<li><a href="../bind.html">Setting which addresses and ports Apache
uses</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="MaxRequestsPerThread" id="MaxRequestsPerThread">MaxRequestsPerThread</a> <a name="maxrequestsperthread" id="maxrequestsperthread">Directive</a></h2>
<table class="directive">
</div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../de/mod/beos.html" hreflang="de" rel="alternate" title="Deutsch"> de </a> |
<li><img alt="" src="../images/down.gif" /> <a href="#virtualhost"><VirtualHost></a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AcceptFilter" id="AcceptFilter">AcceptFilter</a> <a name="acceptfilter" id="acceptfilter">Directive</a></h2>
<table class="directive">
different sections are combined when a request is received</li>
</ul>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../de/mod/core.html" hreflang="de" rel="alternate" title="Deutsch"> de </a> |
script's arguments when building the <code class="program"><a href="../programs/httpd.html">httpd</a></code>.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#how-it-works">How it Works</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requirements">Requirements</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#acceptmutex">AcceptMutex</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#coredumpdirectory">CoreDumpDirectory</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#threadstacksize">ThreadStackSize</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#user">User</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#how-it-works">How it Works</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#requirements">Requirements</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="worker.html">The worker MPM</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<li><a href="../howto/cgi.html">Dynamic Content with CGI</a></li>
<li><a href="../handler.html">Apache's Handler Use</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Action" id="Action">Action</a> <a name="action" id="action">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../de/mod/mod_actions.html" hreflang="de" rel="alternate" title="Deutsch"> de </a> |
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#order">Order of Processing</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#alias">Alias</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#aliasmatch">AliasMatch</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#scriptalias">ScriptAlias</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#scriptaliasmatch">ScriptAliasMatch</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#order">Order of Processing</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code></li>
<li><a href="../urlmapping.html">Mapping URLs to the filesystem</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="order" id="order">Order of Processing</a></h2>
+
+ <p>Aliases and Redirects occurring in different contexts are processed
+ like other directives according to standard <a href="../sections.html#mergin">merging rules</a>. But when multiple
+ Aliases or Redirects occur in the same context (for example, in the
+ same <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code>
+ section) they are processed in a particular order.</p>
+
+ <p>First, all Redirects are processed before Aliases are processed,
+ and therefore a request that matches a <code class="directive"><a href="#redirect">Redirect</a></code> or <code class="directive"><a href="#redirectmatch">RedirectMatch</a></code> will never have Aliases
+ applied. Second, the Aliases and Redirects are processed in the order
+ they appear in the configuration files, with the first match taking
+ precedence.</p>
+
+ <p>For this reason, when two or more of these directives apply to the
+ same sub-path, you must list the most specific path first in order for
+ all the directives to have an effect. For example, the following
+ configuration will work as expected:</p>
+
+ <div class="example"><p><code>
+ Alias /foo/bar /baz<br />
+ Alias /foo /gaq
+ </code></p></div>
+
+ <p>But if the above two directives were reversed in order, the
+ <code>/foo</code> <code class="directive"><a href="#alias">Alias</a></code>
+ would always match before the <code>/foo/bar</code> <code class="directive"><a href="#alias">Alias</a></code>, so the latter directive would be
+ ignored.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Alias" id="Alias">Alias</a> <a name="alias" id="alias">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps URLs to filesystem locations</td></tr>
details.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="order" id="order">Order of Processing</a></h2>
-
- <p>Aliases and Redirects occurring in different contexts are processed
- like other directives according to standard <a href="../sections.html#mergin">merging rules</a>. But when multiple
- Aliases or Redirects occur in the same context (for example, in the
- same <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code>
- section) they are processed in a particular order.</p>
-
- <p>First, all Redirects are processed before Aliases are processed,
- and therefore a request that matches a <code class="directive"><a href="#redirect">Redirect</a></code> or <code class="directive"><a href="#redirectmatch">RedirectMatch</a></code> will never have Aliases
- applied. Second, the Aliases and Redirects are processed in the order
- they appear in the configuration files, with the first match taking
- precedence.</p>
-
- <p>For this reason, when two or more of these directives apply to the
- same sub-path, you must list the most specific path first in order for
- all the directives to have an effect. For example, the following
- configuration will work as expected:</p>
-
- <div class="example"><p><code>
- Alias /foo/bar /baz<br />
- Alias /foo /gaq
- </code></p></div>
-
- <p>But if the above two directives were reversed in order, the
- <code>/foo</code> <code class="directive"><a href="#alias">Alias</a></code>
- would always match before the <code>/foo/bar</code> <code class="directive"><a href="#alias">Alias</a></code>, so the latter directive would be
- ignored.</p>
-
</div>
</div>
<div class="bottomlang">
<p>For historical reasons, this module will also process any
file with the mime type <code>httpd/send-as-is</code>.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
- directives.</p>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#usage">Usage</a></li>
-</ul><h3>See also</h3>
+</ul><h3 class="directives">Directives</h3>
+<p>This module provides no
+ directives.</p>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code></li>
<li><code class="module"><a href="../mod/mod_cern_meta.html">mod_cern_meta</a></code></li>
<li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li>
<li><a href="../howto/auth.html">Authentication howto</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthBasicAuthoritative" id="AuthBasicAuthoritative">AuthBasicAuthoritative</a> <a name="authbasicauthoritative" id="authbasicauthoritative">Directive</a></h2>
<table class="directive">
and <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_auth_basic.html" title="English"> en </a> |
whole connection using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> is a much better
alternative.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestshmemsize">AuthDigestShmemSize</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li>
<li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li>
<li><a href="../howto/auth.html">Authentication howto</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="using" id="using">Using Digest Authentication</a></h2>
+
+ <p>Using MD5 Digest authentication is very simple. Simply set
+ up authentication normally, using <code>AuthType Digest</code> and
+ <code class="directive"><a href="#authdigestprovider">AuthDigestProvider</a></code>
+ instead of the normal <code>AuthType Basic</code> and
+ <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>.
+ Then add a <code class="directive"><a href="#authdigestdomain">AuthDigestDomain</a></code> directive containing at least the root
+ URI(s) for this protection space.</p>
+
+ <p>Appropriate user (text) files can be created using the
+ <code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p>
+
+ <div class="example"><h3>Example:</h3><p><code>
+ <Location /private/><br />
+ <span class="indent">
+ AuthType Digest<br />
+ AuthName "private area"<br />
+ AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
+ <br />
+ AuthDigestProvider file<br />
+ AuthUserFile /web/auth/.digest_pw<br />
+ Require valid-user<br />
+ </span>
+ </Location>
+ </code></p></div>
+
+ <div class="note"><h3>Note</h3>
+ <p>Digest authentication was intended to be more secure than basic
+ authentication, but no longer fulfills that design goal. A
+ man-in-the-middle attacker can trivially force the browser to downgrade
+ to basic authentication. And even a passive eavesdropper can brute-force
+ the password using today's graphics hardware, because the hashing
+ algorithm used by digest authentication is too fast. Another problem is
+ that the storage of the passwords on the server is insecure. The contents
+ of a stolen htdigest file can be used directly for digest authentication.
+ Therefore using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> to encrypt the whole connection is
+ strongly recommended.</p>
+ </div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Selects the algorithm used to calculate the challenge and
</code></p></div>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="using" id="using">Using Digest Authentication</a></h2>
-
- <p>Using MD5 Digest authentication is very simple. Simply set
- up authentication normally, using <code>AuthType Digest</code> and
- <code class="directive"><a href="#authdigestprovider">AuthDigestProvider</a></code>
- instead of the normal <code>AuthType Basic</code> and
- <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>.
- Then add a <code class="directive"><a href="#authdigestdomain">AuthDigestDomain</a></code> directive containing at least the root
- URI(s) for this protection space.</p>
-
- <p>Appropriate user (text) files can be created using the
- <code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p>
-
- <div class="example"><h3>Example:</h3><p><code>
- <Location /private/><br />
- <span class="indent">
- AuthType Digest<br />
- AuthName "private area"<br />
- AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
- <br />
- AuthDigestProvider file<br />
- AuthUserFile /web/auth/.digest_pw<br />
- Require valid-user<br />
- </span>
- </Location>
- </code></p></div>
-
- <div class="note"><h3>Note</h3>
- <p>Digest authentication was intended to be more secure than basic
- authentication, but no longer fulfills that design goal. A
- man-in-the-middle attacker can trivially force the browser to downgrade
- to basic authentication. And even a passive eavesdropper can brute-force
- the password using today's graphics hardware, because the hashing
- algorithm used by digest authentication is too fast. Another problem is
- that the storage of the passwords on the server is insecure. The contents
- of a stolen htdigest file can be used directly for digest authentication.
- Therefore using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> to encrypt the whole connection is
- strongly recommended.</p>
- </div>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_auth_digest.html" title="English"> en </a> |
locations.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#example">Examples</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#authnprovideralias"><AuthnProviderAlias></a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#example">Examples</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthnProviderAlias" id="AuthnProviderAlias"><AuthnProviderAlias></a> <a name="authnprovideralias" id="authnprovideralias">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of directives that represent an
-extension of a base authentication provider and referenced by
-the specified alias</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><AuthnProviderAlias <var>baseProvider Alias</var>>
-... </AuthnProviderAlias></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authn_alias</td></tr>
-</table>
- <p><code class="directive"><AuthnProviderAlias></code> and
- <code></AuthnProviderAlias></code> are used to enclose a group of
- authentication directives that can be referenced by the alias name
- using one of the directives <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">
- AuthBasicProvider</a></code> or <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">
- AuthDigestProvider</a></code>.</p>
-
- <div class="note">This directive has no affect on authorization, even for modules that
- provide both authentication and authorization.</div>
-
-</div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="example" id="example">Examples</a></h2>
</Directory><br />
</code></p></div>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthnProviderAlias" id="AuthnProviderAlias"><AuthnProviderAlias></a> <a name="authnprovideralias" id="authnprovideralias">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of directives that represent an
+extension of a base authentication provider and referenced by
+the specified alias</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><AuthnProviderAlias <var>baseProvider Alias</var>>
+... </AuthnProviderAlias></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authn_alias</td></tr>
+</table>
+ <p><code class="directive"><AuthnProviderAlias></code> and
+ <code></AuthnProviderAlias></code> are used to enclose a group of
+ authentication directives that can be referenced by the alias name
+ using one of the directives <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">
+ AuthBasicProvider</a></code> or <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">
+ AuthDigestProvider</a></code>.</p>
+
+ <div class="note">This directive has no affect on authorization, even for modules that
+ provide both authentication and authorization.</div>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authn_alias.html" title="English"> en </a> |
via the <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
directive with the <code>anon</code> value.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous">Anonymous</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_logemail">Anonymous_LogEmail</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_nouserid">Anonymous_NoUserID</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="example" id="example">Example</a></h2>
+ <p>The example below is combined with "normal" htpasswd-file based
+ authentication and allows users in additionally as 'guests' with the
+ following properties:</p>
+
+ <ul>
+ <li>It insists that the user enters a userID.
+ (<code class="directive"><a href="#anonymous_nouserid">Anonymous_NoUserID</a></code>)</li>
+
+ <li>It insists that the user enters a password.
+ (<code class="directive"><a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></code>)</li>
+
+ <li>The password entered must be a valid email address, <em>i.e.</em>
+ contain at least one '@' and a '.'.
+ (<code class="directive"><a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></code>)</li>
+
+ <li>The userID must be one of <code>anonymous guest www test
+ welcome</code> and comparison is <strong>not</strong> case
+ sensitive. (<code class="directive"><a href="#anonymous">Anonymous</a></code>)</li>
+
+ <li>And the Email addresses entered in the passwd field are
+ logged to the error log file.
+ (<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
+ </ul>
+
+ <div class="example"><h3>Example</h3><p><code>
+ <Directory /foo>
+ <span class="indent">
+ AuthName "Use 'anonymous' & Email address for guest entry"<br />
+ AuthType Basic<br />
+ AuthBasicProvider file anon<br />
+ AuthUserFile /path/to/your/.htpasswd<br />
+ <br />
+ Anonymous_NoUserID off<br />
+ Anonymous_MustGiveEmail on<br />
+ Anonymous_VerifyEmail on<br />
+ Anonymous_LogEmail on<br />
+ Anonymous anonymous guest www test welcome<br />
+ <br />
+ Order Deny,Allow<br />
+ Allow from all<br />
+ <br />
+ Require valid-user<br />
+ </span>
+ </Directory>
+ </code></p></div>
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Anonymous" id="Anonymous">Anonymous</a> <a name="anonymous" id="anonymous">Directive</a></h2>
<table class="directive">
addresses (see the above <code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>).</p>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="example" id="example">Example</a></h2>
- <p>The example below is combined with "normal" htpasswd-file based
- authentication and allows users in additionally as 'guests' with the
- following properties:</p>
-
- <ul>
- <li>It insists that the user enters a userID.
- (<code class="directive"><a href="#anonymous_nouserid">Anonymous_NoUserID</a></code>)</li>
-
- <li>It insists that the user enters a password.
- (<code class="directive"><a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></code>)</li>
-
- <li>The password entered must be a valid email address, <em>i.e.</em>
- contain at least one '@' and a '.'.
- (<code class="directive"><a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></code>)</li>
-
- <li>The userID must be one of <code>anonymous guest www test
- welcome</code> and comparison is <strong>not</strong> case
- sensitive. (<code class="directive"><a href="#anonymous">Anonymous</a></code>)</li>
-
- <li>And the Email addresses entered in the passwd field are
- logged to the error log file.
- (<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
- </ul>
-
- <div class="example"><h3>Example</h3><p><code>
- <Directory /foo>
- <span class="indent">
- AuthName "Use 'anonymous' & Email address for guest entry"<br />
- AuthType Basic<br />
- AuthBasicProvider file anon<br />
- AuthUserFile /path/to/your/.htpasswd<br />
- <br />
- Anonymous_NoUserID off<br />
- Anonymous_MustGiveEmail on<br />
- Anonymous_VerifyEmail on<br />
- Anonymous_LogEmail on<br />
- Anonymous anonymous guest www test welcome<br />
- <br />
- Order Deny,Allow<br />
- Allow from all<br />
- <br />
- Require valid-user<br />
- </span>
- </Directory>
- </code></p></div>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authn_anon.html" title="English"> en </a> |
<code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
with the <code>dbd</code> value.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#example">Configuration Example</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#exposed">Exposing Login Information</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#authdbduserpwquery">AuthDBDUserPWQuery</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdbduserrealmquery">AuthDBDUserRealmQuery</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#example">Configuration Example</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#exposed">Exposing Login Information</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li>
<li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li>
<li><code class="directive"><a href="../mod/mod_dbd.html#dbdparams">DBDParams</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="example" id="example">Configuration Example</a></h2>
+
+<p>This simple example shows use of this module in the context of
+the Authentication and DBD frameworks. Please note that you need
+to load an authorization module, such as <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>,
+to get it working.</p>
+<div class="example"><pre># mod_dbd configuration
+DBDriver pgsql
+DBDParams "dbname=apacheauth user=apache password=xxxxxx"
+
+DBDMin 4
+DBDKeep 8
+DBDMax 20
+DBDExptime 300
+
+<Directory /usr/www/myhost/private>
+ # core authentication and mod_auth_basic configuration
+ # for mod_authn_dbd
+ AuthType Basic
+ AuthName "My Server"
+ AuthBasicProvider dbd
+
+ # core authorization configuration
+ Require valid-user
+
+ # mod_authn_dbd SQL query to authenticate a user
+ AuthDBDUserPWQuery \
+ "SELECT password FROM authn WHERE user = %s"
+</Directory></pre></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="exposed" id="exposed">Exposing Login Information</a></h2>
+
+<p>
+If httpd was built against <a class="glossarylink" href="../glossary.html#apr" title="see glossary">APR</a> version 1.3.0
+or higher, then whenever a query is made to the database server, all
+column values in the first row returned by the query are placed in the
+environment, using environment variables with the prefix "AUTHENTICATE_".
+</p>
+<p>If a database query for example returned the username, full name
+and telephone number of a user, a CGI program will have access to
+this information without the need to make a second independent database
+query to gather this additional information.</p>
+<p>This has the potential to dramatically simplify the coding and
+configuration required in some web applications.
+</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthDBDUserPWQuery" id="AuthDBDUserPWQuery">AuthDBDUserPWQuery</a> <a name="authdbduserpwquery" id="authdbduserpwquery">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>SQL query to look up a password for a user</td></tr>
<code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>) is being used. See <a href="../misc/password_encryptions.html">Password Formats</a> for
more information.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="example" id="example">Configuration Example</a></h2>
-
-<p>This simple example shows use of this module in the context of
-the Authentication and DBD frameworks. Please note that you need
-to load an authorization module, such as <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>,
-to get it working.</p>
-<div class="example"><pre># mod_dbd configuration
-DBDriver pgsql
-DBDParams "dbname=apacheauth user=apache password=xxxxxx"
-
-DBDMin 4
-DBDKeep 8
-DBDMax 20
-DBDExptime 300
-
-<Directory /usr/www/myhost/private>
- # core authentication and mod_auth_basic configuration
- # for mod_authn_dbd
- AuthType Basic
- AuthName "My Server"
- AuthBasicProvider dbd
-
- # core authorization configuration
- Require valid-user
-
- # mod_authn_dbd SQL query to authenticate a user
- AuthDBDUserPWQuery \
- "SELECT password FROM authn WHERE user = %s"
-</Directory></pre></div>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="exposed" id="exposed">Exposing Login Information</a></h2>
-
-<p>
-If httpd was built against <a class="glossarylink" href="../glossary.html#apr" title="see glossary">APR</a> version 1.3.0
-or higher, then whenever a query is made to the database server, all
-column values in the first row returned by the query are placed in the
-environment, using environment variables with the prefix "AUTHENTICATE_".
-</p>
-<p>If a database query for example returned the username, full name
-and telephone number of a user, a CGI program will have access to
-this information without the need to make a second independent database
-query to gather this additional information.</p>
-<p>This has the potential to dramatically simplify the coding and
-configuration required in some web applications.
-</p>
</div>
</div>
<div class="bottomlang">
<code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
</li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthDBMType" id="AuthDBMType">AuthDBMType</a> <a name="authdbmtype" id="authdbmtype">Directive</a></h2>
<table class="directive">
format password files for use with this module.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authn_dbm.html" title="English"> en </a> |
<li><img alt="" src="../images/down.gif" /> <a href="#authdefaultauthoritative">AuthDefaultAuthoritative</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthDefaultAuthoritative" id="AuthDefaultAuthoritative">AuthDefaultAuthoritative</a> <a name="authdefaultauthoritative" id="authdefaultauthoritative">Directive</a></h2>
<table class="directive">
</div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authn_default.html" title="English"> en </a> |
<li><code class="program"><a href="../programs/htpasswd.html">htpasswd</a></code></li>
<li><code class="program"><a href="../programs/htdigest.html">htdigest</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2>
<table class="directive">
</div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authn_file.html" title="English"> en </a> |
via the <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
directive with the <code>ldap</code> value.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#contents">Contents</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#operation">Operation</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#usingtls">Using TLS</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#usingssl">Using SSL</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#exposed">Exposing Login Information</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#frontpage">Using Microsoft
+ FrontPage with mod_authnz_ldap</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#authldapbindauthoritative">AuthLDAPBindAuthoritative</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapbinddn">AuthLDAPBindDN</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapurl">AuthLDAPUrl</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#contents">Contents</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#operation">Operation</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#usingtls">Using TLS</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#usingssl">Using SSL</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#exposed">Exposing Login Information</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#frontpage">Using Microsoft
- FrontPage with mod_authnz_ldap</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code></li>
<li><code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code></li>
<li><code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPBindAuthoritative" id="AuthLDAPBindAuthoritative">AuthLDAPBindAuthoritative</a> <a name="authldapbindauthoritative" id="authldapbindauthoritative">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPBindAuthoritative<em>off|on</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPBindAuthoritative on</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in versions later than 2.2.14</td></tr>
-</table>
- <p>By default, subsequent authentication providers are only queried if a
- user cannot be mapped to a DN, but not if the user can be mapped to a DN and their
- password cannot be verified with an LDAP bind.
- If <code class="directive"><a href="#authldapbindauthoritative">AuthLDAPBindAuthoritative</a></code>
- is set to <em>off</em>, other configured authentication modules will have
- a chance to validate the user if the LDAP bind (with the current user's credentials)
- fails for any reason.</p>
- <p> This allows users present in both LDAP and
- <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code> to authenticate
- when the LDAP server is available but the user's account is locked or password
- is otherwise unusable.</p>
+<div class="section">
+<h2><a name="contents" id="contents">Contents</a></h2>
-<h3>See also</h3>
-<ul>
-<li><code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code></li>
-<li><code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPBindDN" id="AuthLDAPBindDN">AuthLDAPBindDN</a> <a name="authldapbinddn" id="authldapbinddn">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Optional DN to use in binding to the LDAP server</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPBindDN <em>distinguished-name</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>An optional DN used to bind to the server when searching for
- entries. If not provided, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will use
- an anonymous bind.</p>
+ <ul>
+ <li>
+ <a href="#operation">Operation</a>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPBindPassword" id="AuthLDAPBindPassword">AuthLDAPBindPassword</a> <a name="authldapbindpassword" id="authldapbindpassword">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Password used in conjuction with the bind DN</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPBindPassword <em>password</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td><em>exec:</em> was added in 2.2.25.</td></tr>
-</table>
- <p>A bind password to use in conjunction with the bind DN. Note
- that the bind password is probably sensitive data, and should be
- properly protected. You should only use the <code class="directive"><a href="#authldapbinddn">AuthLDAPBindDN</a></code> and <code class="directive"><a href="#authldapbindpassword">AuthLDAPBindPassword</a></code> if you
- absolutely need them to search the directory.</p>
+ <ul>
+ <li><a href="#authenphase">The Authentication
+ Phase</a></li>
- <p>If the value begins with exec: the resulting command will be
- executed and the first line returned to standard output by the
- program will be used as the password.</p>
-<div class="example"><pre>#Password used as-is
-AuthLDAPBindPassword secret
+ <li><a href="#authorphase">The Authorization
+ Phase</a></li>
+ </ul>
+ </li>
-#Run /path/to/program to get my password
-AuthLDAPBindPassword exec:/path/to/program
+ <li>
+ <a href="#requiredirectives">The Require Directives</a>
-#Run /path/to/otherProgram and provide arguments
-AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"</pre></div>
+ <ul>
+ <li><a href="#requser">Require ldap-user</a></li>
+ <li><a href="#reqgroup">Require ldap-group</a></li>
+ <li><a href="#reqdn">Require ldap-dn</a></li>
+ <li><a href="#reqattribute">Require ldap-attribute</a></li>
+ <li><a href="#reqfilter">Require ldap-filter</a></li>
+ </ul>
+ </li>
+ <li><a href="#examples">Examples</a></li>
+ <li><a href="#usingtls">Using TLS</a></li>
+ <li><a href="#usingssl">Using SSL</a></li>
+ <li><a href="#exposed">Exposing Login Information</a></li>
+ <li>
+ <a href="#frontpage">Using Microsoft FrontPage with
+ <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code></a>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPCharsetConfig" id="AuthLDAPCharsetConfig">AuthLDAPCharsetConfig</a> <a name="authldapcharsetconfig" id="authldapcharsetconfig">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Language to charset conversion configuration file</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPCharsetConfig <em>file-path</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>The <code class="directive">AuthLDAPCharsetConfig</code> directive sets the location
- of the language to charset conversion configuration file. <var>File-path</var> is relative
- to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>. This file specifies
- the list of language extensions to character sets.
- Most administrators use the provided <code>charset.conv</code>
- file, which associates common language extensions to character sets.</p>
+ <ul>
+ <li><a href="#howitworks">How It Works</a></li>
+ <li><a href="#fpcaveats">Caveats</a></li>
+ </ul>
+ </li>
+ </ul>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="operation" id="operation">Operation</a></h2>
- <p>The file contains lines in the following format:</p>
+ <p>There are two phases in granting access to a user. The first
+ phase is authentication, in which the <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
+ authentication provider verifies that the user's credentials are valid.
+ This is also called the <em>search/bind</em> phase. The second phase is
+ authorization, in which <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> determines
+ if the authenticated user is allowed access to the resource in
+ question. This is also known as the <em>compare</em>
+ phase.</p>
- <div class="example"><p><code>
- <var>Language-Extension</var> <var>charset</var> [<var>Language-String</var>] ...
- </code></p></div>
+ <p><code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> registers both an authn_ldap authentication
+ provider and an authz_ldap authorization handler. The authn_ldap
+ authentication provider can be enabled through the
+ <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> directive
+ using the <code>ldap</code> value. The authz_ldap handler extends the
+ <code class="directive"><a href="../mod/core.html#require">Require</a></code> directive's authorization types
+ by adding <code>ldap-user</code>, <code>ldap-dn</code> and <code>ldap-group</code>
+ values.</p>
- <p>The case of the extension does not matter. Blank lines, and lines
- beginning with a hash character (<code>#</code>) are ignored.</p>
+<h3><a name="authenphase" id="authenphase">The Authentication
+ Phase</a></h3>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPCompareDNOnServer" id="AuthLDAPCompareDNOnServer">AuthLDAPCompareDNOnServer</a> <a name="authldapcomparednonserver" id="authldapcomparednonserver">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the LDAP server to compare the DNs</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPCompareDNOnServer on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPCompareDNOnServer on</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>When set, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will use the LDAP
- server to compare the DNs. This is the only foolproof way to
- compare DNs. <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will search the
- directory for the DN specified with the <a href="#reqdn"><code>Require dn</code></a> directive, then,
- retrieve the DN and compare it with the DN retrieved from the user
- entry. If this directive is not set,
- <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> simply does a string comparison. It
- is possible to get false negatives with this approach, but it is
- much faster. Note the <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> cache can speed up
- DN comparison in most situations.</p>
+ <p>During the authentication phase, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
+ searches for an entry in the directory that matches the username
+ that the HTTP client passes. If a single unique match is found,
+ then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> attempts to bind to the
+ directory server using the DN of the entry plus the password
+ provided by the HTTP client. Because it does a search, then a
+ bind, it is often referred to as the search/bind phase. Here are
+ the steps taken during the search/bind phase.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPDereferenceAliases" id="AuthLDAPDereferenceAliases">AuthLDAPDereferenceAliases</a> <a name="authldapdereferencealiases" id="authldapdereferencealiases">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>When will the module de-reference aliases</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPDereferenceAliases never|searching|finding|always</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPDereferenceAliases Always</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>This directive specifies when <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will
- de-reference aliases during LDAP operations. The default is
- <code>always</code>.</p>
+ <ol>
+ <li>Generate a search filter by combining the attribute and
+ filter provided in the <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code> directive with
+ the username passed by the HTTP client.</li>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPGroupAttribute" id="AuthLDAPGroupAttribute">AuthLDAPGroupAttribute</a> <a name="authldapgroupattribute" id="authldapgroupattribute">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>LDAP attributes used to check for group membership</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPGroupAttribute <em>attribute</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPGroupAttribute member uniquemember</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>This directive specifies which LDAP attributes are used to
- check for group membership. Multiple attributes can be used by
- specifying this directive multiple times. If not specified,
- then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the <code>member</code> and
- <code>uniquemember</code> attributes.</p>
+ <li>Search the directory using the generated filter. If the
+ search does not return exactly one entry, deny or decline
+ access.</li>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPGroupAttributeIsDN" id="AuthLDAPGroupAttributeIsDN">AuthLDAPGroupAttributeIsDN</a> <a name="authldapgroupattributeisdn" id="authldapgroupattributeisdn">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the DN of the client username when checking for
-group membership</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPGroupAttributeIsDN on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPGroupAttributeIsDN on</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>When set <code>on</code>, this directive says to use the
- distinguished name of the client username when checking for group
- membership. Otherwise, the username will be used. For example,
- assume that the client sent the username <code>bjenson</code>,
- which corresponds to the LDAP DN <code>cn=Babs Jenson,
- o=Airius</code>. If this directive is set,
- <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will check if the group has
- <code>cn=Babs Jenson, o=Airius</code> as a member. If this
- directive is not set, then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will
- check if the group has <code>bjenson</code> as a member.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPRemoteUserAttribute" id="AuthLDAPRemoteUserAttribute">AuthLDAPRemoteUserAttribute</a> <a name="authldapremoteuserattribute" id="authldapremoteuserattribute">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the value of the attribute returned during the user
-query to set the REMOTE_USER environment variable</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPRemoteUserAttribute uid</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>If this directive is set, the value of the
- <code>REMOTE_USER</code> environment variable will be set to the
- value of the attribute specified. Make sure that this attribute is
- included in the list of attributes in the AuthLDAPUrl definition,
- otherwise this directive will have no effect. This directive, if
- present, takes precedence over AuthLDAPRemoteUserIsDN. This
- directive is useful should you want people to log into a website
- using an email address, but a backend application expects the
- username as a userid.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPRemoteUserIsDN" id="AuthLDAPRemoteUserIsDN">AuthLDAPRemoteUserIsDN</a> <a name="authldapremoteuserisdn" id="authldapremoteuserisdn">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the DN of the client username to set the REMOTE_USER
-environment variable</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPRemoteUserIsDN on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPRemoteUserIsDN off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>If this directive is set to on, the value of the
- <code>REMOTE_USER</code> environment variable will be set to the full
- distinguished name of the authenticated user, rather than just
- the username that was passed by the client. It is turned off by
- default.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPUrl" id="AuthLDAPUrl">AuthLDAPUrl</a> <a name="authldapurl" id="authldapurl">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>URL specifying the LDAP search parameters</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPUrl <em>url [NONE|SSL|TLS|STARTTLS]</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>An RFC 2255 URL which specifies the LDAP search parameters
- to use. The syntax of the URL is</p>
-<div class="example"><p><code>ldap://host:port/basedn?attribute?scope?filter</code></p></div>
-
-<dl>
-<dt>ldap</dt>
-
- <dd>For regular ldap, use the
- string <code>ldap</code>. For secure LDAP, use <code>ldaps</code>
- instead. Secure LDAP is only available if Apache was linked
- to an LDAP library with SSL support.</dd>
-
-<dt>host:port</dt>
-
- <dd>
- <p>The name/port of the ldap server (defaults to
- <code>localhost:389</code> for <code>ldap</code>, and
- <code>localhost:636</code> for <code>ldaps</code>). To
- specify multiple, redundant LDAP servers, just list all
- servers, separated by spaces. <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
- will try connecting to each server in turn, until it makes a
- successful connection.</p>
+ <li>Fetch the distinguished name of the entry retrieved from
+ the search and attempt to bind to the LDAP server using the
+ DN and the password passed by the HTTP client. If the bind is
+ unsuccessful, deny or decline access.</li>
+ </ol>
- <p>Once a connection has been made to a server, that
- connection remains active for the life of the
- <code class="program"><a href="../programs/httpd.html">httpd</a></code> process, or until the LDAP server goes
- down.</p>
+ <p>The following directives are used during the search/bind
+ phase</p>
- <p>If the LDAP server goes down and breaks an existing
- connection, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will attempt to
- re-connect, starting with the primary server, and trying
- each redundant server in turn. Note that this is different
- than a true round-robin search.</p>
- </dd>
+ <table>
+
+ <tr>
+ <td><code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code></td>
-<dt>basedn</dt>
+ <td>Specifies the LDAP server, the
+ base DN, the attribute to use in the search, as well as the
+ extra search filter to use.</td>
+ </tr>
- <dd>The DN of the branch of the
- directory where all searches should start from. At the very
- least, this must be the top of your directory tree, but
- could also specify a subtree in the directory.</dd>
+ <tr>
+ <td><code class="directive"><a href="#authldapbinddn">AuthLDAPBindDN</a></code></td>
-<dt>attribute</dt>
+ <td>An optional DN to bind with
+ during the search phase.</td>
+ </tr>
- <dd>The attribute to search for.
- Although RFC 2255 allows a comma-separated list of
- attributes, only the first attribute will be used, no
- matter how many are provided. If no attributes are
- provided, the default is to use <code>uid</code>. It's a good
- idea to choose an attribute that will be unique across all
- entries in the subtree you will be using.</dd>
+ <tr>
+ <td><code class="directive"><a href="#authldapbindpassword">AuthLDAPBindPassword</a></code></td>
-<dt>scope</dt>
+ <td>An optional password to bind
+ with during the search phase.</td>
+ </tr>
+ </table>
- <dd>The scope of the search. Can be either <code>one</code> or
- <code>sub</code>. Note that a scope of <code>base</code> is
- also supported by RFC 2255, but is not supported by this
- module. If the scope is not provided, or if <code>base</code> scope
- is specified, the default is to use a scope of
- <code>sub</code>.</dd>
-<dt>filter</dt>
+<h3><a name="authorphase" id="authorphase">The Authorization Phase</a></h3>
- <dd>A valid LDAP search filter. If
- not provided, defaults to <code>(objectClass=*)</code>, which
- will search for all objects in the tree. Filters are
- limited to approximately 8000 characters (the definition of
- <code>MAX_STRING_LEN</code> in the Apache source code). This
- should be more than sufficient for any application.</dd>
-</dl>
+ <p>During the authorization phase, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
+ attempts to determine if the user is authorized to access the
+ resource. Many of these checks require
+ <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> to do a compare operation on the
+ LDAP server. This is why this phase is often referred to as the
+ compare phase. <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> accepts the
+ following <code class="directive"><a href="../mod/core.html#require">Require</a></code>
+ directives to determine if the credentials are acceptable:</p>
- <p>When doing searches, the attribute, filter and username passed
- by the HTTP client are combined to create a search filter that
- looks like
- <code>(&(<em>filter</em>)(<em>attribute</em>=<em>username</em>))</code>.</p>
+ <ul>
+ <li>Grant access if there is a <a href="#reqgroup"><code>Require ldap-user</code></a> directive, and the
+ username in the directive matches the username passed by the
+ client.</li>
- <p>For example, consider an URL of
- <code>ldap://ldap.airius.com/o=Airius?cn?sub?(posixid=*)</code>. When
- a client attempts to connect using a username of <code>Babs
- Jenson</code>, the resulting search filter will be
- <code>(&(posixid=*)(cn=Babs Jenson))</code>.</p>
+ <li>Grant access if there is a <a href="#reqdn"><code>Require
+ ldap-dn</code></a> directive, and the DN in the directive matches
+ the DN fetched from the LDAP directory.</li>
- <p>An optional parameter can be added to allow the LDAP Url to override
- the connection type. This parameter can be one of the following:</p>
+ <li>Grant access if there is a <a href="#reqgroup"><code>Require ldap-group</code></a> directive, and
+ the DN fetched from the LDAP directory (or the username
+ passed by the client) occurs in the LDAP group.</li>
-<dl>
- <dt>NONE</dt>
- <dd>Establish an unsecure connection on the default LDAP port. This
- is the same as <code>ldap://</code> on port 389.</dd>
- <dt>SSL</dt>
- <dd>Establish a secure connection on the default secure LDAP port.
- This is the same as <code>ldaps://</code></dd>
- <dt>TLS | STARTTLS</dt>
- <dd>Establish an upgraded secure connection on the default LDAP port.
- This connection will be initiated on port 389 by default and then
- upgraded to a secure connection on the same port.</dd>
-</dl>
+ <li>Grant access if there is a <a href="#reqattribute">
+ <code>Require ldap-attribute</code></a>
+ directive, and the attribute fetched from the LDAP directory
+ matches the given value.</li>
- <p>See above for examples of <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code> URLs.</p>
+ <li>Grant access if there is a <a href="#reqfilter">
+ <code>Require ldap-filter</code></a>
+ directive, and the search filter successfully finds a single user
+ object that matches the dn of the authenticated user.</li>
- <p> When <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code>
- is enabled in a particular context, but some other module has performed
- authentication for the request, the server will try to map the username to a DN
- during authorization regardless of whether or not LDAP-specific requirements
- are present. To ignore the failures to map a username to a DN during
- authorization, set <code class="directive"><a href="#authzldapauthoritative">
- AuthzLDAPAuthoritative</a></code> to "off".</p>
+ <li>otherwise, deny or decline access</li>
+ </ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthzLDAPAuthoritative" id="AuthzLDAPAuthoritative">AuthzLDAPAuthoritative</a> <a name="authzldapauthoritative" id="authzldapauthoritative">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Prevent other authentication modules from
-authenticating the user if this one fails</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzLDAPAuthoritative on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthzLDAPAuthoritative on</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>Set to <code>off</code> if this module should let other
- authorization modules attempt to authorize the user, should
- authorization with this module fail. Control is only passed on
- to lower modules if there is no DN or rule that matches the
- supplied user name (as passed by the client).</p>
- <p> When no LDAP-specific <code class="directive"><a href="../mod/core.html#require">Require</a></code> directives
+ <p>Other <code class="directive"><a href="../mod/core.html#require">Require</a></code> values may also
+ be used which may require loading additional authorization modules.
+ Note that if you use a <code class="directive"><a href="../mod/core.html#require">Require</a></code>
+ value from another authorization module, you will need to ensure that
+ <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
+ is set to <code>off</code> to allow the authorization phase to fall
+ back to the module providing the alternate
+ <code class="directive"><a href="../mod/core.html#require">Require</a></code> value. When no
+ LDAP-specific <code class="directive"><a href="../mod/core.html#require">Require</a></code> directives
are used, authorization is allowed to fall back to other modules
as if <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
was set to <code>off</code>. </p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="contents" id="contents">Contents</a></h2>
-
<ul>
- <li>
- <a href="#operation">Operation</a>
-
- <ul>
- <li><a href="#authenphase">The Authentication
- Phase</a></li>
+ <li>Grant access to all successfully authenticated users if
+ there is a <a href="#requser"><code>Require valid-user</code></a>
+ directive. (requires <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>)</li>
- <li><a href="#authorphase">The Authorization
- Phase</a></li>
- </ul>
- </li>
-
- <li>
- <a href="#requiredirectives">The Require Directives</a>
-
- <ul>
- <li><a href="#requser">Require ldap-user</a></li>
- <li><a href="#reqgroup">Require ldap-group</a></li>
- <li><a href="#reqdn">Require ldap-dn</a></li>
- <li><a href="#reqattribute">Require ldap-attribute</a></li>
- <li><a href="#reqfilter">Require ldap-filter</a></li>
- </ul>
- </li>
-
- <li><a href="#examples">Examples</a></li>
- <li><a href="#usingtls">Using TLS</a></li>
- <li><a href="#usingssl">Using SSL</a></li>
- <li><a href="#exposed">Exposing Login Information</a></li>
- <li>
- <a href="#frontpage">Using Microsoft FrontPage with
- <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code></a>
-
- <ul>
- <li><a href="#howitworks">How It Works</a></li>
- <li><a href="#fpcaveats">Caveats</a></li>
- </ul>
- </li>
- </ul>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="operation" id="operation">Operation</a></h2>
-
- <p>There are two phases in granting access to a user. The first
- phase is authentication, in which the <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
- authentication provider verifies that the user's credentials are valid.
