1234}\x{4321}\x{3412}b
+ axxxxbcdefghijb
+ a\x{1234}\x{4321}\x{3412}\x{3421}b
+ *** Failers
+ a\x{1234}b
+
+/a(.{3,}?)b/8
+ a\x{1234}xyb
+ a\x{1234}\x{4321}yb
+ a\x{1234}\x{4321}\x{3412}b
+ axxxxbcdefghijb
+ a\x{1234}\x{4321}\x{3412}\x{3421}b
+ *** Failers
+ a\x{1234}b
+
+/a(.{3,5})b/8
+ a\x{1234}xyb
+ a\x{1234}\x{4321}yb
+ a\x{1234}\x{4321}\x{3412}b
+ axxxxbcdefghijb
+ a\x{1234}\x{4321}\x{3412}\x{3421}b
+ axbxxbcdefghijb
+ axxxxxbcdefghijb
+ *** Failers
+ a\x{1234}b
+ axxxxxxbcdefghijb
+
+/a(.{3,5}?)b/8
+ a\x{1234}xyb
+ a\x{1234}\x{4321}yb
+ a\x{1234}\x{4321}\x{3412}b
+ axxxxbcdefghijb
+ a\x{1234}\x{4321}\x{3412}\x{3421}b
+ axbxxbcdefghijb
+ axxxxxbcdefghijb
+ *** Failers
+ a\x{1234}b
+ axxxxxxbcdefghijb
+
+/^[a\x{c0}]/8
+ *** Failers
+ \x{100}
+
+/(?<=aXb)cd/8
+ aXbcd
+
+/(?<=a\x{100}b)cd/8
+ a\x{100}bcd
+
+/(?<=a\x{100000}b)cd/8
+ a\x{100000}bcd
+
+/(?:\x{100}){3}b/8
+ \x{100}\x{100}\x{100}b
+ *** Failers
+ \x{100}\x{100}b
+
+/ End of testinput5 /
--- /dev/null
+/\x{100}/8DM
+
+/\x{1000}/8DM
+
+/\x{10000}/8DM
+
+/\x{100000}/8DM
+
+/\x{1000000}/8DM
+
+/\x{4000000}/8DM
+
+/\x{7fffFFFF}/8DM
+
+/[\x{ff}]/8DM
+
+/[\x{100}]/8DM
+
+/\x{ffffffff}/8
+
+/\x{100000000}/8
+
+/^\x{100}a\x{1234}/8
+ \x{100}a\x{1234}bcd
+
+/\x80/8D
+
+/\xff/8D
+
+/\x{0041}\x{2262}\x{0391}\x{002e}/D8
+ \x{0041}\x{2262}\x{0391}\x{002e}
+
+/\x{D55c}\x{ad6d}\x{C5B4}/D8
+ \x{D55c}\x{ad6d}\x{C5B4}
+
+/\x{65e5}\x{672c}\x{8a9e}/D8
+ \x{65e5}\x{672c}\x{8a9e}
+
+/\x{80}/D8
+
+/\x{084}/D8
+
+/\x{104}/D8
+
+/\x{861}/D8
+
+/\x{212ab}/D8
+
+/.{3,5}X/D8
+ \x{212ab}\x{212ab}\x{212ab}\x{861}X
+
+
+/.{3,5}?/D8
+ \x{212ab}\x{212ab}\x{212ab}\x{861}
+
+/-- These tests are here rather than in testinput5 because Perl 5.6 has --/
+/-- some problems with UTF-8 support, in the area of \x{..} where the --/
+/-- value is < 255. It grumbles about invalid UTF-8 strings. --/
+
+/^[a\x{c0}]b/8
+ \x{c0}b
+
+/^([a\x{c0}]*?)aa/8
+ a\x{c0}aaaa/
+
+/^([a\x{c0}]*?)aa/8
+ a\x{c0}aaaa/
+ a\x{c0}a\x{c0}aaa/
+
+/^([a\x{c0}]*)aa/8
+ a\x{c0}aaaa/
+ a\x{c0}a\x{c0}aaa/
+
+/^([a\x{c0}]*)a\x{c0}/8
+ a\x{c0}aaaa/
+ a\x{c0}a\x{c0}aaa/
+
+/ End of testinput6 /
--- /dev/null
+PCRE version 3.9 02-Jan-2002
+
+/-- Because of problems with Perl 5.6 in handling UTF-8 vs non UTF-8 --/
+/-- strings automatically, do not use the \x{} construct except with --/
+No match
+/-- patterns that have the /8 option set, and don't use them without! --/
+No match
+
+/a.b/8
+ acb
+ 0: acb
+ a\x7fb
+ 0: a\x{7f}b
+ a\x{100}b
+ 0: a\x{100}b
+ *** Failers
+No match
+ a\nb
+No match
+
+/a(.{3})b/8
+ a\x{4000}xyb
+ 0: a\x{4000}xyb
+ 1: \x{4000}xy
+ a\x{4000}\x7fyb
+ 0: a\x{4000}\x{7f}yb
+ 1: \x{4000}\x{7f}y
+ a\x{4000}\x{100}yb
+ 0: a\x{4000}\x{100}yb
+ 1: \x{4000}\x{100}y
+ *** Failers
+No match
+ a\x{4000}b
+No match
+ ac\ncb
+No match
+
+/a(.*?)(.)/
+ a\xc0\x88b
+ 0: a\xc0
+ 1:
+ 2: \xc0
+
+/a(.*?)(.)/8
+ a\x{100}b
+ 0: a\x{100}
+ 1:
+ 2: \x{100}
+
+/a(.*)(.)/
+ a\xc0\x88b
+ 0: a\xc0\x88b
+ 1: \xc0\x88
+ 2: b
+
+/a(.*)(.)/8
+ a\x{100}b
+ 0: a\x{100}b
+ 1: \x{100}
+ 2: b
+
+/a(.)(.)/
+ a\xc0\x92bcd
+ 0: a\xc0\x92
+ 1: \xc0
+ 2: \x92
+
+/a(.)(.)/8
+ a\x{240}bcd
+ 0: a\x{240}b
+ 1: \x{240}
+ 2: b
+
+/a(.?)(.)/
+ a\xc0\x92bcd
+ 0: a\xc0\x92
+ 1: \xc0
+ 2: \x92
+
+/a(.?)(.)/8
+ a\x{240}bcd
+ 0: a\x{240}b
+ 1: \x{240}
+ 2: b
+
+/a(.??)(.)/
+ a\xc0\x92bcd
+ 0: a\xc0
+ 1:
+ 2: \xc0
+
+/a(.??)(.)/8
+ a\x{240}bcd
+ 0: a\x{240}
+ 1:
+ 2: \x{240}
+
+/a(.{3})b/8
+ a\x{1234}xyb
+ 0: a\x{1234}xyb
+ 1: \x{1234}xy
+ a\x{1234}\x{4321}yb
+ 0: a\x{1234}\x{4321}yb
+ 1: \x{1234}\x{4321}y
+ a\x{1234}\x{4321}\x{3412}b
+ 0: a\x{1234}\x{4321}\x{3412}b
+ 1: \x{1234}\x{4321}\x{3412}
+ *** Failers
+No match
+ a\x{1234}b
+No match
+ ac\ncb
+No match
+
+/a(.{3,})b/8
+ a\x{1234}xyb
