<p>To summarize:
<center><pre>
- #open files <= soft limit <= hard limit <= kernel limit
+ #open files <= soft limit <= hard limit <= kernel limit
</pre></center>
<p>You control the hard and soft limits using the <code>limit</code> (csh)
will run into trouble if more than approximately 240 Listen
directives are used. This may be cured by rebuilding your kernel
with a higher FD_SETSIZE.
- </p>
+ <p>
<dt> <b>FreeBSD 2.2, BSDI 2.1+</b>
<dd> Similar to the BSDI 2.0 case, you should define
<code>FD_SETSIZE</code> and rebuild. But the extra
Listen limitation doesn't exist.
- </p>
+ <p>
<dt> <b>Linux</b>
<dd> By default Linux has a kernel maximum of 256 open descriptors
256. As of this writing the patches available for increasing
the number of descriptors do not take this into account. On a
dedicated webserver you probably won't run into trouble.
- </p>
+ <p>
<dt> <b>Solaris through 2.5.1</b>
<dd> Solaris has a kernel hard limit of 1024 (may be lower in earlier
build Apache with <code>-DHIGH_SLACK_LINE=256</code> added to
<code>EXTRA_CFLAGS</code>. You will be limited to approximately
240 error logs if you do this.
- </p>
+ <p>
<dt> <b>AIX version ??</b>
<dd> AIX appears to have a hard limit of 128 descriptors. End of
story.
- </p>
+ <p>
<dt> <b>Others</b>
<dd> If you have details on another operating system, please submit
it through our <a href="http://www.apache.org/bug_report.html">Bug
Report Page</a>.
- </p>
+ <p>
</dl>
>UserDir</A>
directive; setting it to something like <SAMP>"./"</SAMP>
would have the same effect, for root, as the first example above.
+If you are using Apache 1.3 or above, we strongly recommend that you
+include the following line in your server configuration files:
</P>
+<DL>
+ <DD><SAMP>UserDir disabled root</SAMP>
+ </DD>
+</DL>
<HR>
<P>Please send any other useful security tips to The Apache Group
<pre>
% msqladmin create www <br>
% msql www <br>
- -> create table user_records ( <br>
- -> User_id char(32) primary key, <br>
- -> Cpasswd char(32), <br>
- -> Xgroup char(32) <br>
- -> ) \g <br>
+ -> create table user_records ( <br>
+ -> User_id char(32) primary key, <br>
+ -> Cpasswd char(32), <br>
+ -> Xgroup char(32) <br>
+ -> ) \g <br>
query OK <br>
- -> \q <br>
+ -> \q <br>
% <br>
</pre><br>
It operates on the full URLs (including the PATH_INFO part) both in
per-server context (httpd.conf) and per-dir context (.htaccess) and even
can generate QUERY_STRING parts on result. The rewritten result can lead to internal sub-processing, external request redirection or to internal proxy throughput.
-</b>
<p>
The latest version can be found on<br>
config.
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
To disable the logging of rewriting actions it is not recommended
to set <em>Filename</em>
</table>
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
SECURITY: See the <a
href="../misc/security_tips.html">Apache Security
This disables all rewrite action logs.
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
<b>Notice:</b> Using a high value for <i>Level</i> will slow down your Apache
server dramatically! Use the rewriting logfile only for debugging or at least
<li><b>DBM Hashfile Format</b>
<p>
This is a binary NDBM format file containing the
- same contents as the <em>Plain Text Format</b> files. You can create
+ same contents as the <em>Plain Text Format</em> files. You can create
such a file with any NDBM tool or with the <tt>dbmmanage</tt> program
from the <tt>support</tt> directory of the Apache distribution.
<p>
context.
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
For plain text and DBM format files the looked-up keys are cached in-core
until the <tt>mtime</tt> of the mapfile changes or the server does a
directive to specify the correct URL-prefix.