- This is also called the <em>search/bind</em> phase. The second phase is
- authorization, in which <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> determines
- if the authenticated user is allowed access to the resource in
- question. This is also known as the <em>compare</em>
- phase.</p>
-
- <p><code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> registers both an authn_ldap authentication
- provider and an authz_ldap authorization handler. The authn_ldap
- authentication provider can be enabled through the
- <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> directive
- using the <code>ldap</code> value. The authz_ldap handler extends the
- <code class="directive"><a href="../mod/core.html#require">Require</a></code> directive's authorization types
- by adding <code>ldap-user</code>, <code>ldap-dn</code> and <code>ldap-group</code>
- values.</p>
-
-<h3><a name="authenphase" id="authenphase">The Authentication
- Phase</a></h3>
-
- <p>During the authentication phase, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
- searches for an entry in the directory that matches the username
- that the HTTP client passes. If a single unique match is found,
- then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> attempts to bind to the
- directory server using the DN of the entry plus the password
- provided by the HTTP client. Because it does a search, then a
- bind, it is often referred to as the search/bind phase. Here are
- the steps taken during the search/bind phase.</p>
-
- <ol>
- <li>Generate a search filter by combining the attribute and
- filter provided in the <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code> directive with
- the username passed by the HTTP client.</li>
-
- <li>Search the directory using the generated filter. If the
- search does not return exactly one entry, deny or decline
- access.</li>
-
- <li>Fetch the distinguished name of the entry retrieved from
- the search and attempt to bind to the LDAP server using the
- DN and the password passed by the HTTP client. If the bind is
- unsuccessful, deny or decline access.</li>
- </ol>
-
- <p>The following directives are used during the search/bind
- phase</p>
-
- <table>
-
- <tr>
- <td><code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code></td>
-
- <td>Specifies the LDAP server, the
- base DN, the attribute to use in the search, as well as the
- extra search filter to use.</td>
- </tr>
-
- <tr>
- <td><code class="directive"><a href="#authldapbinddn">AuthLDAPBindDN</a></code></td>
-
- <td>An optional DN to bind with
- during the search phase.</td>
- </tr>
-
- <tr>
- <td><code class="directive"><a href="#authldapbindpassword">AuthLDAPBindPassword</a></code></td>
-
- <td>An optional password to bind
- with during the search phase.</td>
- </tr>
- </table>
-
-
-<h3><a name="authorphase" id="authorphase">The Authorization Phase</a></h3>
-
- <p>During the authorization phase, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
- attempts to determine if the user is authorized to access the
- resource. Many of these checks require
- <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> to do a compare operation on the
- LDAP server. This is why this phase is often referred to as the
- compare phase. <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> accepts the
- following <code class="directive"><a href="../mod/core.html#require">Require</a></code>
- directives to determine if the credentials are acceptable:</p>
-
- <ul>
- <li>Grant access if there is a <a href="#reqgroup"><code>Require ldap-user</code></a> directive, and the
- username in the directive matches the username passed by the
- client.</li>
-
- <li>Grant access if there is a <a href="#reqdn"><code>Require
- ldap-dn</code></a> directive, and the DN in the directive matches
- the DN fetched from the LDAP directory.</li>
-
- <li>Grant access if there is a <a href="#reqgroup"><code>Require ldap-group</code></a> directive, and
- the DN fetched from the LDAP directory (or the username
- passed by the client) occurs in the LDAP group.</li>
-
- <li>Grant access if there is a <a href="#reqattribute">
- <code>Require ldap-attribute</code></a>
- directive, and the attribute fetched from the LDAP directory
- matches the given value.</li>
-
- <li>Grant access if there is a <a href="#reqfilter">
- <code>Require ldap-filter</code></a>
- directive, and the search filter successfully finds a single user
- object that matches the dn of the authenticated user.</li>
-
- <li>otherwise, deny or decline access</li>
- </ul>
-
- <p>Other <code class="directive"><a href="../mod/core.html#require">Require</a></code> values may also
- be used which may require loading additional authorization modules.
- Note that if you use a <code class="directive"><a href="../mod/core.html#require">Require</a></code>
- value from another authorization module, you will need to ensure that
- <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
- is set to <code>off</code> to allow the authorization phase to fall
- back to the module providing the alternate
- <code class="directive"><a href="../mod/core.html#require">Require</a></code> value. When no
- LDAP-specific <code class="directive"><a href="../mod/core.html#require">Require</a></code> directives
- are used, authorization is allowed to fall back to other modules
- as if <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
- was set to <code>off</code>. </p>
-
- <ul>
- <li>Grant access to all successfully authenticated users if
- there is a <a href="#requser"><code>Require valid-user</code></a>
- directive. (requires <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>)</li>
-
- <li>Grant access if there is a <a href="#reqgroup"><code>Require group</code></a> directive, and
- <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> has been loaded with the
- <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code>
- directive set.</li>
-
- <li>others...</li>
- </ul>
+ <li>Grant access if there is a <a href="#reqgroup"><code>Require group</code></a> directive, and
+ <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> has been loaded with the
+ <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code>
+ directive set.</li>
+
+ <li>others...</li>
+ </ul>
<p><code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the following directives during the
and won't be able to find the FrontPage-managed user file.</li>
</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPBindAuthoritative" id="AuthLDAPBindAuthoritative">AuthLDAPBindAuthoritative</a> <a name="authldapbindauthoritative" id="authldapbindauthoritative">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPBindAuthoritative<em>off|on</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPBindAuthoritative on</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in versions later than 2.2.14</td></tr>
+</table>
+ <p>By default, subsequent authentication providers are only queried if a
+ user cannot be mapped to a DN, but not if the user can be mapped to a DN and their
+ password cannot be verified with an LDAP bind.
+ If <code class="directive"><a href="#authldapbindauthoritative">AuthLDAPBindAuthoritative</a></code>
+ is set to <em>off</em>, other configured authentication modules will have
+ a chance to validate the user if the LDAP bind (with the current user's credentials)
+ fails for any reason.</p>
+ <p> This allows users present in both LDAP and
+ <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code> to authenticate
+ when the LDAP server is available but the user's account is locked or password
+ is otherwise unusable.</p>
+
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code></li>
+<li><code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPBindDN" id="AuthLDAPBindDN">AuthLDAPBindDN</a> <a name="authldapbinddn" id="authldapbinddn">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Optional DN to use in binding to the LDAP server</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPBindDN <em>distinguished-name</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>An optional DN used to bind to the server when searching for
+ entries. If not provided, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will use
+ an anonymous bind.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPBindPassword" id="AuthLDAPBindPassword">AuthLDAPBindPassword</a> <a name="authldapbindpassword" id="authldapbindpassword">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Password used in conjuction with the bind DN</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPBindPassword <em>password</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td><em>exec:</em> was added in 2.2.25.</td></tr>
+</table>
+ <p>A bind password to use in conjunction with the bind DN. Note
+ that the bind password is probably sensitive data, and should be
+ properly protected. You should only use the <code class="directive"><a href="#authldapbinddn">AuthLDAPBindDN</a></code> and <code class="directive"><a href="#authldapbindpassword">AuthLDAPBindPassword</a></code> if you
+ absolutely need them to search the directory.</p>
+
+ <p>If the value begins with exec: the resulting command will be
+ executed and the first line returned to standard output by the
+ program will be used as the password.</p>
+<div class="example"><pre>#Password used as-is
+AuthLDAPBindPassword secret
+
+#Run /path/to/program to get my password
+AuthLDAPBindPassword exec:/path/to/program
+
+#Run /path/to/otherProgram and provide arguments
+AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"</pre></div>
+
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPCharsetConfig" id="AuthLDAPCharsetConfig">AuthLDAPCharsetConfig</a> <a name="authldapcharsetconfig" id="authldapcharsetconfig">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Language to charset conversion configuration file</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPCharsetConfig <em>file-path</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>The <code class="directive">AuthLDAPCharsetConfig</code> directive sets the location
+ of the language to charset conversion configuration file. <var>File-path</var> is relative
+ to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>. This file specifies
+ the list of language extensions to character sets.
+ Most administrators use the provided <code>charset.conv</code>
+ file, which associates common language extensions to character sets.</p>
+
+ <p>The file contains lines in the following format:</p>
+
+ <div class="example"><p><code>
+ <var>Language-Extension</var> <var>charset</var> [<var>Language-String</var>] ...
+ </code></p></div>
+
+ <p>The case of the extension does not matter. Blank lines, and lines
+ beginning with a hash character (<code>#</code>) are ignored.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPCompareDNOnServer" id="AuthLDAPCompareDNOnServer">AuthLDAPCompareDNOnServer</a> <a name="authldapcomparednonserver" id="authldapcomparednonserver">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the LDAP server to compare the DNs</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPCompareDNOnServer on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPCompareDNOnServer on</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>When set, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will use the LDAP
+ server to compare the DNs. This is the only foolproof way to
+ compare DNs. <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will search the
+ directory for the DN specified with the <a href="#reqdn"><code>Require dn</code></a> directive, then,
+ retrieve the DN and compare it with the DN retrieved from the user
+ entry. If this directive is not set,
+ <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> simply does a string comparison. It
+ is possible to get false negatives with this approach, but it is
+ much faster. Note the <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> cache can speed up
+ DN comparison in most situations.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPDereferenceAliases" id="AuthLDAPDereferenceAliases">AuthLDAPDereferenceAliases</a> <a name="authldapdereferencealiases" id="authldapdereferencealiases">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>When will the module de-reference aliases</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPDereferenceAliases never|searching|finding|always</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPDereferenceAliases Always</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>This directive specifies when <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will
+ de-reference aliases during LDAP operations. The default is
+ <code>always</code>.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPGroupAttribute" id="AuthLDAPGroupAttribute">AuthLDAPGroupAttribute</a> <a name="authldapgroupattribute" id="authldapgroupattribute">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>LDAP attributes used to check for group membership</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPGroupAttribute <em>attribute</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPGroupAttribute member uniquemember</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>This directive specifies which LDAP attributes are used to
+ check for group membership. Multiple attributes can be used by
+ specifying this directive multiple times. If not specified,
+ then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the <code>member</code> and
+ <code>uniquemember</code> attributes.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPGroupAttributeIsDN" id="AuthLDAPGroupAttributeIsDN">AuthLDAPGroupAttributeIsDN</a> <a name="authldapgroupattributeisdn" id="authldapgroupattributeisdn">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the DN of the client username when checking for
+group membership</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPGroupAttributeIsDN on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPGroupAttributeIsDN on</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>When set <code>on</code>, this directive says to use the
+ distinguished name of the client username when checking for group
+ membership. Otherwise, the username will be used. For example,
+ assume that the client sent the username <code>bjenson</code>,
+ which corresponds to the LDAP DN <code>cn=Babs Jenson,
+ o=Airius</code>. If this directive is set,
+ <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will check if the group has
+ <code>cn=Babs Jenson, o=Airius</code> as a member. If this
+ directive is not set, then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will
+ check if the group has <code>bjenson</code> as a member.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPRemoteUserAttribute" id="AuthLDAPRemoteUserAttribute">AuthLDAPRemoteUserAttribute</a> <a name="authldapremoteuserattribute" id="authldapremoteuserattribute">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the value of the attribute returned during the user
+query to set the REMOTE_USER environment variable</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPRemoteUserAttribute uid</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>If this directive is set, the value of the
+ <code>REMOTE_USER</code> environment variable will be set to the
+ value of the attribute specified. Make sure that this attribute is
+ included in the list of attributes in the AuthLDAPUrl definition,
+ otherwise this directive will have no effect. This directive, if
+ present, takes precedence over AuthLDAPRemoteUserIsDN. This
+ directive is useful should you want people to log into a website
+ using an email address, but a backend application expects the
+ username as a userid.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPRemoteUserIsDN" id="AuthLDAPRemoteUserIsDN">AuthLDAPRemoteUserIsDN</a> <a name="authldapremoteuserisdn" id="authldapremoteuserisdn">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the DN of the client username to set the REMOTE_USER
+environment variable</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPRemoteUserIsDN on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPRemoteUserIsDN off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>If this directive is set to on, the value of the
+ <code>REMOTE_USER</code> environment variable will be set to the full
+ distinguished name of the authenticated user, rather than just
+ the username that was passed by the client. It is turned off by
+ default.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPUrl" id="AuthLDAPUrl">AuthLDAPUrl</a> <a name="authldapurl" id="authldapurl">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>URL specifying the LDAP search parameters</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPUrl <em>url [NONE|SSL|TLS|STARTTLS]</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>An RFC 2255 URL which specifies the LDAP search parameters
+ to use. The syntax of the URL is</p>
+<div class="example"><p><code>ldap://host:port/basedn?attribute?scope?filter</code></p></div>
+
+<dl>
+<dt>ldap</dt>
+
+ <dd>For regular ldap, use the
+ string <code>ldap</code>. For secure LDAP, use <code>ldaps</code>
+ instead. Secure LDAP is only available if Apache was linked
+ to an LDAP library with SSL support.</dd>
+
+<dt>host:port</dt>
+
+ <dd>
+ <p>The name/port of the ldap server (defaults to
+ <code>localhost:389</code> for <code>ldap</code>, and
+ <code>localhost:636</code> for <code>ldaps</code>). To
+ specify multiple, redundant LDAP servers, just list all
+ servers, separated by spaces. <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
+ will try connecting to each server in turn, until it makes a
+ successful connection.</p>
+
+ <p>Once a connection has been made to a server, that
+ connection remains active for the life of the
+ <code class="program"><a href="../programs/httpd.html">httpd</a></code> process, or until the LDAP server goes
+ down.</p>
+
+ <p>If the LDAP server goes down and breaks an existing
+ connection, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will attempt to
+ re-connect, starting with the primary server, and trying
+ each redundant server in turn. Note that this is different
+ than a true round-robin search.</p>
+ </dd>
+
+<dt>basedn</dt>
+
+ <dd>The DN of the branch of the
+ directory where all searches should start from. At the very
+ least, this must be the top of your directory tree, but
+ could also specify a subtree in the directory.</dd>
+
+<dt>attribute</dt>
+
+ <dd>The attribute to search for.
+ Although RFC 2255 allows a comma-separated list of
+ attributes, only the first attribute will be used, no
+ matter how many are provided. If no attributes are
+ provided, the default is to use <code>uid</code>. It's a good
+ idea to choose an attribute that will be unique across all
+ entries in the subtree you will be using.</dd>
+
+<dt>scope</dt>
+
+ <dd>The scope of the search. Can be either <code>one</code> or
+ <code>sub</code>. Note that a scope of <code>base</code> is
+ also supported by RFC 2255, but is not supported by this
+ module. If the scope is not provided, or if <code>base</code> scope
+ is specified, the default is to use a scope of
+ <code>sub</code>.</dd>
+
+<dt>filter</dt>
+
+ <dd>A valid LDAP search filter. If
+ not provided, defaults to <code>(objectClass=*)</code>, which
+ will search for all objects in the tree. Filters are
+ limited to approximately 8000 characters (the definition of
+ <code>MAX_STRING_LEN</code> in the Apache source code). This
+ should be more than sufficient for any application.</dd>
+</dl>
+
+ <p>When doing searches, the attribute, filter and username passed
+ by the HTTP client are combined to create a search filter that
+ looks like
+ <code>(&(<em>filter</em>)(<em>attribute</em>=<em>username</em>))</code>.</p>
+
+ <p>For example, consider an URL of
+ <code>ldap://ldap.airius.com/o=Airius?cn?sub?(posixid=*)</code>. When
+ a client attempts to connect using a username of <code>Babs
+ Jenson</code>, the resulting search filter will be
+ <code>(&(posixid=*)(cn=Babs Jenson))</code>.</p>
+
+ <p>An optional parameter can be added to allow the LDAP Url to override
+ the connection type. This parameter can be one of the following:</p>
+
+<dl>
+ <dt>NONE</dt>
+ <dd>Establish an unsecure connection on the default LDAP port. This
+ is the same as <code>ldap://</code> on port 389.</dd>
+ <dt>SSL</dt>
+ <dd>Establish a secure connection on the default secure LDAP port.
+ This is the same as <code>ldaps://</code></dd>
+ <dt>TLS | STARTTLS</dt>
+ <dd>Establish an upgraded secure connection on the default LDAP port.
+ This connection will be initiated on port 389 by default and then
+ upgraded to a secure connection on the same port.</dd>
+</dl>
+
+ <p>See above for examples of <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code> URLs.</p>
+
+ <p> When <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code>
+ is enabled in a particular context, but some other module has performed
+ authentication for the request, the server will try to map the username to a DN
+ during authorization regardless of whether or not LDAP-specific requirements
+ are present. To ignore the failures to map a username to a DN during
+ authorization, set <code class="directive"><a href="#authzldapauthoritative">
+ AuthzLDAPAuthoritative</a></code> to "off".</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthzLDAPAuthoritative" id="AuthzLDAPAuthoritative">AuthzLDAPAuthoritative</a> <a name="authzldapauthoritative" id="authzldapauthoritative">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Prevent other authentication modules from
+authenticating the user if this one fails</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzLDAPAuthoritative on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthzLDAPAuthoritative on</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+ <p>Set to <code>off</code> if this module should let other
+ authorization modules attempt to authorize the user, should
+ authorization with this module fail. Control is only passed on
+ to lower modules if there is no DN or rule that matches the
+ supplied user name (as passed by the client).</p>
+ <p> When no LDAP-specific <code class="directive"><a href="../mod/core.html#require">Require</a></code> directives
+ are used, authorization is allowed to fall back to other modules
+ as if <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
+ was set to <code>off</code>. </p>
+
</div>
</div>
<div class="bottomlang">
<li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li>
<li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthDBMGroupFile" id="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile" id="authdbmgroupfile">Directive</a></h2>
<table class="directive">
files is configured to use the same type of database.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authz_dbm.html" title="English"> en </a> |
<li><img alt="" src="../images/down.gif" /> <a href="#authzdefaultauthoritative">AuthzDefaultAuthoritative</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthzDefaultAuthoritative" id="AuthzDefaultAuthoritative">AuthzDefaultAuthoritative</a> <a name="authzdefaultauthoritative" id="authzdefaultauthoritative">Directive</a></h2>
<table class="directive">
</div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authz_default.html" title="English"> en </a> |
<li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li>
<li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2>
<table class="directive">
</div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authz_groupfile.html" title="English"> en </a> |
<li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li>
<li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Allow" id="Allow">Allow</a> <a name="allow" id="allow">Directive</a></h2>
<table class="directive">
work</a>.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authz_host.html" title="English"> en </a> |
"MultiViews"</a> resources.</p>
</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Configuration Examples</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#authzownerauthoritative">AuthzOwnerAuthoritative</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#examples">Configuration Examples</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li>
<li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthzOwnerAuthoritative" id="AuthzOwnerAuthoritative">AuthzOwnerAuthoritative</a> <a name="authzownerauthoritative" id="authzownerauthoritative">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether authorization will be passed on to lower level
-modules</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzOwnerAuthoritative On|Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthzOwnerAuthoritative On</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_owner</td></tr>
-</table>
- <p>Setting the <code class="directive">AuthzOwnerAuthoritative</code>
- directive explicitly to <code>Off</code> allows for
- user authorization to be passed on to lower level modules (as defined
- in the <code>modules.c</code> files) if:</p>
-
- <ul>
- <li>in the case of <code>file-owner</code> the file-system owner does not
- match the supplied web-username or could not be determined, or</li>
-
- <li>in the case of <code>file-group</code> the file-system group does not
- contain the supplied web-username or could not be determined.</li>
- </ul>
-
- <p>Note that setting the value to <code>Off</code> also allows the
- combination of <code>file-owner</code> and <code>file-group</code>, so
- access will be allowed if either one or the other (or both) match.</p>
-
- <p>By default, control is not passed on and an authorization failure
- will result in an "Authentication Required" reply. Not
- setting it to <code>Off</code> thus keeps the system secure and forces
- an NCSA compliant behaviour.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="examples" id="examples">Configuration Examples</a></h2>
</Directory>
</code></p></div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthzOwnerAuthoritative" id="AuthzOwnerAuthoritative">AuthzOwnerAuthoritative</a> <a name="authzownerauthoritative" id="authzownerauthoritative">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether authorization will be passed on to lower level
+modules</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzOwnerAuthoritative On|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthzOwnerAuthoritative On</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_owner</td></tr>
+</table>
+ <p>Setting the <code class="directive">AuthzOwnerAuthoritative</code>
+ directive explicitly to <code>Off</code> allows for
+ user authorization to be passed on to lower level modules (as defined
+ in the <code>modules.c</code> files) if:</p>
+
+ <ul>
+ <li>in the case of <code>file-owner</code> the file-system owner does not
+ match the supplied web-username or could not be determined, or</li>
+
+ <li>in the case of <code>file-group</code> the file-system group does not
+ contain the supplied web-username or could not be determined.</li>
+ </ul>
+
+ <p>Note that setting the value to <code>Off</code> also allows the
+ combination of <code>file-owner</code> and <code>file-group</code>, so
+ access will be allowed if either one or the other (or both) match.</p>
+
+ <p>By default, control is not passed on and an authorization failure
+ will result in an "Authentication Required" reply. Not
+ setting it to <code>Off</code> thus keeps the system secure and forces
+ an NCSA compliant behaviour.</p>
+
</div>
</div>
<div class="bottomlang">
<li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li>
<li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthzUserAuthoritative" id="AuthzUserAuthoritative">AuthzUserAuthoritative</a> <a name="authzuserauthoritative" id="authzuserauthoritative">Directive</a></h2>
<table class="directive">
an NCSA compliant behaviour.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authz_user.html" title="English"> en </a> |
before a 1011-byte file (if in ascending order) even though
they both are shown as "1K".</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#query">Autoindex Request Query Arguments</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#addalt">AddAlt</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#addaltbyencoding">AddAltByEncoding</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#indexstylesheet">IndexStyleSheet</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#readmename">ReadmeName</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#query">Autoindex Request Query Arguments</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="query" id="query">Autoindex Request Query Arguments</a></h2>
+
+
+ <p>Apache 2.0.23 reorganized the Query Arguments for Column
+ Sorting, and introduced an entire group of new query options.
+ To effectively eliminate all client control over the output,
+ the <code><a href="#indexoptions.ignoreclient">IndexOptions
+ IgnoreClient</a></code> option was introduced.</p>
+
+ <p>The column sorting headers themselves are self-referencing
+ hyperlinks that add the sort query options shown below. Any
+ option below may be added to any request for the directory
+ resource.</p>
+
+ <ul>
+ <li><code>C=N</code> sorts the directory by file name</li>
+
+ <li><code>C=M</code> sorts the directory by last-modified
+ date, then file name</li>
+
+ <li><code>C=S</code> sorts the directory by size, then file
+ name</li>
+
+ <li class="separate"><code>C=D</code> sorts the directory by description, then
+ file name</li>
+
+ <li><code>O=A</code> sorts the listing in Ascending
+ Order</li>
+
+ <li class="separate"><code>O=D</code> sorts the listing in Descending
+ Order</li>
+
+ <li><code>F=0</code> formats the listing as a simple list
+ (not FancyIndexed)</li>
+
+ <li><code>F=1</code> formats the listing as a FancyIndexed
+ list</li>
+
+ <li class="separate"><code>F=2</code> formats the listing as an
+ HTMLTable FancyIndexed list</li>
+
+ <li><code>V=0</code> disables version sorting</li>
+
+ <li class="separate"><code>V=1</code> enables version sorting</li>
+
+ <li><code>P=<var>pattern</var></code> lists only files matching
+ the given <var>pattern</var></li>
+ </ul>
+
+ <p>Note that the 'P'attern query argument is tested
+ <em>after</em> the usual <code class="directive"><a href="#indexignore">IndexIgnore</a></code> directives are processed,
+ and all file names are still subjected to the same criteria as
+ any other autoindex listing. The Query Arguments parser in
+ <code class="module"><a href="../mod/mod_autoindex.html">mod_autoindex</a></code> will stop abruptly when an unrecognized
+ option is encountered. The Query Arguments must be well formed,
+ according to the table above.</p>
+
+ <p>The simple example below, which can be clipped and saved in
+ a header.html file, illustrates these query options. Note that
+ the unknown "X" argument, for the submit button, is listed last
+ to assure the arguments are all parsed before mod_autoindex
+ encounters the X=Go input.</p>
+
+ <div class="example"><p><code>
+ <form action="" method="get"><br />
+ <span class="indent">
+ Show me a <select name="F"><br />
+ <span class="indent">
+ <option value="0"> Plain list</option><br />
+ <option value="1" selected="selected"> Fancy list</option><br />
+ <option value="2"> Table list</option><br />
+ </span>
+ </select><br />
+ Sorted by <select name="C"><br />
+ <span class="indent">
+ <option value="N" selected="selected"> Name</option><br />
+ <option value="M"> Date Modified</option><br />
+ <option value="S"> Size</option><br />
+ <option value="D"> Description</option><br />
+ </span>
+ </select><br />
+ <select name="O"><br />
+ <span class="indent">
+ <option value="A" selected="selected"> Ascending</option><br />
+ <option value="D"> Descending</option><br />
+ </span>
+ </select><br />
+ <select name="V"><br />
+ <span class="indent">
+ <option value="0" selected="selected"> in Normal order</option><br />
+ <option value="1"> in Version order</option><br />
+ </span>
+ </select><br />
+ Matching <input type="text" name="P" value="*" /><br />
+ <input type="submit" name="X" value="Go" /><br />
+ </span>
+ </form>
+ </code></p></div>
+
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AddAlt" id="AddAlt">AddAlt</a> <a name="addalt" id="addalt">Directive</a></h2>
<table class="directive">
<p>See also <code class="directive"><a href="#headername">HeaderName</a></code>, where this behavior is described in greater
detail.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="query" id="query">Autoindex Request Query Arguments</a></h2>
-
-
- <p>Apache 2.0.23 reorganized the Query Arguments for Column
- Sorting, and introduced an entire group of new query options.
- To effectively eliminate all client control over the output,
- the <code><a href="#indexoptions.ignoreclient">IndexOptions
- IgnoreClient</a></code> option was introduced.</p>
-
- <p>The column sorting headers themselves are self-referencing
- hyperlinks that add the sort query options shown below. Any
- option below may be added to any request for the directory
- resource.</p>
-
- <ul>
- <li><code>C=N</code> sorts the directory by file name</li>
-
- <li><code>C=M</code> sorts the directory by last-modified
- date, then file name</li>
-
- <li><code>C=S</code> sorts the directory by size, then file
- name</li>
-
- <li class="separate"><code>C=D</code> sorts the directory by description, then
- file name</li>
-
- <li><code>O=A</code> sorts the listing in Ascending
- Order</li>
-
- <li class="separate"><code>O=D</code> sorts the listing in Descending
- Order</li>
-
- <li><code>F=0</code> formats the listing as a simple list
- (not FancyIndexed)</li>
-
- <li><code>F=1</code> formats the listing as a FancyIndexed
- list</li>
-
- <li class="separate"><code>F=2</code> formats the listing as an
- HTMLTable FancyIndexed list</li>
-
- <li><code>V=0</code> disables version sorting</li>
-
- <li class="separate"><code>V=1</code> enables version sorting</li>
-
- <li><code>P=<var>pattern</var></code> lists only files matching
- the given <var>pattern</var></li>
- </ul>
-
- <p>Note that the 'P'attern query argument is tested
- <em>after</em> the usual <code class="directive"><a href="#indexignore">IndexIgnore</a></code> directives are processed,
- and all file names are still subjected to the same criteria as
- any other autoindex listing. The Query Arguments parser in
- <code class="module"><a href="../mod/mod_autoindex.html">mod_autoindex</a></code> will stop abruptly when an unrecognized
- option is encountered. The Query Arguments must be well formed,
- according to the table above.</p>
-
- <p>The simple example below, which can be clipped and saved in
- a header.html file, illustrates these query options. Note that
- the unknown "X" argument, for the submit button, is listed last
- to assure the arguments are all parsed before mod_autoindex
- encounters the X=Go input.</p>
-
- <div class="example"><p><code>
- <form action="" method="get"><br />
- <span class="indent">
- Show me a <select name="F"><br />
- <span class="indent">
- <option value="0"> Plain list</option><br />
- <option value="1" selected="selected"> Fancy list</option><br />
- <option value="2"> Table list</option><br />
- </span>
- </select><br />
- Sorted by <select name="C"><br />
- <span class="indent">
- <option value="N" selected="selected"> Name</option><br />
- <option value="M"> Date Modified</option><br />
- <option value="S"> Size</option><br />
- <option value="D"> Description</option><br />
- </span>
- </select><br />
- <select name="O"><br />
- <span class="indent">
- <option value="A" selected="selected"> Ascending</option><br />
- <option value="D"> Descending</option><br />
- </span>
- </select><br />
- <select name="V"><br />
- <span class="indent">
- <option value="0" selected="selected"> in Normal order</option><br />
- <option value="1"> in Version order</option><br />
- </span>
- </select><br />
- Matching <input type="text" name="P" value="*" /><br />
- <input type="submit" name="X" value="Go" /><br />
- </span>
- </form>
- </code></p></div>
-
</div>
</div>
<div class="bottomlang">
<p>Further details, discussion, and examples, are provided in the
<a href="../caching.html">Caching Guide</a>.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#related">Related Modules and Directives</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#sampleconf">Sample Configuration</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#thunderingherd">Avoiding the Thundering Herd</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#cachedefaultexpire">CacheDefaultExpire</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cachedisable">CacheDisable</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cachestorenostore">CacheStoreNoStore</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cachestoreprivate">CacheStorePrivate</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#related">Related Modules and Directives</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#sampleconf">Sample Configuration</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#thunderingherd">Avoiding the Thundering Herd</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="../caching.html">Caching Guide</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="related" id="related">Related Modules and Directives</a></h2>
+ <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_disk_cache.html">mod_disk_cache</a></code></li><li><code class="module"><a href="../mod/mod_mem_cache.html">mod_mem_cache</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/mod_disk_cache.html#cacheroot">CacheRoot</a></code></li><li><code class="directive"><a href="../mod/mod_disk_cache.html#cachedirlevels">CacheDirLevels</a></code></li><li><code class="directive"><a href="../mod/mod_disk_cache.html#cachedirlength">CacheDirLength</a></code></li><li><code class="directive"><a href="../mod/mod_disk_cache.html#cacheminfilesize">CacheMinFileSize</a></code></li><li><code class="directive"><a href="../mod/mod_disk_cache.html#cachemaxfilesize">CacheMaxFileSize</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcachesize">MCacheSize</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcachemaxobjectcount">MCacheMaxObjectCount</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcacheminobjectsize">MCacheMinObjectSize</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcachemaxobjectsize">MCacheMaxObjectSize</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcacheremovalalgorithm">MCacheRemovalAlgorithm</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcachemaxstreamingbuffer">MCacheMaxStreamingBuffer</a></code></li></ul></td></tr></table>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="sampleconf" id="sampleconf">Sample Configuration</a></h2>
+ <div class="example"><h3>Sample httpd.conf</h3><p><code>
+ #<br />
+ # Sample Cache Configuration<br />
+ #<br />
+ LoadModule cache_module modules/mod_cache.so<br />
+ <br />
+ <IfModule mod_cache.c><br />
+ <span class="indent">
+ #LoadModule disk_cache_module modules/mod_disk_cache.so<br />
+ # If you want to use mod_disk_cache instead of mod_mem_cache,<br />
+ # uncomment the line above and comment out the LoadModule line below.<br />
+ <IfModule mod_disk_cache.c><br />
+ <span class="indent">
+ CacheRoot c:/cacheroot<br />
+ CacheEnable disk /<br />
+ CacheDirLevels 5<br />
+ CacheDirLength 3<br />
+ </span>
+ </IfModule> <br />
+ <br />
+ LoadModule mem_cache_module modules/mod_mem_cache.so<br />
+ <IfModule mod_mem_cache.c><br />
+ <span class="indent">
+ CacheEnable mem /<br />
+ MCacheSize 4096<br />
+ MCacheMaxObjectCount 100<br />
+ MCacheMinObjectSize 1<br />
+ MCacheMaxObjectSize 2048<br />
+ </span>
+ </IfModule><br />
+ <br />
+ # When acting as a proxy, don't cache the list of security updates<br />
+ CacheDisable http://security.update.server/update-list/<br />
+ </span>
+ </IfModule>
+ </code></p></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="thunderingherd" id="thunderingherd">Avoiding the Thundering Herd</a></h2>
+ <p>When a cached entry becomes stale, <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> will submit
+ a conditional request to the backend, which is expected to confirm whether the
+ cached entry is still fresh, and send an updated entity if not.</p>
+ <p>A small but finite amount of time exists between the time the cached entity
+ becomes stale, and the time the stale entity is fully refreshed. On a busy
+ server, a significant number of requests might arrive during this time, and
+ cause a <strong>thundering herd</strong> of requests to strike the backend
+ suddenly and unpredictably.</p>
+ <p>To keep the thundering herd at bay, the <code class="directive">CacheLock</code>
+ directive can be used to define a directory in which locks are created for
+ URLs <strong>in flight</strong>. The lock is used as a <strong>hint</strong>
+ by other requests to either suppress an attempt to cache (someone else has
+ gone to fetch the entity), or to indicate that a stale entry is being refreshed
+ (stale content will be returned in the mean time).
+ </p>
+ <h3>Initial caching of an entry</h3>
+
+ <p>When an entity is cached for the first time, a lock will be created for the
+ entity until the response has been fully cached. During the lifetime of the
+ lock, the cache will suppress the second and subsequent attempt to cache the
+ same entity. While this doesn't hold back the thundering herd, it does stop
+ the cache attempting to cache the same entity multiple times simultaneously.
+ </p>
+
+ <h3>Refreshment of a stale entry</h3>
+
+ <p>When an entity reaches its freshness lifetime and becomes stale, a lock
+ will be created for the entity until the response has either been confirmed as
+ still fresh, or replaced by the backend. During the lifetime of the lock, the
+ second and subsequent incoming request will cause stale data to be returned,
+ and the thundering herd is kept at bay.</p>
+
+ <h3>Locks and Cache-Control: no-cache</h3>
+
+ <p>Locks are used as a <strong>hint only</strong> to enable the cache to be
+ more gentle on backend servers, however the lock can be overridden if necessary.
+ If the client sends a request with a Cache-Control header forcing a reload, any
+ lock that may be present will be ignored, and the client's request will be
+ honoured immediately and the cached entry refreshed.</p>
+ <p>As a further safety mechanism, locks have a configurable maximum age.
+ Once this age has been reached, the lock is removed, and a new request is
+ given the opportunity to create a new lock. This maximum age can be set using
+ the <code class="directive">CacheLockMaxAge</code> directive, and defaults to 5
+ seconds.
+ </p>
+
+ <h3>Example configuration</h3>
+
+ <div class="example"><h3>Enabling the cache lock</h3><p><code>
+ #<br />
+ # Enable the cache lock<br />
+ #<br />
+ <IfModule mod_cache.c><br />
+ <span class="indent">
+ CacheLock on<br />
+ CacheLockPath /tmp/mod_cache-lock<br />
+ CacheLockMaxAge 5<br />
+ </span>
+ </IfModule>
+ </code></p></div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CacheDefaultExpire" id="CacheDefaultExpire">CacheDefaultExpire</a> <a name="cachedefaultexpire" id="cachedefaultexpire">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The default duration to cache a document when no expiry date is specified.</td></tr>
<li><code class="directive"><a href="#cacheignorecachecontrol">CacheIgnoreCacheControl</a></code></li>
<li><code class="directive"><a href="#cachestorenostore">CacheStoreNoStore</a></code></li>
</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="related" id="related">Related Modules and Directives</a></h2>
- <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_disk_cache.html">mod_disk_cache</a></code></li><li><code class="module"><a href="../mod/mod_mem_cache.html">mod_mem_cache</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/mod_disk_cache.html#cacheroot">CacheRoot</a></code></li><li><code class="directive"><a href="../mod/mod_disk_cache.html#cachedirlevels">CacheDirLevels</a></code></li><li><code class="directive"><a href="../mod/mod_disk_cache.html#cachedirlength">CacheDirLength</a></code></li><li><code class="directive"><a href="../mod/mod_disk_cache.html#cacheminfilesize">CacheMinFileSize</a></code></li><li><code class="directive"><a href="../mod/mod_disk_cache.html#cachemaxfilesize">CacheMaxFileSize</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcachesize">MCacheSize</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcachemaxobjectcount">MCacheMaxObjectCount</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcacheminobjectsize">MCacheMinObjectSize</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcachemaxobjectsize">MCacheMaxObjectSize</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcacheremovalalgorithm">MCacheRemovalAlgorithm</a></code></li><li><code class="directive"><a href="../mod/mod_mem_cache.html#mcachemaxstreamingbuffer">MCacheMaxStreamingBuffer</a></code></li></ul></td></tr></table>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="sampleconf" id="sampleconf">Sample Configuration</a></h2>
- <div class="example"><h3>Sample httpd.conf</h3><p><code>
- #<br />
- # Sample Cache Configuration<br />
- #<br />
- LoadModule cache_module modules/mod_cache.so<br />
- <br />
- <IfModule mod_cache.c><br />
- <span class="indent">
- #LoadModule disk_cache_module modules/mod_disk_cache.so<br />
- # If you want to use mod_disk_cache instead of mod_mem_cache,<br />
- # uncomment the line above and comment out the LoadModule line below.<br />
- <IfModule mod_disk_cache.c><br />
- <span class="indent">
- CacheRoot c:/cacheroot<br />
- CacheEnable disk /<br />
- CacheDirLevels 5<br />
- CacheDirLength 3<br />
- </span>
- </IfModule> <br />
- <br />
- LoadModule mem_cache_module modules/mod_mem_cache.so<br />
- <IfModule mod_mem_cache.c><br />
- <span class="indent">
- CacheEnable mem /<br />
- MCacheSize 4096<br />
- MCacheMaxObjectCount 100<br />
- MCacheMinObjectSize 1<br />
- MCacheMaxObjectSize 2048<br />
- </span>
- </IfModule><br />
- <br />
- # When acting as a proxy, don't cache the list of security updates<br />
- CacheDisable http://security.update.server/update-list/<br />
- </span>
- </IfModule>
- </code></p></div>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="thunderingherd" id="thunderingherd">Avoiding the Thundering Herd</a></h2>
- <p>When a cached entry becomes stale, <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> will submit
- a conditional request to the backend, which is expected to confirm whether the
- cached entry is still fresh, and send an updated entity if not.</p>
- <p>A small but finite amount of time exists between the time the cached entity
- becomes stale, and the time the stale entity is fully refreshed. On a busy
- server, a significant number of requests might arrive during this time, and
- cause a <strong>thundering herd</strong> of requests to strike the backend
- suddenly and unpredictably.</p>
- <p>To keep the thundering herd at bay, the <code class="directive">CacheLock</code>
- directive can be used to define a directory in which locks are created for
- URLs <strong>in flight</strong>. The lock is used as a <strong>hint</strong>
- by other requests to either suppress an attempt to cache (someone else has
- gone to fetch the entity), or to indicate that a stale entry is being refreshed
- (stale content will be returned in the mean time).