+ 0: a\x{1234}xyb
+ 1: \x{1234}xy
+ a\x{1234}\x{4321}yb
+ 0: a\x{1234}\x{4321}yb
+ 1: \x{1234}\x{4321}y
+ a\x{1234}\x{4321}\x{3412}b
+ 0: a\x{1234}\x{4321}\x{3412}b
+ 1: \x{1234}\x{4321}\x{3412}
+ axxxxbcdefghijb
+ 0: axxxxbcdefghijb
+ 1: xxxxbcdefghij
+ a\x{1234}\x{4321}\x{3412}\x{3421}b
+ 0: a\x{1234}\x{4321}\x{3412}\x{3421}b
+ 1: \x{1234}\x{4321}\x{3412}\x{3421}
+ *** Failers
+No match
+ a\x{1234}b
+No match
+
+/a(.{3,}?)b/8
+ a\x{1234}xyb
+ 0: a\x{1234}xyb
+ 1: \x{1234}xy
+ a\x{1234}\x{4321}yb
+ 0: a\x{1234}\x{4321}yb
+ 1: \x{1234}\x{4321}y
+ a\x{1234}\x{4321}\x{3412}b
+ 0: a\x{1234}\x{4321}\x{3412}b
+ 1: \x{1234}\x{4321}\x{3412}
+ axxxxbcdefghijb
+ 0: axxxxb
+ 1: xxxx
+ a\x{1234}\x{4321}\x{3412}\x{3421}b
+ 0: a\x{1234}\x{4321}\x{3412}\x{3421}b
+ 1: \x{1234}\x{4321}\x{3412}\x{3421}
+ *** Failers
+No match
+ a\x{1234}b
+No match
+
+/a(.{3,5})b/8
+ a\x{1234}xyb
+ 0: a\x{1234}xyb
+ 1: \x{1234}xy
+ a\x{1234}\x{4321}yb
+ 0: a\x{1234}\x{4321}yb
+ 1: \x{1234}\x{4321}y
+ a\x{1234}\x{4321}\x{3412}b
+ 0: a\x{1234}\x{4321}\x{3412}b
+ 1: \x{1234}\x{4321}\x{3412}
+ axxxxbcdefghijb
+ 0: axxxxb
+ 1: xxxx
+ a\x{1234}\x{4321}\x{3412}\x{3421}b
+ 0: a\x{1234}\x{4321}\x{3412}\x{3421}b
+ 1: \x{1234}\x{4321}\x{3412}\x{3421}
+ axbxxbcdefghijb
+ 0: axbxxb
+ 1: xbxx
+ axxxxxbcdefghijb
+ 0: axxxxxb
+ 1: xxxxx
+ *** Failers
+No match
+ a\x{1234}b
+No match
+ axxxxxxbcdefghijb
+No match
+
+/a(.{3,5}?)b/8
+ a\x{1234}xyb
+ 0: a\x{1234}xyb
+ 1: \x{1234}xy
+ a\x{1234}\x{4321}yb
+ 0: a\x{1234}\x{4321}yb
+ 1: \x{1234}\x{4321}y
+ a\x{1234}\x{4321}\x{3412}b
+ 0: a\x{1234}\x{4321}\x{3412}b
+ 1: \x{1234}\x{4321}\x{3412}
+ axxxxbcdefghijb
+ 0: axxxxb
+ 1: xxxx
+ a\x{1234}\x{4321}\x{3412}\x{3421}b
+ 0: a\x{1234}\x{4321}\x{3412}\x{3421}b
+ 1: \x{1234}\x{4321}\x{3412}\x{3421}
+ axbxxbcdefghijb
+ 0: axbxxb
+ 1: xbxx
+ axxxxxbcdefghijb
+ 0: axxxxxb
+ 1: xxxxx
+ *** Failers
+No match
+ a\x{1234}b
+No match
+ axxxxxxbcdefghijb
+No match
+
+/^[a\x{c0}]/8
+ *** Failers
+No match
+ \x{100}
+No match
+
+/(?<=aXb)cd/8
+ aXbcd
+ 0: cd
+
+/(?<=a\x{100}b)cd/8
+ a\x{100}bcd
+ 0: cd
+
+/(?<=a\x{100000}b)cd/8
+ a\x{100000}bcd
+ 0: cd
+
+/(?:\x{100}){3}b/8
+ \x{100}\x{100}\x{100}b
+ 0: \x{100}\x{100}\x{100}b
+ *** Failers
+No match
+ \x{100}\x{100}b
+No match
+
+/ End of testinput5 /
+
--- /dev/null
+PCRE version 3.9 02-Jan-2002
+
+/\x{100}/8DM
+Memory allocation (code space): 11
+------------------------------------------------------------------
+ 0 7 Bra 0
+ 3 2 \xc4\x80
+ 7 7 Ket
+ 10 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 196
+Need char = 128
+
+/\x{1000}/8DM
+Memory allocation (code space): 12
+------------------------------------------------------------------
+ 0 8 Bra 0
+ 3 3 \xe1\x80\x80
+ 8 8 Ket
+ 11 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 225
+Need char = 128
+
+/\x{10000}/8DM
+Memory allocation (code space): 13
+------------------------------------------------------------------
+ 0 9 Bra 0
+ 3 4 \xf0\x90\x80\x80
+ 9 9 Ket
+ 12 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 240
+Need char = 128
+
+/\x{100000}/8DM
+Memory allocation (code space): 13
+------------------------------------------------------------------
+ 0 9 Bra 0
+ 3 4 \xf4\x80\x80\x80
+ 9 9 Ket
+ 12 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 244
+Need char = 128
+
+/\x{1000000}/8DM
+Memory allocation (code space): 14
+------------------------------------------------------------------
+ 0 10 Bra 0
+ 3 5 \xf9\x80\x80\x80\x80
+ 10 10 Ket
+ 13 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 249
+Need char = 128
+
+/\x{4000000}/8DM
+Memory allocation (code space): 15
+------------------------------------------------------------------
+ 0 11 Bra 0
+ 3 6 \xfc\x84\x80\x80\x80\x80
+ 11 11 Ket