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
So, if your webserver's URLs are <b>not</b> directly
related to physical file paths, you have to use <tt>RewriteBase</tt> in every
rewritten to the physical file <tt>/abc/def/newstuff.html</tt>.
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
<font size=-1>
<b>For the Apache hackers:</b><br>
/xyz/oldstuff.html
Internal Processing:
- /xyz/oldstuff.html -> /abc/def/oldstuff.html (per-server Alias)
- /abc/def/oldstuff.html -> /abc/def/newstuff.html (per-dir RewriteRule)
- /abc/def/newstuff.html -> /xyz/newstuff.html (per-dir RewriteBase)
- /xyz/newstuff.html -> /abc/def/newstuff.html (per-server Alias)
+ /xyz/oldstuff.html -> /abc/def/oldstuff.html (per-server Alias)
+ /abc/def/oldstuff.html -> /abc/def/newstuff.html (per-dir RewriteRule)
+ /abc/def/newstuff.html -> /xyz/newstuff.html (per-dir RewriteBase)
+ /xyz/newstuff.html -> /abc/def/newstuff.html (per-server Alias)
Result:
/abc/def/newstuff.html
<p>
The <tt>RewriteCond</tt> directive defines a rule condition. Precede a
-<tt>RewriteRule</tt> directive with one or more <t>RewriteCond</tt>
+<tt>RewriteRule</tt> directive with one or more <tt>RewriteCond</tt>
directives.
The following rewriting rule is only used if its pattern matches the current
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
These variables all correspond to the similar named HTTP MIME-headers, C
variables of the Apache server or <tt>struct tm</tt> fields of the Unix
last default rule.
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
<b>Notice!</b> When using the NOT character to negate a pattern you cannot
have grouped wildcard parts in the pattern. This is impossible because when
pattern to be applied before a substitution occurs.
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
<b>Notice</b>: There is a special feature. When you prefix a substitution
field with <tt>http://</tt><em>thishost</em>[<em>:thisport</em>] then
typical example is the use of <tt>mod_alias</tt> and
<tt>mod_rewrite</tt>..
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
<font size=-1>
<b>For the Apache hackers:</b><br>
</ul>
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
Remember: Never forget that <em>Pattern</em> gets applied to a complete URL
in per-server configuration files. <b>But in per-directory configuration
</table>
<p>
-<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
+<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
<tr><td>
Notice! To enable the rewriting engine for per-directory configuration files
you need to set ``<tt>RewriteEngine On</tt>'' in these files <b>and</b>
</table>
-</td>
-</tr>
-</table>
-
<p>
<b>Example:</b>
<p>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_userdir<br>
<strong>Compatibility:</strong> All forms except the <code>UserDir
-public_html</code> form are only available in Apache 1.1 or above.<p>
+public_html</code> form are only available in Apache 1.1 or above. Use
+of the <SAMP>enabled</SAMP> keyword, or <SAMP>disabled</SAMP> with a
+list of usernames, is only available in Apache 1.3 and above.<p>
The UserDir directive sets the real directory in a user's home directory
to use when a request for a document for a user is received.
-<em>Directory</em> is either <code>disabled</code>, to disable this feature,
- or the name of a directory, following one of the following
-patterns. If not disabled, then a request for
+<em>Directory/filename</em> is one of the following:
+</P>
+<UL>
+ <LI>The name of a directory or a pattern such as those shown below.
+ </LI>
+ <LI>The keyword <SAMP>disabled</SAMP>. This turns off <EM>all</EM>
+ username-to-directory translations except those explicitly named with
+ the <SAMP>enabled</SAMP> keyword (see below).
+ </LI>
+ <LI>The keyword <SAMP>disabled</SAMP> followed by a space-delimited
+ list of usernames. Usernames that appear in such a list will
+ <EM>never</EM> have directory translation performed, even if they
+ appear in an <SAMP>enabled</SAMP> clause.