- </p>
- <h3>Initial caching of an entry</h3>
-
- <p>When an entity is cached for the first time, a lock will be created for the
- entity until the response has been fully cached. During the lifetime of the
- lock, the cache will suppress the second and subsequent attempt to cache the
- same entity. While this doesn't hold back the thundering herd, it does stop
- the cache attempting to cache the same entity multiple times simultaneously.
- </p>
-
- <h3>Refreshment of a stale entry</h3>
-
- <p>When an entity reaches its freshness lifetime and becomes stale, a lock
- will be created for the entity until the response has either been confirmed as
- still fresh, or replaced by the backend. During the lifetime of the lock, the
- second and subsequent incoming request will cause stale data to be returned,
- and the thundering herd is kept at bay.</p>
-
- <h3>Locks and Cache-Control: no-cache</h3>
-
- <p>Locks are used as a <strong>hint only</strong> to enable the cache to be
- more gentle on backend servers, however the lock can be overridden if necessary.
- If the client sends a request with a Cache-Control header forcing a reload, any
- lock that may be present will be ignored, and the client's request will be
- honoured immediately and the cached entry refreshed.</p>
- <p>As a further safety mechanism, locks have a configurable maximum age.
- Once this age has been reached, the lock is removed, and a new request is
- given the opportunity to create a new lock. This maximum age can be set using
- the <code class="directive">CacheLockMaxAge</code> directive, and defaults to 5
- seconds.
- </p>
-
- <h3>Example configuration</h3>
-
- <div class="example"><h3>Enabling the cache lock</h3><p><code>
- #<br />
- # Enable the cache lock<br />
- #<br />
- <IfModule mod_cache.c><br />
- <span class="indent">
- CacheLock on<br />
- CacheLockPath /tmp/mod_cache-lock<br />
- CacheLockMaxAge 5<br />
- </span>
- </IfModule>
- </code></p></div>
-
</div>
</div>
<div class="bottomlang">
<li><code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code></li>
<li><code class="module"><a href="../mod/mod_asis.html">mod_asis</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="MetaDir" id="MetaDir">MetaDir</a> <a name="metadir" id="metadir">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_cern_meta.html" title="English"> en </a> |
for any file with the mime-type <code>application/x-httpd-cgi</code>. The
use of the magic mime-type is deprecated.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#env">CGI Environment variables</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cgi-debug">CGI Debugging</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#scriptlog">ScriptLog</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#scriptlogbuffer">ScriptLogBuffer</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#scriptloglength">ScriptLogLength</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#env">CGI Environment variables</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#cgi-debug">CGI Debugging</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/core.html#acceptpathinfo">AcceptPathInfo</a></code></li>
<li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li>
<li><a href="http://www.ietf.org/rfc/rfc3875">CGI Specification</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ScriptLog" id="ScriptLog">ScriptLog</a> <a name="scriptlog" id="scriptlog">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Location of the CGI script error logfile</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLog <var>file-path</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
-</table>
- <p>The <code class="directive">ScriptLog</code> directive sets the CGI
- script error logfile. If no <code class="directive">ScriptLog</code> is given,
- no error log is created. If given, any CGI errors are logged into the
- filename given as argument. If this is a relative file or path it is
- taken relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.
- </p>
-
- <div class="example"><h3>Example</h3><p><code>
- ScriptLog logs/cgi_log
- </code></p></div>
-
- <p>This log will be opened as the user the child processes run
- as, <em>i.e.</em> the user specified in the main <code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> directive. This means that
- either the directory the script log is in needs to be writable
- by that user or the file needs to be manually created and set
- to be writable by that user. If you place the script log in
- your main logs directory, do <strong>NOT</strong> change the
- directory permissions to make it writable by the user the child
- processes run as.</p>
-
- <p>Note that script logging is meant to be a debugging feature
- when writing CGI scripts, and is not meant to be activated
- continuously on running servers. It is not optimized for speed
- or efficiency, and may have security problems if used in a
- manner other than that for which it was designed.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ScriptLogBuffer" id="ScriptLogBuffer">ScriptLogBuffer</a> <a name="scriptlogbuffer" id="scriptlogbuffer">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum amount of PUT or POST requests that will be recorded
-in the scriptlog</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLogBuffer <var>bytes</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ScriptLogBuffer 1024</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
-</table>
- <p>The size of any PUT or POST entity body that is logged to
- the file is limited, to prevent the log file growing too big
- too quickly if large bodies are being received. By default, up
- to 1024 bytes are logged, but this can be changed with this
- directive.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ScriptLogLength" id="ScriptLogLength">ScriptLogLength</a> <a name="scriptloglength" id="scriptloglength">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Size limit of the CGI script logfile</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLogLength <var>bytes</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ScriptLogLength 10385760</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
-</table>
- <p><code class="directive">ScriptLogLength</code> can be used to limit the
- size of the CGI script logfile. Since the logfile logs a lot of
- information per CGI error (all request headers, all script output)
- it can grow to be a big file. To prevent problems due to unbounded
- growth, this directive can be used to set an maximum file-size for
- the CGI logfile. If the file exceeds this size, no more
- information will be written to it.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="env" id="env">CGI Environment variables</a></h2>
<p>The server will set the CGI environment variables as described
<p>(The %stdout and %stderr parts may be missing if the script did
not output anything on standard output or standard error).</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ScriptLog" id="ScriptLog">ScriptLog</a> <a name="scriptlog" id="scriptlog">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Location of the CGI script error logfile</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLog <var>file-path</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
+</table>
+ <p>The <code class="directive">ScriptLog</code> directive sets the CGI
+ script error logfile. If no <code class="directive">ScriptLog</code> is given,
+ no error log is created. If given, any CGI errors are logged into the
+ filename given as argument. If this is a relative file or path it is
+ taken relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.
+ </p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ScriptLog logs/cgi_log
+ </code></p></div>
+
+ <p>This log will be opened as the user the child processes run
+ as, <em>i.e.</em> the user specified in the main <code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> directive. This means that
+ either the directory the script log is in needs to be writable
+ by that user or the file needs to be manually created and set
+ to be writable by that user. If you place the script log in
+ your main logs directory, do <strong>NOT</strong> change the
+ directory permissions to make it writable by the user the child
+ processes run as.</p>
+
+ <p>Note that script logging is meant to be a debugging feature
+ when writing CGI scripts, and is not meant to be activated
+ continuously on running servers. It is not optimized for speed
+ or efficiency, and may have security problems if used in a
+ manner other than that for which it was designed.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ScriptLogBuffer" id="ScriptLogBuffer">ScriptLogBuffer</a> <a name="scriptlogbuffer" id="scriptlogbuffer">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum amount of PUT or POST requests that will be recorded
+in the scriptlog</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLogBuffer <var>bytes</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ScriptLogBuffer 1024</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
+</table>
+ <p>The size of any PUT or POST entity body that is logged to
+ the file is limited, to prevent the log file growing too big
+ too quickly if large bodies are being received. By default, up
+ to 1024 bytes are logged, but this can be changed with this
+ directive.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ScriptLogLength" id="ScriptLogLength">ScriptLogLength</a> <a name="scriptloglength" id="scriptloglength">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Size limit of the CGI script logfile</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLogLength <var>bytes</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ScriptLogLength 10385760</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
+</table>
+ <p><code class="directive">ScriptLogLength</code> can be used to limit the
+ size of the CGI script logfile. Since the logfile logs a lot of
+ information per CGI error (all request headers, all script output)
+ it can grow to be a big file. To prevent problems due to unbounded
+ growth, this directive can be used to set an maximum file-size for
+ the CGI logfile. If the file exceeds this size, no more
+ information will be written to it.</p>
+
</div>
</div>
<div class="bottomlang">
<li><a href="../suexec.html">Running CGI programs under different
user IDs</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CGIDScriptTimeout" id="CGIDScriptTimeout">CGIDScriptTimeout</a> <a name="cgidscripttimeout" id="cgidscripttimeout">Directive</a></h2>
<table class="directive">
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_cgid.html" title="English"> en </a> |
mechanisms implemented by Russian Apache and its associated
<code>mod_charset</code>.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#problems">Common Problems</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#charsetdefault">CharsetDefault</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#charsetoptions">CharsetOptions</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#charsetsourceenc">CharsetSourceEnc</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#problems">Common Problems</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="problems" id="problems">Common Problems</a></h2>
+
+ <h3>Invalid character set names</h3>
+
+ <p>The character set name parameters of <code class="directive"><a href="#charsetsourceenc">CharsetSourceEnc</a></code> and
+ <code class="directive"><a href="#charsetdefault">CharsetDefault</a></code>
+ must be acceptable to the translation mechanism used by
+ <a class="glossarylink" href="../glossary.html#apr" title="see glossary">APR</a> on the system where
+ <code class="module"><a href="../mod/mod_charset_lite.html">mod_charset_lite</a></code> is deployed. These character
+ set names are not standardized and are usually not the same as
+ the corresponding values used in http headers. Currently, APR
+ can only use iconv(3), so you can easily test your character set
+ names using the iconv(1) program, as follows:</p>
+
+ <div class="example"><p><code>
+ iconv -f charsetsourceenc-value -t charsetdefault-value
+ </code></p></div>
+
+
+ <h3>Mismatch between character set of content and translation
+ rules</h3>
+
+ <p>If the translation rules don't make sense for the content,
+ translation can fail in various ways, including:</p>
+
+ <ul>
+ <li>The translation mechanism may return a bad return code,
+ and the connection will be aborted.</li>
+
+ <li>The translation mechanism may silently place special
+ characters (e.g., question marks) in the output buffer when
+ it cannot translate the input buffer.</li>
+ </ul>
+
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CharsetDefault" id="CharsetDefault">CharsetDefault</a> <a name="charsetdefault" id="charsetdefault">Directive</a></h2>
<table class="directive">
<p>The character set names in this example work with the iconv
translation support in Solaris 8.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="problems" id="problems">Common Problems</a></h2>
-
- <h3>Invalid character set names</h3>
-
- <p>The character set name parameters of <code class="directive"><a href="#charsetsourceenc">CharsetSourceEnc</a></code> and
- <code class="directive"><a href="#charsetdefault">CharsetDefault</a></code>
- must be acceptable to the translation mechanism used by
- <a class="glossarylink" href="../glossary.html#apr" title="see glossary">APR</a> on the system where
- <code class="module"><a href="../mod/mod_charset_lite.html">mod_charset_lite</a></code> is deployed. These character
- set names are not standardized and are usually not the same as
- the corresponding values used in http headers. Currently, APR
- can only use iconv(3), so you can easily test your character set
- names using the iconv(1) program, as follows:</p>
-
- <div class="example"><p><code>
- iconv -f charsetsourceenc-value -t charsetdefault-value
- </code></p></div>
-
-
- <h3>Mismatch between character set of content and translation
- rules</h3>
-
- <p>If the translation rules don't make sense for the content,
- translation can fail in various ways, including:</p>
-
- <ul>
- <li>The translation mechanism may return a bad return code,
- and the connection will be aborted.</li>
-
- <li>The translation mechanism may silently place special
- characters (e.g., question marks) in the output buffer when
- it cannot translate the input buffer.</li>
- </ul>
-
</div>
</div>
<div class="bottomlang">
copying, and deleting resources and collections on a remote web
server.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#example">Enabling WebDAV</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Issues</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#complex">Complex Configurations</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#dav">Dav</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#davdepthinfinity">DavDepthInfinity</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#davmintimeout">DavMinTimeout</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#example">Enabling WebDAV</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Issues</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#complex">Complex Configurations</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/mod_dav_fs.html#davlockdb">DavLockDB</a></code></li>
<li><code class="directive"><a href="../mod/core.html#limitxmlrequestbody">LimitXMLRequestBody</a></code></li>
<li><a href="http://www.webdav.org">WebDAV Resources</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="Dav" id="Dav">Dav</a> <a name="dav" id="dav">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable WebDAV HTTP methods</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Dav On|Off|<var>provider-name</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>Dav Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_dav</td></tr>
-</table>
- <p>Use the <code class="directive">Dav</code> directive to enable the
- WebDAV HTTP methods for the given container:</p>
-
- <div class="example"><p><code>
- <Location /foo><br />
- <span class="indent">
- Dav On<br />
- </span>
- </Location>
- </code></p></div>
-
- <p>The value <code>On</code> is actually an alias for the default
- provider <code>filesystem</code> which is served by the <code class="module"><a href="../mod/mod_dav_fs.html">mod_dav_fs</a></code> module. Note, that once you have DAV enabled
- for some location, it <em>cannot</em> be disabled for sublocations.
- For a complete configuration example have a look at the <a href="#example">section above</a>.</p>
-
- <div class="warning">
- Do not enable WebDAV until you have secured your server. Otherwise
- everyone will be able to distribute files on your system.
- </div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="DavDepthInfinity" id="DavDepthInfinity">DavDepthInfinity</a> <a name="davdepthinfinity" id="davdepthinfinity">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Allow PROPFIND, Depth: Infinity requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>DavDepthInfinity on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>DavDepthInfinity off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_dav</td></tr>
-</table>
- <p>Use the <code class="directive">DavDepthInfinity</code> directive to
- allow the processing of <code>PROPFIND</code> requests containing the
- header 'Depth: Infinity'. Because this type of request could constitute
- a denial-of-service attack, by default it is not allowed.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="DavMinTimeout" id="DavMinTimeout">DavMinTimeout</a> <a name="davmintimeout" id="davmintimeout">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Minimum amount of time the server holds a lock on
-a DAV resource</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>DavMinTimeout <var>seconds</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>DavMinTimeout 0</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_dav</td></tr>
-</table>
- <p>When a client requests a DAV resource lock, it can also
- specify a time when the lock will be automatically removed by
- the server. This value is only a request, and the server can
- ignore it or inform the client of an arbitrary value.</p>
-
- <p>Use the <code class="directive">DavMinTimeout</code> directive to specify, in
- seconds, the minimum lock timeout to return to a client.
- Microsoft Web Folders defaults to a timeout of 120 seconds; the
- <code class="directive">DavMinTimeout</code> can override this to a higher value
- (like 600 seconds) to reduce the chance of the client losing
- the lock due to network latency.</p>
-
- <div class="example"><h3>Example</h3><p><code>
- <Location /MSWord><br />
- <span class="indent">
- DavMinTimeout 600<br />
- </span>
- </Location>
- </code></p></div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="example" id="example">Enabling WebDAV</a></h2>
<p>To enable <code class="module"><a href="../mod/mod_dav.html">mod_dav</a></code>, add the following to a
<code>http://example.com/php-source</code> can be used with a DAV
client to manipulate them.</p>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="Dav" id="Dav">Dav</a> <a name="dav" id="dav">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable WebDAV HTTP methods</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Dav On|Off|<var>provider-name</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>Dav Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_dav</td></tr>
+</table>
+ <p>Use the <code class="directive">Dav</code> directive to enable the
+ WebDAV HTTP methods for the given container:</p>
+
+ <div class="example"><p><code>
+ <Location /foo><br />
+ <span class="indent">
+ Dav On<br />
+ </span>
+ </Location>
+ </code></p></div>
+
+ <p>The value <code>On</code> is actually an alias for the default
+ provider <code>filesystem</code> which is served by the <code class="module"><a href="../mod/mod_dav_fs.html">mod_dav_fs</a></code> module. Note, that once you have DAV enabled
+ for some location, it <em>cannot</em> be disabled for sublocations.
+ For a complete configuration example have a look at the <a href="#example">section above</a>.</p>
+
+ <div class="warning">
+ Do not enable WebDAV until you have secured your server. Otherwise
+ everyone will be able to distribute files on your system.
+ </div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="DavDepthInfinity" id="DavDepthInfinity">DavDepthInfinity</a> <a name="davdepthinfinity" id="davdepthinfinity">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Allow PROPFIND, Depth: Infinity requests</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>DavDepthInfinity on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>DavDepthInfinity off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_dav</td></tr>
+</table>
+ <p>Use the <code class="directive">DavDepthInfinity</code> directive to
+ allow the processing of <code>PROPFIND</code> requests containing the
+ header 'Depth: Infinity'. Because this type of request could constitute
+ a denial-of-service attack, by default it is not allowed.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="DavMinTimeout" id="DavMinTimeout">DavMinTimeout</a> <a name="davmintimeout" id="davmintimeout">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Minimum amount of time the server holds a lock on
+a DAV resource</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>DavMinTimeout <var>seconds</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>DavMinTimeout 0</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_dav</td></tr>
+</table>
+ <p>When a client requests a DAV resource lock, it can also
+ specify a time when the lock will be automatically removed by
+ the server. This value is only a request, and the server can
+ ignore it or inform the client of an arbitrary value.</p>
+
+ <p>Use the <code class="directive">DavMinTimeout</code> directive to specify, in
+ seconds, the minimum lock timeout to return to a client.
+ Microsoft Web Folders defaults to a timeout of 120 seconds; the
+ <code class="directive">DavMinTimeout</code> can override this to a higher value
+ (like 600 seconds) to reduce the chance of the client losing
+ the lock due to network latency.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ <Location /MSWord><br />
+ <span class="indent">
+ DavMinTimeout 600<br />
+ </span>
+ </Location>
+ </code></p></div>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_dav.html" title="English"> en </a> |
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_dav.html">mod_dav</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DavLockDB" id="DavLockDB">DavLockDB</a> <a name="davlockdb" id="davlockdb">Directive</a></h2>
<table class="directive">
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_dav_fs.html" title="English"> en </a> |
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_dav.html">mod_dav</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DavGenericLockDB" id="DavGenericLockDB">DavGenericLockDB</a> <a name="davgenericlockdb" id="davgenericlockdb">Directive</a></h2>
<table class="directive">
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_dav_lock.html" title="English"> en </a> |
by its original developer.
</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#pooling">Connection Pooling</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#API">Apache DBD API</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#prepared">SQL Prepared Statements</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#security">SECURITY WARNING</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#dbdexptime">DBDExptime</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#dbdkeep">DBDKeep</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#dbdpreparesql">DBDPrepareSQL</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#dbdriver">DBDriver</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#pooling">Connection Pooling</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#API">Apache DBD API</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#prepared">SQL Prepared Statements</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#security">SECURITY WARNING</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="../misc/password_encryptions.html">Password Formats</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="pooling" id="pooling">Connection Pooling</a></h2>
+ <p>This module manages database connections, in a manner
+ optimised for the platform. On non-threaded platforms,
+ it provides a persistent connection in the manner of
+ classic LAMP (Linux, Apache, Mysql, Perl/PHP/Python).
+ On threaded platform, it provides an altogether more
+ scalable and efficient <em>connection pool</em>, as
+ described in <a href="http://www.apachetutor.org/dev/reslist">this
+ article at ApacheTutor</a>. Note that <code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code>
+ supersedes the modules presented in that article.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="API" id="API">Apache DBD API</a></h2>
+ <p><code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> exports five functions for other modules
+ to use. The API is as follows:</p>
+
+ <div class="example"><pre><code>typedef struct {
+ apr_dbd_t *handle;
+ apr_dbd_driver_t *driver;
+ apr_hash_t *prepared;
+} ap_dbd_t;
+
+/* Export functions to access the database */
+
+/* acquire a connection that MUST be explicitly closed.
+ * Returns NULL on error
+ */
+AP_DECLARE(ap_dbd_t*) ap_dbd_open(apr_pool_t*, server_rec*);
+
+/* release a connection acquired with ap_dbd_open */
+AP_DECLARE(void) ap_dbd_close(server_rec*, ap_dbd_t*);
+
+/* acquire a connection that will have the lifetime of a request
+ * and MUST NOT be explicitly closed. Return NULL on error.
+ * This is the preferred function for most applications.
+ */
+AP_DECLARE(ap_dbd_t*) ap_dbd_acquire(request_rec*);
+
+/* acquire a connection that will have the lifetime of a connection
+ * and MUST NOT be explicitly closed. Return NULL on error.
+ */
+AP_DECLARE(ap_dbd_t*) ap_dbd_cacquire(conn_rec*);
+
+/* Prepare a statement for use by a client module */
+AP_DECLARE(void) ap_dbd_prepare(server_rec*, const char*, const char*);
+
+/* Also export them as optional functions for modules that prefer it */
+APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_open, (apr_pool_t*, server_rec*));
+APR_DECLARE_OPTIONAL_FN(void, ap_dbd_close, (server_rec*, ap_dbd_t*));
+APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_acquire, (request_rec*));
+APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_cacquire, (conn_rec*));
+APR_DECLARE_OPTIONAL_FN(void, ap_dbd_prepare, (server_rec*, const char*, const char*));
+</code></pre></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="prepared" id="prepared">SQL Prepared Statements</a></h2>
+ <p><code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> supports SQL prepared statements on behalf
+ of modules that may wish to use them. Each prepared statement
+ must be assigned a name (label), and they are stored in a hash:
+ the <code>prepared</code> field of an <code>ap_dbd_t</code>.
+ Hash entries are of type <code>apr_dbd_prepared_t</code>
+ and can be used in any of the apr_dbd prepared statement
+ SQL query or select commands.</p>
+
+ <p>It is up to dbd user modules to use the prepared statements
+ and document what statements can be specified in httpd.conf,
+ or to provide their own directives and use <code>ap_dbd_prepare</code>.</p>
+ <div class="warning"><h3>Caveat</h3>
+ When using prepared statements with a MySQL database, it is preferred to set
+ <code>reconnect</code> to 0 in the connection string as to avoid errors that
+ arise from the MySQL client reconnecting without properly resetting the
+ prepared statements. If set to 1, any broken connections will be attempted
+ fixed, but as mod_dbd is not informed, the prepared statements will be invalidated.
+ </div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="security" id="security">SECURITY WARNING</a></h2>
+
+ <p>Any web/database application needs to secure itself against SQL
+ injection attacks. In most cases, Apache DBD is safe, because
+ applications use prepared statements, and untrusted inputs are
+ only ever used as data. Of course, if you use it via third-party
+ modules, you should ascertain what precautions they may require.</p>
+ <p>However, the <var>FreeTDS</var> driver is inherently
+ <strong>unsafe</strong>. The underlying library doesn't support
+ prepared statements, so the driver emulates them, and the
+ untrusted input is merged into the SQL statement.</p>
+ <p>It can be made safe by <em>untainting</em> all inputs:
+ a process inspired by Perl's taint checking. Each input
+ is matched against a regexp, and only the match is used,
+ according to the Perl idiom:</p>
+ <div class="example"><pre><code> $untrusted =~ /([a-z]+)/;
+ $trusted = $1;</code></pre></div>
+ <p>To use this, the untainting regexps must be included in the
+ prepared statements configured. The regexp follows immediately
+ after the % in the prepared statement, and is enclosed in
+ curly brackets {}. For example, if your application expects
+ alphanumeric input, you can use:</p>
+ <div class="example"><p><code>
+ <code>"SELECT foo FROM bar WHERE input = %s"</code>
+ </code></p></div>
+ <p>with other drivers, and suffer nothing worse than a failed query.
+ But with FreeTDS you'd need:</p>
+ <div class="example"><p><code>
+ <code>"SELECT foo FROM bar WHERE input = %{([A-Za-z0-9]+)}s"</code>
+ </code></p></div>
+ <p>Now anything that doesn't match the regexp's $1 match is
+ discarded, so the statement is safe.</p>
+ <p>An alternative to this may be the third-party ODBC driver,
+ which offers the security of genuine prepared statements.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DBDExptime" id="DBDExptime">DBDExptime</a> <a name="dbdexptime" id="dbdexptime">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Keepalive time for idle connections</td></tr>
driver in apr_dbd_mysql.so.</p>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="pooling" id="pooling">Connection Pooling</a></h2>
- <p>This module manages database connections, in a manner
- optimised for the platform. On non-threaded platforms,
- it provides a persistent connection in the manner of
- classic LAMP (Linux, Apache, Mysql, Perl/PHP/Python).
- On threaded platform, it provides an altogether more
- scalable and efficient <em>connection pool</em>, as
- described in <a href="http://www.apachetutor.org/dev/reslist">this
- article at ApacheTutor</a>. Note that <code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code>
- supersedes the modules presented in that article.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="API" id="API">Apache DBD API</a></h2>
- <p><code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> exports five functions for other modules
- to use. The API is as follows:</p>
-
- <div class="example"><pre><code>typedef struct {
- apr_dbd_t *handle;
- apr_dbd_driver_t *driver;
- apr_hash_t *prepared;
-} ap_dbd_t;
-
-/* Export functions to access the database */
-
-/* acquire a connection that MUST be explicitly closed.
- * Returns NULL on error
- */
-AP_DECLARE(ap_dbd_t*) ap_dbd_open(apr_pool_t*, server_rec*);
-
-/* release a connection acquired with ap_dbd_open */
-AP_DECLARE(void) ap_dbd_close(server_rec*, ap_dbd_t*);
-
-/* acquire a connection that will have the lifetime of a request
- * and MUST NOT be explicitly closed. Return NULL on error.
- * This is the preferred function for most applications.
- */
-AP_DECLARE(ap_dbd_t*) ap_dbd_acquire(request_rec*);
-
-/* acquire a connection that will have the lifetime of a connection
- * and MUST NOT be explicitly closed. Return NULL on error.
- */
-AP_DECLARE(ap_dbd_t*) ap_dbd_cacquire(conn_rec*);
-
-/* Prepare a statement for use by a client module */
-AP_DECLARE(void) ap_dbd_prepare(server_rec*, const char*, const char*);
-
-/* Also export them as optional functions for modules that prefer it */
-APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_open, (apr_pool_t*, server_rec*));
-APR_DECLARE_OPTIONAL_FN(void, ap_dbd_close, (server_rec*, ap_dbd_t*));
-APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_acquire, (request_rec*));
-APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_cacquire, (conn_rec*));
-APR_DECLARE_OPTIONAL_FN(void, ap_dbd_prepare, (server_rec*, const char*, const char*));
-</code></pre></div>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="prepared" id="prepared">SQL Prepared Statements</a></h2>
- <p><code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> supports SQL prepared statements on behalf
- of modules that may wish to use them. Each prepared statement
- must be assigned a name (label), and they are stored in a hash:
- the <code>prepared</code> field of an <code>ap_dbd_t</code>.
- Hash entries are of type <code>apr_dbd_prepared_t</code>
- and can be used in any of the apr_dbd prepared statement
- SQL query or select commands.</p>
-
- <p>It is up to dbd user modules to use the prepared statements
- and document what statements can be specified in httpd.conf,
- or to provide their own directives and use <code>ap_dbd_prepare</code>.</p>
- <div class="warning"><h3>Caveat</h3>
- When using prepared statements with a MySQL database, it is preferred to set
- <code>reconnect</code> to 0 in the connection string as to avoid errors that
- arise from the MySQL client reconnecting without properly resetting the
- prepared statements. If set to 1, any broken connections will be attempted
- fixed, but as mod_dbd is not informed, the prepared statements will be invalidated.
- </div>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="security" id="security">SECURITY WARNING</a></h2>
-
- <p>Any web/database application needs to secure itself against SQL
- injection attacks. In most cases, Apache DBD is safe, because
- applications use prepared statements, and untrusted inputs are
- only ever used as data. Of course, if you use it via third-party
- modules, you should ascertain what precautions they may require.</p>
- <p>However, the <var>FreeTDS</var> driver is inherently
- <strong>unsafe</strong>. The underlying library doesn't support
- prepared statements, so the driver emulates them, and the
- untrusted input is merged into the SQL statement.</p>
- <p>It can be made safe by <em>untainting</em> all inputs:
- a process inspired by Perl's taint checking. Each input
- is matched against a regexp, and only the match is used,
- according to the Perl idiom:</p>
- <div class="example"><pre><code> $untrusted =~ /([a-z]+)/;
- $trusted = $1;</code></pre></div>
- <p>To use this, the untainting regexps must be included in the
- prepared statements configured. The regexp follows immediately
- after the % in the prepared statement, and is enclosed in
- curly brackets {}. For example, if your application expects
- alphanumeric input, you can use:</p>
- <div class="example"><p><code>
- <code>"SELECT foo FROM bar WHERE input = %s"</code>
- </code></p></div>
- <p>with other drivers, and suffer nothing worse than a failed query.
- But with FreeTDS you'd need:</p>
- <div class="example"><p><code>
- <code>"SELECT foo FROM bar WHERE input = %{([A-Za-z0-9]+)}s"</code>
- </code></p></div>
- <p>Now anything that doesn't match the regexp's $1 match is
- discarded, so the statement is safe.</p>
- <p>An alternative to this may be the third-party ODBC driver,
- which offers the security of genuine prepared statements.</p>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_dbd.html" title="English"> en </a></p>
your server to be compressed before being sent to the client over
the network.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#recommended">Sample Configurations</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#enable">Enabling Compression</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#proxies">Dealing with proxy servers</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#deflatebuffersize">DeflateBufferSize</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#deflatecompressionlevel">DeflateCompressionLevel</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#deflatememlevel">DeflateMemLevel</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#deflatewindowsize">DeflateWindowSize</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#recommended">Sample Configurations</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#enable">Enabling Compression</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#proxies">Dealing with proxy servers</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="../filter.html">Filters</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="recommended" id="recommended">Sample Configurations</a></h2>
+ <div class="warning"><h3>Compression and TLS</h3>
+ <p>Some web applications are vulnerable to an information disclosure
+ attack when a TLS connection carries deflate compressed data. For more
+ information, review the details of the "BREACH" family of attacks.</p>
+ </div>
+ <p>This is a simple configuration that compresses common text-based content types.</p>
+
+ <div class="example"><h3>Compress only a few types</h3><pre class="prettyprint lang-config">AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript</pre>
+</div>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="enable" id="enable">Enabling Compression</a></h2>
+
+ <h3><a name="output" id="output">Output Compression</a></h3>
+ <p>Compression is implemented by the <code>DEFLATE</code>
+ <a href="../filter.html">filter</a>. The following directive
+ will enable compression for documents in the container where it
+ is placed:</p>
+
+ <div class="example"><p><code>
+ SetOutputFilter DEFLATE
+ </code></p></div>
+
+ <p>Some popular browsers cannot handle compression of all content
+ so you may want to set the <code>gzip-only-text/html</code> note to
+ <code>1</code> to only allow html files to be compressed (see
+ below). If you set this to <em>anything but <code>1</code></em> it
+ will be ignored.</p>
+
+ <p>If you want to restrict the compression to particular MIME types
+ in general, you may use the <code class="directive"><a href="../mod/core.html#addoutputfilterbytype">AddOutputFilterByType</a></code> directive. Here is an example of
+ enabling compression only for the html files of the Apache
+ documentation:</p>
+
+ <div class="example"><p><code>
+ <Directory "/your-server-root/manual"><br />
+ <span class="indent">
+ AddOutputFilterByType DEFLATE text/html<br />
+ </span>
+ </Directory>
+ </code></p></div>
+
+ <p>For browsers that have problems even with compression of all file
+ types, use the <code class="directive"><a href="../mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code> directive to set the <code>no-gzip</code>
+ note for that particular browser so that no compression will be
+ performed. You may combine <code>no-gzip</code> with <code>gzip-only-text/html</code> to get the best results. In that case
+ the former overrides the latter. Take a look at the following
+ excerpt from the <a href="#recommended">configuration example</a>
+ defined in the section above:</p>
+
+ <div class="example"><p><code>
+ BrowserMatch ^Mozilla/4 gzip-only-text/html<br />
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip<br />
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ </code></p></div>
+
+ <p>At first we probe for a <code>User-Agent</code> string that
+ indicates a Netscape Navigator version of 4.x. These versions
+ cannot handle compression of types other than
+ <code>text/html</code>. The versions 4.06, 4.07 and 4.08 also
+ have problems with decompressing html files. Thus, we completely
+ turn off the deflate filter for them.</p>
+
+ <p>The third <code class="directive"><a href="../mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code>
+ directive fixes the guessed identity of the user agent, because
+ the Microsoft Internet Explorer identifies itself also as "Mozilla/4"
+ but is actually able to handle requested compression. Therefore we
+ match against the additional string "MSIE" (<code>\b</code> means
+ "word boundary") in the <code>User-Agent</code> Header and turn off
+ the restrictions defined before.</p>
+
+ <div class="note"><h3>Note</h3>
+ The <code>DEFLATE</code> filter is always inserted after RESOURCE
+ filters like PHP or SSI. It never touches internal subrequests.
+ </div>
+ <div class="note"><h3>Note</h3>
+ There is an environment variable <code>force-gzip</code>,
+ set via <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code>, which
+ will ignore the accept-encoding setting of your browser and will
+ send compressed output.
+ </div>
+
+
+ <h3><a name="inflate" id="inflate">Output Decompression</a></h3>
+ <p>The <code class="module"><a href="../mod/mod_deflate.html">mod_deflate</a></code> module also provides a filter for
+ inflating/uncompressing a gzip compressed response body. In order to activate
+ this feature you have to insert the <code>INFLATE</code> filter into
+ the output filter chain using <code class="directive"><a href="../mod/core.html#setoutputfilter">SetOutputFilter</a></code> or <code class="directive"><a href="../mod/mod_mime.html#addoutputfilter">AddOutputFilter</a></code>, for example:</p>
+
+ <div class="example"><p><code>
+ <Location /dav-area><br />
+ <span class="indent">
+ ProxyPass http://example.com/<br />
+ SetOutputFilter INFLATE<br />
+ </span>
+ </Location>
+ </code></p></div>
+
+ <p>This Example will uncompress gzip'ed output from example.com, so other
+ filters can do further processing with it.
+ </p>
+
+
+ <h3><a name="input" id="input">Input Decompression</a></h3>
+ <p>The <code class="module"><a href="../mod/mod_deflate.html">mod_deflate</a></code> module also provides a filter for
+ decompressing a gzip compressed request body . In order to activate
+ this feature you have to insert the <code>DEFLATE</code> filter into
+ the input filter chain using <code class="directive"><a href="../mod/core.html#setinputfilter">SetInputFilter</a></code> or <code class="directive"><a href="../mod/mod_mime.html#addinputfilter">AddInputFilter</a></code>, for example:</p>
+
+ <div class="example"><p><code>
+ <Location /dav-area><br />
+ <span class="indent">
+ SetInputFilter DEFLATE<br />
+ </span>
+ </Location>
+ </code></p></div>
+
+ <p>Now if a request contains a <code>Content-Encoding:
+ gzip</code> header, the body will be automatically decompressed.
+ Few browsers have the ability to gzip request bodies. However,
+ some special applications actually do support request
+ compression, for instance some <a href="http://www.webdav.org">WebDAV</a> clients.</p>
+
+ <div class="warning"><h3>Note on Content-Length</h3>
+ <p>If you evaluate the request body yourself, <em>don't trust
+ the <code>Content-Length</code> header!</em>
+ The Content-Length header reflects the length of the
+ incoming data from the client and <em>not</em> the byte count of
+ the decompressed data stream.</p>
+ </div>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="proxies" id="proxies">Dealing with proxy servers</a></h2>
+
+ <p>The <code class="module"><a href="../mod/mod_deflate.html">mod_deflate</a></code> module sends a <code>Vary:
+ Accept-Encoding</code> HTTP response header to alert proxies that
+ a cached response should be sent only to clients that send the
+ appropriate <code>Accept-Encoding</code> request header. This
+ prevents compressed content from being sent to a client that will
+ not understand it.</p>
+
+ <p>If you use some special exclusions dependent
+ on, for example, the <code>User-Agent</code> header, you must
+ manually configure an addition to the <code>Vary</code> header
+ to alert proxies of the additional restrictions. For example,
+ in a typical configuration where the addition of the <code>DEFLATE</code>
+ filter depends on the <code>User-Agent</code>, you should add:</p>
+
+ <div class="example"><p><code>
+ Header append Vary User-Agent
+ </code></p></div>
+
+ <p>If your decision about compression depends on other information
+ than request headers (<em>e.g.</em> HTTP version), you have to set the
+ <code>Vary</code> header to the value <code>*</code>. This prevents
+ compliant proxies from caching entirely.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ Header set Vary *
+ </code></p></div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DeflateBufferSize" id="DeflateBufferSize">DeflateBufferSize</a> <a name="deflatebuffersize" id="deflatebuffersize">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Fragment size to be compressed at one time by zlib</td></tr>
higher the window size, the higher can the compression ratio be expected.</p>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="recommended" id="recommended">Sample Configurations</a></h2>
- <div class="warning"><h3>Compression and TLS</h3>
- <p>Some web applications are vulnerable to an information disclosure
- attack when a TLS connection carries deflate compressed data. For more
- information, review the details of the "BREACH" family of attacks.</p>
- </div>
- <p>This is a simple configuration that compresses common text-based content types.</p>
-
- <div class="example"><h3>Compress only a few types</h3><pre class="prettyprint lang-config">AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript</pre>
-</div>
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="enable" id="enable">Enabling Compression</a></h2>
-
- <h3><a name="output" id="output">Output Compression</a></h3>
- <p>Compression is implemented by the <code>DEFLATE</code>
- <a href="../filter.html">filter</a>. The following directive
- will enable compression for documents in the container where it
- is placed:</p>
-
- <div class="example"><p><code>
- SetOutputFilter DEFLATE
- </code></p></div>
-
- <p>Some popular browsers cannot handle compression of all content
- so you may want to set the <code>gzip-only-text/html</code> note to
- <code>1</code> to only allow html files to be compressed (see
- below). If you set this to <em>anything but <code>1</code></em> it
- will be ignored.</p>
-
- <p>If you want to restrict the compression to particular MIME types
- in general, you may use the <code class="directive"><a href="../mod/core.html#addoutputfilterbytype">AddOutputFilterByType</a></code> directive. Here is an example of
- enabling compression only for the html files of the Apache
- documentation:</p>
-
- <div class="example"><p><code>
- <Directory "/your-server-root/manual"><br />
- <span class="indent">
- AddOutputFilterByType DEFLATE text/html<br />
- </span>
- </Directory>
- </code></p></div>
-
- <p>For browsers that have problems even with compression of all file
- types, use the <code class="directive"><a href="../mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code> directive to set the <code>no-gzip</code>
- note for that particular browser so that no compression will be
- performed. You may combine <code>no-gzip</code> with <code>gzip-only-text/html</code> to get the best results. In that case
- the former overrides the latter. Take a look at the following
- excerpt from the <a href="#recommended">configuration example</a>
- defined in the section above:</p>
-
- <div class="example"><p><code>
- BrowserMatch ^Mozilla/4 gzip-only-text/html<br />
- BrowserMatch ^Mozilla/4\.0[678] no-gzip<br />
- BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
- </code></p></div>
-
- <p>At first we probe for a <code>User-Agent</code> string that
- indicates a Netscape Navigator version of 4.x. These versions
- cannot handle compression of types other than
- <code>text/html</code>. The versions 4.06, 4.07 and 4.08 also
- have problems with decompressing html files. Thus, we completely
- turn off the deflate filter for them.</p>
-
- <p>The third <code class="directive"><a href="../mod/mod_setenvif.html#browsermatch">BrowserMatch</a></code>
- directive fixes the guessed identity of the user agent, because
- the Microsoft Internet Explorer identifies itself also as "Mozilla/4"
- but is actually able to handle requested compression. Therefore we
- match against the additional string "MSIE" (<code>\b</code> means
- "word boundary") in the <code>User-Agent</code> Header and turn off
- the restrictions defined before.</p>
-
- <div class="note"><h3>Note</h3>
- The <code>DEFLATE</code> filter is always inserted after RESOURCE
- filters like PHP or SSI. It never touches internal subrequests.