+ 14 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 252
+Need char = 128
+
+/\x{7fffFFFF}/8DM
+Memory allocation (code space): 15
+------------------------------------------------------------------
+ 0 11 Bra 0
+ 3 6 \xfd\xbf\xbf\xbf\xbf\xbf
+ 11 11 Ket
+ 14 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 253
+Need char = 191
+
+/[\x{ff}]/8DM
+Memory allocation (code space): 40
+------------------------------------------------------------------
+ 0 6 Bra 0
+ 3 1 \xff
+ 6 6 Ket
+ 9 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 255
+No need char
+
+/[\x{100}]/8DM
+Memory allocation (code space): 40
+Failed: characters with values > 255 are not yet supported in classes at offset 7
+
+/\x{ffffffff}/8
+Failed: character value in \x{...} sequence is too large at offset 11
+
+/\x{100000000}/8
+Failed: character value in \x{...} sequence is too large at offset 12
+
+/^\x{100}a\x{1234}/8
+ \x{100}a\x{1234}bcd
+ 0: \x{100}a\x{1234}
+
+/\x80/8D
+------------------------------------------------------------------
+ 0 7 Bra 0
+ 3 2 \xc2\x80
+ 7 7 Ket
+ 10 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 194
+Need char = 128
+
+/\xff/8D
+------------------------------------------------------------------
+ 0 7 Bra 0
+ 3 2 \xc3\xbf
+ 7 7 Ket
+ 10 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 195
+Need char = 191
+
+/\x{0041}\x{2262}\x{0391}\x{002e}/D8
+------------------------------------------------------------------
+ 0 12 Bra 0
+ 3 7 A\xe2\x89\xa2\xce\x91.
+ 12 12 Ket
+ 15 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 'A'
+Need char = '.'
+ \x{0041}\x{2262}\x{0391}\x{002e}
+ 0: A\x{2262}\x{391}.
+
+/\x{D55c}\x{ad6d}\x{C5B4}/D8
+------------------------------------------------------------------
+ 0 14 Bra 0
+ 3 9 \xed\x95\x9c\xea\xb5\xad\xec\x96\xb4
+ 14 14 Ket
+ 17 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 237
+Need char = 180
+ \x{D55c}\x{ad6d}\x{C5B4}
+ 0: \x{d55c}\x{ad6d}\x{c5b4}
+
+/\x{65e5}\x{672c}\x{8a9e}/D8
+------------------------------------------------------------------
+ 0 14 Bra 0
+ 3 9 \xe6\x97\xa5\xe6\x9c\xac\xe8\xaa\x9e
+ 14 14 Ket
+ 17 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 230
+Need char = 158
+ \x{65e5}\x{672c}\x{8a9e}
+ 0: \x{65e5}\x{672c}\x{8a9e}
+
+/\x{80}/D8
+------------------------------------------------------------------
+ 0 7 Bra 0
+ 3 2 \xc2\x80
+ 7 7 Ket
+ 10 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 194
+Need char = 128
+
+/\x{084}/D8
+------------------------------------------------------------------
+ 0 7 Bra 0
+ 3 2 \xc2\x84
+ 7 7 Ket
+ 10 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 194
+Need char = 132
+
+/\x{104}/D8
+------------------------------------------------------------------
+ 0 7 Bra 0
+ 3 2 \xc4\x84
+ 7 7 Ket
+ 10 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 196
+Need char = 132
+
+/\x{861}/D8
+------------------------------------------------------------------
+ 0 8 Bra 0
+ 3 3 \xe0\xa1\xa1
+ 8 8 Ket
+ 11 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 224
+Need char = 161
+
+/\x{212ab}/D8
+------------------------------------------------------------------
+ 0 9 Bra 0
+ 3 4 \xf0\xa1\x8a\xab
+ 9 9 Ket
+ 12 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+First char = 240
+Need char = 171
+
+/.{3,5}X/D8
+------------------------------------------------------------------
+ 0 14 Bra 0
+ 3 Any{3}
+ 7 Any{0,2}
+ 11 1 X
+ 14 14 Ket
+ 17 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+No first char
+Need char = 'X'
+ \x{212ab}\x{212ab}\x{212ab}\x{861}X
+ 0: \x{212ab}\x{212ab}\x{212ab}\x{861}X
+
+
+/.{3,5}?/D8
+------------------------------------------------------------------
+ 0 11 Bra 0
+ 3 Any{3}
+ 7 Any{0,2}?