+ </LI>
+ <LI>The keyword <SAMP>enabled</SAMP> followed by a space-delimited list
+ of usernames. These usernames will have directory translation
+ performed even if a global disable is in effect, but not if they also
+ appear in a <SAMP>disabled</SAMP> clause.
+ </LI>
+</UL>
+<P>
+If neither the <SAMP>enabled</SAMP> nor the <SAMP>disabled</SAMP>
+keywords appear in the <SAMP>Userdir</SAMP> directive, the argument is
+treated as a filename pattern, and is used to turn the name into a
+directory specification. A request for
<code>http://www.foo.com/~bob/one/two.html</code> will be translated to:
<pre>
-UserDir public_html -> ~bob/public_html/one/two.html
-UserDir /usr/web -> /usr/web/bob/one/two.html
-UserDir /home/*/www -> /home/bob/www/one/two.html
+UserDir public_html -> ~bob/public_html/one/two.html
+UserDir /usr/web -> /usr/web/bob/one/two.html
+UserDir /home/*/www -> /home/bob/www/one/two.html
</pre>
The following directives will send redirects to the client:
<pre>
-UserDir http://www.foo.com/users -> http//www.foo.com/users/bob/one/two.html
-UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html
-UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html
+UserDir http://www.foo.com/users -> http//www.foo.com/users/bob/one/two.html
+UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html
+UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html
</pre>
-
-<P>
-<STRONG>
-Be careful when using this directive; for instance, <SAMP>"UserDir
-./"</SAMP> would map <SAMP>"/~root"</SAMP> to
-<SAMP>"/"</SAMP> - which is probably undesirable. See also
-the
-<A
- HREF="core.html#directory"
-><Directory></A>
-directive and the
-<A
- HREF="../misc/security_tips.html"
->Security Tips</A>
-page for more information.
-</STRONG>
</P>
+<BLOCKQUOTE>
+ <STRONG>
+ Be careful when using this directive; for instance,
+ <SAMP>"UserDir ./"</SAMP> would map
+ <SAMP>"/~root"</SAMP> to
+ <SAMP>"/"</SAMP> - which is probably undesirable. If you are
+ running Apache 1.3 or above, it is strongly recommended that your
+ configuration include a
+ "<SAMP>UserDir disabled root</SAMP>" declaration.
+ See also
+ the
+ <A
+ HREF="core.html#directory"
+ ><Directory></A>
+ directive and the
+ <A
+ HREF="../misc/security_tips.html"
+ >Security Tips</A>
+ page for more information.
+ </STRONG>
+</BLOCKQUOTE>
<!--#include virtual="footer.html" -->
</BODY>
<li>Place all main_server definitions before any VirtualHost definitions.
(This is to aid the readability of the configuration -- the post-config
merging process makes it non-obvious that definitions mixed in around
-virtualhosts might affect all virtualhosts.)</p>
+virtualhosts might affect all virtualhosts.)
+<p>
<li>Arrange your VirtualHosts such
that all name-based virtual hosts come first, followed by IP-based
-virtual hosts, followed by any <SAMP>_default_</SAMP> virtual host</p>
+virtual hosts, followed by any <SAMP>_default_</SAMP> virtual host
+<p>
<li>Avoid <code>ServerPaths</code> which are prefixes of other
<code>ServerPaths</code>. If you cannot avoid this then you have to
ensure that the longer (more specific) prefix vhost appears earlier in
the configuration file than the shorter (less specific) prefix
(<EM>i.e.</EM>, "ServerPath /abc" should appear after
-"ServerPath /abcdef"). </p>
+"ServerPath /abcdef").
+<p>
<li>Do not use <i>port-based</i> vhosts in the same server as
name-based vhosts. A loose definition for port-based is a vhost which
is determined by the port on the server (<em>i.e.</em> one server with
-ports 8000, 8080, and 80 all of which have different configurations).</p>
+ports 8000, 8080, and 80 all of which have different configurations).
+<p>
</ul>
projects / thirdparty / apache / httpd.git / commitdiff