- </div>
- <div class="note"><h3>Note</h3>
- There is an environment variable <code>force-gzip</code>,
- set via <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code>, which
- will ignore the accept-encoding setting of your browser and will
- send compressed output.
- </div>
-
-
- <h3><a name="inflate" id="inflate">Output Decompression</a></h3>
- <p>The <code class="module"><a href="../mod/mod_deflate.html">mod_deflate</a></code> module also provides a filter for
- inflating/uncompressing a gzip compressed response body. In order to activate
- this feature you have to insert the <code>INFLATE</code> filter into
- the output filter chain using <code class="directive"><a href="../mod/core.html#setoutputfilter">SetOutputFilter</a></code> or <code class="directive"><a href="../mod/mod_mime.html#addoutputfilter">AddOutputFilter</a></code>, for example:</p>
-
- <div class="example"><p><code>
- <Location /dav-area><br />
- <span class="indent">
- ProxyPass http://example.com/<br />
- SetOutputFilter INFLATE<br />
- </span>
- </Location>
- </code></p></div>
-
- <p>This Example will uncompress gzip'ed output from example.com, so other
- filters can do further processing with it.
- </p>
-
-
- <h3><a name="input" id="input">Input Decompression</a></h3>
- <p>The <code class="module"><a href="../mod/mod_deflate.html">mod_deflate</a></code> module also provides a filter for
- decompressing a gzip compressed request body . In order to activate
- this feature you have to insert the <code>DEFLATE</code> filter into
- the input filter chain using <code class="directive"><a href="../mod/core.html#setinputfilter">SetInputFilter</a></code> or <code class="directive"><a href="../mod/mod_mime.html#addinputfilter">AddInputFilter</a></code>, for example:</p>
-
- <div class="example"><p><code>
- <Location /dav-area><br />
- <span class="indent">
- SetInputFilter DEFLATE<br />
- </span>
- </Location>
- </code></p></div>
-
- <p>Now if a request contains a <code>Content-Encoding:
- gzip</code> header, the body will be automatically decompressed.
- Few browsers have the ability to gzip request bodies. However,
- some special applications actually do support request
- compression, for instance some <a href="http://www.webdav.org">WebDAV</a> clients.</p>
-
- <div class="warning"><h3>Note on Content-Length</h3>
- <p>If you evaluate the request body yourself, <em>don't trust
- the <code>Content-Length</code> header!</em>
- The Content-Length header reflects the length of the
- incoming data from the client and <em>not</em> the byte count of
- the decompressed data stream.</p>
- </div>
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="proxies" id="proxies">Dealing with proxy servers</a></h2>
-
- <p>The <code class="module"><a href="../mod/mod_deflate.html">mod_deflate</a></code> module sends a <code>Vary:
- Accept-Encoding</code> HTTP response header to alert proxies that
- a cached response should be sent only to clients that send the
- appropriate <code>Accept-Encoding</code> request header. This
- prevents compressed content from being sent to a client that will
- not understand it.</p>
-
- <p>If you use some special exclusions dependent
- on, for example, the <code>User-Agent</code> header, you must
- manually configure an addition to the <code>Vary</code> header
- to alert proxies of the additional restrictions. For example,
- in a typical configuration where the addition of the <code>DEFLATE</code>
- filter depends on the <code>User-Agent</code>, you should add:</p>
-
- <div class="example"><p><code>
- Header append Vary User-Agent
- </code></p></div>
-
- <p>If your decision about compression depends on other information
- than request headers (<em>e.g.</em> HTTP version), you have to set the
- <code>Vary</code> header to the value <code>*</code>. This prevents
- compliant proxies from caching entirely.</p>
-
- <div class="example"><h3>Example</h3><p><code>
- Header set Vary *
- </code></p></div>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_deflate.html" title="English"> en </a> |
<li><img alt="" src="../images/down.gif" /> <a href="#fallbackresource">FallbackResource</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DirectoryIndex" id="DirectoryIndex">DirectoryIndex</a> <a name="directoryindex" id="directoryindex">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_dir.html" title="English"> en </a> |
<li><img alt="" src="../images/down.gif" /> <a href="#cacheroot">CacheRoot</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CacheDirLength" id="CacheDirLength">CacheDirLength</a> <a name="cachedirlength" id="cachedirlength">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_disk_cache.html" title="English"> en </a> |
be expected, this can produce extreme volumes of data,
and should only be used when debugging problems.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#enable">Enabling dumpio Support</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#dumpioinput">DumpIOInput</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#dumpiologlevel">DumpIOLogLevel</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#dumpiooutput">DumpIOOutput</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#enable">Enabling dumpio Support</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="enable" id="enable">Enabling dumpio Support</a></h2>
+
+
+ <p>To enable the module, it should be compiled and
+ loaded in to your running Apache configuration. Logging
+ can then be enabled or disabled via the below directives.</p>
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DumpIOInput" id="DumpIOInput">DumpIOInput</a> <a name="dumpioinput" id="dumpioinput">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="enable" id="enable">Enabling dumpio Support</a></h2>
-
-
- <p>To enable the module, it should be compiled and
- loaded in to your running Apache configuration. Logging
- can then be enabled or disabled via the below directives.</p>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_dumpio.html" title="English"> en </a> |
<li><img alt="" src="../images/down.gif" /> <a href="#protocolecho">ProtocolEcho</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProtocolEcho" id="ProtocolEcho">ProtocolEcho</a> <a name="protocolecho" id="protocolecho">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_echo.html" title="English"> en </a> |
<li><a href="../env.html">Environment Variables</a></li>
<li><code class="directive"><a href="../mod/mod_setenvif.html#setenvif">SetEnvIf</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="PassEnv" id="PassEnv">PassEnv</a> <a name="passenv" id="passenv">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_env.html" title="English"> en </a> |
display of some of the tracing the example module did as the
various callbacks were made.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li>
-</ul>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#compiling">Compiling the example module</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#using">Using the <code>mod_example</code> Module</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="Example" id="Example">Example</a> <a name="example" id="example">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Demonstration directive to illustrate the Apache module
-API</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Example</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_example</td></tr>
-</table>
- <p>The <code class="directive">Example</code> directive just sets a demonstration
- flag which the example module's content handler displays. It
- takes no arguments. If you browse to an URL to which the
- example content-handler applies, you will get a display of the
- routines within the module and how and in what order they were
- called to service the document request. The effect of this
- directive one can observe under the point "<code>Example
- directive declared here: YES/NO</code>".</p>
-
-</div>
+</ul><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li>
+</ul>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="compiling" id="compiling">Compiling the example module</a></h2>
to browse to this location and see the brief display mentioned
earlier.</p>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="Example" id="Example">Example</a> <a name="example" id="example">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Demonstration directive to illustrate the Apache module
+API</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Example</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_example</td></tr>
+</table>
+ <p>The <code class="directive">Example</code> directive just sets a demonstration
+ flag which the example module's content handler displays. It
+ takes no arguments. If you browse to an URL to which the
+ example content-handler applies, you will get a display of the
+ routines within the module and how and in what order they were
+ called to service the document request. The effect of this
+ directive one can observe under the point "<code>Example
+ directive declared here: YES/NO</code>".</p>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_example.html" title="English"> en </a> |
proxied from an origin server, this module does not change or add
an <code>Expires</code> or <code>Cache-Control</code> header.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#AltSyn">Alternate Interval Syntax</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#expiresactive">ExpiresActive</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#expiresbytype">ExpiresByType</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#expiresdefault">ExpiresDefault</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#AltSyn">Alternate Interval Syntax</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="AltSyn" id="AltSyn">Alternate Interval Syntax</a></h2>
+ <p>The <code class="directive"><a href="#expiresdefault">ExpiresDefault</a></code> and
+ <code class="directive"><a href="#expiresbytype">ExpiresByType</a></code> directives
+ can also be defined in a more readable syntax of the form:</p>
+
+ <div class="example"><p><code>
+ ExpiresDefault "<var>base</var> [plus <var>num</var> <var>type</var>]
+ [<var>num</var> <var>type</var>] ..."<br />
+ ExpiresByType type/encoding "<var>base</var> [plus <var>num</var> <var>type</var>]
+ [<var>num</var> <var>type</var>] ..."
+ </code></p></div>
+
+ <p>where <var>base</var> is one of:</p>
+
+ <ul>
+ <li><code>access</code></li>
+
+ <li><code>now</code> (equivalent to
+ '<code>access</code>')</li>
+
+ <li><code>modification</code></li>
+ </ul>
+
+ <p>The <code>plus</code> keyword is optional. <var>num</var>
+ should be an integer value [acceptable to <code>atoi()</code>],
+ and <var>type</var> is one of:</p>
+
+ <ul>
+ <li><code>years</code></li>
+ <li><code>months</code></li>
+ <li><code>weeks</code></li>
+ <li><code>days</code></li>
+ <li><code>hours</code></li>
+ <li><code>minutes</code></li>
+ <li><code>seconds</code></li>
+ </ul>
+
+ <p>For example, any of the following directives can be used to
+ make documents expire 1 month after being accessed, by
+ default:</p>
+
+ <div class="example"><p><code>
+ ExpiresDefault "access plus 1 month"<br />
+ ExpiresDefault "access plus 4 weeks"<br />
+ ExpiresDefault "access plus 30 days"
+ </code></p></div>
+
+ <p>The expiry time can be fine-tuned by adding several
+ '<var>num</var> <var>type</var>' clauses:</p>
+
+ <div class="example"><p><code>
+ ExpiresByType text/html "access plus 1 month 15
+ days 2 hours"<br />
+ ExpiresByType image/gif "modification plus 5 hours 3
+ minutes"
+ </code></p></div>
+
+ <p>Note that if you use a modification date based setting, the
+ Expires header will <strong>not</strong> be added to content
+ that does not come from a file on disk. This is due to the fact
+ that there is no modification time for such content.</p>
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ExpiresActive" id="ExpiresActive">ExpiresActive</a> <a name="expiresactive" id="expiresactive">Directive</a></h2>
<table class="directive">
description as well.</p>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="AltSyn" id="AltSyn">Alternate Interval Syntax</a></h2>
- <p>The <code class="directive"><a href="#expiresdefault">ExpiresDefault</a></code> and
- <code class="directive"><a href="#expiresbytype">ExpiresByType</a></code> directives
- can also be defined in a more readable syntax of the form:</p>
-
- <div class="example"><p><code>
- ExpiresDefault "<var>base</var> [plus <var>num</var> <var>type</var>]
- [<var>num</var> <var>type</var>] ..."<br />
- ExpiresByType type/encoding "<var>base</var> [plus <var>num</var> <var>type</var>]
- [<var>num</var> <var>type</var>] ..."
- </code></p></div>
-
- <p>where <var>base</var> is one of:</p>
-
- <ul>
- <li><code>access</code></li>
-
- <li><code>now</code> (equivalent to
- '<code>access</code>')</li>
-
- <li><code>modification</code></li>
- </ul>
-
- <p>The <code>plus</code> keyword is optional. <var>num</var>
- should be an integer value [acceptable to <code>atoi()</code>],
- and <var>type</var> is one of:</p>
-
- <ul>
- <li><code>years</code></li>
- <li><code>months</code></li>
- <li><code>weeks</code></li>
- <li><code>days</code></li>
- <li><code>hours</code></li>
- <li><code>minutes</code></li>
- <li><code>seconds</code></li>
- </ul>
-
- <p>For example, any of the following directives can be used to
- make documents expire 1 month after being accessed, by
- default:</p>
-
- <div class="example"><p><code>
- ExpiresDefault "access plus 1 month"<br />
- ExpiresDefault "access plus 4 weeks"<br />
- ExpiresDefault "access plus 30 days"
- </code></p></div>
-
- <p>The expiry time can be fine-tuned by adding several
- '<var>num</var> <var>type</var>' clauses:</p>
-
- <div class="example"><p><code>
- ExpiresByType text/html "access plus 1 month 15
- days 2 hours"<br />
- ExpiresByType image/gif "modification plus 5 hours 3
- minutes"
- </code></p></div>
-
- <p>Note that if you use a modification date based setting, the
- Expires header will <strong>not</strong> be added to content
- that does not come from a file on disk. This is due to the fact
- that there is no modification time for such content.</p>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_expires.html" title="English"> en </a> |
a prototype environment for filters.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#extfilterdefine">ExtFilterDefine</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#extfilteroptions">ExtFilterOptions</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="../filter.html">Filters</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ExtFilterDefine" id="ExtFilterDefine">ExtFilterDefine</a> <a name="extfilterdefine" id="extfilterdefine">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define an external filter</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ExtFilterDefine <var>filtername</var> <var>parameters</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ext_filter</td></tr>
-</table>
- <p>The <code class="directive">ExtFilterDefine</code> directive defines the
- characteristics of an external filter, including the program to
- run and its arguments.</p>
-
- <p><var>filtername</var> specifies the name of the filter being
- defined. This name can then be used in <code class="directive"><a href="../mod/core.html#setoutputfilter">SetOutputFilter</a></code>
- directives. It must be unique among all registered filters.
- <em>At the present time, no error is reported by the
- register-filter API, so a problem with duplicate names isn't
- reported to the user.</em></p>
-
- <p>Subsequent parameters can appear in any order and define the
- external command to run and certain other characteristics. The
- only required parameter is <code>cmd=</code>. These parameters
- are:</p>
-
- <dl>
- <dt><code>cmd=<var>cmdline</var></code></dt>
-
- <dd>The <code>cmd=</code> keyword allows you to specify the
- external command to run. If there are arguments after the
- program name, the command line should be surrounded in
- quotation marks (<em>e.g.</em>, <code>cmd="<var>/bin/mypgm</var>
- <var>arg1</var> <var>arg2</var>"</code>.) Normal shell quoting is
- not necessary since the program is run directly, bypassing the shell.
- Program arguments are blank-delimited. A backslash can be used to
- escape blanks which should be part of a program argument. Any
- backslashes which are part of the argument must be escaped with
- backslash themselves. In addition to the standard CGI environment
- variables, DOCUMENT_URI, DOCUMENT_PATH_INFO, and
- QUERY_STRING_UNESCAPED will also be set for the program.</dd>
-
- <dt><code>mode=<var>mode</var></code></dt>
-
- <dd>Use <code>mode=output</code> (the default) for filters which
- process the response. Use <code>mode=input</code> for filters
- which process the request. <code>mode=input</code> is available
- in Apache 2.1 and later.</dd>
-
- <dt><code>intype=<var>imt</var></code></dt>
-
- <dd>This parameter specifies the internet media type (<em>i.e.</em>,
- MIME type) of documents which should be filtered. By default,
- all documents are filtered. If <code>intype=</code> is
- specified, the filter will be disabled for documents of other
- types.</dd>
-
- <dt><code>outtype=<var>imt</var></code></dt>
-
- <dd>This parameter specifies the internet media type (<em>i.e.</em>,
- MIME type) of filtered documents. It is useful when the
- filter changes the internet media type as part of the
- filtering operation. By default, the internet media type is
- unchanged.</dd>
-
- <dt><code>PreservesContentLength</code></dt>
-
- <dd>The <code>PreservesContentLength</code> keyword specifies
- that the filter preserves the content length. This is not the
- default, as most filters change the content length. In the
- event that the filter doesn't modify the length, this keyword
- should be specified.</dd>
-
- <dt><code>ftype=<var>filtertype</var></code></dt>
-
- <dd>This parameter specifies the numeric value for filter type
- that the filter should be registered as. The default value,
- AP_FTYPE_RESOURCE, is sufficient in most cases. If the filter
- needs to operate at a different point in the filter chain than
- resource filters, then this parameter will be necessary. See
- the AP_FTYPE_foo definitions in util_filter.h for appropriate
- values.</dd>
-
- <dt><code>disableenv=<var>env</var></code></dt>
-
- <dd>This parameter specifies the name of an environment variable
- which, if set, will disable the filter.</dd>
-
- <dt><code>enableenv=<var>env</var></code></dt>
-
- <dd>This parameter specifies the name of an environment variable
- which must be set, or the filter will be disabled.</dd>
- </dl>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ExtFilterOptions" id="ExtFilterOptions">ExtFilterOptions</a> <a name="extfilteroptions" id="extfilteroptions">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code> options</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ExtFilterOptions <var>option</var> [<var>option</var>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ExtFilterOptions DebugLevel=0 NoLogStderr</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ext_filter</td></tr>
-</table>
- <p>The <code class="directive">ExtFilterOptions</code> directive specifies
- special processing options for <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code>.
- <var>Option</var> can be one of</p>
-
- <dl>
- <dt><code>DebugLevel=<var>n</var></code></dt>
-
- <dd>
- The <code>DebugLevel</code> keyword allows you to specify
- the level of debug messages generated by
- <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code>. By default, no debug messages
- are generated. This is equivalent to
- <code>DebugLevel=0</code>. With higher numbers, more debug
- messages are generated, and server performance will be
- degraded. The actual meanings of the numeric values are
- described with the definitions of the DBGLVL_ constants
- near the beginning of <code>mod_ext_filter.c</code>.
-
- <p>Note: The core directive <code class="directive"><a href="../mod/core.html#loglevel">LogLevel</a></code> should be used to cause debug messages to
- be stored in the Apache error log.</p>
- </dd>
-
- <dt><code>LogStderr | NoLogStderr</code></dt>
-
- <dd>The <code>LogStderr</code> keyword specifies that
- messages written to standard error by the external filter
- program will be saved in the Apache error log.
- <code>NoLogStderr</code> disables this feature.</dd>
-
- <dt><code>Onfail=[abort|remove]</code> (new in httpd version 2.2.12).</dt>
- <dd>Determines how to proceed if the external filter program
- cannot be started. With <code>abort</code> (the default value)
- the request will be aborted. With <code>remove</code>, the
- filter is removed and the request continues without it.</dd>
- </dl>
-
- <div class="example"><h3>Example</h3><p><code>
- ExtFilterOptions LogStderr DebugLevel=0
- </code></p></div>
-
- <p>Messages written to the filter's standard error will be stored
- in the Apache error log. No debug messages will be generated by
- <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code>. </p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="examples" id="examples">Examples</a></h2>
close(SAVE);
</code></p></div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ExtFilterDefine" id="ExtFilterDefine">ExtFilterDefine</a> <a name="extfilterdefine" id="extfilterdefine">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define an external filter</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ExtFilterDefine <var>filtername</var> <var>parameters</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ext_filter</td></tr>
+</table>
+ <p>The <code class="directive">ExtFilterDefine</code> directive defines the
+ characteristics of an external filter, including the program to
+ run and its arguments.</p>
+
+ <p><var>filtername</var> specifies the name of the filter being
+ defined. This name can then be used in <code class="directive"><a href="../mod/core.html#setoutputfilter">SetOutputFilter</a></code>
+ directives. It must be unique among all registered filters.
+ <em>At the present time, no error is reported by the
+ register-filter API, so a problem with duplicate names isn't
+ reported to the user.</em></p>
+
+ <p>Subsequent parameters can appear in any order and define the
+ external command to run and certain other characteristics. The
+ only required parameter is <code>cmd=</code>. These parameters
+ are:</p>
+
+ <dl>
+ <dt><code>cmd=<var>cmdline</var></code></dt>
+
+ <dd>The <code>cmd=</code> keyword allows you to specify the
+ external command to run. If there are arguments after the
+ program name, the command line should be surrounded in
+ quotation marks (<em>e.g.</em>, <code>cmd="<var>/bin/mypgm</var>
+ <var>arg1</var> <var>arg2</var>"</code>.) Normal shell quoting is
+ not necessary since the program is run directly, bypassing the shell.
+ Program arguments are blank-delimited. A backslash can be used to
+ escape blanks which should be part of a program argument. Any
+ backslashes which are part of the argument must be escaped with
+ backslash themselves. In addition to the standard CGI environment
+ variables, DOCUMENT_URI, DOCUMENT_PATH_INFO, and
+ QUERY_STRING_UNESCAPED will also be set for the program.</dd>
+
+ <dt><code>mode=<var>mode</var></code></dt>
+
+ <dd>Use <code>mode=output</code> (the default) for filters which
+ process the response. Use <code>mode=input</code> for filters
+ which process the request. <code>mode=input</code> is available
+ in Apache 2.1 and later.</dd>
+
+ <dt><code>intype=<var>imt</var></code></dt>
+
+ <dd>This parameter specifies the internet media type (<em>i.e.</em>,
+ MIME type) of documents which should be filtered. By default,
+ all documents are filtered. If <code>intype=</code> is
+ specified, the filter will be disabled for documents of other
+ types.</dd>
+
+ <dt><code>outtype=<var>imt</var></code></dt>
+
+ <dd>This parameter specifies the internet media type (<em>i.e.</em>,
+ MIME type) of filtered documents. It is useful when the
+ filter changes the internet media type as part of the
+ filtering operation. By default, the internet media type is
+ unchanged.</dd>
+
+ <dt><code>PreservesContentLength</code></dt>
+
+ <dd>The <code>PreservesContentLength</code> keyword specifies
+ that the filter preserves the content length. This is not the
+ default, as most filters change the content length. In the
+ event that the filter doesn't modify the length, this keyword
+ should be specified.</dd>
+
+ <dt><code>ftype=<var>filtertype</var></code></dt>
+
+ <dd>This parameter specifies the numeric value for filter type
+ that the filter should be registered as. The default value,
+ AP_FTYPE_RESOURCE, is sufficient in most cases. If the filter
+ needs to operate at a different point in the filter chain than
+ resource filters, then this parameter will be necessary. See
+ the AP_FTYPE_foo definitions in util_filter.h for appropriate
+ values.</dd>
+
+ <dt><code>disableenv=<var>env</var></code></dt>
+
+ <dd>This parameter specifies the name of an environment variable
+ which, if set, will disable the filter.</dd>
+
+ <dt><code>enableenv=<var>env</var></code></dt>
+
+ <dd>This parameter specifies the name of an environment variable
+ which must be set, or the filter will be disabled.</dd>
+ </dl>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ExtFilterOptions" id="ExtFilterOptions">ExtFilterOptions</a> <a name="extfilteroptions" id="extfilteroptions">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code> options</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ExtFilterOptions <var>option</var> [<var>option</var>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ExtFilterOptions DebugLevel=0 NoLogStderr</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ext_filter</td></tr>
+</table>
+ <p>The <code class="directive">ExtFilterOptions</code> directive specifies
+ special processing options for <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code>.
+ <var>Option</var> can be one of</p>
+
+ <dl>
+ <dt><code>DebugLevel=<var>n</var></code></dt>
+
+ <dd>
+ The <code>DebugLevel</code> keyword allows you to specify
+ the level of debug messages generated by
+ <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code>. By default, no debug messages
+ are generated. This is equivalent to
+ <code>DebugLevel=0</code>. With higher numbers, more debug
+ messages are generated, and server performance will be
+ degraded. The actual meanings of the numeric values are
+ described with the definitions of the DBGLVL_ constants
+ near the beginning of <code>mod_ext_filter.c</code>.
+
+ <p>Note: The core directive <code class="directive"><a href="../mod/core.html#loglevel">LogLevel</a></code> should be used to cause debug messages to
+ be stored in the Apache error log.</p>
+ </dd>
+
+ <dt><code>LogStderr | NoLogStderr</code></dt>
+
+ <dd>The <code>LogStderr</code> keyword specifies that
+ messages written to standard error by the external filter
+ program will be saved in the Apache error log.
+ <code>NoLogStderr</code> disables this feature.</dd>
+
+ <dt><code>Onfail=[abort|remove]</code> (new in httpd version 2.2.12).</dt>
+ <dd>Determines how to proceed if the external filter program
+ cannot be started. With <code>abort</code> (the default value)
+ the request will be aborted. With <code>remove</code>, the
+ filter is removed and the request continues without it.</dd>
+ </dl>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ExtFilterOptions LogStderr DebugLevel=0
+ </code></p></div>
+
+ <p>Messages written to the filter's standard error will be stored
+ in the Apache error log. No debug messages will be generated by
+ <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code>. </p>
+
</div>
</div>
<div class="bottomlang">
<p>This module is an extension of and borrows heavily from the
<code>mod_mmap_static</code> module in Apache 1.3.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#using">Using mod_file_cache</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#cachefile">CacheFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mmapfile">MMapFile</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#using">Using mod_file_cache</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="CacheFile" id="CacheFile">CacheFile</a> <a name="cachefile" id="cachefile">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Cache a list of file handles at startup time</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CacheFile <var>file-path</var> [<var>file-path</var>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_file_cache</td></tr>
-</table>
- <p>The <code class="directive">CacheFile</code> directive opens handles to
- one or more files (given as whitespace separated arguments) and
- places these handles into the cache at server startup
- time. Handles to cached files are automatically closed on a server
- shutdown. When the files have changed on the filesystem, the
- server should be restarted to re-cache them.</p>
-
- <p>Be careful with the <var>file-path</var> arguments: They have
- to literally match the filesystem path Apache's URL-to-filename
- translation handlers create. We cannot compare inodes or other
- stuff to match paths through symbolic links <em>etc.</em>
- because that again would cost extra <code>stat()</code> system
- calls which is not acceptable. This module may or may not work
- with filenames rewritten by <code class="module"><a href="../mod/mod_alias.html">mod_alias</a></code> or
- <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
-
- <div class="example"><h3>Example</h3><p><code>
- CacheFile /usr/local/apache/htdocs/index.html
- </code></p></div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="MMapFile" id="MMapFile">MMapFile</a> <a name="mmapfile" id="mmapfile">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Map a list of files into memory at startup time</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MMapFile <var>file-path</var> [<var>file-path</var>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_file_cache</td></tr>
-</table>
- <p>The <code class="directive">MMapFile</code> directive maps one or more files
- (given as whitespace separated arguments) into memory at server
- startup time. They are automatically unmapped on a server
- shutdown. When the files have changed on the filesystem at
- least a <code>HUP</code> or <code>USR1</code> signal should be send to
- the server to re-<code>mmap()</code> them.</p>
-
- <p>Be careful with the <var>file-path</var> arguments: They have
- to literally match the filesystem path Apache's URL-to-filename
- translation handlers create. We cannot compare inodes or other
- stuff to match paths through symbolic links <em>etc.</em>
- because that again would cost extra <code>stat()</code> system
- calls which is not acceptable. This module may or may not work
- with filenames rewritten by <code class="module"><a href="../mod/mod_alias.html">mod_alias</a></code> or
- <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
-
- <div class="example"><h3>Example</h3><p><code>
- MMapFile /usr/local/apache/htdocs/index.html
- </code></p></div>
-
-</div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="using" id="using">Using mod_file_cache</a></h2>
</code></p></div>
</div>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CacheFile" id="CacheFile">CacheFile</a> <a name="cachefile" id="cachefile">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Cache a list of file handles at startup time</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CacheFile <var>file-path</var> [<var>file-path</var>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_file_cache</td></tr>
+</table>
+ <p>The <code class="directive">CacheFile</code> directive opens handles to
+ one or more files (given as whitespace separated arguments) and
+ places these handles into the cache at server startup
+ time. Handles to cached files are automatically closed on a server
+ shutdown. When the files have changed on the filesystem, the
+ server should be restarted to re-cache them.</p>
+
+ <p>Be careful with the <var>file-path</var> arguments: They have
+ to literally match the filesystem path Apache's URL-to-filename
+ translation handlers create. We cannot compare inodes or other
+ stuff to match paths through symbolic links <em>etc.</em>
+ because that again would cost extra <code>stat()</code> system
+ calls which is not acceptable. This module may or may not work
+ with filenames rewritten by <code class="module"><a href="../mod/mod_alias.html">mod_alias</a></code> or
+ <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ CacheFile /usr/local/apache/htdocs/index.html
+ </code></p></div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MMapFile" id="MMapFile">MMapFile</a> <a name="mmapfile" id="mmapfile">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Map a list of files into memory at startup time</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MMapFile <var>file-path</var> [<var>file-path</var>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_file_cache</td></tr>
+</table>
+ <p>The <code class="directive">MMapFile</code> directive maps one or more files
+ (given as whitespace separated arguments) into memory at server
+ startup time. They are automatically unmapped on a server
+ shutdown. When the files have changed on the filesystem at
+ least a <code>HUP</code> or <code>USR1</code> signal should be send to
+ the server to re-<code>mmap()</code> them.</p>
+
+ <p>Be careful with the <var>file-path</var> arguments: They have
+ to literally match the filesystem path Apache's URL-to-filename
+ translation handlers create. We cannot compare inodes or other
+ stuff to match paths through symbolic links <em>etc.</em>
+ because that again would cost extra <code>stat()</code> system
+ calls which is not acceptable. This module may or may not work
+ with filenames rewritten by <code class="module"><a href="../mod/mod_alias.html">mod_alias</a></code> or
+ <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ MMapFile /usr/local/apache/htdocs/index.html
+ </code></p></div>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_file_cache.html" title="English"> en </a> |
to <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code>; no change to existing filter modules is
required (although it may be possible to simplify them).</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#filterchain">FilterChain</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#filterdeclare">FilterDeclare</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#filterprotocol">FilterProtocol</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#filterprovider">FilterProvider</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#filtertrace">FilterTrace</a></li>
-</ul>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#smart">Smart Filtering</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#terms">Filter Declarations, Providers and Chains</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#errordocs">Filtering and Response Status</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#protocol">Protocol Handling</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+</ul><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#filterchain">FilterChain</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#filterdeclare">FilterDeclare</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#filterprotocol">FilterProtocol</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#filterprovider">FilterProvider</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#filtertrace">FilterTrace</a></li>
+</ul>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="smart" id="smart">Smart Filtering</a></h2>
+ <p>In the traditional filtering model, filters are inserted unconditionally
+ using <code class="directive"><a href="../mod/mod_mime.html#addoutputfilter">AddOutputFilter</a></code> and family.
+ Each filter then needs to determine whether to run, and there is little
+ flexibility available for server admins to allow the chain to be
+ configured dynamically.</p>
+
+ <p><code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> by contrast gives server administrators a
+ great deal of flexibility in configuring the filter chain. In fact,
+ filters can be inserted based on any Request Header, Response Header
+ or Environment Variable. This generalises the limited flexibility offered
+ by <code class="directive"><a href="../mod/core.html#addoutputfilterbytype">AddOutputFilterByType</a></code>, and fixes
+ it to work correctly with dynamic content, regardless of the
+ content generator. The ability to dispatch based on Environment
+ Variables offers the full flexibility of configuration with
+ <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> to anyone who needs it.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="terms" id="terms">Filter Declarations, Providers and Chains</a></h2>
+ <p class="figure">
+ <img src="../images/mod_filter_old.gif" width="160" height="310" alt="[This image displays the traditional filter model]" /><br />
+ <dfn>Figure 1:</dfn> The traditional filter model</p>
+
+ <p>In the traditional model, output filters are a simple chain
+ from the content generator (handler) to the client. This works well
+ provided the filter chain can be correctly configured, but presents
+ problems when the filters need to be configured dynamically based on
+ the outcome of the handler.</p>
+
+ <p class="figure">
+ <img src="../images/mod_filter_new.gif" width="423" height="331" alt="[This image shows the mod_filter model]" /><br />
+ <dfn>Figure 2:</dfn> The <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> model</p>
+
+ <p><code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> works by introducing indirection into
+ the filter chain. Instead of inserting filters in the chain, we insert
+ a filter harness which in turn dispatches conditionally
+ to a filter provider. Any content filter may be used as a provider
+ to <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code>; no change to existing filter modules
+ is required (although it may be possible to simplify them). There can be
+ multiple providers for one filter, but no more than one provider will
+ run for any single request.</p>
+
+ <p>A filter chain comprises any number of instances of the filter
+ harness, each of which may have any number of providers. A special
+ case is that of a single provider with unconditional dispatch: this
+ is equivalent to inserting the provider filter directly into the chain.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="config" id="config">Configuring the Chain</a></h2>
+ <p>There are three stages to configuring a filter chain with
+ <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code>. For details of the directives, see below.</p>
+
+ <dl>
+ <dt>Declare Filters</dt>
+ <dd>The <code class="directive"><a href="#filterdeclare">FilterDeclare</a></code> directive
+ declares a filter, assigning it a name and filter type. Required
+ only if the filter is not the default type AP_FTYPE_RESOURCE.</dd>
+
+ <dt>Register Providers</dt>
+ <dd>The <code class="directive"><a href="#filterprovider">FilterProvider</a></code>
+ directive registers a provider with a filter. The filter may have
+ been declared with <code class="directive"><a href="#filterdeclare">FilterDeclare</a></code>; if not, FilterProvider will implicitly
+ declare it with the default type AP_FTYPE_RESOURCE. The provider
+ must have been
+ registered with <code>ap_register_output_filter</code> by some module.
+ The remaining arguments to <code class="directive"><a href="#filterprovider">FilterProvider</a></code> are a dispatch criterion and a match string.
+ The former may be an HTTP request or response header, an environment
+ variable, or the Handler used by this request. The latter is matched
+ to it for each request, to determine whether this provider will be
+ used to implement the filter for this request.</dd>
+
+ <dt>Configure the Chain</dt>
+ <dd>The above directives build components of a smart filter chain,
+ but do not configure it to run. The <code class="directive"><a href="#filterchain">FilterChain</a></code> directive builds a filter chain from smart
+ filters declared, offering the flexibility to insert filters at the
+ beginning or end of the chain, remove a filter, or clear the chain.</dd>
+</dl>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="errordocs" id="errordocs">Filtering and Response Status</a></h2>
+ <p>mod_filter normally only runs filters on responses with
+ HTTP status 200 (OK). If you want to filter documents with
+ other response statuses, you can set the <var>filter-errordocs</var>
+ environment variable, and it will work on all responses
+ regardless of status. To refine this further, you can use
+ expression conditions with <code class="directive">FilterProvider</code>.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Examples</a></h2>
+ <dl>
+ <dt>Server side Includes (SSI)</dt>
+ <dd>A simple case of using <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> in place of
+ <code class="directive"><a href="../mod/core.html#addoutputfilterbytype">AddOutputFilterByType</a></code>
+ <div class="example"><p><code>
+ FilterDeclare SSI<br />
+ FilterProvider SSI INCLUDES resp=Content-Type $text/html<br />
+ FilterChain SSI
+ </code></p></div>
+ </dd>
+
+ <dt>Server side Includes (SSI)</dt>
+ <dd>The same as the above but dispatching on handler (classic
+ SSI behaviour; .shtml files get processed).
+ <div class="example"><p><code>
+ FilterProvider SSI INCLUDES Handler server-parsed<br />
+ FilterChain SSI
+ </code></p></div>
+ </dd>
+
+ <dt>Emulating mod_gzip with mod_deflate</dt>
+ <dd>Insert INFLATE filter only if "gzip" is NOT in the
+ Accept-Encoding header. This filter runs with ftype CONTENT_SET.
+ <div class="example"><p><code>
+ FilterDeclare gzip CONTENT_SET<br />
+ FilterProvider gzip inflate req=Accept-Encoding !$gzip<br />
+ FilterChain gzip
+ </code></p></div>
+ </dd>
+
+ <dt>Image Downsampling</dt>
+ <dd>Suppose we want to downsample all web images, and have filters
+ for GIF, JPEG and PNG.
+ <div class="example"><p><code>
+ FilterProvider unpack jpeg_unpack Content-Type $image/jpeg<br />
+ FilterProvider unpack gif_unpack Content-Type $image/gif<br />
+ FilterProvider unpack png_unpack Content-Type $image/png<br />
+ <br />
+ FilterProvider downsample downsample_filter Content-Type $image<br />
+ FilterProtocol downsample "change=yes"<br />
+ <br />
+ FilterProvider repack jpeg_pack Content-Type $image/jpeg<br />
+ FilterProvider repack gif_pack Content-Type $image/gif<br />
+ FilterProvider repack png_pack Content-Type $image/png<br />
+ <Location /image-filter><br />
+ <span class="indent">
+ FilterChain unpack downsample repack<br />
+ </span>
+ </Location>
+ </code></p></div>
+ </dd>
+ </dl>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="protocol" id="protocol">Protocol Handling</a></h2>
+ <p>Historically, each filter is responsible for ensuring that whatever
+ changes it makes are correctly represented in the HTTP response headers,
+ and that it does not run when it would make an illegal change. This
+ imposes a burden on filter authors to re-implement some common
+ functionality in every filter:</p>
+
+ <ul>
+ <li>Many filters will change the content, invalidating existing content
+ tags, checksums, hashes, and lengths.</li>
+
+ <li>Filters that require an entire, unbroken response in input need to
+ ensure they don't get byteranges from a backend.</li>
+
+ <li>Filters that transform output in a filter need to ensure they don't
+ violate a <code>Cache-Control: no-transform</code> header from the
+ backend.</li>
+
+ <li>Filters may make responses uncacheable.</li>
+ </ul>
+
+ <p><code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> aims to offer generic handling of these
+ details of filter implementation, reducing the complexity required of
+ content filter modules. This is work-in-progress; the
+ <code class="directive"><a href="#filterprotocol">FilterProtocol</a></code> implements
+ some of this functionality for back-compatibility with Apache 2.0
+ modules. For httpd 2.1 and later, the
+ <code>ap_register_output_filter_protocol</code> and
+ <code>ap_filter_protocol</code> API enables filter modules to
+ declare their own behaviour.</p>
+
+ <p>At the same time, <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> should not interfere
+ with a filter that wants to handle all aspects of the protocol. By
+ default (i.e. in the absence of any <code class="directive"><a href="#filterprotocol">FilterProtocol</a></code> directives), <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code>
+ will leave the headers untouched.</p>
+
+ <p>At the time of writing, this feature is largely untested,
+ as modules in common use are designed to work with 2.0.