+ 11 11 Ket
+ 14 End
+------------------------------------------------------------------
+Capturing subpattern count = 0
+Options: utf8
+No first char
+No need char
+ \x{212ab}\x{212ab}\x{212ab}\x{861}
+ 0: \x{212ab}\x{212ab}\x{212ab}
+
+/-- These tests are here rather than in testinput5 because Perl 5.6 has --/
+/-- some problems with UTF-8 support, in the area of \x{..} where the --/
+No match
+/-- value is < 255. It grumbles about invalid UTF-8 strings. --/
+No match
+
+/^[a\x{c0}]b/8
+ \x{c0}b
+ 0: \x{c0}b
+
+/^([a\x{c0}]*?)aa/8
+ a\x{c0}aaaa/
+ 0: a\x{c0}aa
+ 1: a\x{c0}
+
+/^([a\x{c0}]*?)aa/8
+ a\x{c0}aaaa/
+ 0: a\x{c0}aa
+ 1: a\x{c0}
+ a\x{c0}a\x{c0}aaa/
+ 0: a\x{c0}a\x{c0}aa
+ 1: a\x{c0}a\x{c0}
+
+/^([a\x{c0}]*)aa/8
+ a\x{c0}aaaa/
+ 0: a\x{c0}aaaa
+ 1: a\x{c0}aa
+ a\x{c0}a\x{c0}aaa/
+ 0: a\x{c0}a\x{c0}aaa
+ 1: a\x{c0}a\x{c0}a
+
+/^([a\x{c0}]*)a\x{c0}/8
+ a\x{c0}aaaa/
+ 0: a\x{c0}
+ 1:
+ a\x{c0}a\x{c0}aaa/
+ 0: a\x{c0}a\x{c0}
+ 1: a\x{c0}
+
+/ End of testinput6 /
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(NWOS) \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr/misc/netware \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = htdigest
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = HT Digest Utility for NetWare
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = htdigest
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/htdigest.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/htdigest.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(NWOS) \
+ $(AP_WORK)/srclib/apr/include \
+ $(AP_WORK)/srclib/apr-util/include \
+ $(AP_WORK)/srclib/apr/misc/netware \
+ $(AP_WORK)/srclib/apr \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = htpasswd
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = HT Password Utility for NetWare
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = htpasswd
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/htpasswd.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/htpasswd.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
--- /dev/null
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME =
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION =
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME =
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE =
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM =
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM =
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS =
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/htpasswd.nlm \
+ $(OBJDIR)/htdigest.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\*.*
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ */
+
+/*
+ * Given one or more group identifers on the command line (e.g.,
+ * "httpd" or "#-1"), figure out whether they'll be valid for
+ * the server to use at run-time.
+ *
+ * If a groupname isn't found, or we can't setgid() to it, return
+ * -1. If all groups are valid, return 0.
+ *
+ * This may need to be run as the superuser for the setgid() to
+ * succeed; running it as any other user may result in a false
+ * negative.
+ */
+
+#include "ap_config.h"
+#if APR_HAVE_STDIO_H
+#include <stdio.h>
+#endif
+#if APR_HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_GRP_H
+#include <grp.h>
+#endif
+#if APR_HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+int main(int argc, char *argv[])
+{
+ int i;
+ int result;
+ gid_t gid;
+ struct group *grent;
+ struct group fake_grent;
+
+ /*
+ * Assume success. :-)
+ */
+ result = 0;
+ for (i = 1; i < argc; ++i) {
+ char *arg;
+ arg = argv[i];
+
+ /*
+ * If it's from a 'Group #-1' statement, get the numeric value
+ * and skip the group lookup stuff.
+ */
+ if (*arg == '#') {
+ gid = atoi(&arg[1]);
+ fake_grent.gr_gid = gid;
+ grent = &fake_grent;
+ }
+ else {
+ grent = getgrnam(arg);
+ }
+
+ /*
+ * A NULL return means no such group was found, so we're done
+ * with this one.
+ */
+ if (grent == NULL) {
+ fprintf(stderr, "%s: group '%s' not found\n", argv[0], arg);
+ result = -1;
+ }
+ else {
+ int check;
+
+ /*
+ * See if we can switch to the numeric GID we have. If so,
+ * all well and good; if not, well..
+ */
+ gid = grent->gr_gid;
+ check = setgid(gid);
+ if (check != 0) {
+ fprintf(stderr, "%s: invalid group '%s'\n", argv[0], arg);
+ perror(argv[0]);
+ result = -1;
+ }
+ }
+ }
+ /*
+ * Worst-case return value.