+ Modules using it should test it carefully.</p>
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="FilterChain" id="FilterChain">FilterChain</a> <a name="filterchain" id="filterchain">Directive</a></h2>
<table class="directive">
</dl>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="smart" id="smart">Smart Filtering</a></h2>
- <p>In the traditional filtering model, filters are inserted unconditionally
- using <code class="directive"><a href="../mod/mod_mime.html#addoutputfilter">AddOutputFilter</a></code> and family.
- Each filter then needs to determine whether to run, and there is little
- flexibility available for server admins to allow the chain to be
- configured dynamically.</p>
-
- <p><code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> by contrast gives server administrators a
- great deal of flexibility in configuring the filter chain. In fact,
- filters can be inserted based on any Request Header, Response Header
- or Environment Variable. This generalises the limited flexibility offered
- by <code class="directive"><a href="../mod/core.html#addoutputfilterbytype">AddOutputFilterByType</a></code>, and fixes
- it to work correctly with dynamic content, regardless of the
- content generator. The ability to dispatch based on Environment
- Variables offers the full flexibility of configuration with
- <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> to anyone who needs it.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="terms" id="terms">Filter Declarations, Providers and Chains</a></h2>
- <p class="figure">
- <img src="../images/mod_filter_old.gif" width="160" height="310" alt="[This image displays the traditional filter model]" /><br />
- <dfn>Figure 1:</dfn> The traditional filter model</p>
-
- <p>In the traditional model, output filters are a simple chain
- from the content generator (handler) to the client. This works well
- provided the filter chain can be correctly configured, but presents
- problems when the filters need to be configured dynamically based on
- the outcome of the handler.</p>
-
- <p class="figure">
- <img src="../images/mod_filter_new.gif" width="423" height="331" alt="[This image shows the mod_filter model]" /><br />
- <dfn>Figure 2:</dfn> The <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> model</p>
-
- <p><code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> works by introducing indirection into
- the filter chain. Instead of inserting filters in the chain, we insert
- a filter harness which in turn dispatches conditionally
- to a filter provider. Any content filter may be used as a provider
- to <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code>; no change to existing filter modules
- is required (although it may be possible to simplify them). There can be
- multiple providers for one filter, but no more than one provider will
- run for any single request.</p>
-
- <p>A filter chain comprises any number of instances of the filter
- harness, each of which may have any number of providers. A special
- case is that of a single provider with unconditional dispatch: this
- is equivalent to inserting the provider filter directly into the chain.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="config" id="config">Configuring the Chain</a></h2>
- <p>There are three stages to configuring a filter chain with
- <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code>. For details of the directives, see below.</p>
-
- <dl>
- <dt>Declare Filters</dt>
- <dd>The <code class="directive"><a href="#filterdeclare">FilterDeclare</a></code> directive
- declares a filter, assigning it a name and filter type. Required
- only if the filter is not the default type AP_FTYPE_RESOURCE.</dd>
-
- <dt>Register Providers</dt>
- <dd>The <code class="directive"><a href="#filterprovider">FilterProvider</a></code>
- directive registers a provider with a filter. The filter may have
- been declared with <code class="directive"><a href="#filterdeclare">FilterDeclare</a></code>; if not, FilterProvider will implicitly
- declare it with the default type AP_FTYPE_RESOURCE. The provider
- must have been
- registered with <code>ap_register_output_filter</code> by some module.
- The remaining arguments to <code class="directive"><a href="#filterprovider">FilterProvider</a></code> are a dispatch criterion and a match string.
- The former may be an HTTP request or response header, an environment
- variable, or the Handler used by this request. The latter is matched
- to it for each request, to determine whether this provider will be
- used to implement the filter for this request.</dd>
-
- <dt>Configure the Chain</dt>
- <dd>The above directives build components of a smart filter chain,
- but do not configure it to run. The <code class="directive"><a href="#filterchain">FilterChain</a></code> directive builds a filter chain from smart
- filters declared, offering the flexibility to insert filters at the
- beginning or end of the chain, remove a filter, or clear the chain.</dd>
-</dl>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="errordocs" id="errordocs">Filtering and Response Status</a></h2>
- <p>mod_filter normally only runs filters on responses with
- HTTP status 200 (OK). If you want to filter documents with
- other response statuses, you can set the <var>filter-errordocs</var>
- environment variable, and it will work on all responses
- regardless of status. To refine this further, you can use
- expression conditions with <code class="directive">FilterProvider</code>.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="examples" id="examples">Examples</a></h2>
- <dl>
- <dt>Server side Includes (SSI)</dt>
- <dd>A simple case of using <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> in place of
- <code class="directive"><a href="../mod/core.html#addoutputfilterbytype">AddOutputFilterByType</a></code>
- <div class="example"><p><code>
- FilterDeclare SSI<br />
- FilterProvider SSI INCLUDES resp=Content-Type $text/html<br />
- FilterChain SSI
- </code></p></div>
- </dd>
-
- <dt>Server side Includes (SSI)</dt>
- <dd>The same as the above but dispatching on handler (classic
- SSI behaviour; .shtml files get processed).
- <div class="example"><p><code>
- FilterProvider SSI INCLUDES Handler server-parsed<br />
- FilterChain SSI
- </code></p></div>
- </dd>
-
- <dt>Emulating mod_gzip with mod_deflate</dt>
- <dd>Insert INFLATE filter only if "gzip" is NOT in the
- Accept-Encoding header. This filter runs with ftype CONTENT_SET.
- <div class="example"><p><code>
- FilterDeclare gzip CONTENT_SET<br />
- FilterProvider gzip inflate req=Accept-Encoding !$gzip<br />
- FilterChain gzip
- </code></p></div>
- </dd>
-
- <dt>Image Downsampling</dt>
- <dd>Suppose we want to downsample all web images, and have filters
- for GIF, JPEG and PNG.
- <div class="example"><p><code>
- FilterProvider unpack jpeg_unpack Content-Type $image/jpeg<br />
- FilterProvider unpack gif_unpack Content-Type $image/gif<br />
- FilterProvider unpack png_unpack Content-Type $image/png<br />
- <br />
- FilterProvider downsample downsample_filter Content-Type $image<br />
- FilterProtocol downsample "change=yes"<br />
- <br />
- FilterProvider repack jpeg_pack Content-Type $image/jpeg<br />
- FilterProvider repack gif_pack Content-Type $image/gif<br />
- FilterProvider repack png_pack Content-Type $image/png<br />
- <Location /image-filter><br />
- <span class="indent">
- FilterChain unpack downsample repack<br />
- </span>
- </Location>
- </code></p></div>
- </dd>
- </dl>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="protocol" id="protocol">Protocol Handling</a></h2>
- <p>Historically, each filter is responsible for ensuring that whatever
- changes it makes are correctly represented in the HTTP response headers,
- and that it does not run when it would make an illegal change. This
- imposes a burden on filter authors to re-implement some common
- functionality in every filter:</p>
-
- <ul>
- <li>Many filters will change the content, invalidating existing content
- tags, checksums, hashes, and lengths.</li>
-
- <li>Filters that require an entire, unbroken response in input need to
- ensure they don't get byteranges from a backend.</li>
-
- <li>Filters that transform output in a filter need to ensure they don't
- violate a <code>Cache-Control: no-transform</code> header from the
- backend.</li>
-
- <li>Filters may make responses uncacheable.</li>
- </ul>
-
- <p><code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> aims to offer generic handling of these
- details of filter implementation, reducing the complexity required of
- content filter modules. This is work-in-progress; the
- <code class="directive"><a href="#filterprotocol">FilterProtocol</a></code> implements
- some of this functionality for back-compatibility with Apache 2.0
- modules. For httpd 2.1 and later, the
- <code>ap_register_output_filter_protocol</code> and
- <code>ap_filter_protocol</code> API enables filter modules to
- declare their own behaviour.</p>
-
- <p>At the same time, <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code> should not interfere
- with a filter that wants to handle all aspects of the protocol. By
- default (i.e. in the absence of any <code class="directive"><a href="#filterprotocol">FilterProtocol</a></code> directives), <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code>
- will leave the headers untouched.</p>
-
- <p>At the time of writing, this feature is largely untested,
- as modules in common use are designed to work with 2.0.
- Modules using it should test it carefully.</p>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_filter.html" title="English"> en </a></p>
request and response headers. Headers can be merged, replaced
or removed.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#header">Header</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#requestheader">RequestHeader</a></li>
-</ul>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#order">Order of Processing</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#early">Early and Late Processing</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+</ul><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#header">Header</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requestheader">RequestHeader</a></li>
+</ul>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="order" id="order">Order of Processing</a></h2>
+
+ <p>The directives provided by <code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code> can
+ occur almost anywhere within the server configuration, and can be
+ limited in scope by enclosing them in <a href="../sections.html">configuration sections</a>.</p>
+
+ <p>Order of processing is important and is affected both by the
+ order in the configuration file and by placement in <a href="../sections.html#mergin">configuration sections</a>. These
+ two directives have a different effect if reversed:</p>
+
+ <div class="example"><p><code>
+ RequestHeader append MirrorID "mirror 12"<br />
+ RequestHeader unset MirrorID
+ </code></p></div>
+
+ <p>This way round, the <code>MirrorID</code> header is not set. If
+ reversed, the MirrorID header is set to "mirror 12".</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="early" id="early">Early and Late Processing</a></h2>
+ <p><code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code> can be applied either early or late
+ in the request. The normal mode is late, when <em>Request</em> Headers are
+ set immediately before running the content generator and <em>Response</em>
+ Headers just as the response is sent down the wire. Always use
+ Late mode in an operational server.</p>
+
+ <p>Early mode is designed as a test/debugging aid for developers.
+ Directives defined using the <code>early</code> keyword are set
+ right at the beginning of processing the request. This means
+ they can be used to simulate different requests and set up test
+ cases, but it also means that headers may be changed at any time
+ by other modules before generating a Response.</p>
+
+ <p>Because early directives are processed before the request path's
+ configuration is traversed, early headers can only be set in a
+ main server or virtual host context. Early directives cannot depend
+ on a request path, so they will fail in contexts such as
+ <code><Directory></code> or <code><Location></code>.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Examples</a></h2>
+
+ <ol>
+ <li>
+ Copy all request headers that begin with "TS" to the
+ response headers:
+
+ <div class="example"><p><code>
+ Header echo ^TS
+ </code></p></div>
+ </li>
+
+ <li>
+ Add a header, <code>MyHeader</code>, to the response including a
+ timestamp for when the request was received and how long it
+ took to begin serving the request. This header can be used by
+ the client to intuit load on the server or in isolating
+ bottlenecks between the client and the server.
+
+ <div class="example"><p><code>
+ Header set MyHeader "%D %t"
+ </code></p></div>
+
+ <p>results in this header being added to the response:</p>
+
+ <div class="example"><p><code>
+ MyHeader: D=3775428 t=991424704447256
+ </code></p></div>
+ </li>
+
+ <li>
+ Say hello to Joe
+
+ <div class="example"><p><code>
+ Header set MyHeader "Hello Joe. It took %D microseconds \<br />
+ for Apache to serve this request."
+ </code></p></div>
+
+ <p>results in this header being added to the response:</p>
+
+ <div class="example"><p><code>
+ MyHeader: Hello Joe. It took D=3775428 microseconds for Apache
+ to serve this request.
+ </code></p></div>
+ </li>
+
+ <li>
+ Conditionally send <code>MyHeader</code> on the response if and
+ only if header <code>MyRequestHeader</code> is present on the request.
+ This is useful for constructing headers in response to some client
+ stimulus. Note that this example requires the services of the
+ <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code> module.
+
+ <div class="example"><p><code>
+ SetEnvIf MyRequestHeader myvalue HAVE_MyRequestHeader<br />
+ Header set MyHeader "%D %t mytext" env=HAVE_MyRequestHeader
+ </code></p></div>
+
+ <p>If the header <code>MyRequestHeader: myvalue</code> is present on
+ the HTTP request, the response will contain the following header:</p>
+
+ <div class="example"><p><code>
+ MyHeader: D=3775428 t=991424704447256 mytext
+ </code></p></div>
+ </li>
+
+ <li>
+ Enable DAV to work with Apache running HTTP through SSL hardware
+ (<a href="http://svn.haxx.se/users/archive-2006-03/0549.shtml">problem
+ description</a>) by replacing <var>https:</var> with
+ <var>http:</var> in the <var>Destination</var> header:
+
+ <div class="example"><p><code>
+ RequestHeader edit Destination ^https: http: early
+ </code></p></div>
+ </li>
+
+ <li>
+ Set the same header value under multiple nonexclusive conditions,
+ but do not duplicate the value in the final header.
+ If all of the following conditions applied to a request (i.e.,
+ if the <code>CGI</code>, <code>NO_CACHE</code> and
+ <code>NO_STORE</code> environment variables all existed for the
+ request):
+
+ <div class="example"><p><code>
+ Header merge Cache-Control no-cache env=CGI<br />
+ Header merge Cache-Control no-cache env=NO_CACHE<br />
+ Header merge Cache-Control no-store env=NO_STORE
+ </code></p></div>
+
+ <p>then the response would contain the following header:</p>
+
+ <div class="example"><p><code>
+ Cache-Control: no-cache, no-store
+ </code></p></div>
+
+ <p>If <code>append</code> was used instead of <code>merge</code>,
+ then the response would contain the following header:</p>
+
+ <div class="example"><p><code>
+ Cache-Control: no-cache, no-cache, no-store
+ </code></p></div>
+ </li>
+ </ol>
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Header" id="Header">Header</a> <a name="header" id="header">Directive</a></h2>
<table class="directive">
input filters to be overridden or modified.</p>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="order" id="order">Order of Processing</a></h2>
-
- <p>The directives provided by <code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code> can
- occur almost anywhere within the server configuration, and can be
- limited in scope by enclosing them in <a href="../sections.html">configuration sections</a>.</p>
-
- <p>Order of processing is important and is affected both by the
- order in the configuration file and by placement in <a href="../sections.html#mergin">configuration sections</a>. These
- two directives have a different effect if reversed:</p>
-
- <div class="example"><p><code>
- RequestHeader append MirrorID "mirror 12"<br />
- RequestHeader unset MirrorID
- </code></p></div>
-
- <p>This way round, the <code>MirrorID</code> header is not set. If
- reversed, the MirrorID header is set to "mirror 12".</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="early" id="early">Early and Late Processing</a></h2>
- <p><code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code> can be applied either early or late
- in the request. The normal mode is late, when <em>Request</em> Headers are
- set immediately before running the content generator and <em>Response</em>
- Headers just as the response is sent down the wire. Always use
- Late mode in an operational server.</p>
-
- <p>Early mode is designed as a test/debugging aid for developers.
- Directives defined using the <code>early</code> keyword are set
- right at the beginning of processing the request. This means
- they can be used to simulate different requests and set up test
- cases, but it also means that headers may be changed at any time
- by other modules before generating a Response.</p>
-
- <p>Because early directives are processed before the request path's
- configuration is traversed, early headers can only be set in a
- main server or virtual host context. Early directives cannot depend
- on a request path, so they will fail in contexts such as
- <code><Directory></code> or <code><Location></code>.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="examples" id="examples">Examples</a></h2>
-
- <ol>
- <li>
- Copy all request headers that begin with "TS" to the
- response headers:
-
- <div class="example"><p><code>
- Header echo ^TS
- </code></p></div>
- </li>
-
- <li>
- Add a header, <code>MyHeader</code>, to the response including a
- timestamp for when the request was received and how long it
- took to begin serving the request. This header can be used by
- the client to intuit load on the server or in isolating
- bottlenecks between the client and the server.
-
- <div class="example"><p><code>
- Header set MyHeader "%D %t"
- </code></p></div>
-
- <p>results in this header being added to the response:</p>
-
- <div class="example"><p><code>
- MyHeader: D=3775428 t=991424704447256
- </code></p></div>
- </li>
-
- <li>
- Say hello to Joe
-
- <div class="example"><p><code>
- Header set MyHeader "Hello Joe. It took %D microseconds \<br />
- for Apache to serve this request."
- </code></p></div>
-
- <p>results in this header being added to the response:</p>
-
- <div class="example"><p><code>
- MyHeader: Hello Joe. It took D=3775428 microseconds for Apache
- to serve this request.
- </code></p></div>
- </li>
-
- <li>
- Conditionally send <code>MyHeader</code> on the response if and
- only if header <code>MyRequestHeader</code> is present on the request.
- This is useful for constructing headers in response to some client
- stimulus. Note that this example requires the services of the
- <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code> module.
-
- <div class="example"><p><code>
- SetEnvIf MyRequestHeader myvalue HAVE_MyRequestHeader<br />
- Header set MyHeader "%D %t mytext" env=HAVE_MyRequestHeader
- </code></p></div>
-
- <p>If the header <code>MyRequestHeader: myvalue</code> is present on
- the HTTP request, the response will contain the following header:</p>
-
- <div class="example"><p><code>
- MyHeader: D=3775428 t=991424704447256 mytext
- </code></p></div>
- </li>
-
- <li>
- Enable DAV to work with Apache running HTTP through SSL hardware
- (<a href="http://svn.haxx.se/users/archive-2006-03/0549.shtml">problem
- description</a>) by replacing <var>https:</var> with
- <var>http:</var> in the <var>Destination</var> header:
-
- <div class="example"><p><code>
- RequestHeader edit Destination ^https: http: early
- </code></p></div>
- </li>
-
- <li>
- Set the same header value under multiple nonexclusive conditions,
- but do not duplicate the value in the final header.
- If all of the following conditions applied to a request (i.e.,
- if the <code>CGI</code>, <code>NO_CACHE</code> and
- <code>NO_STORE</code> environment variables all existed for the
- request):
-
- <div class="example"><p><code>
- Header merge Cache-Control no-cache env=CGI<br />
- Header merge Cache-Control no-cache env=NO_CACHE<br />
- Header merge Cache-Control no-store env=NO_STORE
- </code></p></div>
-
- <p>then the response would contain the following header:</p>
-
- <div class="example"><p><code>
- Cache-Control: no-cache, no-store
- </code></p></div>
-
- <p>If <code>append</code> was used instead of <code>merge</code>,
- then the response would contain the following header:</p>
-
- <div class="example"><p><code>
- Cache-Control: no-cache, no-cache, no-store
- </code></p></div>
- </li>
- </ol>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_headers.html" title="English"> en </a> |
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="IdentityCheck" id="IdentityCheck">IdentityCheck</a> <a name="identitycheck" id="identitycheck">Directive</a></h2>
<table class="directive">
timeout value according to your local network speed.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_ident.html" title="English"> en </a> |
<p>However, we are trying to phase out "magic MIME types" so we
are deprecating this method.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#imapbase">ImapBase</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#imapdefault">ImapDefault</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#imapmenu">ImapMenu</a></li>
-</ul>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#features">New Features</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#imapfile">Imagemap File</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#example">Example Mapfile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#referencing">Referencing your mapfile</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ImapBase" id="ImapBase">ImapBase</a> <a name="imapbase" id="imapbase">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default <code>base</code> for imagemap files</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ImapBase map|referer|<var>URL</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ImapBase http://servername/</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Indexes</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_imagemap</td></tr>
-</table>
- <p>The <code class="directive">ImapBase</code> directive sets the default
- <code>base</code> used in the imagemap files. Its value is
- overridden by a <code>base</code> directive within the imagemap
- file. If not present, the <code>base</code> defaults to
- <code>http://<var>servername</var>/</code>.</p>
-
-<h3>See also</h3>
-<ul>
-<li><code class="directive"><a href="../mod/core.html#usecanonicalname">UseCanonicalName</a></code></li>
+</ul><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#imapbase">ImapBase</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#imapdefault">ImapDefault</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#imapmenu">ImapMenu</a></li>
</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ImapDefault" id="ImapDefault">ImapDefault</a> <a name="imapdefault" id="imapdefault">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default action when an imagemap is called with coordinates
-that are not explicitly mapped</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ImapDefault error|nocontent|map|referer|<var>URL</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ImapDefault nocontent</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Indexes</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_imagemap</td></tr>
-</table>
- <p>The <code class="directive">ImapDefault</code> directive sets the default
- <code>default</code> used in the imagemap files. Its value is
- overridden by a <code>default</code> directive within the
- imagemap file. If not present, the <code>default</code> action
- is <code>nocontent</code>, which means that a <code>204 No
- Content</code> is sent to the client. In this case, the client
- should continue to display the original page.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ImapMenu" id="ImapMenu">ImapMenu</a> <a name="imapmenu" id="imapmenu">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Action if no coordinates are given when calling
-an imagemap</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ImapMenu none|formatted|semiformatted|unformatted</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Indexes</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_imagemap</td></tr>
-</table>
- <p>The <code class="directive">ImapMenu</code> directive determines the
- action taken if an imagemap file is called without valid
- coordinates.</p>
-
- <dl>
- <dt><code>none</code></dt>
- <dd>If ImapMenu is <code>none</code>, no menu is generated,
- and the <code>default</code> action is performed.</dd>
-
- <dt><code>formatted</code></dt>
- <dd>A <code>formatted</code> menu is the simplest menu.
- Comments in the imagemap file are ignored. A level one header
- is printed, then an hrule, then the links each on a separate
- line. The menu has a consistent, plain look close to that of
- a directory listing.</dd>
-
- <dt><code>semiformatted</code></dt>
- <dd>In the <code>semiformatted</code> menu, comments are
- printed where they occur in the imagemap file. Blank lines
- are turned into HTML breaks. No header or hrule is printed,
- but otherwise the menu is the same as a
- <code>formatted</code> menu.</dd>
-
- <dt><code>unformatted</code></dt>
- <dd>Comments are printed, blank lines are ignored. Nothing is
- printed that does not appear in the imagemap file. All breaks
- and headers must be included as comments in the imagemap
- file. This gives you the most flexibility over the appearance
- of your menus, but requires you to treat your map files as
- HTML instead of plaintext.</dd>
- </dl>
-
-</div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="features" id="features">New Features</a></h2>
</a>
</code></p></div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ImapBase" id="ImapBase">ImapBase</a> <a name="imapbase" id="imapbase">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default <code>base</code> for imagemap files</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ImapBase map|referer|<var>URL</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ImapBase http://servername/</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Indexes</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_imagemap</td></tr>
+</table>
+ <p>The <code class="directive">ImapBase</code> directive sets the default
+ <code>base</code> used in the imagemap files. Its value is
+ overridden by a <code>base</code> directive within the imagemap
+ file. If not present, the <code>base</code> defaults to
+ <code>http://<var>servername</var>/</code>.</p>
+
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="../mod/core.html#usecanonicalname">UseCanonicalName</a></code></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ImapDefault" id="ImapDefault">ImapDefault</a> <a name="imapdefault" id="imapdefault">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default action when an imagemap is called with coordinates
+that are not explicitly mapped</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ImapDefault error|nocontent|map|referer|<var>URL</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ImapDefault nocontent</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Indexes</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_imagemap</td></tr>
+</table>
+ <p>The <code class="directive">ImapDefault</code> directive sets the default
+ <code>default</code> used in the imagemap files. Its value is
+ overridden by a <code>default</code> directive within the
+ imagemap file. If not present, the <code>default</code> action
+ is <code>nocontent</code>, which means that a <code>204 No
+ Content</code> is sent to the client. In this case, the client
+ should continue to display the original page.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ImapMenu" id="ImapMenu">ImapMenu</a> <a name="imapmenu" id="imapmenu">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Action if no coordinates are given when calling
+an imagemap</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ImapMenu none|formatted|semiformatted|unformatted</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Indexes</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_imagemap</td></tr>
+</table>
+ <p>The <code class="directive">ImapMenu</code> directive determines the
+ action taken if an imagemap file is called without valid
+ coordinates.</p>
+
+ <dl>
+ <dt><code>none</code></dt>
+ <dd>If ImapMenu is <code>none</code>, no menu is generated,
+ and the <code>default</code> action is performed.</dd>
+
+ <dt><code>formatted</code></dt>
+ <dd>A <code>formatted</code> menu is the simplest menu.
+ Comments in the imagemap file are ignored. A level one header
+ is printed, then an hrule, then the links each on a separate
+ line. The menu has a consistent, plain look close to that of
+ a directory listing.</dd>
+
+ <dt><code>semiformatted</code></dt>
+ <dd>In the <code>semiformatted</code> menu, comments are
+ printed where they occur in the imagemap file. Blank lines
+ are turned into HTML breaks. No header or hrule is printed,
+ but otherwise the menu is the same as a
+ <code>formatted</code> menu.</dd>
+
+ <dt><code>unformatted</code></dt>
+ <dd>Comments are printed, blank lines are ignored. Nothing is
+ printed that does not appear in the imagemap file. All breaks
+ and headers must be included as comments in the imagemap
+ file. This gives you the most flexibility over the appearance
+ of your menus, but requires you to treat your map files as
+ HTML instead of plaintext.</dd>
+ </dl>
+
</div>
</div>
<div class="bottomlang">
inclusion of other files or programs, as well as the setting and
printing of environment variables.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#enabling">Enabling Server-Side Includes</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#pathinfo">PATH_INFO with Server Side Includes</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#elements">Basic Elements</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#includevars">Include Variables</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#substitution">Variable Substitution</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#flowctrl">Flow Control Elements</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#ssienableaccess">SSIEnableAccess</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ssiendtag">SSIEndTag</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ssiundefinedecho">SSIUndefinedEcho</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#xbithack">XBitHack</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#enabling">Enabling Server-Side Includes</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#pathinfo">PATH_INFO with Server Side Includes</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#elements">Basic Elements</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#includevars">Include Variables</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#substitution">Variable Substitution</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#flowctrl">Flow Control Elements</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li>
<li><code class="directive"><a href="../mod/core.html#acceptpathinfo">AcceptPathInfo</a></code></li>
<li><a href="../howto/ssi.html">SSI Tutorial</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSIEnableAccess" id="SSIEnableAccess">SSIEnableAccess</a> <a name="ssienableaccess" id="ssienableaccess">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable the -A flag during conditional flow control processing.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIEnableAccess on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIEnableAccess off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-</table>
- <p>The <code class="directive">SSIEnableAccess</code> directive controls whether
- the -A test is enabled during conditional flow control processing.
- <code class="directive">SSIEnableAccess</code> can take on the following values:</p>
+<div class="section">
+<h2><a name="enabling" id="enabling">Enabling Server-Side Includes</a></h2>
+
- <dl>
+ <p>Server Side Includes are implemented by the
+ <code>INCLUDES</code> <a href="../filter.html">filter</a>. If
+ documents containing server-side include directives are given
+ the extension .shtml, the following directives will make Apache
+ parse them and assign the resulting document the mime type of
+ <code>text/html</code>:</p>
- <dt><code>off</code></dt>
- <dd><!--#if expr="-A /foo"--> will be interpreted as a series
- of string and regular expression tokens, the -A has no special
- meaning.</dd>
+ <div class="example"><p><code>
+ AddType text/html .shtml<br />
+ AddOutputFilter INCLUDES .shtml
+ </code></p></div>
- <dt><code>on</code></dt>
- <dd><!--#if expr="-A /foo"--> will evaluate to false if the
- URL /foo is inaccessible by configuration, or true otherwise.</dd>
+ <p>The following directive must be given for the directories
+ containing the shtml files (typically in a
+ <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code> section,
+ but this directive is also valid in <code>.htaccess</code> files if
+ <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> <code>Options</code>
+ is set):</p>
- </dl>
+ <div class="example"><p><code>
+ Options +Includes
+ </code></p></div>
+
+ <p>For backwards compatibility, the <code>server-parsed</code>
+ <a href="../handler.html">handler</a> also activates the
+ INCLUDES filter. As well, Apache will activate the INCLUDES
+ filter for any document with mime type
+ <code>text/x-server-parsed-html</code> or
+ <code>text/x-server-parsed-html3</code> (and the resulting
+ output will have the mime type <code>text/html</code>).</p>
+ <p>For more information, see our <a href="../howto/ssi.html">Tutorial on Server Side Includes</a>.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="pathinfo" id="pathinfo">PATH_INFO with Server Side Includes</a></h2>
+
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSIEndTag" id="SSIEndTag">SSIEndTag</a> <a name="ssiendtag" id="ssiendtag">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>String that ends an include element</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIEndTag <var>tag</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIEndTag "-->"</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.30 and later.</td></tr>
-</table>
- <p>This directive changes the string that <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
- looks for to mark the end of an include element.</p>
+ <p>Files processed for server-side includes no longer accept
+ requests with <code>PATH_INFO</code> (trailing pathname information)
+ by default. You can use the <code class="directive"><a href="../mod/core.html#acceptpathinfo">AcceptPathInfo</a></code> directive to
+ configure the server to accept requests with <code>PATH_INFO</code>.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="elements" id="elements">Basic Elements</a></h2>
+ <p>The document is parsed as an HTML document, with special
+ commands embedded as SGML comments. A command has the syntax: </p>
- <div class="example"><h3>Example</h3><p><code>
- SSIEndTag "%>"
+ <div class="example"><p><code>
+ <!--#<var>element</var> <var>attribute</var>=<var>value</var>
+ <var>attribute</var>=<var>value</var> ... -->
</code></p></div>
+ <p>The value will often be enclosed in double quotes, but single
+ quotes (<code>'</code>) and backticks (<code>`</code>) are also
+ possible. Many commands only allow a single attribute-value pair.
+ Note that the comment terminator (<code>--></code>) should be
+ preceded by whitespace to ensure that it isn't considered part of
+ an SSI token. Note that the leading <code><!--#</code> is <em>one</em>
+ token and may not contain any whitespaces.</p>
-<h3>See also</h3>
-<ul>
-<li><code class="directive"><a href="#ssistarttag">SSIStartTag</a></code></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSIErrorMsg" id="SSIErrorMsg">SSIErrorMsg</a> <a name="ssierrormsg" id="ssierrormsg">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Error message displayed when there is an SSI
-error</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIErrorMsg <var>message</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIErrorMsg "[an error occurred while processing this
-directive]"</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>All</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.30 and later.</td></tr>
-</table>
- <p>The <code class="directive">SSIErrorMsg</code> directive changes the error
- message displayed when <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> encounters an
- error. For production servers you may consider changing the default
- error message to <code>"<!-- Error -->"</code> so that
- the message is not presented to the user.</p>
-
- <p>This directive has the same effect as the <code><!--#config
- errmsg=<var>message</var> --></code> element.</p>
+ <p>The allowed elements are listed in the following table:</p>
- <div class="example"><h3>Example</h3><p><code>
- SSIErrorMsg "<!-- Error -->"
- </code></p></div>
+ <table class="bordered">
+ <tr><th>Element</th><th>Description</th></tr>
+ <tr><td><code><a href="#element.config">config</a></code></td>
+ <td>configure output formats</td></tr>
+ <tr><td><code><a href="#element.echo">echo</a></code></td>
+ <td>print variables</td></tr>
+ <tr><td><code><a href="#element.exec">exec</a></code></td>
+ <td>execute external programs</td></tr>
+ <tr><td><code><a href="#element.fsize">fsize</a></code></td>
+ <td>print size of a file</td></tr>
+ <tr><td><code><a href="#element.flastmod">flastmod</a></code></td>
+ <td>print last modification time of a file</td></tr>
+ <tr><td><code><a href="#element.include">include</a></code></td>
+ <td>include a file</td></tr>
+ <tr><td><code><a href="#element.printenv">printenv</a></code></td>
+ <td>print all available variables</td></tr>
+ <tr><td><code><a href="#element.set">set</a></code></td>
+ <td>set a value of a variable</td></tr>
+ </table>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSIETag" id="SSIETag">SSIETag</a> <a name="ssietag" id="ssietag">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls whether ETags are generated by the server.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIETag on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIETag off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2.15 and later.</td></tr>
-</table>
- <p>Under normal circumstances, a file filtered by <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
- may contain elements that are either dynamically generated, or that may
- have changed independently of the original file. As a result, by default
- the server is asked not to generate an <code>ETag</code> header for the
- response by adding <code>no-etag</code> to the request notes.</p>
+ <p>SSI elements may be defined by modules other than
+ <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>. In fact, the <code><a href="#element.exec">exec</a></code> element is provided by
+ <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, and will only be available if this
+ module is loaded.</p>
- <p>The <code class="directive">SSIETag</code> directive suppresses this
- behaviour, and allows the server to generate an <code>ETag</code> header.
- This can be used to enable caching of the output. Note that a backend server
- or dynamic content generator may generate an ETag of its own, ignoring
- <code>no-etag</code>, and this ETag will be passed by
- <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> regardless of the value of this setting.
- <code class="directive">SSIETag</code> can take on the following values:</p>
+ <h3><a name="element.config" id="element.config">The config Element</a></h3>
+ <p>This command controls various aspects of the parsing. The
+ valid attributes are:</p>
<dl>
+ <dt><code>echomsg</code> (<em>Apache 2.1 and later</em>)</dt>
+ <dd>The value is a message that is sent back to the
+ client if the <code><a href="#element.echo">echo</a></code> element
+ attempts to echo an undefined variable. This overrides any <code class="directive"><a href="#ssiundefinedecho">SSIUndefinedEcho</a></code> directives.</dd>
- <dt><code>off</code></dt>
- <dd><code>no-etag</code> will be added to the request notes, and the server
- is asked not to generate an ETag. Where a server ignores the value of
- <code>no-etag</code> and generates an ETag anyway, the ETag will be
- respected.</dd>
+ <dt><code>errmsg</code></dt>
+ <dd>The value is a message that is sent back to the
+ client if an error occurs while parsing the
+ document. This overrides any <code class="directive"><a href="#ssierrormsg">SSIErrorMsg</a></code> directives.</dd>
- <dt><code>on</code></dt>
- <dd>Existing ETags will be respected, and ETags generated by the server will
- be passed on in the response.</dd>
+ <dt><code>sizefmt</code></dt>
+ <dd>The value sets the format to be used when displaying
+ the size of a file. Valid values are <code>bytes</code>
+ for a count in bytes, or <code>abbrev</code> for a count
+ in Kb or Mb as appropriate, for example a size of 1024 bytes
+ will be printed as "1K".</dd>
+ <dt><code>timefmt</code></dt>
+ <dd>The value is a string to be used by the
+ <code>strftime(3)</code> library routine when printing
+ dates.</dd>
</dl>
+
+ <h3><a name="element.echo" id="element.echo">The echo Element</a></h3>
+ <p>This command prints one of the <a href="#includevars">include
+ variables</a> defined below. If the variable is unset, the result is
+ determined by the <code class="directive"><a href="#ssiundefinedecho">SSIUndefinedEcho</a></code> directive. Any dates printed are
+ subject to the currently configured <code>timefmt</code>.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSILastModified" id="SSILastModified">SSILastModified</a> <a name="ssilastmodified" id="ssilastmodified">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls whether <code>Last-Modified</code> headers are generated by the
-server.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSILastModified on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSILastModified off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2.15 and later.</td></tr>
-</table>
- <p>Under normal circumstances, a file filtered by <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
- may contain elements that are either dynamically generated, or that may
- have changed independently of the original file. As a result, by default
- the <code>Last-Modified</code> header is stripped from the response.</p>
+ <p>Attributes:</p>
- <p>The <code class="directive">SSILastModified</code> directive overrides this
- behaviour, and allows the <code>Last-Modified</code> header to be respected
- if already present, or set if the header is not already present. This can
- be used to enable caching of the output. <code class="directive">SSILastModified</code>
- can take on the following values:</p>
-
<dl>
-
- <dt><code>off</code></dt>
- <dd>The <code>Last-Modified</code> header will be stripped from responses,
- unless the <code class="directive"><a href="#xbithack">XBitHack</a></code> directive
- is set to <code>full</code> as described below.</dd>
-
- <dt><code>on</code></dt>
- <dd>The <code>Last-Modified</code> header will be respected if already
- present in a response, and added to the response if the response is a
- file and the header is missing. The
- <code class="directive"><a href="#ssilastmodified">SSILastModified</a></code> directive
- takes precedence over <code class="directive"><a href="#xbithack">XBitHack</a></code>.</dd>
-
+ <dt><code>var</code></dt>
+ <dd>The value is the name of the variable to print.</dd>
+
+ <dt><code>encoding</code></dt>
+ <dd><p>Specifies how Apache should encode special characters
+ contained in the variable before outputting them. If set
+ to <code>none</code>, no encoding will be done. If set to
+ <code>url</code>, then URL encoding (also known as %-encoding;
+ this is appropriate for use within URLs in links, etc.) will be
+ performed. At the start of an <code>echo</code> element,
+ the default is set to <code>entity</code>, resulting in entity
+ encoding (which is appropriate in the context of a block-level
+ HTML element, <em>e.g.</em> a paragraph of text). This can be
+ changed by adding an <code>encoding</code> attribute, which will
+ remain in effect until the next <code>encoding</code> attribute
+ is encountered or the element ends, whichever comes first.</p>
+
+ <p>The <code>encoding</code> attribute must <em>precede</em> the
+ corresponding <code>var</code> attribute to be effective, and
+ only special characters as defined in the ISO-8859-1 character
+ encoding will be encoded. This encoding process may not have the
+ desired result if a different character encoding is in use.</p>
+
+ <div class="warning">
+ In order to avoid cross-site scripting issues, you should
+ <em>always</em> encode user supplied data.