+ */
+ return result;
+}
+/*
+ * Local Variables:
+ * mode: C
+ * c-file-style: "bsd"
+ * End:
+ */
--- /dev/null
+# envvars-std - default environment variables for apachectl
+#
+# This file is generated from envvars-std.in
+#
+# the following lines are automatically uncommented for
+# binary builds
+#binbuild @SHLIBPATH_VAR@='@prefix@/lib/:$@SHLIBPATH_VAR@'
+#binbuild export @SHLIBPATH_VAR@
+#
+@OS_SPECIFIC_VARS@
--- /dev/null
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+/*
+ * htdbm.c: simple program for manipulating DBM
+ * password databases for the Apache HTTP server
+ *
+ * Contributed by Mladen Turk <mturk@mappingsoft.com>
+ * 12 Oct 2001
+ */
+
+#include "apr.h"
+#include "apr_lib.h"
+#include "apr_strings.h"
+#include "apr_file_io.h"
+#include "apr_file_info.h"
+#include "apr_pools.h"
+#include "apr_signal.h"
+#include "apr_md5.h"
+#include "apr_sha1.h"
+#include "apr_dbm.h"
+
+#if APR_HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#if APR_HAVE_STRING_H
+#include <string.h>
+#endif
+#if APR_HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#if APR_CHARSET_EBCDIC
+#include "apr_xlate.h"
+#endif /*APR_CHARSET_EBCDIC*/
+
+#if APR_HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
+
+#if !APR_CHARSET_EBCDIC
+#define LF 10
+#define CR 13
+#else /*APR_CHARSET_EBCDIC*/
+#define LF '\n'
+#define CR '\r'
+#endif /*APR_CHARSET_EBCDIC*/
+
+#define MAX_STRING_LEN 256
+#define ALG_PLAIN 0
+#define ALG_APMD5 1
+#define ALG_APSHA 2
+
+#if APR_HAVE_CRYPT_H
+#define ALG_CRYPT 3
+#endif
+
+
+#define ERR_FILEPERM 1
+#define ERR_SYNTAX 2
+#define ERR_PWMISMATCH 3
+#define ERR_INTERRUPTED 4
+#define ERR_OVERFLOW 5
+#define ERR_BADUSER 6
+#define ERR_EMPTY 7
+
+
+typedef struct apu_htdbm_t apu_htdbm_t;
+
+struct apu_htdbm_t {
+ apr_dbm_t *dbm;
+ apr_pool_t *pool;
+#if APR_CHARSET_EBCDIC
+ apr_xlate_t *to_ascii;
+#endif
+ char *filename;
+ char *username;
+ char *userpass;
+ char *comment;
+ int create;
+ int rdonly;
+ int alg;
+};
+
+
+#define APU_HTDBM_DECLARE(x) static x
+#define APU_HTDBM_STANDALONE 1
+
+#define APU_HTDBM_MAKE 0
+#define APU_HTDBM_DELETE 1
+#define APU_HTDBM_VERIFY 2
+#define APU_HTDBM_LIST 3
+#define APU_HTDBM_NOFILE 4
+#define APU_HTDBM_STDIN 5
+
+APU_HTDBM_DECLARE(void) apu_htdbm_terminate(apu_htdbm_t *htdbm)
+{
+
+ if (htdbm->dbm)
+ apr_dbm_close(htdbm->dbm);
+ htdbm->dbm = NULL;
+}
+
+#if APU_HTDBM_STANDALONE
+
+static apu_htdbm_t *h;
+
+APU_HTDBM_DECLARE(void) apu_htdbm_interrupted(void)
+{
+ apu_htdbm_terminate(h);
+ fprintf(stderr, "htdbm Interrupted !\n");
+ exit(ERR_INTERRUPTED);
+}
+#endif
+
+APU_HTDBM_DECLARE(apr_status_t) apu_htdbm_init(apr_pool_t **pool, apu_htdbm_t **hdbm)
+{
+
+#if APR_CHARSET_EBCDIC
+ apr_status_t rv;
+#endif
+
+#if APU_HTDBM_STANDALONE
+ apr_initialize();
+ atexit(apr_terminate);
+ apr_pool_create( pool, NULL);
+ apr_signal(SIGINT, (void (*)(int)) apu_htdbm_interrupted);
+
+#endif
+
+ (*hdbm) = (apu_htdbm_t *)apr_pcalloc(*pool, sizeof(apu_htdbm_t));
+ (*hdbm)->pool = *pool;
+
+#if APR_CHARSET_EBCDIC
+ rv = apr_xlate_open(to_ascii, "ISO8859-1", APR_DEFAULT_CHARSET, (*hdbm)->pool);
+ if (rv) {
+ fprintf(stderr, "apr_xlate_open(to ASCII)->%d\n", rv);
+ return APR_EGENERAL;
+ }
+ rv = apr_SHA1InitEBCDIC((*hdbm)->to_ascii);
+ if (rv) {
+ fprintf(stderr, "apr_SHA1InitEBCDIC()->%d\n", rv);
+ return APR_EGENERAL;
+ }
+ rv = apr_MD5InitEBCDIC((*hdbm)->to_ascii);
+ if (rv) {
+ fprintf(stderr, "apr_MD5InitEBCDIC()->%d\n", rv);
+ return APR_EGENERAL;
+ }
+#endif /*APR_CHARSET_EBCDIC*/
+
+ /* Set MD5 as default */
+ (*hdbm)->alg = ALG_APMD5;
+ return APR_SUCCESS;
+}
+
+APU_HTDBM_DECLARE(apr_status_t) apu_htdbm_open(apu_htdbm_t *htdbm)
+{
+ if (htdbm->create)
+ return apr_dbm_open(&htdbm->dbm, htdbm->filename, APR_DBM_RWCREATE,
+ APR_OS_DEFAULT, htdbm->pool);
+ else
+ return apr_dbm_open(&htdbm->dbm, htdbm->filename,
+ htdbm->rdonly ? APR_DBM_READONLY : APR_DBM_READWRITE,
+ APR_OS_DEFAULT, htdbm->pool);
+}
+
+APU_HTDBM_DECLARE(char *) ap_getword(apr_pool_t *atrans, char **line, char stop)
+{
+ char *pos = strrchr(*line, stop);
+ char *res;
+
+ if (!pos) {
+ res = apr_pstrdup(atrans, *line);
+ *line += strlen(*line);
+ return res;
+ }
+
+ res = apr_pstrndup(atrans, *line, pos - *line);
+
+ while (*pos == stop)
+ ++pos;
+ *line = pos;
+ return res;
+}
+
+APU_HTDBM_DECLARE(apr_status_t) apu_htdbm_save(apu_htdbm_t *htdbm, int *changed)
+{
+ apr_datum_t key, val;
+
+ if (!htdbm->username)
+ return APR_SUCCESS;
+
+ key.dptr = htdbm->username;
+ key.dsize = strlen(htdbm->username);
+ if (apr_dbm_exists(htdbm->dbm, key))
+ *changed = 1;
+
+ val.dsize = strlen(htdbm->userpass);
+ if (!htdbm->comment)
+ val.dptr = htdbm->userpass;
+ else {
+ val.dptr = apr_pstrcat(htdbm->pool, htdbm->userpass, ";",
+ htdbm->comment, NULL);
+ val.dsize += (strlen(htdbm->comment) + 1);
+ }
+ return apr_dbm_store(htdbm->dbm, key, val);
+}
+
+APU_HTDBM_DECLARE(apr_status_t) apu_htdbm_del(apu_htdbm_t *htdbm)
+{
+ apr_datum_t key;
+
+ key.dptr = htdbm->username;
+ key.dsize = strlen(htdbm->username);
+ if (!apr_dbm_exists(htdbm->dbm, key))
+ return APR_ENOENT;
+
+ return apr_dbm_delete(htdbm->dbm, key);
+}
+
+APU_HTDBM_DECLARE(apr_status_t) apu_htdbm_verify(apu_htdbm_t *htdbm)
+{
+ apr_datum_t key, val;
+ char pwd[MAX_STRING_LEN] = {0};
+ char *rec, *cmnt;
+
+ key.dptr = htdbm->username;
+ key.dsize = strlen(htdbm->username);
+ if (!apr_dbm_exists(htdbm->dbm, key))
+ return APR_ENOENT;
+ if (apr_dbm_fetch(htdbm->dbm, key, &val) != APR_SUCCESS)
+ return APR_ENOENT;
+ rec = apr_pstrndup(htdbm->pool, val.dptr, val.dsize);
+ cmnt = strchr(rec, ';');
+ if (cmnt)
+ strncpy(pwd, rec, cmnt - rec);
+ else
+ strcpy(pwd, rec);
+ return apr_password_validate(htdbm->userpass, pwd);
+}
+
+APU_HTDBM_DECLARE(apr_status_t) apu_htdbm_list(apu_htdbm_t *htdbm)
+{
+ apr_status_t rv;
+ apr_datum_t key, val;
+ char *rec, *cmnt;
+ char kb[MAX_STRING_LEN];
+ int i = 0;
+
+ rv = apr_dbm_firstkey(htdbm->dbm, &key);
+ if (rv != APR_SUCCESS) {
+ fprintf(stderr, "Empty database -- %s\n", htdbm->filename);
+ return APR_ENOENT;
+ }
+ rec = apr_pcalloc(htdbm->pool, HUGE_STRING_LEN);
+
+ fprintf(stderr, "Dumping records from database -- %s\n", htdbm->filename);
+ fprintf(stderr, " %-32sComment\n", "Username");
+ while (key.dptr != NULL) {
+ rv = apr_dbm_fetch(htdbm->dbm, key, &val);
+ if (rv != APR_SUCCESS) {
+ fprintf(stderr, "Failed getting data from %s\n", htdbm->filename);
+ return APR_EGENERAL;
+ }
+ strncpy(kb, key.dptr, key.dsize);
+ kb[key.dsize] = '\0';
+ fprintf(stderr, " %-32s", kb);
+ strncpy(rec, val.dptr, val.dsize);
+ rec[val.dsize] = '\0';
+ cmnt = strchr(rec, ';');
+ if (cmnt)
+ fprintf(stderr, cmnt + 1);
+ fprintf(stderr, "\n");
+ rv = apr_dbm_nextkey(htdbm->dbm, &key);
+ if (rv != APR_SUCCESS)
+ fprintf(stderr, "Failed getting NextKey\n");
+ ++i;
+ }
+
+ fprintf(stderr, "Total #records : %d\n", i);
+ return APR_SUCCESS;
+}
+
+static void to64(char *s, unsigned long v, int n)
+{
+ static unsigned char itoa64[] = /* 0 ... 63 => ASCII - 64 */
+ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+ while (--n >= 0) {
+ *s++ = itoa64[v&0x3f];
+ v >>= 6;
+ }
+}
+
+APU_HTDBM_DECLARE(apr_status_t) apu_htdbm_make(apu_htdbm_t *htdbm)
+{
+ char cpw[MAX_STRING_LEN];
+ char salt[9];
+
+ switch (htdbm->alg) {
+ case ALG_APSHA:
+ /* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */
+ apr_sha1_base64(htdbm->userpass,strlen(htdbm->userpass),cpw);
+ break;
+
+ case ALG_APMD5:
+ (void) srand((int) time((time_t *) NULL));
+ to64(&salt[0], rand(), 8);
+ salt[8] = '\0';
+ apr_md5_encode((const char *)htdbm->userpass, (const char *)salt,
+ cpw, sizeof(cpw));
+ break;
+ case ALG_PLAIN:
+ /* XXX this len limitation is not in sync with any HTTPd len. */
+ apr_cpystrn(cpw,htdbm->userpass,sizeof(cpw));
+ break;
+#if APR_HAVE_CRYPT_H
+ case ALG_CRYPT:
+ (void) srand((int) time((time_t *) NULL));
+ to64(&salt[0], rand(), 8);
+ salt[8] = '\0';
+ apr_cpystrn(cpw, (char *)crypt(htdbm->userpass, salt), sizeof(cpw) - 1);
+ fprintf(stderr, "CRYPT is now depriciated, use MD5 instead !\n");