+ </div>
+ </dd>
</dl>
-
+
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSIStartTag" id="SSIStartTag">SSIStartTag</a> <a name="ssistarttag" id="ssistarttag">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>String that starts an include element</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIStartTag <var>tag</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIStartTag "<!--#"</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.30 and later.</td></tr>
-</table>
- <p>This directive changes the string that <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
- looks for to mark an include element to process.</p>
+ <h3><a name="element.exec" id="element.exec">The exec Element</a></h3>
+ <p>The <code>exec</code> command executes a given shell command or
+ CGI script. It requires <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code> to be present
+ in the server. If <code class="directive"><a href="../mod/core.html#options">Options</a></code>
+ <code>IncludesNOEXEC</code> is set, this command is completely
+ disabled. The valid attributes are:</p>
- <p>You may want to use this option if you have 2 servers parsing the
- output of a file each processing different commands (possibly at
- different times).</p>
+ <dl>
+ <dt><code>cgi</code></dt>
+ <dd><p>The value specifies a (%-encoded) URL-path to
+ the CGI script. If the path does not begin with a slash (/),
+ then it is taken to be relative to the current
+ document. The document referenced by this path is
+ invoked as a CGI script, even if the server would not
+ normally recognize it as such. However, the directory
+ containing the script must be enabled for CGI scripts
+ (with <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>
+ or <code class="directive"><a href="../mod/core.html#options">Options</a></code>
+ <code>ExecCGI</code>).</p>
- <div class="example"><h3>Example</h3><p><code>
- SSIStartTag "<%"<br />
- SSIEndTag "%>"
- </code></p></div>
+ <p>The CGI script is given the <code>PATH_INFO</code> and query
+ string (<code>QUERY_STRING</code>) of the original request from the
+ client; these <em>cannot</em> be specified in the URL path. The
+ include variables will be available to the script in addition to
+ the standard <a href="mod_cgi.html">CGI</a> environment.</p>
- <p>The example given above, which also specifies a matching
- <code class="directive"><a href="#ssiendtag">SSIEndTag</a></code>, will
- allow you to use SSI directives as shown in the example
- below:</p>
+ <div class="example"><h3>Example</h3><p><code>
+ <!--#exec cgi="/cgi-bin/example.cgi" -->
+ </code></p></div>
- <div class="example"><h3>SSI directives with alternate start and end tags</h3><p><code>
- <%printenv %>
- </code></p></div>
+ <p>If the script returns a <code>Location:</code> header instead of
+ output, then this will be translated into an HTML anchor.</p>
-<h3>See also</h3>
-<ul>
-<li><code class="directive"><a href="#ssiendtag">SSIEndTag</a></code></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSITimeFormat" id="SSITimeFormat">SSITimeFormat</a> <a name="ssitimeformat" id="ssitimeformat">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configures the format in which date strings are
-displayed</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSITimeFormat <var>formatstring</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSITimeFormat "%A, %d-%b-%Y %H:%M:%S %Z"</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>All</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.30 and later.</td></tr>
-</table>
-<p>This directive changes the format in which date strings are displayed
- when echoing <code>DATE</code> environment variables. The
- <var>formatstring</var> is as in <code>strftime(3)</code> from the
- C standard library.</p>
+ <p>The <code><a href="#includevirtual">include virtual</a></code>
+ element should be used in preference to <code>exec cgi</code>. In
+ particular, if you need to pass additional arguments to a CGI program,
+ using the query string, this cannot be done with <code>exec
+ cgi</code>, but can be done with <code>include virtual</code>, as
+ shown here:</p>
- <p>This directive has the same effect as the <code><!--#config
- timefmt=<var>formatstring</var> --></code> element.</p>
+ <div class="example"><p><code>
+ <!--#include virtual="/cgi-bin/example.cgi?argument=value" -->
+ </code></p></div>
+ </dd>
- <div class="example"><h3>Example</h3><p><code>
- SSITimeFormat "%R, %B %d, %Y"
- </code></p></div>
+ <dt><code>cmd</code></dt>
+ <dd><p>The server will execute the given string using
+ <code>/bin/sh</code>. The <a href="#includevars">include variables</a> are available to the command, in addition
+ to the usual set of CGI variables.</p>
- <p>The above directive would cause times to be displayed in the
- format "22:26, June 14, 2002".</p>
+ <p>The use of <code><a href="#includevirtual">#include virtual</a></code> is almost always prefered to using
+ either <code>#exec cgi</code> or <code>#exec cmd</code>. The former
+ (<code>#include virtual</code>) uses the standard Apache sub-request
+ mechanism to include files or scripts. It is much better tested and
+ maintained.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SSIUndefinedEcho" id="SSIUndefinedEcho">SSIUndefinedEcho</a> <a name="ssiundefinedecho" id="ssiundefinedecho">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>String displayed when an unset variable is echoed</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIUndefinedEcho <var>string</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIUndefinedEcho "(none)"</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>All</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.34 and later.</td></tr>
-</table>
- <p>This directive changes the string that <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
- displays when a variable is not set and "echoed".</p>
+ <p>In addition, on some platforms, like Win32, and on unix when
+ using <a href="../suexec.html">suexec</a>, you cannot pass arguments
+ to a command in an <code>exec</code> directive, or otherwise include
+ spaces in the command. Thus, while the following will work under a
+ non-suexec configuration on unix, it will not produce the desired
+ result under Win32, or when running suexec:</p>
- <div class="example"><h3>Example</h3><p><code>
- SSIUndefinedEcho "<!-- undef -->"
- </code></p></div>
+ <div class="example"><p><code>
+ <!--#exec cmd="perl /path/to/perlscript arg1 arg2" -->
+ </code></p></div>
+ </dd>
+ </dl>
+
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="XBitHack" id="XBitHack">XBitHack</a> <a name="xbithack" id="xbithack">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Parse SSI directives in files with the execute bit
-set</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>XBitHack on|off|full</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>XBitHack off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Options</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
-</table>
- <p>The <code class="directive">XBitHack</code> directive controls the parsing
- of ordinary html documents. This directive only affects files associated
- with the <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> <code>text/html</code>. <code class="directive">XBitHack</code> can take on the following values:</p>
+ <h3><a name="element.fsize" id="element.fsize">The fsize Element</a></h3>
+ <p>This command prints the size of the specified file, subject
+ to the <code>sizefmt</code> format specification. Attributes:</p>
- <dl>
- <dt><code>off</code></dt>
- <dd>No special treatment of executable files.</dd>
+ <dl>
+ <dt><code>file</code></dt>
+ <dd>The value is a path relative to the directory
+ containing the current document being parsed.</dd>
- <dt><code>on</code></dt>
- <dd>Any <code>text/html</code> file that has the user-execute bit
- set will be treated as a server-parsed html document.</dd>
+ <dt><code>virtual</code></dt>
+ <dd>The value is a (%-encoded) URL-path. If it does not begin with
+ a slash (/) then it is taken to be relative to the current document.
+ Note, that this does <em>not</em> print the size of any CGI output,
+ but the size of the CGI script itself.</dd>
+ </dl>
+
- <dt><code>full</code></dt>
- <dd>As for <code>on</code> but also test the group-execute bit.
- If it is set, then set the <code>Last-modified</code> date of the
- returned file to be the last modified time of the file. If
- it is not set, then no last-modified date is sent. Setting
- this bit allows clients and proxies to cache the result of
- the request.
+ <h3><a name="element.flastmod" id="element.flastmod">The flastmod Element</a></h3>
+ <p>This command prints the last modification date of the
+ specified file, subject to the <code>timefmt</code> format
+ specification. The attributes are the same as for the
+ <code><a href="#element.fsize">fsize</a></code> command.</p>
+
- <div class="note"><h3>Note</h3>
- <p>You would not want to use the full option, unless you assure the
- group-execute bit is unset for every SSI script which might <code>#include</code> a CGI or otherwise produces different output on
- each hit (or could potentially change on subsequent requests).</p>
-
- <p>The <code class="directive"><a href="#ssilastmodified">SSILastModified</a></code>
- directive takes precedence over the
- <code class="directive"><a href="#xbithack">XBitHack</a></code> directive when
- <code class="directive"><a href="#ssilastmodified">SSILastModified</a></code> is set to
- <code>on</code>.</p>
- </div>
+ <h3><a name="element.include" id="element.include">The include Element</a></h3>
+ <p>This command inserts the text of another document or file
+ into the parsed file. Any included file is subject to the usual
+ access control. If the directory containing the parsed file has
+ <a href="core.html#options">Options</a>
+ <code>IncludesNOEXEC</code> set, then only documents with a text
+ <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> (<code>text/plain</code>,
+ <code>text/html</code> etc.) will be included. Otherwise CGI
+ scripts are invoked as normal using the complete URL given in
+ the command, including any query string.</p>
- </dd>
- </dl>
+ <p>An attribute defines the location of the document; the
+ inclusion is done for each attribute given to the include
+ command. The valid attributes are:</p>
+ <dl>
+ <dt><code>file</code></dt>
+ <dd>The value is a path relative to the directory
+ containing the current document being parsed. It cannot
+ contain <code>../</code>, nor can it be an absolute path.
+ Therefore, you cannot include files that are outside of the
+ document root, or above the current document in the directory
+ structure. The <code>virtual</code> attribute should always be
+ used in preference to this one.</dd>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="enabling" id="enabling">Enabling Server-Side Includes</a></h2>
-
+ <dt><code><a id="includevirtual" name="includevirtual">virtual</a></code></dt>
+ <dd><p>The value is a (%-encoded) URL-path. The URL cannot contain a
+ scheme or hostname, only a path and an optional query string. If it
+ does not begin with a slash (/) then it is taken to be relative to the
+ current document.</p>
- <p>Server Side Includes are implemented by the
- <code>INCLUDES</code> <a href="../filter.html">filter</a>. If
- documents containing server-side include directives are given
- the extension .shtml, the following directives will make Apache
- parse them and assign the resulting document the mime type of
- <code>text/html</code>:</p>
+ <p>A URL is constructed from the attribute, and the output the
+ server would return if the URL were accessed by the client is
+ included in the parsed output. Thus included files can be nested.</p>
- <div class="example"><p><code>
- AddType text/html .shtml<br />
- AddOutputFilter INCLUDES .shtml
- </code></p></div>
+ <p>If the specified URL is a CGI program, the program will be
+ executed and its output inserted in place of the directive in the
+ parsed file. You may include a query string in a CGI url:</p>
+
+ <div class="example"><p><code>
+ <!--#include virtual="/cgi-bin/example.cgi?argument=value" -->
+ </code></p></div>
+
+ <p><code>include virtual</code> should be used in preference
+ to <code>exec cgi</code> to include the output of CGI programs
+ into an HTML document.</p>
+ </dd>
+ </dl>
+
- <p>The following directive must be given for the directories
- containing the shtml files (typically in a
- <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code> section,
- but this directive is also valid in <code>.htaccess</code> files if
- <code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code> <code>Options</code>
- is set):</p>
+ <h3><a name="element.printenv" id="element.printenv">The printenv Element</a></h3>
+ <p>This prints out a listing of all existing variables and
+ their values. Special characters are entity encoded (see the <code><a href="#element.echo">echo</a></code> element for details)
+ before being output. There are no attributes.</p>
- <div class="example"><p><code>
- Options +Includes
- </code></p></div>
+ <div class="example"><h3>Example</h3><p><code>
+ <!--#printenv -->
+ </code></p></div>
+
- <p>For backwards compatibility, the <code>server-parsed</code>
- <a href="../handler.html">handler</a> also activates the
- INCLUDES filter. As well, Apache will activate the INCLUDES
- filter for any document with mime type
- <code>text/x-server-parsed-html</code> or
- <code>text/x-server-parsed-html3</code> (and the resulting
- output will have the mime type <code>text/html</code>).</p>
+ <h3><a name="element.set" id="element.set">The set Element</a></h3>
+ <p>This sets the value of a variable. Attributes:</p>
- <p>For more information, see our <a href="../howto/ssi.html">Tutorial on Server Side Includes</a>.</p>
+ <dl>
+ <dt><code>var</code></dt>
+ <dd>The name of the variable to set.</dd>
+
+ <dt><code>value</code></dt>
+ <dd>The value to give a variable.</dd>
+ </dl>
+
+ <div class="example"><h3>Example</h3><p><code>
+ <!--#set var="category" value="help" -->
+ </code></p></div>
+
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
-<h2><a name="pathinfo" id="pathinfo">PATH_INFO with Server Side Includes</a></h2>
+<h2><a name="includevars" id="includevars">Include Variables</a></h2>
- <p>Files processed for server-side includes no longer accept
- requests with <code>PATH_INFO</code> (trailing pathname information)
- by default. You can use the <code class="directive"><a href="../mod/core.html#acceptpathinfo">AcceptPathInfo</a></code> directive to
- configure the server to accept requests with <code>PATH_INFO</code>.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="elements" id="elements">Basic Elements</a></h2>
- <p>The document is parsed as an HTML document, with special
- commands embedded as SGML comments. A command has the syntax: </p>
+ <p>In addition to the variables in the standard CGI environment,
+ these are available for the <code>echo</code> command, for
+ <code>if</code> and <code>elif</code>, and to any program
+ invoked by the document.</p>
- <div class="example"><p><code>
- <!--#<var>element</var> <var>attribute</var>=<var>value</var>
- <var>attribute</var>=<var>value</var> ... -->
- </code></p></div>
+ <dl>
+ <dt><code>DATE_GMT</code></dt>
+ <dd>The current date in Greenwich Mean Time.</dd>
- <p>The value will often be enclosed in double quotes, but single
- quotes (<code>'</code>) and backticks (<code>`</code>) are also
- possible. Many commands only allow a single attribute-value pair.
- Note that the comment terminator (<code>--></code>) should be
- preceded by whitespace to ensure that it isn't considered part of
- an SSI token. Note that the leading <code><!--#</code> is <em>one</em>
- token and may not contain any whitespaces.</p>
+ <dt><code>DATE_LOCAL</code></dt>
+ <dd>The current date in the local time zone.</dd>
- <p>The allowed elements are listed in the following table:</p>
+ <dt><code>DOCUMENT_NAME</code></dt>
+ <dd>The filename (excluding directories) of the document
+ requested by the user.</dd>
- <table class="bordered">
- <tr><th>Element</th><th>Description</th></tr>
- <tr><td><code><a href="#element.config">config</a></code></td>
- <td>configure output formats</td></tr>
- <tr><td><code><a href="#element.echo">echo</a></code></td>
- <td>print variables</td></tr>
- <tr><td><code><a href="#element.exec">exec</a></code></td>
- <td>execute external programs</td></tr>
- <tr><td><code><a href="#element.fsize">fsize</a></code></td>
- <td>print size of a file</td></tr>
- <tr><td><code><a href="#element.flastmod">flastmod</a></code></td>
- <td>print last modification time of a file</td></tr>
- <tr><td><code><a href="#element.include">include</a></code></td>
- <td>include a file</td></tr>
- <tr><td><code><a href="#element.printenv">printenv</a></code></td>
- <td>print all available variables</td></tr>
- <tr><td><code><a href="#element.set">set</a></code></td>
- <td>set a value of a variable</td></tr>
- </table>
+ <dt><code>DOCUMENT_URI</code></dt>
+ <dd>The (%-decoded) URL path of the document requested by the
+ user. Note that in the case of nested include files, this is
+ <em>not</em> the URL for the current document. Note also that
+ if the URL is modified internally (e.g. by an <code class="directive"><a href="../mod/mod_alias.html#alias">alias</a></code> or <code class="directive"><a href="../mod/mod_dir.html#directoryindex">directoryindex</a></code>), the modified
+ URL is shown.</dd>
- <p>SSI elements may be defined by modules other than
- <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>. In fact, the <code><a href="#element.exec">exec</a></code> element is provided by
- <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, and will only be available if this
- module is loaded.</p>
+ <dt><code>LAST_MODIFIED</code></dt>
+ <dd>The last modification date of the document requested by
+ the user.</dd>
- <h3><a name="element.config" id="element.config">The config Element</a></h3>
- <p>This command controls various aspects of the parsing. The
- valid attributes are:</p>
+ <dt><code>QUERY_STRING_UNESCAPED</code></dt>
+ <dd>If a query string is present, this variable contains the
+ (%-decoded) query string, which is <em>escaped</em> for shell
+ usage (special characters like <code>&</code> etc. are
+ preceded by backslashes).</dd>
+ </dl>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="substitution" id="substitution">Variable Substitution</a></h2>
- <dl>
- <dt><code>echomsg</code> (<em>Apache 2.1 and later</em>)</dt>
- <dd>The value is a message that is sent back to the
- client if the <code><a href="#element.echo">echo</a></code> element
- attempts to echo an undefined variable. This overrides any <code class="directive"><a href="#ssiundefinedecho">SSIUndefinedEcho</a></code> directives.</dd>
+ <p>Variable substitution is done within quoted strings in most
+ cases where they may reasonably occur as an argument to an SSI
+ directive. This includes the <code>config</code>,
+ <code>exec</code>, <code>flastmod</code>, <code>fsize</code>,
+ <code>include</code>, <code>echo</code>, and <code>set</code>
+ directives, as well as the arguments to conditional operators.
+ You can insert a literal dollar sign into the string using backslash
+ quoting:</p>
- <dt><code>errmsg</code></dt>
- <dd>The value is a message that is sent back to the
- client if an error occurs while parsing the
- document. This overrides any <code class="directive"><a href="#ssierrormsg">SSIErrorMsg</a></code> directives.</dd>
+ <div class="example"><p><code>
+ <!--#if expr="$a = \$test" -->
+ </code></p></div>
- <dt><code>sizefmt</code></dt>
- <dd>The value sets the format to be used when displaying
- the size of a file. Valid values are <code>bytes</code>
- for a count in bytes, or <code>abbrev</code> for a count
- in Kb or Mb as appropriate, for example a size of 1024 bytes
- will be printed as "1K".</dd>
+ <p>If a variable reference needs to be substituted in the
+ middle of a character sequence that might otherwise be
+ considered a valid identifier in its own right, it can be
+ disambiguated by enclosing the reference in braces,
+ <em>a la</em> shell substitution:</p>
- <dt><code>timefmt</code></dt>
- <dd>The value is a string to be used by the
- <code>strftime(3)</code> library routine when printing
- dates.</dd>
- </dl>
-
+ <div class="example"><p><code>
+ <!--#set var="Zed" value="${REMOTE_HOST}_${REQUEST_METHOD}" -->
+ </code></p></div>
- <h3><a name="element.echo" id="element.echo">The echo Element</a></h3>
- <p>This command prints one of the <a href="#includevars">include
- variables</a> defined below. If the variable is unset, the result is
- determined by the <code class="directive"><a href="#ssiundefinedecho">SSIUndefinedEcho</a></code> directive. Any dates printed are
- subject to the currently configured <code>timefmt</code>.</p>
+ <p>This will result in the <code>Zed</code> variable being set
+ to "<code>X_Y</code>" if <code>REMOTE_HOST</code> is
+ "<code>X</code>" and <code>REQUEST_METHOD</code> is
+ "<code>Y</code>".</p>
+
+ <p>The below example will print "in foo" if the
+ <code>DOCUMENT_URI</code> is <code>/foo/file.html</code>, "in bar"
+ if it is <code>/bar/file.html</code> and "in neither" otherwise:</p>
+
+ <div class="example"><p><code>
+ <!--#if expr='"$DOCUMENT_URI" = "/foo/file.html"' --><br />
+ <span class="indent">
+ in foo<br />
+ </span>
+ <!--#elif expr='"$DOCUMENT_URI" = "/bar/file.html"' --><br />
+ <span class="indent">
+ in bar<br />
+ </span>
+ <!--#else --><br />
+ <span class="indent">
+ in neither<br />
+ </span>
+ <!--#endif -->
+ </code></p></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="flowctrl" id="flowctrl">Flow Control Elements</a></h2>
+
- <p>Attributes:</p>
+ <p>The basic flow control elements are:</p>
- <dl>
- <dt><code>var</code></dt>
- <dd>The value is the name of the variable to print.</dd>
+ <div class="example"><p><code>
+ <!--#if expr="<var>test_condition</var>" --><br />
+ <!--#elif expr="<var>test_condition</var>" --><br />
+ <!--#else --><br />
+ <!--#endif -->
+ </code></p></div>
- <dt><code>encoding</code></dt>
- <dd><p>Specifies how Apache should encode special characters
- contained in the variable before outputting them. If set
- to <code>none</code>, no encoding will be done. If set to
- <code>url</code>, then URL encoding (also known as %-encoding;
- this is appropriate for use within URLs in links, etc.) will be
- performed. At the start of an <code>echo</code> element,
- the default is set to <code>entity</code>, resulting in entity
- encoding (which is appropriate in the context of a block-level
- HTML element, <em>e.g.</em> a paragraph of text). This can be
- changed by adding an <code>encoding</code> attribute, which will
- remain in effect until the next <code>encoding</code> attribute
- is encountered or the element ends, whichever comes first.</p>
+ <p>The <code>if</code> element works like an if statement in a
+ programming language. The test condition is evaluated and if
+ the result is true, then the text until the next <code>elif</code>,
+ <code>else</code> or <code>endif</code> element is included in the
+ output stream.</p>
- <p>The <code>encoding</code> attribute must <em>precede</em> the
- corresponding <code>var</code> attribute to be effective, and
- only special characters as defined in the ISO-8859-1 character
- encoding will be encoded. This encoding process may not have the
- desired result if a different character encoding is in use.</p>
+ <p>The <code>elif</code> or <code>else</code> statements are used
+ to put text into the output stream if the original
+ <var>test_condition</var> was false. These elements are optional.</p>
- <div class="warning">
- In order to avoid cross-site scripting issues, you should
- <em>always</em> encode user supplied data.
- </div>
- </dd>
- </dl>
-
+ <p>The <code>endif</code> element ends the <code>if</code> element
+ and is required.</p>
- <h3><a name="element.exec" id="element.exec">The exec Element</a></h3>
- <p>The <code>exec</code> command executes a given shell command or
- CGI script. It requires <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code> to be present
- in the server. If <code class="directive"><a href="../mod/core.html#options">Options</a></code>
- <code>IncludesNOEXEC</code> is set, this command is completely
- disabled. The valid attributes are:</p>
+ <p><var>test_condition</var> is one of the following:</p>
- <dl>
- <dt><code>cgi</code></dt>
- <dd><p>The value specifies a (%-encoded) URL-path to
- the CGI script. If the path does not begin with a slash (/),
- then it is taken to be relative to the current
- document. The document referenced by this path is
- invoked as a CGI script, even if the server would not
- normally recognize it as such. However, the directory
- containing the script must be enabled for CGI scripts
- (with <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>
- or <code class="directive"><a href="../mod/core.html#options">Options</a></code>
- <code>ExecCGI</code>).</p>
+ <dl>
+ <dt><code><var>string</var></code></dt>
+ <dd>true if <var>string</var> is not empty</dd>
- <p>The CGI script is given the <code>PATH_INFO</code> and query
- string (<code>QUERY_STRING</code>) of the original request from the
- client; these <em>cannot</em> be specified in the URL path. The
- include variables will be available to the script in addition to
- the standard <a href="mod_cgi.html">CGI</a> environment.</p>
+ <dt><code><var>-A string</var></code></dt>
+ <dd><p>true if the URL represented by the string is accessible by
+ configuration, false otherwise. This test only has an effect if
+ <code class="directive">SSIEnableAccess</code> is on. This is useful
+ where content on a page is to be hidden from users who are not
+ authorized to view the URL, such as a link to that URL. Note
+ that the URL is only tested for whether access would be granted,
+ not whether the URL exists.</p>
<div class="example"><h3>Example</h3><p><code>
- <!--#exec cgi="/cgi-bin/example.cgi" -->
+ <!--#if expr="-A /private" --><br />
+ <span class="indent">
+ Click <a href="/private">here</a> to access private
+ information.<br />
+ </span>
+ <!--#endif -->
</code></p></div>
+ </dd>
- <p>If the script returns a <code>Location:</code> header instead of
- output, then this will be translated into an HTML anchor.</p>
+ <dt><code><var>string1</var> = <var>string2</var><br />
+ <var>string1</var> == <var>string2</var><br />
+ <var>string1</var> != <var>string2</var></code></dt>
+
+ <dd><p>Compare <var>string1</var> with <var>string2</var>. If
+ <var>string2</var> has the form <code>/<var>string2</var>/</code>
+ then it is treated as a regular expression. Regular expressions are
+ implemented by the <a href="http://www.pcre.org">PCRE</a> engine and
+ have the same syntax as those in <a href="http://www.perl.com">perl
+ 5</a>. Note that <code>==</code> is just an alias for <code>=</code>
+ and behaves exactly the same way.</p>
- <p>The <code><a href="#includevirtual">include virtual</a></code>
- element should be used in preference to <code>exec cgi</code>. In
- particular, if you need to pass additional arguments to a CGI program,
- using the query string, this cannot be done with <code>exec
- cgi</code>, but can be done with <code>include virtual</code>, as
- shown here:</p>
+ <p>If you are matching positive (<code>=</code> or <code>==</code>), you
+ can capture grouped parts of the regular expression. The captured parts
+ are stored in the special variables <code>$1</code> ..
+ <code>$9</code>.</p>
- <div class="example"><p><code>
- <!--#include virtual="/cgi-bin/example.cgi?argument=value" -->
+ <div class="example"><h3>Example</h3><p><code>
+ <!--#if expr="$QUERY_STRING = /^sid=([a-zA-Z0-9]+)/" --><br />
+ <span class="indent">
+ <!--#set var="session" value="$1" --><br />
+ </span>
+ <!--#endif -->
</code></p></div>
</dd>
- <dt><code>cmd</code></dt>
- <dd><p>The server will execute the given string using
- <code>/bin/sh</code>. The <a href="#includevars">include variables</a> are available to the command, in addition
- to the usual set of CGI variables.</p>
+ <dt><code><var>string1</var> < <var>string2</var><br />
+ <var>string1</var> <= <var>string2</var><br />
+ <var>string1</var> > <var>string2</var><br />
+ <var>string1</var> >= <var>string2</var></code></dt>
- <p>The use of <code><a href="#includevirtual">#include virtual</a></code> is almost always prefered to using
- either <code>#exec cgi</code> or <code>#exec cmd</code>. The former
- (<code>#include virtual</code>) uses the standard Apache sub-request
- mechanism to include files or scripts. It is much better tested and
- maintained.</p>
+ <dd>Compare <var>string1</var> with <var>string2</var>. Note, that
+ strings are compared <em>literally</em> (using
+ <code>strcmp(3)</code>). Therefore the string "100" is less than
+ "20".</dd>
- <p>In addition, on some platforms, like Win32, and on unix when
- using <a href="../suexec.html">suexec</a>, you cannot pass arguments
- to a command in an <code>exec</code> directive, or otherwise include
- spaces in the command. Thus, while the following will work under a
- non-suexec configuration on unix, it will not produce the desired
- result under Win32, or when running suexec:</p>
+ <dt><code>( <var>test_condition</var> )</code></dt>
+ <dd>true if <var>test_condition</var> is true</dd>
- <div class="example"><p><code>
- <!--#exec cmd="perl /path/to/perlscript arg1 arg2" -->
- </code></p></div>
- </dd>
- </dl>
-
+ <dt><code>! <var>test_condition</var></code></dt>
+ <dd>true if <var>test_condition</var> is false</dd>
- <h3><a name="element.fsize" id="element.fsize">The fsize Element</a></h3>
- <p>This command prints the size of the specified file, subject
- to the <code>sizefmt</code> format specification. Attributes:</p>
+ <dt><code><var>test_condition1</var> &&
+ <var>test_condition2</var></code></dt>
+ <dd>true if both <var>test_condition1</var> and
+ <var>test_condition2</var> are true</dd>
- <dl>
- <dt><code>file</code></dt>
- <dd>The value is a path relative to the directory
- containing the current document being parsed.</dd>
+ <dt><code><var>test_condition1</var> ||
+ <var>test_condition2</var></code></dt>
+ <dd>true if either <var>test_condition1</var> or
+ <var>test_condition2</var> is true</dd>
+ </dl>
- <dt><code>virtual</code></dt>
- <dd>The value is a (%-encoded) URL-path. If it does not begin with
- a slash (/) then it is taken to be relative to the current document.
- Note, that this does <em>not</em> print the size of any CGI output,
- but the size of the CGI script itself.</dd>
- </dl>
-
+ <p>"<code>=</code>" and "<code>!=</code>" bind more tightly than
+ "<code>&&</code>" and "<code>||</code>". "<code>!</code>" binds
+ most tightly. Thus, the following are equivalent:</p>
- <h3><a name="element.flastmod" id="element.flastmod">The flastmod Element</a></h3>
- <p>This command prints the last modification date of the
- specified file, subject to the <code>timefmt</code> format
- specification. The attributes are the same as for the
- <code><a href="#element.fsize">fsize</a></code> command.</p>
-
+ <div class="example"><p><code>
+ <!--#if expr="$a = test1 && $b = test2" --><br />
+ <!--#if expr="($a = test1) && ($b = test2)" -->
+ </code></p></div>
- <h3><a name="element.include" id="element.include">The include Element</a></h3>
- <p>This command inserts the text of another document or file
- into the parsed file. Any included file is subject to the usual
- access control. If the directory containing the parsed file has
- <a href="core.html#options">Options</a>
- <code>IncludesNOEXEC</code> set, then only documents with a text
- <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> (<code>text/plain</code>,
- <code>text/html</code> etc.) will be included. Otherwise CGI
- scripts are invoked as normal using the complete URL given in
- the command, including any query string.</p>
+ <p>The boolean operators <code>&&</code> and <code>||</code>
+ share the same priority. So if you want to bind such an operator more
+ tightly, you should use parentheses.</p>
+
+ <p>Anything that's not recognized as a variable or an operator
+ is treated as a string. Strings can also be quoted:
+ <code>'string'</code>. Unquoted strings can't contain whitespace
+ (blanks and tabs) because it is used to separate tokens such as
+ variables. If multiple strings are found in a row, they are
+ concatenated using blanks. So,</p>
+
+ <div class="example"><p><code><var>string1</var> <var>string2</var></code> results in <code><var>string1</var> <var>string2</var></code><br />
+ <br />
+ and<br />
+ <br />
+ <code>'<var>string1</var> <var>string2</var>'</code> results in <code><var>string1</var> <var>string2</var></code>.</p></div>
+
+ <div class="note"><h3>Optimization of Boolean Expressions</h3>
+ <p>If the expressions become more complex and slow down processing
+ significantly, you can try to optimize them according to the
+ evaluation rules:</p>
+ <ul>
+ <li>Expressions are evaluated from left to right</li>
+ <li>Binary boolean operators (<code>&&</code> and <code>||</code>)
+ are short circuited wherever possible. In conclusion with the rule
+ above that means, <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> evaluates at first
+ the left expression. If the left result is sufficient to determine
+ the end result, processing stops here. Otherwise it evaluates the
+ right side and computes the end result from both left and right
+ results.</li>
+ <li>Short circuit evaluation is turned off as long as there are regular
+ expressions to deal with. These must be evaluated to fill in the
+ backreference variables (<code>$1</code> .. <code>$9</code>).</li>
+ </ul>
+ <p>If you want to look how a particular expression is handled, you can
+ recompile <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> using the
+ <code>-DDEBUG_INCLUDE</code> compiler option. This inserts for every
+ parsed expression tokenizer information, the parse tree and how it is
+ evaluated into the output sent to the client.</p>
+ </div>
+
+ <div class="note"><h3>Escaping slashes in regex strings</h3>
+ <p>All slashes which are not intended to act as delimiters in your regex must
+ be escaped. This is regardless of their meaning to the regex engine.</p>
+ </div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSIEnableAccess" id="SSIEnableAccess">SSIEnableAccess</a> <a name="ssienableaccess" id="ssienableaccess">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable the -A flag during conditional flow control processing.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIEnableAccess on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIEnableAccess off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+</table>
+ <p>The <code class="directive">SSIEnableAccess</code> directive controls whether
+ the -A test is enabled during conditional flow control processing.
+ <code class="directive">SSIEnableAccess</code> can take on the following values:</p>
- <p>An attribute defines the location of the document; the
- inclusion is done for each attribute given to the include
- command. The valid attributes are:</p>
+ <dl>
- <dl>
- <dt><code>file</code></dt>
- <dd>The value is a path relative to the directory
- containing the current document being parsed. It cannot
- contain <code>../</code>, nor can it be an absolute path.
- Therefore, you cannot include files that are outside of the
- document root, or above the current document in the directory
- structure. The <code>virtual</code> attribute should always be
- used in preference to this one.</dd>
+ <dt><code>off</code></dt>
+ <dd><!--#if expr="-A /foo"--> will be interpreted as a series
+ of string and regular expression tokens, the -A has no special
+ meaning.</dd>
- <dt><code><a id="includevirtual" name="includevirtual">virtual</a></code></dt>
- <dd><p>The value is a (%-encoded) URL-path. The URL cannot contain a
- scheme or hostname, only a path and an optional query string. If it
- does not begin with a slash (/) then it is taken to be relative to the
- current document.</p>
+ <dt><code>on</code></dt>
+ <dd><!--#if expr="-A /foo"--> will evaluate to false if the
+ URL /foo is inaccessible by configuration, or true otherwise.</dd>
- <p>A URL is constructed from the attribute, and the output the
- server would return if the URL were accessed by the client is
- included in the parsed output. Thus included files can be nested.</p>
+ </dl>
- <p>If the specified URL is a CGI program, the program will be
- executed and its output inserted in place of the directive in the
- parsed file. You may include a query string in a CGI url:</p>
-
- <div class="example"><p><code>
- <!--#include virtual="/cgi-bin/example.cgi?argument=value" -->
- </code></p></div>
-
- <p><code>include virtual</code> should be used in preference
- to <code>exec cgi</code> to include the output of CGI programs
- into an HTML document.</p>
- </dd>
- </dl>
-
- <h3><a name="element.printenv" id="element.printenv">The printenv Element</a></h3>
- <p>This prints out a listing of all existing variables and
- their values. Special characters are entity encoded (see the <code><a href="#element.echo">echo</a></code> element for details)
- before being output. There are no attributes.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSIEndTag" id="SSIEndTag">SSIEndTag</a> <a name="ssiendtag" id="ssiendtag">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>String that ends an include element</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIEndTag <var>tag</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIEndTag "-->"</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.30 and later.</td></tr>
+</table>
+ <p>This directive changes the string that <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
+ looks for to mark the end of an include element.</p>
- <div class="example"><h3>Example</h3><p><code>
- <!--#printenv -->
- </code></p></div>
-
+ <div class="example"><h3>Example</h3><p><code>
+ SSIEndTag "%>"
+ </code></p></div>
- <h3><a name="element.set" id="element.set">The set Element</a></h3>
- <p>This sets the value of a variable. Attributes:</p>
- <dl>
- <dt><code>var</code></dt>
- <dd>The name of the variable to set.</dd>
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="#ssistarttag">SSIStartTag</a></code></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSIErrorMsg" id="SSIErrorMsg">SSIErrorMsg</a> <a name="ssierrormsg" id="ssierrormsg">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Error message displayed when there is an SSI
+error</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIErrorMsg <var>message</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIErrorMsg "[an error occurred while processing this
+directive]"</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>All</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.30 and later.</td></tr>
+</table>
+ <p>The <code class="directive">SSIErrorMsg</code> directive changes the error
+ message displayed when <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> encounters an
+ error. For production servers you may consider changing the default
+ error message to <code>"<!-- Error -->"</code> so that
+ the message is not presented to the user.</p>
- <dt><code>value</code></dt>
- <dd>The value to give a variable.</dd>
- </dl>
+ <p>This directive has the same effect as the <code><!--#config
+ errmsg=<var>message</var> --></code> element.</p>
- <div class="example"><h3>Example</h3><p><code>
- <!--#set var="category" value="help" -->
- </code></p></div>
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="includevars" id="includevars">Include Variables</a></h2>
-
+ <div class="example"><h3>Example</h3><p><code>
+ SSIErrorMsg "<!-- Error -->"
+ </code></p></div>
- <p>In addition to the variables in the standard CGI environment,
- these are available for the <code>echo</code> command, for
- <code>if</code> and <code>elif</code>, and to any program
- invoked by the document.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSIETag" id="SSIETag">SSIETag</a> <a name="ssietag" id="ssietag">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls whether ETags are generated by the server.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIETag on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIETag off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2.15 and later.</td></tr>
+</table>
+ <p>Under normal circumstances, a file filtered by <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
+ may contain elements that are either dynamically generated, or that may
+ have changed independently of the original file. As a result, by default
+ the server is asked not to generate an <code>ETag</code> header for the
+ response by adding <code>no-etag</code> to the request notes.</p>
- <dl>
- <dt><code>DATE_GMT</code></dt>
- <dd>The current date in Greenwich Mean Time.</dd>
+ <p>The <code class="directive">SSIETag</code> directive suppresses this
+ behaviour, and allows the server to generate an <code>ETag</code> header.
+ This can be used to enable caching of the output. Note that a backend server
+ or dynamic content generator may generate an ETag of its own, ignoring
+ <code>no-etag</code>, and this ETag will be passed by
+ <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> regardless of the value of this setting.
+ <code class="directive">SSIETag</code> can take on the following values:</p>
- <dt><code>DATE_LOCAL</code></dt>
- <dd>The current date in the local time zone.</dd>
+ <dl>
- <dt><code>DOCUMENT_NAME</code></dt>
- <dd>The filename (excluding directories) of the document
- requested by the user.</dd>
+ <dt><code>off</code></dt>
+ <dd><code>no-etag</code> will be added to the request notes, and the server
+ is asked not to generate an ETag. Where a server ignores the value of
+ <code>no-etag</code> and generates an ETag anyway, the ETag will be
+ respected.</dd>
- <dt><code>DOCUMENT_URI</code></dt>
- <dd>The (%-decoded) URL path of the document requested by the
- user. Note that in the case of nested include files, this is
- <em>not</em> the URL for the current document. Note also that
- if the URL is modified internally (e.g. by an <code class="directive"><a href="../mod/mod_alias.html#alias">alias</a></code> or <code class="directive"><a href="../mod/mod_dir.html#directoryindex">directoryindex</a></code>), the modified
- URL is shown.</dd>
+ <dt><code>on</code></dt>
+ <dd>Existing ETags will be respected, and ETags generated by the server will
+ be passed on in the response.</dd>
- <dt><code>LAST_MODIFIED</code></dt>
- <dd>The last modification date of the document requested by
- the user.</dd>
+ </dl>
- <dt><code>QUERY_STRING_UNESCAPED</code></dt>
- <dd>If a query string is present, this variable contains the
- (%-decoded) query string, which is <em>escaped</em> for shell
- usage (special characters like <code>&</code> etc. are
- preceded by backslashes).</dd>
- </dl>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="substitution" id="substitution">Variable Substitution</a></h2>
- <p>Variable substitution is done within quoted strings in most
- cases where they may reasonably occur as an argument to an SSI
- directive. This includes the <code>config</code>,
- <code>exec</code>, <code>flastmod</code>, <code>fsize</code>,
- <code>include</code>, <code>echo</code>, and <code>set</code>
- directives, as well as the arguments to conditional operators.