+#endif
+ default:
+ break;
+ }
+ htdbm->userpass = apr_pstrdup(htdbm->pool, cpw);
+ return APR_SUCCESS;
+}
+
+APU_HTDBM_DECLARE(apr_status_t) apu_htdbm_valid_username(apu_htdbm_t *htdbm)
+{
+ if (!htdbm->username || (strlen(htdbm->username) > 64) || (strlen(htdbm->username) < 1)) {
+ fprintf(stderr, "Invalid username length\n");
+ return APR_EINVAL;
+ }
+ if (strchr(htdbm->username, ':')) {
+ fprintf(stderr, "Username contains invalid characters\n");
+ return APR_EINVAL;
+ }
+ return APR_SUCCESS;
+}
+
+static void htdbm_usage(void)
+{
+
+#if APR_HAVE_CRYPT_H
+#define CRYPT_OPTION "d"
+#else
+#define CRYPT_OPTION ""
+#endif
+ fprintf(stderr, "htdbm -- program for manipulating DBM password databases.\n\n");
+ fprintf(stderr, "Usage: htdbm [-cm"CRYPT_OPTION"pstvx] database username\n");
+ fprintf(stderr, " -b[cm"CRYPT_OPTION"ptsv] database username password\n");
+ fprintf(stderr, " -n[m"CRYPT_OPTION"pst] username\n");
+ fprintf(stderr, " -nb[m"CRYPT_OPTION"pst] username password\n");
+ fprintf(stderr, " -v[m"CRYPT_OPTION"ps] database username\n");
+ fprintf(stderr, " -vb[m"CRYPT_OPTION"ps] database username password\n");
+ fprintf(stderr, " -x[m"CRYPT_OPTION"ps] database username\n");
+ fprintf(stderr, " -l database\n");
+ fprintf(stderr, "Options:\n");
+ fprintf(stderr, " -b Use the password from the command line rather"
+ "than prompting for it.\n");
+ fprintf(stderr, " -c Create a new database.\n");
+ fprintf(stderr, " -n Don't update database; display results on stdout.\n");
+ fprintf(stderr, " -m Force MD5 encryption of the password (default).\n");
+#if APR_HAVE_CRYPT_H
+ fprintf(stderr, " -d Force CRYPT encryption of the password (now depriciated).\n");
+#endif
+ fprintf(stderr, " -p Do not encrypt the password (plaintext).\n");
+ fprintf(stderr, " -s Force SHA encryption of the password.\n");
+ fprintf(stderr, " -l Display usernames from database on stdout.\n");
+ fprintf(stderr, " -t The last param is username comment.\n");
+ fprintf(stderr, " -v Verify the username/password.\n");
+ fprintf(stderr, " -x Remove the username record from database.\n");
+ exit(ERR_SYNTAX);
+
+}
+
+
+int main(int argc, const char *argv[])
+{
+ apr_pool_t *pool;
+ apr_status_t rv;
+ apr_size_t l;
+ char pwi[MAX_STRING_LEN];
+ char pwc[MAX_STRING_LEN];
+ char errbuf[MAX_STRING_LEN];
+ const char *arg;
+ int need_file = 1;
+ int need_user = 1;
+ int need_pwd = 1;
+ int need_cmnt = 0;
+ int pwd_supplied = 0;
+ int changed;
+ int cmd = APU_HTDBM_MAKE;
+ int i;
+ int args_left = 2;
+
+ if ((rv = apu_htdbm_init(&pool, &h)) != APR_SUCCESS) {
+ fprintf(stderr, "Unable to initialize htdbm terminating!\n");
+ apr_strerror(rv, errbuf, sizeof(errbuf));
+ exit(1);
+ }
+ /*
+ * Preliminary check to make sure they provided at least
+ * three arguments, we'll do better argument checking as
+ * we parse the command line.
+ */
+ if (argc < 3)
+ htdbm_usage();
+ /*
+ * Go through the argument list and pick out any options. They
+ * have to precede any other arguments.
+ */
+ for (i = 1; i < argc; i++) {
+ arg = argv[i];
+ if (*arg != '-')
+ break;
+
+ while (*++arg != '\0') {
+ switch (*arg) {
+ case 'b':
+ pwd_supplied = 1;
+ need_pwd = 0;
+ args_left++;
+ break;
+ case 'c':
+ h->create = 1;
+ break;
+ case 'n':
+ need_file = 0;
+ cmd = APU_HTDBM_NOFILE;
+ args_left--;
+ break;
+ case 'l':
+ need_pwd = 0;
+ need_user = 0;
+ cmd = APU_HTDBM_LIST;
+ h->rdonly = 1;
+ args_left--;
+ break;
+ case 't':
+ need_cmnt = 1;
+ args_left++;
+ break;
+ case 'v':
+ h->rdonly = 1;
+ cmd = APU_HTDBM_VERIFY;
+ break;
+ case 'x':
+ need_pwd = 0;
+ cmd = APU_HTDBM_DELETE;
+ break;
+ case 'm':
+ h->alg = ALG_APMD5;
+ break;
+ case 'p':
+ h->alg = ALG_PLAIN;
+ break;
+ case 's':
+ h->alg = ALG_APSHA;
+ break;
+#if APR_HAVE_CRYPT_H
+ case 'd':
+ h->alg = ALG_CRYPT;
+ break;
+#endif
+ default:
+ htdbm_usage();
+ break;
+ }
+ }
+ }
+ /*
+ * Make sure we still have exactly the right number of arguments left
+ * (the filename, the username, and possibly the password if -b was
+ * specified).