- You can insert a literal dollar sign into the string using backslash
- quoting:</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSILastModified" id="SSILastModified">SSILastModified</a> <a name="ssilastmodified" id="ssilastmodified">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls whether <code>Last-Modified</code> headers are generated by the
+server.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSILastModified on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSILastModified off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2.15 and later.</td></tr>
+</table>
+ <p>Under normal circumstances, a file filtered by <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
+ may contain elements that are either dynamically generated, or that may
+ have changed independently of the original file. As a result, by default
+ the <code>Last-Modified</code> header is stripped from the response.</p>
- <div class="example"><p><code>
- <!--#if expr="$a = \$test" -->
- </code></p></div>
+ <p>The <code class="directive">SSILastModified</code> directive overrides this
+ behaviour, and allows the <code>Last-Modified</code> header to be respected
+ if already present, or set if the header is not already present. This can
+ be used to enable caching of the output. <code class="directive">SSILastModified</code>
+ can take on the following values:</p>
+
+ <dl>
+
+ <dt><code>off</code></dt>
+ <dd>The <code>Last-Modified</code> header will be stripped from responses,
+ unless the <code class="directive"><a href="#xbithack">XBitHack</a></code> directive
+ is set to <code>full</code> as described below.</dd>
+
+ <dt><code>on</code></dt>
+ <dd>The <code>Last-Modified</code> header will be respected if already
+ present in a response, and added to the response if the response is a
+ file and the header is missing. The
+ <code class="directive"><a href="#ssilastmodified">SSILastModified</a></code> directive
+ takes precedence over <code class="directive"><a href="#xbithack">XBitHack</a></code>.</dd>
+
+ </dl>
+
- <p>If a variable reference needs to be substituted in the
- middle of a character sequence that might otherwise be
- considered a valid identifier in its own right, it can be
- disambiguated by enclosing the reference in braces,
- <em>a la</em> shell substitution:</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSIStartTag" id="SSIStartTag">SSIStartTag</a> <a name="ssistarttag" id="ssistarttag">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>String that starts an include element</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIStartTag <var>tag</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIStartTag "<!--#"</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.30 and later.</td></tr>
+</table>
+ <p>This directive changes the string that <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
+ looks for to mark an include element to process.</p>
- <div class="example"><p><code>
- <!--#set var="Zed" value="${REMOTE_HOST}_${REQUEST_METHOD}" -->
+ <p>You may want to use this option if you have 2 servers parsing the
+ output of a file each processing different commands (possibly at
+ different times).</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ SSIStartTag "<%"<br />
+ SSIEndTag "%>"
</code></p></div>
- <p>This will result in the <code>Zed</code> variable being set
- to "<code>X_Y</code>" if <code>REMOTE_HOST</code> is
- "<code>X</code>" and <code>REQUEST_METHOD</code> is
- "<code>Y</code>".</p>
-
- <p>The below example will print "in foo" if the
- <code>DOCUMENT_URI</code> is <code>/foo/file.html</code>, "in bar"
- if it is <code>/bar/file.html</code> and "in neither" otherwise:</p>
+ <p>The example given above, which also specifies a matching
+ <code class="directive"><a href="#ssiendtag">SSIEndTag</a></code>, will
+ allow you to use SSI directives as shown in the example
+ below:</p>
- <div class="example"><p><code>
- <!--#if expr='"$DOCUMENT_URI" = "/foo/file.html"' --><br />
- <span class="indent">
- in foo<br />
- </span>
- <!--#elif expr='"$DOCUMENT_URI" = "/bar/file.html"' --><br />
- <span class="indent">
- in bar<br />
- </span>
- <!--#else --><br />
- <span class="indent">
- in neither<br />
- </span>
- <!--#endif -->
+ <div class="example"><h3>SSI directives with alternate start and end tags</h3><p><code>
+ <%printenv %>
</code></p></div>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="flowctrl" id="flowctrl">Flow Control Elements</a></h2>
-
- <p>The basic flow control elements are:</p>
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="#ssiendtag">SSIEndTag</a></code></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSITimeFormat" id="SSITimeFormat">SSITimeFormat</a> <a name="ssitimeformat" id="ssitimeformat">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configures the format in which date strings are
+displayed</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSITimeFormat <var>formatstring</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSITimeFormat "%A, %d-%b-%Y %H:%M:%S %Z"</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>All</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.30 and later.</td></tr>
+</table>
+<p>This directive changes the format in which date strings are displayed
+ when echoing <code>DATE</code> environment variables. The
+ <var>formatstring</var> is as in <code>strftime(3)</code> from the
+ C standard library.</p>
- <div class="example"><p><code>
- <!--#if expr="<var>test_condition</var>" --><br />
- <!--#elif expr="<var>test_condition</var>" --><br />
- <!--#else --><br />
- <!--#endif -->
+ <p>This directive has the same effect as the <code><!--#config
+ timefmt=<var>formatstring</var> --></code> element.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ SSITimeFormat "%R, %B %d, %Y"
</code></p></div>
- <p>The <code>if</code> element works like an if statement in a
- programming language. The test condition is evaluated and if
- the result is true, then the text until the next <code>elif</code>,
- <code>else</code> or <code>endif</code> element is included in the
- output stream.</p>
+ <p>The above directive would cause times to be displayed in the
+ format "22:26, June 14, 2002".</p>
- <p>The <code>elif</code> or <code>else</code> statements are used
- to put text into the output stream if the original
- <var>test_condition</var> was false. These elements are optional.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="SSIUndefinedEcho" id="SSIUndefinedEcho">SSIUndefinedEcho</a> <a name="ssiundefinedecho" id="ssiundefinedecho">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>String displayed when an unset variable is echoed</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSIUndefinedEcho <var>string</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSIUndefinedEcho "(none)"</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>All</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0.34 and later.</td></tr>
+</table>
+ <p>This directive changes the string that <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
+ displays when a variable is not set and "echoed".</p>
- <p>The <code>endif</code> element ends the <code>if</code> element
- and is required.</p>
+ <div class="example"><h3>Example</h3><p><code>
+ SSIUndefinedEcho "<!-- undef -->"
+ </code></p></div>
- <p><var>test_condition</var> is one of the following:</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="XBitHack" id="XBitHack">XBitHack</a> <a name="xbithack" id="xbithack">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Parse SSI directives in files with the execute bit
+set</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>XBitHack on|off|full</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>XBitHack off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Options</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_include</td></tr>
+</table>
+ <p>The <code class="directive">XBitHack</code> directive controls the parsing
+ of ordinary html documents. This directive only affects files associated
+ with the <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> <code>text/html</code>. <code class="directive">XBitHack</code> can take on the following values:</p>
<dl>
- <dt><code><var>string</var></code></dt>
- <dd>true if <var>string</var> is not empty</dd>
+ <dt><code>off</code></dt>
+ <dd>No special treatment of executable files.</dd>
- <dt><code><var>-A string</var></code></dt>
- <dd><p>true if the URL represented by the string is accessible by
- configuration, false otherwise. This test only has an effect if
- <code class="directive">SSIEnableAccess</code> is on. This is useful
- where content on a page is to be hidden from users who are not
- authorized to view the URL, such as a link to that URL. Note
- that the URL is only tested for whether access would be granted,
- not whether the URL exists.</p>
+ <dt><code>on</code></dt>
+ <dd>Any <code>text/html</code> file that has the user-execute bit
+ set will be treated as a server-parsed html document.</dd>
- <div class="example"><h3>Example</h3><p><code>
- <!--#if expr="-A /private" --><br />
- <span class="indent">
- Click <a href="/private">here</a> to access private
- information.<br />
- </span>
- <!--#endif -->
- </code></p></div>
- </dd>
+ <dt><code>full</code></dt>
+ <dd>As for <code>on</code> but also test the group-execute bit.
+ If it is set, then set the <code>Last-modified</code> date of the
+ returned file to be the last modified time of the file. If
+ it is not set, then no last-modified date is sent. Setting
+ this bit allows clients and proxies to cache the result of
+ the request.
- <dt><code><var>string1</var> = <var>string2</var><br />
- <var>string1</var> == <var>string2</var><br />
- <var>string1</var> != <var>string2</var></code></dt>
+ <div class="note"><h3>Note</h3>
+ <p>You would not want to use the full option, unless you assure the
+ group-execute bit is unset for every SSI script which might <code>#include</code> a CGI or otherwise produces different output on
+ each hit (or could potentially change on subsequent requests).</p>
- <dd><p>Compare <var>string1</var> with <var>string2</var>. If
- <var>string2</var> has the form <code>/<var>string2</var>/</code>
- then it is treated as a regular expression. Regular expressions are
- implemented by the <a href="http://www.pcre.org">PCRE</a> engine and
- have the same syntax as those in <a href="http://www.perl.com">perl
- 5</a>. Note that <code>==</code> is just an alias for <code>=</code>
- and behaves exactly the same way.</p>
-
- <p>If you are matching positive (<code>=</code> or <code>==</code>), you
- can capture grouped parts of the regular expression. The captured parts
- are stored in the special variables <code>$1</code> ..
- <code>$9</code>.</p>
+ <p>The <code class="directive"><a href="#ssilastmodified">SSILastModified</a></code>
+ directive takes precedence over the
+ <code class="directive"><a href="#xbithack">XBitHack</a></code> directive when
+ <code class="directive"><a href="#ssilastmodified">SSILastModified</a></code> is set to
+ <code>on</code>.</p>
+ </div>
- <div class="example"><h3>Example</h3><p><code>
- <!--#if expr="$QUERY_STRING = /^sid=([a-zA-Z0-9]+)/" --><br />
- <span class="indent">
- <!--#set var="session" value="$1" --><br />
- </span>
- <!--#endif -->
- </code></p></div>
</dd>
-
- <dt><code><var>string1</var> < <var>string2</var><br />
- <var>string1</var> <= <var>string2</var><br />
- <var>string1</var> > <var>string2</var><br />
- <var>string1</var> >= <var>string2</var></code></dt>
-
- <dd>Compare <var>string1</var> with <var>string2</var>. Note, that
- strings are compared <em>literally</em> (using
- <code>strcmp(3)</code>). Therefore the string "100" is less than
- "20".</dd>
-
- <dt><code>( <var>test_condition</var> )</code></dt>
- <dd>true if <var>test_condition</var> is true</dd>
-
- <dt><code>! <var>test_condition</var></code></dt>
- <dd>true if <var>test_condition</var> is false</dd>
-
- <dt><code><var>test_condition1</var> &&
- <var>test_condition2</var></code></dt>
- <dd>true if both <var>test_condition1</var> and
- <var>test_condition2</var> are true</dd>
-
- <dt><code><var>test_condition1</var> ||
- <var>test_condition2</var></code></dt>
- <dd>true if either <var>test_condition1</var> or
- <var>test_condition2</var> is true</dd>
</dl>
- <p>"<code>=</code>" and "<code>!=</code>" bind more tightly than
- "<code>&&</code>" and "<code>||</code>". "<code>!</code>" binds
- most tightly. Thus, the following are equivalent:</p>
-
- <div class="example"><p><code>
- <!--#if expr="$a = test1 && $b = test2" --><br />
- <!--#if expr="($a = test1) && ($b = test2)" -->
- </code></p></div>
-
- <p>The boolean operators <code>&&</code> and <code>||</code>
- share the same priority. So if you want to bind such an operator more
- tightly, you should use parentheses.</p>
-
- <p>Anything that's not recognized as a variable or an operator
- is treated as a string. Strings can also be quoted:
- <code>'string'</code>. Unquoted strings can't contain whitespace
- (blanks and tabs) because it is used to separate tokens such as
- variables. If multiple strings are found in a row, they are
- concatenated using blanks. So,</p>
-
- <div class="example"><p><code><var>string1</var> <var>string2</var></code> results in <code><var>string1</var> <var>string2</var></code><br />
- <br />
- and<br />
- <br />
- <code>'<var>string1</var> <var>string2</var>'</code> results in <code><var>string1</var> <var>string2</var></code>.</p></div>
-
- <div class="note"><h3>Optimization of Boolean Expressions</h3>
- <p>If the expressions become more complex and slow down processing
- significantly, you can try to optimize them according to the
- evaluation rules:</p>
- <ul>
- <li>Expressions are evaluated from left to right</li>
- <li>Binary boolean operators (<code>&&</code> and <code>||</code>)
- are short circuited wherever possible. In conclusion with the rule
- above that means, <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> evaluates at first
- the left expression. If the left result is sufficient to determine
- the end result, processing stops here. Otherwise it evaluates the
- right side and computes the end result from both left and right
- results.</li>
- <li>Short circuit evaluation is turned off as long as there are regular
- expressions to deal with. These must be evaluated to fill in the
- backreference variables (<code>$1</code> .. <code>$9</code>).</li>
- </ul>
- <p>If you want to look how a particular expression is handled, you can
- recompile <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> using the
- <code>-DDEBUG_INCLUDE</code> compiler option. This inserts for every
- parsed expression tokenizer information, the parse tree and how it is
- evaluated into the output sent to the client.</p>
- </div>
- <div class="note"><h3>Escaping slashes in regex strings</h3>
- <p>All slashes which are not intended to act as delimiters in your regex must
- be escaped. This is regardless of their meaning to the regex engine.</p>
- </div>
</div>
</div>
<div class="bottomlang">
<p>Once configured, the server information is obtained by
accessing <code>http://your.host.example.com/server-info</code></p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#addmoduleinfo">AddModuleInfo</a></li>
-</ul>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Issues</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#queries">Selecting the information shown</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#limitations">Known Limitations</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AddModuleInfo" id="AddModuleInfo">AddModuleInfo</a> <a name="addmoduleinfo" id="addmoduleinfo">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adds additional information to the module
-information displayed by the server-info handler</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AddModuleInfo <var>module-name</var> <var>string</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_info</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache 1.3 and above</td></tr>
-</table>
- <p>This allows the content of <var>string</var> to be shown as
- HTML interpreted, <strong>Additional Information</strong> for
- the module <var>module-name</var>. Example:</p>
-
- <div class="example"><p><code>
- AddModuleInfo mod_deflate.c 'See <a \<br />
- <span class="indent">
- href="http://www.apache.org/docs/2.2/mod/mod_deflate.html">\<br />
- http://www.apache.org/docs/2.2/mod/mod_deflate.html</a>'
- </span>
- </code></p></div>
-
-</div>
+</ul><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#addmoduleinfo">AddModuleInfo</a></li>
+</ul>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="security" id="security">Security Issues</a></h2>
might not be listed.</li>
</ul>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AddModuleInfo" id="AddModuleInfo">AddModuleInfo</a> <a name="addmoduleinfo" id="addmoduleinfo">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Adds additional information to the module
+information displayed by the server-info handler</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AddModuleInfo <var>module-name</var> <var>string</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_info</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache 1.3 and above</td></tr>
+</table>
+ <p>This allows the content of <var>string</var> to be shown as
+ HTML interpreted, <strong>Additional Information</strong> for
+ the module <var>module-name</var>. Example:</p>
+
+ <div class="example"><p><code>
+ AddModuleInfo mod_deflate.c 'See <a \<br />
+ <span class="indent">
+ href="http://www.apache.org/docs/2.2/mod/mod_deflate.html">\<br />
+ http://www.apache.org/docs/2.2/mod/mod_deflate.html</a>'
+ </span>
+ </code></p></div>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_info.html" title="English"> en </a> |
extension. <strong>Please <em>do not</em> post such problems to
Apache's lists or bug reporting pages.</strong></p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#usage">Usage</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#notes">Additional Notes</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#journal">Programmer's Journal</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#isapiappendlogtoerrors">ISAPIAppendLogToErrors</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#isapiappendlogtoquery">ISAPIAppendLogToQuery</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#isapilognotsupported">ISAPILogNotSupported</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#isapireadaheadbuffer">ISAPIReadAheadBuffer</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#usage">Usage</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#notes">Additional Notes</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#journal">Programmer's Journal</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ISAPIAppendLogToErrors" id="ISAPIAppendLogToErrors">ISAPIAppendLogToErrors</a> <a name="isapiappendlogtoerrors" id="isapiappendlogtoerrors">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Record <code>HSE_APPEND_LOG_PARAMETER</code> requests from
-ISAPI extensions to the error log</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPIAppendLogToErrors on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPIAppendLogToErrors off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
-</table>
- <p>Record <code>HSE_APPEND_LOG_PARAMETER</code> requests from ISAPI
- extensions to the server error log.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ISAPIAppendLogToQuery" id="ISAPIAppendLogToQuery">ISAPIAppendLogToQuery</a> <a name="isapiappendlogtoquery" id="isapiappendlogtoquery">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Record <code>HSE_APPEND_LOG_PARAMETER</code> requests from
-ISAPI extensions to the query field</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPIAppendLogToQuery on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPIAppendLogToQuery on</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
-</table>
- <p>Record <code>HSE_APPEND_LOG_PARAMETER</code> requests from ISAPI
- extensions to the query field (appended to the <code class="directive"><a href="../mod/mod_log_config.html#customlog">CustomLog</a></code> <code>%q</code>
- component).</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ISAPICacheFile" id="ISAPICacheFile">ISAPICacheFile</a> <a name="isapicachefile" id="isapicachefile">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>ISAPI .dll files to be loaded at startup</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPICacheFile <var>file-path</var> [<var>file-path</var>]
-...</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
-</table>
- <p>Specifies a space-separated list of file names to be loaded
- when the Apache server is launched, and remain loaded until the
- server is shut down. This directive may be repeated for every
- ISAPI .dll file desired. The full path name of each file should
- be specified. If the path name is not absolute, it will be treated
- relative to <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ISAPIFakeAsync" id="ISAPIFakeAsync">ISAPIFakeAsync</a> <a name="isapifakeasync" id="isapifakeasync">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Fake asynchronous support for ISAPI callbacks</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPIFakeAsync on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPIFakeAsync off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
-</table>
- <p>While set to on, asynchronous support for ISAPI callbacks is
- simulated.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ISAPILogNotSupported" id="ISAPILogNotSupported">ISAPILogNotSupported</a> <a name="isapilognotsupported" id="isapilognotsupported">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Log unsupported feature requests from ISAPI
-extensions</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPILogNotSupported on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPILogNotSupported off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
-</table>
- <p>Logs all requests for unsupported features from ISAPI
- extensions in the server error log. This may help administrators
- to track down problems. Once set to on and all desired ISAPI modules
- are functioning, it should be set back to off.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ISAPIReadAheadBuffer" id="ISAPIReadAheadBuffer">ISAPIReadAheadBuffer</a> <a name="isapireadaheadbuffer" id="isapireadaheadbuffer">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Size of the Read Ahead Buffer sent to ISAPI
-extensions</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPIReadAheadBuffer <var>size</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPIReadAheadBuffer 49152</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
-</table>
- <p>Defines the maximum size of the Read Ahead Buffer sent to
- ISAPI extensions when they are initially invoked. All remaining
- data must be retrieved using the <code>ReadClient</code> callback; some
- ISAPI extensions may not support the <code>ReadClient</code> function.
- Refer questions to the ISAPI extension's author.</p>
-
-</div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="usage" id="usage">Usage</a></h2>
ISAPI .dlls for performance, neither of which were not available under
Apache 1.3 <code>mod_isapi</code>.</p>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ISAPIAppendLogToErrors" id="ISAPIAppendLogToErrors">ISAPIAppendLogToErrors</a> <a name="isapiappendlogtoerrors" id="isapiappendlogtoerrors">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Record <code>HSE_APPEND_LOG_PARAMETER</code> requests from
+ISAPI extensions to the error log</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPIAppendLogToErrors on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPIAppendLogToErrors off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
+</table>
+ <p>Record <code>HSE_APPEND_LOG_PARAMETER</code> requests from ISAPI
+ extensions to the server error log.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ISAPIAppendLogToQuery" id="ISAPIAppendLogToQuery">ISAPIAppendLogToQuery</a> <a name="isapiappendlogtoquery" id="isapiappendlogtoquery">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Record <code>HSE_APPEND_LOG_PARAMETER</code> requests from
+ISAPI extensions to the query field</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPIAppendLogToQuery on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPIAppendLogToQuery on</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
+</table>
+ <p>Record <code>HSE_APPEND_LOG_PARAMETER</code> requests from ISAPI
+ extensions to the query field (appended to the <code class="directive"><a href="../mod/mod_log_config.html#customlog">CustomLog</a></code> <code>%q</code>
+ component).</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ISAPICacheFile" id="ISAPICacheFile">ISAPICacheFile</a> <a name="isapicachefile" id="isapicachefile">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>ISAPI .dll files to be loaded at startup</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPICacheFile <var>file-path</var> [<var>file-path</var>]
+...</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
+</table>
+ <p>Specifies a space-separated list of file names to be loaded
+ when the Apache server is launched, and remain loaded until the
+ server is shut down. This directive may be repeated for every
+ ISAPI .dll file desired. The full path name of each file should
+ be specified. If the path name is not absolute, it will be treated
+ relative to <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ISAPIFakeAsync" id="ISAPIFakeAsync">ISAPIFakeAsync</a> <a name="isapifakeasync" id="isapifakeasync">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Fake asynchronous support for ISAPI callbacks</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPIFakeAsync on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPIFakeAsync off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
+</table>
+ <p>While set to on, asynchronous support for ISAPI callbacks is
+ simulated.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ISAPILogNotSupported" id="ISAPILogNotSupported">ISAPILogNotSupported</a> <a name="isapilognotsupported" id="isapilognotsupported">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Log unsupported feature requests from ISAPI
+extensions</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPILogNotSupported on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPILogNotSupported off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
+</table>
+ <p>Logs all requests for unsupported features from ISAPI
+ extensions in the server error log. This may help administrators
+ to track down problems. Once set to on and all desired ISAPI modules
+ are functioning, it should be set back to off.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ISAPIReadAheadBuffer" id="ISAPIReadAheadBuffer">ISAPIReadAheadBuffer</a> <a name="isapireadaheadbuffer" id="isapireadaheadbuffer">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Size of the Read Ahead Buffer sent to ISAPI
+extensions</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ISAPIReadAheadBuffer <var>size</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ISAPIReadAheadBuffer 49152</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
+</table>
+ <p>Defines the maximum size of the Read Ahead Buffer sent to
+ ISAPI extensions when they are initially invoked. All remaining
+ data must be retrieved using the <code>ReadClient</code> callback; some
+ ISAPI extensions may not support the <code>ReadClient</code> function.
+ Refer questions to the ISAPI extension's author.</p>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_isapi.html" title="English"> en </a> |
website for details.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#exampleconfig">Example Configuration</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#pool">LDAP Connection Pool</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cache">LDAP Cache</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#usingssltls">Using SSL/TLS</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#settingcerts">SSL/TLS Certificates</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#ldapcacheentries">LDAPCacheEntries</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ldapcachettl">LDAPCacheTTL</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedmode">LDAPTrustedMode</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ldapverifyservercert">LDAPVerifyServerCert</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#exampleconfig">Example Configuration</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#pool">LDAP Connection Pool</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#cache">LDAP Cache</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#usingssltls">Using SSL/TLS</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#settingcerts">SSL/TLS Certificates</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPCacheEntries" id="LDAPCacheEntries">LDAPCacheEntries</a> <a name="ldapcacheentries" id="ldapcacheentries">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum number of entries in the primary LDAP cache</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCacheEntries <var>number</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPCacheEntries 1024</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>Specifies the maximum size of the primary LDAP cache. This
- cache contains successful search/binds. Set it to 0 to turn off
- search/bind caching. The default size is 1024 cached
- searches.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPCacheTTL" id="LDAPCacheTTL">LDAPCacheTTL</a> <a name="ldapcachettl" id="ldapcachettl">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Time that cached items remain valid</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCacheTTL <var>seconds</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPCacheTTL 600</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>Specifies the time (in seconds) that an item in the
- search/bind cache remains valid. The default is 600 seconds (10
- minutes).</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPConnectionTimeout" id="LDAPConnectionTimeout">LDAPConnectionTimeout</a> <a name="ldapconnectiontimeout" id="ldapconnectiontimeout">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the socket connection timeout in seconds</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPConnectionTimeout <var>seconds</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>This directive configures the LDAP_OPT_NETWORK_TIMEOUT option in the
- underlying LDAP client library, when available. This value typically
- controls how long the LDAP client library will wait for the TCP connection
- to the LDAP server to complete.</p>
-
- <p> If a connection is not successful with the timeout period, either an error will be
- returned or the LDAP client library will attempt to connect to a secondary LDAP
- server if one is specified (via a space-separated list of hostnames in the
- <code class="directive"><a href="../mod/mod_authnz_ldap.html#authldapurl">AuthLDAPURL</a></code>).</p>
-
- <p>The default is 10 seconds, if the LDAP client library linked with the
- server supports the LDAP_OPT_NETWORK_TIMEOUT option.</p>
-
- <div class="note">LDAPConnectionTimeout is only available when the LDAP client library linked
- with the server supports the LDAP_OPT_NETWORK_TIMEOUT option, and the
- ultimate behavior is dictated entirely by the LDAP client library.
- </div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPOpCacheEntries" id="LDAPOpCacheEntries">LDAPOpCacheEntries</a> <a name="ldapopcacheentries" id="ldapopcacheentries">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Number of entries used to cache LDAP compare
-operations</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPOpCacheEntries <var>number</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPOpCacheEntries 1024</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>This specifies the number of entries <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
- will use to cache LDAP compare operations. The default is 1024
- entries. Setting it to 0 disables operation caching.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPOpCacheTTL" id="LDAPOpCacheTTL">LDAPOpCacheTTL</a> <a name="ldapopcachettl" id="ldapopcachettl">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Time that entries in the operation cache remain
-valid</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPOpCacheTTL <var>seconds</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPOpCacheTTL 600</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>Specifies the time (in seconds) that entries in the
- operation cache remain valid. The default is 600 seconds.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPSharedCacheFile" id="LDAPSharedCacheFile">LDAPSharedCacheFile</a> <a name="ldapsharedcachefile" id="ldapsharedcachefile">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the shared memory cache file</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPSharedCacheFile <var>directory-path/filename</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>Specifies the directory path and file name of the shared memory
- cache file. If not set, anonymous shared memory will be used if the
- platform supports it.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPSharedCacheSize" id="LDAPSharedCacheSize">LDAPSharedCacheSize</a> <a name="ldapsharedcachesize" id="ldapsharedcachesize">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Size in bytes of the shared-memory cache</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPSharedCacheSize <var>bytes</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPSharedCacheSize 500000</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>Specifies the number of bytes to allocate for the shared
- memory cache. The default is 500kb. If set to 0, shared memory
- caching will not be used.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPTrustedClientCert" id="LDAPTrustedClientCert">LDAPTrustedClientCert</a> <a name="ldaptrustedclientcert" id="ldaptrustedclientcert">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the file containing or nickname referring to a per
-connection client certificate. Not all LDAP toolkits support per
-connection client certificates.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedClientCert <var>type</var> <var>directory-path/filename/nickname</var> <var>[password]</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>It specifies the directory path, file name or nickname of a
- per connection client certificate used when establishing an SSL
- or TLS connection to an LDAP server. Different locations or
- directories may have their own independent client certificate
- settings. Some LDAP toolkits (notably Novell)
- do not support per connection client certificates, and will throw an
- error on LDAP server connection if you try to use this directive
- (Use the LDAPTrustedGlobalCert directive instead for Novell client
- certificates - See the SSL/TLS certificate guide above for details).
- The type specifies the kind of certificate parameter being
- set, depending on the LDAP toolkit being used. Supported types are:</p>
- <ul>
- <li>CERT_DER - binary DER encoded client certificate</li>
- <li>CERT_BASE64 - PEM encoded client certificate</li>
- <li>CERT_NICKNAME - Client certificate "nickname" (Netscape SDK)</li>
- <li>KEY_DER - binary DER encoded private key</li>
- <li>KEY_BASE64 - PEM encoded private key</li>
- </ul>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPTrustedGlobalCert" id="LDAPTrustedGlobalCert">LDAPTrustedGlobalCert</a> <a name="ldaptrustedglobalcert" id="ldaptrustedglobalcert">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the file or database containing global trusted
-Certificate Authority or global client certificates</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedGlobalCert <var>type</var> <var>directory-path/filename</var> <var>[password]</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>It specifies the directory path and file name of the trusted CA
- certificates and/or system wide client certificates <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
- should use when establishing an SSL or TLS connection to an LDAP
- server. Note that all certificate information specified using this directive
- is applied globally to the entire server installation. Some LDAP toolkits
- (notably Novell) require all client certificates to be set globally using
- this directive. Most other toolkits require clients certificates to be set
- per Directory or per Location using LDAPTrustedClientCert. If you get this
- wrong, an error may be logged when an attempt is made to contact the LDAP
- server, or the connection may silently fail (See the SSL/TLS certificate
- guide above for details).
- The type specifies the kind of certificate parameter being
- set, depending on the LDAP toolkit being used. Supported types are:</p>
- <ul>
- <li>CA_DER - binary DER encoded CA certificate</li>
- <li>CA_BASE64 - PEM encoded CA certificate</li>
- <li>CA_CERT7_DB - Netscape cert7.db CA certificate database file</li>
- <li>CA_SECMOD - Netscape secmod database file</li>
- <li>CERT_DER - binary DER encoded client certificate</li>
- <li>CERT_BASE64 - PEM encoded client certificate</li>
- <li>CERT_KEY3_DB - Netscape key3.db client certificate database file</li>
- <li>CERT_NICKNAME - Client certificate "nickname" (Netscape SDK)</li>
- <li>CERT_PFX - PKCS#12 encoded client certificate (Novell SDK)</li>
- <li>KEY_DER - binary DER encoded private key</li>
- <li>KEY_BASE64 - PEM encoded private key</li>
- <li>KEY_PFX - PKCS#12 encoded private key (Novell SDK)</li>
- </ul>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPTrustedMode" id="LDAPTrustedMode">LDAPTrustedMode</a> <a name="ldaptrustedmode" id="ldaptrustedmode">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the SSL/TLS mode to be used when connecting to an LDAP server.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedMode <var>type</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>The following modes are supported:</p>
- <ul>
- <li>NONE - no encryption</li>
- <li>SSL - ldaps:// encryption on default port 636</li>
- <li>TLS - STARTTLS encryption on default port 389</li>
- </ul>
-
- <p>Not all LDAP toolkits support all the above modes. An error message
- will be logged at runtime if a mode is not supported, and the
- connection to the LDAP server will fail.
- </p>
-
- <p>If an ldaps:// URL is specified, the mode becomes SSL and the setting
- of LDAPTrustedMode is ignored.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPVerifyServerCert" id="LDAPVerifyServerCert">LDAPVerifyServerCert</a> <a name="ldapverifyservercert" id="ldapverifyservercert">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Force server certificate verification</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPVerifyServerCert <var>On|Off</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPVerifyServerCert On</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
- <p>Specifies whether to force the verification of a
- server certificate when establishing an SSL connection to the
- LDAP server.</p>
-
-</div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="exampleconfig" id="exampleconfig">Example Configuration</a></h2>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPCacheEntries" id="LDAPCacheEntries">LDAPCacheEntries</a> <a name="ldapcacheentries" id="ldapcacheentries">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum number of entries in the primary LDAP cache</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCacheEntries <var>number</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPCacheEntries 1024</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>Specifies the maximum size of the primary LDAP cache. This
+ cache contains successful search/binds. Set it to 0 to turn off
+ search/bind caching. The default size is 1024 cached
+ searches.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPCacheTTL" id="LDAPCacheTTL">LDAPCacheTTL</a> <a name="ldapcachettl" id="ldapcachettl">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Time that cached items remain valid</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCacheTTL <var>seconds</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPCacheTTL 600</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>Specifies the time (in seconds) that an item in the
+ search/bind cache remains valid. The default is 600 seconds (10
+ minutes).</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPConnectionTimeout" id="LDAPConnectionTimeout">LDAPConnectionTimeout</a> <a name="ldapconnectiontimeout" id="ldapconnectiontimeout">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the socket connection timeout in seconds</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPConnectionTimeout <var>seconds</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>This directive configures the LDAP_OPT_NETWORK_TIMEOUT option in the
+ underlying LDAP client library, when available. This value typically
+ controls how long the LDAP client library will wait for the TCP connection
+ to the LDAP server to complete.</p>
+
+ <p> If a connection is not successful with the timeout period, either an error will be
+ returned or the LDAP client library will attempt to connect to a secondary LDAP
+ server if one is specified (via a space-separated list of hostnames in the
+ <code class="directive"><a href="../mod/mod_authnz_ldap.html#authldapurl">AuthLDAPURL</a></code>).</p>
+
+ <p>The default is 10 seconds, if the LDAP client library linked with the
+ server supports the LDAP_OPT_NETWORK_TIMEOUT option.</p>
+
+ <div class="note">LDAPConnectionTimeout is only available when the LDAP client library linked
+ with the server supports the LDAP_OPT_NETWORK_TIMEOUT option, and the
+ ultimate behavior is dictated entirely by the LDAP client library.
+ </div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPOpCacheEntries" id="LDAPOpCacheEntries">LDAPOpCacheEntries</a> <a name="ldapopcacheentries" id="ldapopcacheentries">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Number of entries used to cache LDAP compare
+operations</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPOpCacheEntries <var>number</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPOpCacheEntries 1024</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>This specifies the number of entries <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
+ will use to cache LDAP compare operations. The default is 1024
+ entries. Setting it to 0 disables operation caching.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPOpCacheTTL" id="LDAPOpCacheTTL">LDAPOpCacheTTL</a> <a name="ldapopcachettl" id="ldapopcachettl">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Time that entries in the operation cache remain
+valid</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPOpCacheTTL <var>seconds</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPOpCacheTTL 600</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>Specifies the time (in seconds) that entries in the
+ operation cache remain valid. The default is 600 seconds.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPSharedCacheFile" id="LDAPSharedCacheFile">LDAPSharedCacheFile</a> <a name="ldapsharedcachefile" id="ldapsharedcachefile">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the shared memory cache file</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPSharedCacheFile <var>directory-path/filename</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>Specifies the directory path and file name of the shared memory
+ cache file. If not set, anonymous shared memory will be used if the
+ platform supports it.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPSharedCacheSize" id="LDAPSharedCacheSize">LDAPSharedCacheSize</a> <a name="ldapsharedcachesize" id="ldapsharedcachesize">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Size in bytes of the shared-memory cache</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPSharedCacheSize <var>bytes</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPSharedCacheSize 500000</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>Specifies the number of bytes to allocate for the shared
+ memory cache. The default is 500kb. If set to 0, shared memory
+ caching will not be used.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPTrustedClientCert" id="LDAPTrustedClientCert">LDAPTrustedClientCert</a> <a name="ldaptrustedclientcert" id="ldaptrustedclientcert">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the file containing or nickname referring to a per
+connection client certificate. Not all LDAP toolkits support per
+connection client certificates.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedClientCert <var>type</var> <var>directory-path/filename/nickname</var> <var>[password]</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>It specifies the directory path, file name or nickname of a
+ per connection client certificate used when establishing an SSL
+ or TLS connection to an LDAP server. Different locations or
+ directories may have their own independent client certificate
+ settings. Some LDAP toolkits (notably Novell)
+ do not support per connection client certificates, and will throw an
+ error on LDAP server connection if you try to use this directive
+ (Use the LDAPTrustedGlobalCert directive instead for Novell client
+ certificates - See the SSL/TLS certificate guide above for details).
+ The type specifies the kind of certificate parameter being
+ set, depending on the LDAP toolkit being used. Supported types are:</p>
+ <ul>
+ <li>CERT_DER - binary DER encoded client certificate</li>
+ <li>CERT_BASE64 - PEM encoded client certificate</li>
+ <li>CERT_NICKNAME - Client certificate "nickname" (Netscape SDK)</li>
+ <li>KEY_DER - binary DER encoded private key</li>
+ <li>KEY_BASE64 - PEM encoded private key</li>
+ </ul>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPTrustedGlobalCert" id="LDAPTrustedGlobalCert">LDAPTrustedGlobalCert</a> <a name="ldaptrustedglobalcert" id="ldaptrustedglobalcert">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the file or database containing global trusted
+Certificate Authority or global client certificates</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedGlobalCert <var>type</var> <var>directory-path/filename</var> <var>[password]</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>It specifies the directory path and file name of the trusted CA
+ certificates and/or system wide client certificates <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
+ should use when establishing an SSL or TLS connection to an LDAP
+ server. Note that all certificate information specified using this directive
+ is applied globally to the entire server installation. Some LDAP toolkits
+ (notably Novell) require all client certificates to be set globally using
+ this directive. Most other toolkits require clients certificates to be set
+ per Directory or per Location using LDAPTrustedClientCert. If you get this
+ wrong, an error may be logged when an attempt is made to contact the LDAP
+ server, or the connection may silently fail (See the SSL/TLS certificate
+ guide above for details).
+ The type specifies the kind of certificate parameter being
+ set, depending on the LDAP toolkit being used. Supported types are:</p>
+ <ul>
+ <li>CA_DER - binary DER encoded CA certificate</li>
+ <li>CA_BASE64 - PEM encoded CA certificate</li>
+ <li>CA_CERT7_DB - Netscape cert7.db CA certificate database file</li>
+ <li>CA_SECMOD - Netscape secmod database file</li>
+ <li>CERT_DER - binary DER encoded client certificate</li>
+ <li>CERT_BASE64 - PEM encoded client certificate</li>
+ <li>CERT_KEY3_DB - Netscape key3.db client certificate database file</li>
+ <li>CERT_NICKNAME - Client certificate "nickname" (Netscape SDK)</li>
+ <li>CERT_PFX - PKCS#12 encoded client certificate (Novell SDK)</li>
+ <li>KEY_DER - binary DER encoded private key</li>
+ <li>KEY_BASE64 - PEM encoded private key</li>
+ <li>KEY_PFX - PKCS#12 encoded private key (Novell SDK)</li>
+ </ul>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPTrustedMode" id="LDAPTrustedMode">LDAPTrustedMode</a> <a name="ldaptrustedmode" id="ldaptrustedmode">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the SSL/TLS mode to be used when connecting to an LDAP server.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedMode <var>type</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>The following modes are supported:</p>
+ <ul>
+ <li>NONE - no encryption</li>
+ <li>SSL - ldaps:// encryption on default port 636</li>
+ <li>TLS - STARTTLS encryption on default port 389</li>
+ </ul>
+
+ <p>Not all LDAP toolkits support all the above modes. An error message
+ will be logged at runtime if a mode is not supported, and the
+ connection to the LDAP server will fail.
+ </p>
+
+ <p>If an ldaps:// URL is specified, the mode becomes SSL and the setting
+ of LDAPTrustedMode is ignored.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPVerifyServerCert" id="LDAPVerifyServerCert">LDAPVerifyServerCert</a> <a name="ldapverifyservercert" id="ldapverifyservercert">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Force server certificate verification</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPVerifyServerCert <var>On|Off</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPVerifyServerCert On</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>Specifies whether to force the verification of a
+ server certificate when establishing an SSL connection to the
+ LDAP server.</p>
+
</div>
</div>
<div class="bottomlang">
step. The <code class="directive">TransferLog</code> and <code class="directive">CustomLog</code> directives can be used multiple times in each
server to cause each request to be logged to multiple files.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#formats">Custom Log Formats</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Considerations</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#bufferedlogs">BufferedLogs</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cookielog">CookieLog</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#logformat">LogFormat</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#transferlog">TransferLog</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#formats">Custom Log Formats</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Considerations</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="../logs.html">Apache Log Files</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="BufferedLogs" id="BufferedLogs">BufferedLogs</a> <a name="bufferedlogs" id="bufferedlogs">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Buffer log entries in memory before writing to disk</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>BufferedLogs On|Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>BufferedLogs Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in versions 2.0.41 and later.</td></tr>
-</table>
- <p>The <code class="directive">BufferedLogs</code> directive causes
- <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code> to store several log entries in
- memory and write them together to disk, rather than writing them
- after each request. On some systems, this may result in more
- efficient disk access and hence higher performance. It may be
- set only once for the entire server; it cannot be configured
- per virtual-host.</p>
-
- <div class="note">This directive is experimental and should be used with
- caution.</div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="CookieLog" id="CookieLog">CookieLog</a> <a name="cookielog" id="cookielog">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets filename for the logging of cookies</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CookieLog <var>filename</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>This directive is deprecated.</td></tr>
-</table>
- <p>The <code class="directive">CookieLog</code> directive sets the
- filename for logging of cookies. The filename is relative to the
- <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>. This directive is
- included only for compatibility with <code>mod_cookies</code>,
- and is deprecated.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="CustomLog" id="CustomLog">CustomLog</a> <a name="customlog" id="customlog">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets filename and format of log file</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CustomLog <var>file</var>|<var>pipe</var>
-<var>format</var>|<var>nickname</var>
-[env=[!]<var>environment-variable</var>]</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
-</table>
- <p>The <code class="directive">CustomLog</code> directive is used to
- log requests to the server. A log format is specified, and the
- logging can optionally be made conditional on request
- characteristics using environment variables.</p>
-
- <p>The first argument, which specifies the location to which
- the logs will be written, can take one of the following two
- types of values:</p>
-
- <dl>
- <dt><var>file</var></dt>
- <dd>A filename, relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</dd>
-
- <dt><var>pipe</var></dt>
- <dd>The pipe character "<code>|</code>", followed by the path
- to a program to receive the log information on its standard
- input. See the notes on <a href="../logs.html#piped">piped logs</a>
- for more information.