+ */
+ if ((argc - i) != args_left)
+ htdbm_usage();
+
+ if (!need_file)
+ i--;
+ else {
+ h->filename = apr_pstrdup(h->pool, argv[i]);
+ if ((rv = apu_htdbm_open(h)) != APR_SUCCESS) {
+ fprintf(stderr, "Error oppening database %s\n", argv[i]);
+ apr_strerror(rv, errbuf, sizeof(errbuf));
+ exit(ERR_FILEPERM);
+ }
+ }
+ if (need_user) {
+ h->username = apr_pstrdup(pool, argv[i+1]);
+ if (apu_htdbm_valid_username(h) != APR_SUCCESS)
+ exit(ERR_BADUSER);
+ }
+ if (pwd_supplied)
+ h->userpass = apr_pstrdup(pool, argv[i+2]);
+
+ if (need_pwd) {
+ l = sizeof(pwc);
+ if (apr_password_get("Enter password : ", pwi, &l) != APR_SUCCESS) {
+ fprintf(stderr, "Password too long\n");
+ exit(ERR_OVERFLOW);
+ }
+ l = sizeof(pwc);
+ if (apr_password_get("Re-type password : ", pwc, &l) != APR_SUCCESS) {
+ fprintf(stderr, "Password too long\n");
+ exit(ERR_OVERFLOW);
+ }
+ if (strcmp(pwi, pwc) != 0) {
+ fprintf(stderr, "Password verification error\n");
+ exit(ERR_PWMISMATCH);
+ }
+
+ h->userpass = apr_pstrdup(pool, pwi);
+ }
+ if (need_cmnt && pwd_supplied)
+ h->comment = apr_pstrdup(pool, argv[i+3]);
+ else if (need_cmnt)
+ h->comment = apr_pstrdup(pool, argv[i+2]);
+
+ switch (cmd) {
+ case APU_HTDBM_VERIFY:
+ if ((rv = apu_htdbm_verify(h)) != APR_SUCCESS) {
+ if(rv == APR_ENOENT) {
+ fprintf(stderr, "The user '%s' cold not be found in database\n", h->username);
+ exit(ERR_BADUSER);
+ }
+ else {
+ fprintf(stderr, "Password mismatch for user '%s'\n", h->username);
+ exit(ERR_PWMISMATCH);
+ }
+ }
+ else
+ fprintf(stderr, "Password validated for user '%s'\n", h->username);
+ break;
+ case APU_HTDBM_DELETE:
+ if (apu_htdbm_del(h) != APR_SUCCESS) {
+ fprintf(stderr, "Cannot find user '%s' in database\n", h->username);
+ exit(ERR_BADUSER);
+ }
+ h->username = NULL;
+ changed = 1;
+ break;
+ case APU_HTDBM_LIST:
+ apu_htdbm_list(h);
+ break;
+ default:
+ apu_htdbm_make(h);
+ break;
+
+ }
+ if (need_file && !h->rdonly) {
+ if ((rv = apu_htdbm_save(h, &changed)) != APR_SUCCESS) {
+ apr_strerror(rv, errbuf, sizeof(errbuf));
+ exit(ERR_FILEPERM);
+ }
+ fprintf(stdout, "Database %s %s.\n", h->filename,
+ h->create ? "created" : (changed ? "modified" : "updated"));
+ }
+ if (cmd == APU_HTDBM_NOFILE)
+ fprintf(stderr, "%s:%s\n", h->username, h->userpass);
+ apu_htdbm_terminate(h);
+ apr_terminate();
+
+ return 0; /* Supress compiler warning. */
+}
--- /dev/null
+# Microsoft Developer Studio Project File - Name="htdbm" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=htdbm - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "htdbm.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "htdbm.mak" CFG="htdbm - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "htdbm - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "htdbm - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "htdbm - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /D "APR_DECLARE_STATIC" /D "APU_DECLARE_STATIC" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../srclib/apr/include" /I "../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "APR_DECLARE_STATIC" /D "APU_DECLARE_STATIC" /Fd"Release/htdbm" /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib advapi32.lib wsock32.lib ws2_32.lib /nologo /subsystem:console /map /machine:I386
+# ADD LINK32 kernel32.lib advapi32.lib wsock32.lib ws2_32.lib /nologo /subsystem:console /map /machine:I386
+
+!ELSEIF "$(CFG)" == "htdbm - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /D "APR_DECLARE_STATIC" /D "APU_DECLARE_STATIC" /FD /c
+# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../srclib/apr/include" /I "../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "APR_DECLARE_STATIC" /D "APU_DECLARE_STATIC" /Fd"Debug/htdbm" /FD /c
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib advapi32.lib wsock32.lib ws2_32.lib /nologo /subsystem:console /incremental:no /map /debug /machine:I386
+# ADD LINK32 kernel32.lib advapi32.lib wsock32.lib ws2_32.lib /nologo /subsystem:console /incremental:no /map /debug /machine:I386
+
+!ENDIF
+
+# Begin Target
+
+# Name "htdbm - Win32 Release"
+# Name "htdbm - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\htdbm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\htdbm.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "htdbm - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\build\win32\win32ver.awk
+
+".\htdbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../build/win32/win32ver.awk htdbm "htdbm Utility" ../include/ap_release.h > .\htdbm.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "htdbm - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\build\win32\win32ver.awk
+
+".\htdbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../build/win32/win32ver.awk htdbm "htdbm Utility" ../include/ap_release.h > .\htdbm.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
--- /dev/null
+MODULE APRLIB.NLM
+MODULE LIBC.NLM
+
projects / thirdparty / apache / httpd.git / commitdiff