-
- <div class="warning"><h3>Security:</h3>
- <p>If a program is used, then it will be run as the user who
- started <code class="program"><a href="../programs/httpd.html">httpd</a></code>. This will be root if the server was
- started by root; be sure that the program is secure.</p>
- </div>
- <div class="warning"><h3>Note</h3>
- <p>When entering a file path on non-Unix platforms, care should be taken
- to make sure that only forward slashed are used even though the platform
- may allow the use of back slashes. In general it is a good idea to always
- use forward slashes throughout the configuration files.</p>
- </div></dd>
- </dl>
-
- <p>The second argument specifies what will be written to the
- log file. It can specify either a <var>nickname</var> defined by
- a previous <code class="directive"><a href="#logformat">LogFormat</a></code>
- directive, or it can be an explicit <var>format</var> string as
- described in the <a href="#formats">log formats</a> section.</p>
-
- <p>For example, the following two sets of directives have
- exactly the same effect:</p>
-
- <div class="example"><p><code>
- # CustomLog with format nickname<br />
- LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
- CustomLog logs/access_log common<br />
- <br />
- # CustomLog with explicit format string<br />
- CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"
- </code></p></div>
-
- <p>The third argument is optional and controls whether or
- not to log a particular request based on the
- presence or absence of a particular variable in the server
- environment. If the specified <a href="../env.html">environment
- variable</a> is set for the request (or is not set, in the case
- of a '<code>env=!<var>name</var></code>' clause), then the
- request will be logged.</p>
-
- <p>Environment variables can be set on a per-request
- basis using the <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>
- and/or <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> modules. For
- example, if you want to record requests for all GIF
- images on your server in a separate logfile but not in your main
- log, you can use:</p>
-
- <div class="example"><p><code>
- SetEnvIf Request_URI \.gif$ gif-image<br />
- CustomLog gif-requests.log common env=gif-image<br />
- CustomLog nongif-requests.log common env=!gif-image
- </code></p></div>
-
- <p>Or, to reproduce the behavior of the old RefererIgnore
- directive, you might use the following:</p>
-
- <div class="example"><p><code>
- SetEnvIf Referer example\.com localreferer<br />
- CustomLog referer.log referer env=!localreferer
- </code></p></div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LogFormat" id="LogFormat">LogFormat</a> <a name="logformat" id="logformat">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Describes a format for use in a log file</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LogFormat <var>format</var>|<var>nickname</var>
-[<var>nickname</var>]</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LogFormat "%h %l %u %t \"%r\" %>s %b"</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
-</table>
- <p>This directive specifies the format of the access log
- file.</p>
-
- <p>The <code class="directive">LogFormat</code> directive can take one of two
- forms. In the first form, where only one argument is specified,
- this directive sets the log format which will be used by logs
- specified in subsequent <code class="directive">TransferLog</code>
- directives. The single argument can specify an explicit
- <var>format</var> as discussed in the <a href="#formats">custom log
- formats</a> section above. Alternatively, it can use a
- <var>nickname</var> to refer to a log format defined in a
- previous <code class="directive">LogFormat</code> directive as described
- below.</p>
-
- <p>The second form of the <code class="directive">LogFormat</code>
- directive associates an explicit <var>format</var> with a
- <var>nickname</var>. This <var>nickname</var> can then be used in
- subsequent <code class="directive">LogFormat</code> or
- <code class="directive"><a href="#customlog">CustomLog</a></code> directives
- rather than repeating the entire format string. A
- <code class="directive">LogFormat</code> directive that defines a nickname
- <strong>does nothing else</strong> -- that is, it <em>only</em>
- defines the nickname, it doesn't actually apply the format and make
- it the default. Therefore, it will not affect subsequent
- <code class="directive"><a href="#transferlog">TransferLog</a></code> directives.
- In addition, <code class="directive">LogFormat</code> cannot use one nickname
- to define another nickname. Note that the nickname should not contain
- percent signs (<code>%</code>).</p>
-
- <div class="example"><h3>Example</h3><p><code>
- LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
- </code></p></div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="TransferLog" id="TransferLog">TransferLog</a> <a name="transferlog" id="transferlog">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specify location of a log file</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>TransferLog <var>file</var>|<var>pipe</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
-</table>
- <p>This directive has exactly the same arguments and effect as
- the <code class="directive"><a href="#customlog">CustomLog</a></code>
- directive, with the exception that it does not allow the log format
- to be specified explicitly or for conditional logging of requests.
- Instead, the log format is determined by the most recently specified
- <code class="directive"><a href="#logformat">LogFormat</a></code> directive
- which does not define a nickname. Common Log Format is used if no
- other format has been specified.</p>
-
- <div class="example"><h3>Example</h3><p><code>
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""<br />
- TransferLog logs/access_log
- </code></p></div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="formats" id="formats">Custom Log Formats</a></h2>
if the directory where logfiles are stored is writable by
anyone other than the user that starts the server.</p>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="BufferedLogs" id="BufferedLogs">BufferedLogs</a> <a name="bufferedlogs" id="bufferedlogs">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Buffer log entries in memory before writing to disk</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>BufferedLogs On|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>BufferedLogs Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in versions 2.0.41 and later.</td></tr>
+</table>
+ <p>The <code class="directive">BufferedLogs</code> directive causes
+ <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code> to store several log entries in
+ memory and write them together to disk, rather than writing them
+ after each request. On some systems, this may result in more
+ efficient disk access and hence higher performance. It may be
+ set only once for the entire server; it cannot be configured
+ per virtual-host.</p>
+
+ <div class="note">This directive is experimental and should be used with
+ caution.</div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CookieLog" id="CookieLog">CookieLog</a> <a name="cookielog" id="cookielog">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets filename for the logging of cookies</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CookieLog <var>filename</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>This directive is deprecated.</td></tr>
+</table>
+ <p>The <code class="directive">CookieLog</code> directive sets the
+ filename for logging of cookies. The filename is relative to the
+ <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>. This directive is
+ included only for compatibility with <code>mod_cookies</code>,
+ and is deprecated.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CustomLog" id="CustomLog">CustomLog</a> <a name="customlog" id="customlog">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets filename and format of log file</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CustomLog <var>file</var>|<var>pipe</var>
+<var>format</var>|<var>nickname</var>
+[env=[!]<var>environment-variable</var>]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
+</table>
+ <p>The <code class="directive">CustomLog</code> directive is used to
+ log requests to the server. A log format is specified, and the
+ logging can optionally be made conditional on request
+ characteristics using environment variables.</p>
+
+ <p>The first argument, which specifies the location to which
+ the logs will be written, can take one of the following two
+ types of values:</p>
+
+ <dl>
+ <dt><var>file</var></dt>
+ <dd>A filename, relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</dd>
+
+ <dt><var>pipe</var></dt>
+ <dd>The pipe character "<code>|</code>", followed by the path
+ to a program to receive the log information on its standard
+ input. See the notes on <a href="../logs.html#piped">piped logs</a>
+ for more information.
+
+ <div class="warning"><h3>Security:</h3>
+ <p>If a program is used, then it will be run as the user who
+ started <code class="program"><a href="../programs/httpd.html">httpd</a></code>. This will be root if the server was
+ started by root; be sure that the program is secure.</p>
+ </div>
+ <div class="warning"><h3>Note</h3>
+ <p>When entering a file path on non-Unix platforms, care should be taken
+ to make sure that only forward slashed are used even though the platform
+ may allow the use of back slashes. In general it is a good idea to always
+ use forward slashes throughout the configuration files.</p>
+ </div></dd>
+ </dl>
+
+ <p>The second argument specifies what will be written to the
+ log file. It can specify either a <var>nickname</var> defined by
+ a previous <code class="directive"><a href="#logformat">LogFormat</a></code>
+ directive, or it can be an explicit <var>format</var> string as
+ described in the <a href="#formats">log formats</a> section.</p>
+
+ <p>For example, the following two sets of directives have
+ exactly the same effect:</p>
+
+ <div class="example"><p><code>
+ # CustomLog with format nickname<br />
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
+ CustomLog logs/access_log common<br />
+ <br />
+ # CustomLog with explicit format string<br />
+ CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"
+ </code></p></div>
+
+ <p>The third argument is optional and controls whether or
+ not to log a particular request based on the
+ presence or absence of a particular variable in the server
+ environment. If the specified <a href="../env.html">environment
+ variable</a> is set for the request (or is not set, in the case
+ of a '<code>env=!<var>name</var></code>' clause), then the
+ request will be logged.</p>
+
+ <p>Environment variables can be set on a per-request
+ basis using the <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>
+ and/or <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> modules. For
+ example, if you want to record requests for all GIF
+ images on your server in a separate logfile but not in your main
+ log, you can use:</p>
+
+ <div class="example"><p><code>
+ SetEnvIf Request_URI \.gif$ gif-image<br />
+ CustomLog gif-requests.log common env=gif-image<br />
+ CustomLog nongif-requests.log common env=!gif-image
+ </code></p></div>
+
+ <p>Or, to reproduce the behavior of the old RefererIgnore
+ directive, you might use the following:</p>
+
+ <div class="example"><p><code>
+ SetEnvIf Referer example\.com localreferer<br />
+ CustomLog referer.log referer env=!localreferer
+ </code></p></div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LogFormat" id="LogFormat">LogFormat</a> <a name="logformat" id="logformat">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Describes a format for use in a log file</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LogFormat <var>format</var>|<var>nickname</var>
+[<var>nickname</var>]</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LogFormat "%h %l %u %t \"%r\" %>s %b"</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
+</table>
+ <p>This directive specifies the format of the access log
+ file.</p>
+
+ <p>The <code class="directive">LogFormat</code> directive can take one of two
+ forms. In the first form, where only one argument is specified,
+ this directive sets the log format which will be used by logs
+ specified in subsequent <code class="directive">TransferLog</code>
+ directives. The single argument can specify an explicit
+ <var>format</var> as discussed in the <a href="#formats">custom log
+ formats</a> section above. Alternatively, it can use a
+ <var>nickname</var> to refer to a log format defined in a
+ previous <code class="directive">LogFormat</code> directive as described
+ below.</p>
+
+ <p>The second form of the <code class="directive">LogFormat</code>
+ directive associates an explicit <var>format</var> with a
+ <var>nickname</var>. This <var>nickname</var> can then be used in
+ subsequent <code class="directive">LogFormat</code> or
+ <code class="directive"><a href="#customlog">CustomLog</a></code> directives
+ rather than repeating the entire format string. A
+ <code class="directive">LogFormat</code> directive that defines a nickname
+ <strong>does nothing else</strong> -- that is, it <em>only</em>
+ defines the nickname, it doesn't actually apply the format and make
+ it the default. Therefore, it will not affect subsequent
+ <code class="directive"><a href="#transferlog">TransferLog</a></code> directives.
+ In addition, <code class="directive">LogFormat</code> cannot use one nickname
+ to define another nickname. Note that the nickname should not contain
+ percent signs (<code>%</code>).</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
+ </code></p></div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="TransferLog" id="TransferLog">TransferLog</a> <a name="transferlog" id="transferlog">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specify location of a log file</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>TransferLog <var>file</var>|<var>pipe</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_config</td></tr>
+</table>
+ <p>This directive has exactly the same arguments and effect as
+ the <code class="directive"><a href="#customlog">CustomLog</a></code>
+ directive, with the exception that it does not allow the log format
+ to be specified explicitly or for conditional logging of requests.
+ Instead, the log format is determined by the most recently specified
+ <code class="directive"><a href="#logformat">LogFormat</a></code> directive
+ which does not define a nickname. Common Log Format is used if no
+ other format has been specified.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""<br />
+ TransferLog logs/access_log
+ </code></p></div>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_log_config.html" title="English"> en </a> |
distribution's support directory, may be helpful in evaluating the
forensic log output.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#forensiclog">ForensicLog</a></li>
-</ul>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#formats">Forensic Log Format</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Considerations</a></li>
-</ul><h3>See also</h3>
+</ul><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#forensiclog">ForensicLog</a></li>
+</ul>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="../logs.html">Apache Log Files</a></li>
<li><code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ForensicLog" id="ForensicLog">ForensicLog</a> <a name="forensiclog" id="forensiclog">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets filename of the forensic log</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ForensicLog <var>filename</var>|<var>pipe</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_forensic</td></tr>
-</table>
- <p>The <code class="directive">ForensicLog</code> directive is used to
- log requests to the server for forensic analysis. Each log entry
- is assigned a unique ID which can be associated with the request
- using the normal <code class="directive"><a href="../mod/mod_log_config.html#customlog">CustomLog</a></code>
- directive. <code class="module"><a href="../mod/mod_log_forensic.html">mod_log_forensic</a></code> creates a token called
- <code>forensic-id</code>, which can be added to the transfer log
- using the <code>%{forensic-id}n</code> format string.</p>
-
- <p>The argument, which specifies the location to which
- the logs will be written, can take one of the following two
- types of values:</p>
-
- <dl>
- <dt><var>filename</var></dt>
- <dd>A filename, relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</dd>
-
- <dt><var>pipe</var></dt>
- <dd>The pipe character "<code>|</code>", followed by the path
- to a program to receive the log information on its standard
- input. The program name can be specified relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code> directive.
-
- <div class="warning"><h3>Security:</h3>
- <p>If a program is used, then it will be run as the user who
- started <code class="program"><a href="../programs/httpd.html">httpd</a></code>. This will be root if the server was
- started by root; be sure that the program is secure or switches to a
- less privileged user.</p>
- </div>
-
- <div class="note"><h3>Note</h3>
- <p>When entering a file path on non-Unix platforms, care should be taken
- to make sure that only forward slashes are used even though the platform
- may allow the use of back slashes. In general it is a good idea to always
- use forward slashes throughout the configuration files.</p>
- </div></dd>
- </dl>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="formats" id="formats">Forensic Log Format</a></h2>
<p>Each request is logged two times. The first time is <em>before</em> it's
they should not be readable by anyone except the user that starts the
server.</p>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ForensicLog" id="ForensicLog">ForensicLog</a> <a name="forensiclog" id="forensiclog">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets filename of the forensic log</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ForensicLog <var>filename</var>|<var>pipe</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_log_forensic</td></tr>
+</table>
+ <p>The <code class="directive">ForensicLog</code> directive is used to
+ log requests to the server for forensic analysis. Each log entry
+ is assigned a unique ID which can be associated with the request
+ using the normal <code class="directive"><a href="../mod/mod_log_config.html#customlog">CustomLog</a></code>
+ directive. <code class="module"><a href="../mod/mod_log_forensic.html">mod_log_forensic</a></code> creates a token called
+ <code>forensic-id</code>, which can be added to the transfer log
+ using the <code>%{forensic-id}n</code> format string.</p>
+
+ <p>The argument, which specifies the location to which
+ the logs will be written, can take one of the following two
+ types of values:</p>
+
+ <dl>
+ <dt><var>filename</var></dt>
+ <dd>A filename, relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</dd>
+
+ <dt><var>pipe</var></dt>
+ <dd>The pipe character "<code>|</code>", followed by the path
+ to a program to receive the log information on its standard
+ input. The program name can be specified relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code> directive.
+
+ <div class="warning"><h3>Security:</h3>
+ <p>If a program is used, then it will be run as the user who
+ started <code class="program"><a href="../programs/httpd.html">httpd</a></code>. This will be root if the server was
+ started by root; be sure that the program is secure or switches to a
+ less privileged user.</p>
+ </div>
+
+ <div class="note"><h3>Note</h3>
+ <p>When entering a file path on non-Unix platforms, care should be taken
+ to make sure that only forward slashes are used even though the platform
+ may allow the use of back slashes. In general it is a good idea to always
+ use forward slashes throughout the configuration files.</p>
+ </div></dd>
+ </dl>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_log_forensic.html" title="English"> en </a> |
with the request that triggered the renegotiation.</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
- directives.</p>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#formats">Custom Log Formats</a></li>
-</ul><h3>See also</h3>
+</ul><h3 class="directives">Directives</h3>
+<p>This module provides no
+ directives.</p>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code></li>
<li><a href="../logs.html">Apache Log Files</a></li>
<li><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code></li>
<li><code class="module"><a href="../mod/mod_disk_cache.html">mod_disk_cache</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="MCacheMaxObjectCount" id="MCacheMaxObjectCount">MCacheMaxObjectCount</a> <a name="mcachemaxobjectcount" id="mcachemaxobjectcount">Directive</a></h2>
<table class="directive">
</div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_mem_cache.html" title="English"> en </a> |
their last modified date) to ensure that all visitors are
receive the corrected content headers.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#multipleext">Files with Multiple Extensions</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#contentencoding">Content encoding</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#charset-lang">Character sets and languages</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#addcharset">AddCharset</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#addencoding">AddEncoding</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#removetype">RemoveType</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#typesconfig">TypesConfig</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#multipleext">Files with Multiple Extensions</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#contentencoding">Content encoding</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#charset-lang">Character sets and languages</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/mod_mime_magic.html#mimemagicfile">MimeMagicFile</a></code></li>
<li><code class="directive"><a href="../mod/core.html#adddefaultcharset">AddDefaultCharset</a></code></li>
<li><code class="directive"><a href="../mod/core.html#setoutputfilter">SetOutputFilter</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="multipleext" id="multipleext">Files with Multiple Extensions</a></h2>
+ <p>Files can have more than one extension, and the order of the
+ extensions is <em>normally</em> irrelevant. For example, if the
+ file <code>welcome.html.fr</code> maps onto content type
+ <code>text/html</code> and language French then the file
+ <code>welcome.fr.html</code> will map onto exactly the same
+ information. If more than one extension is given that maps onto
+ the same type of meta-information, then the one to the right will
+ be used, except for languages and content encodings. For example,
+ if <code>.gif</code> maps to the <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a>
+ <code>image/gif</code> and <code>.html</code> maps to the
+ MIME-type <code>text/html</code>, then the file
+ <code>welcome.gif.html</code> will be associated with the
+ MIME-type <code>text/html</code>.</p>
+
+ <p><a href="#charset-lang">Languages</a> and <a href="#contentencoding">content encodings</a> are treated accumulative, because one can assign
+ more than one language or encoding to a particular resource. For example,
+ the file <code>welcome.html.en.de</code> will be delivered with
+ <code>Content-Language: en, de</code> and <code>Content-Type:
+ text/html</code>.</p>
+
+ <p>Care should be taken when a file with multiple extensions
+ gets associated with both a <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> and a handler. This will
+ usually result in the request being handled by the module associated
+ with the handler. For example, if the <code>.imap</code>
+ extension is mapped to the handler <code>imap-file</code> (from
+ <code class="module"><a href="../mod/mod_imagemap.html">mod_imagemap</a></code>) and the <code>.html</code> extension is
+ mapped to the MIME-type <code>text/html</code>, then the file
+ <code>world.imap.html</code> will be associated with both the
+ <code>imap-file</code> handler and <code>text/html</code> MIME-type.
+ When it is processed, the <code>imap-file</code> handler will be used,
+ and so it will be treated as a <code class="module"><a href="../mod/mod_imagemap.html">mod_imagemap</a></code> imagemap
+ file.</p>
+
+ <p>If you would prefer only the last dot-separated part of the
+ filename to be mapped to a particular piece of meta-data, then do
+ not use the <code>Add*</code> directives. For example, if you wish
+ to have the file <code>foo.html.cgi</code> processed as a CGI
+ script, but not the file <code>bar.cgi.html</code>, then instead
+ of using <code>AddHandler cgi-script .cgi</code>, use</p>
+
+ <div class="example"><h3>Configure handler based on final extension only</h3><p><code>
+ <FilesMatch \.cgi$>
+ <span class="indent">
+ SetHandler cgi-script
+ </span>
+ </FilesMatch>
+ </code></p></div>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="contentencoding" id="contentencoding">Content encoding</a></h2>
+ <p>A file of a particular <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> can additionally be encoded a
+ particular way to simplify transmission over the Internet.
+ While this usually will refer to compression, such as
+ <code>gzip</code>, it can also refer to encryption, such a
+ <code>pgp</code> or to an encoding such as UUencoding, which is
+ designed for transmitting a binary file in an ASCII (text)
+ format.</p>
+
+ <p>The <a href="http://www.ietf.org/rfc/rfc2616.txt">HTTP/1.1
+ RFC</a>, section 14.11 puts it this way:</p>
+
+ <blockquote cite="http://www.ietf.org/rfc/rfc2616.txt">
+ <p>The Content-Encoding entity-header field is used as a modifier to
+ the media-type. When present, its value indicates what additional
+ content codings have been applied to the entity-body, and thus what
+ decoding mechanisms must be applied in order to obtain the media-type
+ referenced by the Content-Type header field. Content-Encoding is
+ primarily used to allow a document to be compressed without losing
+ the identity of its underlying media type.</p>
+ </blockquote>
+
+ <p>By using more than one file extension (see <a href="#multipleext">section above about multiple file
+ extensions</a>), you can indicate that a file is of a
+ particular <em>type</em>, and also has a particular
+ <em>encoding</em>. </p>
+
+ <p>For example, you may have a file which is a Microsoft Word
+ document, which is pkzipped to reduce its size. If the
+ <code>.doc</code> extension is associated with the Microsoft
+ Word file type, and the <code>.zip</code> extension is
+ associated with the pkzip file encoding, then the file
+ <code>Resume.doc.zip</code> would be known to be a pkzip'ed Word
+ document.</p>
+
+ <p>Apache sends a <code>Content-encoding</code> header with the
+ resource, in order to tell the client browser about the
+ encoding method.</p>
+
+ <div class="example"><p><code>Content-encoding: pkzip</code></p></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="charset-lang" id="charset-lang">Character sets and languages</a></h2>
+ <p>In addition to file type and the file encoding,
+ another important piece of information is what language a
+ particular document is in, and in what character set the file
+ should be displayed. For example, the document might be written
+ in the Vietnamese alphabet, or in Cyrillic, and should be
+ displayed as such. This information, also, is transmitted in
+ HTTP headers.</p>
+
+ <p>The character set, language, encoding and mime type are all
+ used in the process of content negotiation (See
+ <code class="module"><a href="../mod/mod_negotiation.html">mod_negotiation</a></code>) to determine
+ which document to give to the client, when there are
+ alternative documents in more than one character set, language,
+ encoding or mime type. All filename extensions associations
+ created with <code class="directive"><a href="#addcharset">AddCharset</a></code>,
+ <code class="directive"><a href="#addencoding">AddEncoding</a></code>, <code class="directive"><a href="#addlanguage">AddLanguage</a></code> and <code class="directive"><a href="#addtype">AddType</a></code> directives
+ (and extensions listed in the <code class="directive"><a href="../mod/mod_mime_magic.html#mimemagicfile">MimeMagicFile</a></code>) participate in this select process.
+ Filename extensions that are only associated using the <code class="directive"><a href="#addhandler">AddHandler</a></code>, <code class="directive"><a href="#addinputfilter">AddInputFilter</a></code> or <code class="directive"><a href="#addoutputfilter">AddOutputFilter</a></code> directives may be included or excluded
+ from matching by using the <code class="directive"><a href="#multiviewsmatch">MultiviewsMatch</a></code> directive.</p>
+
+ <h3><a name="charset" id="charset">Charset</a></h3>
+ <p>To convey this further information, Apache optionally sends
+ a <code>Content-Language</code> header, to specify the language
+ that the document is in, and can append additional information
+ onto the <code>Content-Type</code> header to indicate the
+ particular character set that should be used to correctly
+ render the information.</p>
+
+ <div class="example"><p><code>
+ Content-Language: en, fr<br />
+ Content-Type: text/plain; charset=ISO-8859-1
+ </code></p></div>
+
+ <p>The language specification is the two-letter abbreviation
+ for the language. The <code>charset</code> is the name of the
+ particular character set which should be used.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AddCharset" id="AddCharset">AddCharset</a> <a name="addcharset" id="addcharset">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps the given filename extensions to the specified content
<ul>
<li><code class="module"><a href="../mod/mod_mime_magic.html">mod_mime_magic</a></code></li>
</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="multipleext" id="multipleext">Files with Multiple Extensions</a></h2>
- <p>Files can have more than one extension, and the order of the
- extensions is <em>normally</em> irrelevant. For example, if the
- file <code>welcome.html.fr</code> maps onto content type
- <code>text/html</code> and language French then the file
- <code>welcome.fr.html</code> will map onto exactly the same
- information. If more than one extension is given that maps onto
- the same type of meta-information, then the one to the right will
- be used, except for languages and content encodings. For example,
- if <code>.gif</code> maps to the <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a>
- <code>image/gif</code> and <code>.html</code> maps to the
- MIME-type <code>text/html</code>, then the file
- <code>welcome.gif.html</code> will be associated with the
- MIME-type <code>text/html</code>.</p>
-
- <p><a href="#charset-lang">Languages</a> and <a href="#contentencoding">content encodings</a> are treated accumulative, because one can assign
- more than one language or encoding to a particular resource. For example,
- the file <code>welcome.html.en.de</code> will be delivered with
- <code>Content-Language: en, de</code> and <code>Content-Type:
- text/html</code>.</p>
-
- <p>Care should be taken when a file with multiple extensions
- gets associated with both a <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> and a handler. This will
- usually result in the request being handled by the module associated
- with the handler. For example, if the <code>.imap</code>
- extension is mapped to the handler <code>imap-file</code> (from
- <code class="module"><a href="../mod/mod_imagemap.html">mod_imagemap</a></code>) and the <code>.html</code> extension is
- mapped to the MIME-type <code>text/html</code>, then the file
- <code>world.imap.html</code> will be associated with both the
- <code>imap-file</code> handler and <code>text/html</code> MIME-type.
- When it is processed, the <code>imap-file</code> handler will be used,
- and so it will be treated as a <code class="module"><a href="../mod/mod_imagemap.html">mod_imagemap</a></code> imagemap
- file.</p>
-
- <p>If you would prefer only the last dot-separated part of the
- filename to be mapped to a particular piece of meta-data, then do
- not use the <code>Add*</code> directives. For example, if you wish
- to have the file <code>foo.html.cgi</code> processed as a CGI
- script, but not the file <code>bar.cgi.html</code>, then instead
- of using <code>AddHandler cgi-script .cgi</code>, use</p>
-
- <div class="example"><h3>Configure handler based on final extension only</h3><p><code>
- <FilesMatch \.cgi$>
- <span class="indent">
- SetHandler cgi-script
- </span>
- </FilesMatch>
- </code></p></div>
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="contentencoding" id="contentencoding">Content encoding</a></h2>
- <p>A file of a particular <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME-type</a> can additionally be encoded a
- particular way to simplify transmission over the Internet.
- While this usually will refer to compression, such as
- <code>gzip</code>, it can also refer to encryption, such a
- <code>pgp</code> or to an encoding such as UUencoding, which is
- designed for transmitting a binary file in an ASCII (text)
- format.</p>
-
- <p>The <a href="http://www.ietf.org/rfc/rfc2616.txt">HTTP/1.1
- RFC</a>, section 14.11 puts it this way:</p>
-
- <blockquote cite="http://www.ietf.org/rfc/rfc2616.txt">
- <p>The Content-Encoding entity-header field is used as a modifier to
- the media-type. When present, its value indicates what additional
- content codings have been applied to the entity-body, and thus what
- decoding mechanisms must be applied in order to obtain the media-type
- referenced by the Content-Type header field. Content-Encoding is
- primarily used to allow a document to be compressed without losing
- the identity of its underlying media type.</p>
- </blockquote>
-
- <p>By using more than one file extension (see <a href="#multipleext">section above about multiple file
- extensions</a>), you can indicate that a file is of a
- particular <em>type</em>, and also has a particular
- <em>encoding</em>. </p>
-
- <p>For example, you may have a file which is a Microsoft Word
- document, which is pkzipped to reduce its size. If the
- <code>.doc</code> extension is associated with the Microsoft
- Word file type, and the <code>.zip</code> extension is
- associated with the pkzip file encoding, then the file
- <code>Resume.doc.zip</code> would be known to be a pkzip'ed Word
- document.</p>
-
- <p>Apache sends a <code>Content-encoding</code> header with the
- resource, in order to tell the client browser about the
- encoding method.</p>
-
- <div class="example"><p><code>Content-encoding: pkzip</code></p></div>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="charset-lang" id="charset-lang">Character sets and languages</a></h2>
- <p>In addition to file type and the file encoding,
- another important piece of information is what language a
- particular document is in, and in what character set the file
- should be displayed. For example, the document might be written
- in the Vietnamese alphabet, or in Cyrillic, and should be
- displayed as such. This information, also, is transmitted in
- HTTP headers.</p>
-
- <p>The character set, language, encoding and mime type are all
- used in the process of content negotiation (See
- <code class="module"><a href="../mod/mod_negotiation.html">mod_negotiation</a></code>) to determine
- which document to give to the client, when there are
- alternative documents in more than one character set, language,
- encoding or mime type. All filename extensions associations
- created with <code class="directive"><a href="#addcharset">AddCharset</a></code>,
- <code class="directive"><a href="#addencoding">AddEncoding</a></code>, <code class="directive"><a href="#addlanguage">AddLanguage</a></code> and <code class="directive"><a href="#addtype">AddType</a></code> directives
- (and extensions listed in the <code class="directive"><a href="../mod/mod_mime_magic.html#mimemagicfile">MimeMagicFile</a></code>) participate in this select process.
- Filename extensions that are only associated using the <code class="directive"><a href="#addhandler">AddHandler</a></code>, <code class="directive"><a href="#addinputfilter">AddInputFilter</a></code> or <code class="directive"><a href="#addoutputfilter">AddOutputFilter</a></code> directives may be included or excluded
- from matching by using the <code class="directive"><a href="#multiviewsmatch">MultiviewsMatch</a></code> directive.</p>
-
- <h3><a name="charset" id="charset">Charset</a></h3>
- <p>To convey this further information, Apache optionally sends
- a <code>Content-Language</code> header, to specify the language
- that the document is in, and can append additional information
- onto the <code>Content-Type</code> header to indicate the
- particular character set that should be used to correctly
- render the information.</p>
-
- <div class="example"><p><code>
- Content-Language: en, fr<br />
- Content-Type: text/plain; charset=ISO-8859-1
- </code></p></div>
-
- <p>The language specification is the two-letter abbreviation
- for the language. The <code>charset</code> is the name of the
- particular character set which should be used.</p>
-
</div>
</div>
<div class="bottomlang">
what the contents are. This module is active only if the magic
file is specified by the <code class="directive"><a href="#mimemagicfile">MimeMagicFile</a></code> directive.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#mimemagicfile">MimeMagicFile</a></li>
-</ul>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#format">Format of the Magic File</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#performance">Performance Issues</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#notes">Notes</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="MimeMagicFile" id="MimeMagicFile">MimeMagicFile</a> <a name="mimemagicfile" id="mimemagicfile">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable MIME-type determination based on file contents
-using the specified magic file</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MimeMagicFile <var>file-path</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_mime_magic</td></tr>
-</table>
- <p>The <code class="directive">MimeMagicFile</code> directive can be used to
- enable this module, the default file is distributed at
- <code>conf/magic</code>. Non-rooted paths are relative to the
- <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>. Virtual hosts will use
- the same file as the main server unless a more specific setting is
- used, in which case the more specific setting overrides the main
- server's file.</p>
-
- <div class="example"><h3>Example</h3><p><code>
- MimeMagicFile conf/magic
- </code></p></div>
-
-</div>
+</ul><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#mimemagicfile">MimeMagicFile</a></li>
+</ul>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="format" id="format">Format of the Magic File</a></h2>
</ul>
</div>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MimeMagicFile" id="MimeMagicFile">MimeMagicFile</a> <a name="mimemagicfile" id="mimemagicfile">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable MIME-type determination based on file contents
+using the specified magic file</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MimeMagicFile <var>file-path</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_mime_magic</td></tr>
+</table>
+ <p>The <code class="directive">MimeMagicFile</code> directive can be used to
+ enable this module, the default file is distributed at
+ <code>conf/magic</code>. Non-rooted paths are relative to the
+ <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>. Virtual hosts will use
+ the same file as the main server unless a more specific setting is
+ used, in which case the more specific setting overrides the main
+ server's file.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ MimeMagicFile conf/magic
+ </code></p></div>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_mime_magic.html" title="English"> en </a></p>
results.</li>
</ul>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#typemaps">Type maps</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#multiviews">MultiViews</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#cachenegotiateddocs">CacheNegotiatedDocs</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#forcelanguagepriority">ForceLanguagePriority</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#languagepriority">LanguagePriority</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#typemaps">Type maps</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#multiviews">MultiViews</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li>
<li><code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code></li>
<li><a href="../env.html">Environment Variables</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="typemaps" id="typemaps">Type maps</a></h2>
+ <p>A type map has a format similar to RFC822 mail headers. It
+ contains document descriptions separated by blank lines, with
+ lines beginning with a hash character ('#') treated as
+ comments. A document description consists of several header
+ records; records may be continued on multiple lines if the
+ continuation lines start with spaces. The leading space will be
+ deleted and the lines concatenated. A header record consists of
+ a keyword name, which always ends in a colon, followed by a
+ value. Whitespace is allowed between the header name and value,
+ and between the tokens of value. The headers allowed are: </p>
+
+ <dl>
+ <dt><code>Content-Encoding:</code></dt>
+ <dd>The encoding of the file. Apache only recognizes
+ encodings that are defined by an <code class="directive"><a href="../mod/mod_mime.html#addencoding">AddEncoding</a></code> directive.
+ This normally includes the encodings <code>x-compress</code>
+ for compress'd files, and <code>x-gzip</code> for gzip'd
+ files. The <code>x-</code> prefix is ignored for encoding
+ comparisons.</dd>
+
+ <dt><code>Content-Language:</code></dt>
+ <dd>The language(s) of the variant, as an Internet standard
+ language tag (<a href="http://www.ietf.org/rfc/rfc1766.txt">RFC 1766</a>). An example is <code>en</code>,
+ meaning English. If the variant contains more than one
+ language, they are separated by a comma.</dd>
+
+ <dt><code>Content-Length:</code></dt>
+ <dd>The length of the file, in bytes. If this header is not
+ present, then the actual length of the file is used.</dd>
+
+ <dt><code>Content-Type:</code></dt>
+
+ <dd>
+ The <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME media type</a> of
+ the document, with optional parameters. Parameters are
+ separated from the media type and from one another by a
+ semi-colon, with a syntax of <code>name=value</code>. Common
+ parameters include:
+
+ <dl>
+ <dt><code>level</code></dt>
+ <dd>an integer specifying the version of the media type.
+ For <code>text/html</code> this defaults to 2, otherwise
+ 0.</dd>
+
+ <dt><code>qs</code></dt>
+ <dd>a floating-point number with a value in the range 0[.000]
+ to 1[.000], indicating the relative 'quality' of this variant
+ compared to the other available variants, independent of
+ the client's capabilities. For example, a jpeg file is
+ usually of higher source quality than an ascii file if it
+ is attempting to represent a photograph. However, if the
+ resource being represented is ascii art, then an ascii
+ file would have a higher source quality than a jpeg file.
+ All <code>qs</code> values are therefore specific to a given
+ resource.</dd>
+ </dl>
+
+ <div class="example"><h3>Example</h3><p><code>
+ Content-Type: image/jpeg; qs=0.8
+ </code></p></div>
+ </dd>
+
+ <dt><code>URI:</code></dt>
+ <dd>uri of the file containing the variant (of the given
+ media type, encoded with the given content encoding). These
+ are interpreted as URLs relative to the map file; they must
+ be on the same server (!), and they must refer to files to
+ which the client would be granted access if they were to be
+ requested directly.</dd>
+
+ <dt><code>Body:</code></dt>
+ <dd>New in Apache 2.0, the actual content of the resource may
+ be included in the type-map file using the Body header. This
+ header must contain a string that designates a delimiter for
+ the body content. Then all following lines in the type map
+ file will be considered part of the resource body until the
+ delimiter string is found.
+
+ <div class="example"><h3>Example:</h3><p><code>
+ Body:----xyz----<br />
+ <html><br />
+ <body><br />
+ <p>Content of the page.</p><br />
+ </body><br />
+ </html><br />
+ ----xyz----
+ </code></p></div>
+ </dd>
+ </dl>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="multiviews" id="multiviews">MultiViews</a></h2>
+ <p>A MultiViews search is enabled by the <code>MultiViews</code>
+ <code class="directive"><a href="../mod/core.html#options">Options</a></code>. If the server receives a
+ request for <code>/some/dir/foo</code> and
+ <code>/some/dir/foo</code> does <em>not</em> exist, then the
+ server reads the directory looking for all files named
+ <code>foo.*</code>, and effectively fakes up a type map which
+ names all those files, assigning them the same media types and
+ content-encodings it would have if the client had asked for one
+ of them by name. It then chooses the best match to the client's
+ requirements, and returns that document.</p>
+
+ <p>The <code class="directive"><a href="../mod/mod_mime.html#multiviewsmatch">MultiViewsMatch</a></code>
+ directive configures whether Apache will consider files
+ that do not have content negotiation meta-information assigned
+ to them when choosing files.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CacheNegotiatedDocs" id="CacheNegotiatedDocs">CacheNegotiatedDocs</a> <a name="cachenegotiateddocs" id="cachenegotiateddocs">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Allows content-negotiated documents to be
<li><code class="directive"><a href="../mod/mod_mime.html#addlanguage">AddLanguage</a></code></li>
</ul>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="typemaps" id="typemaps">Type maps</a></h2>
- <p>A type map has a format similar to RFC822 mail headers. It
- contains document descriptions separated by blank lines, with
- lines beginning with a hash character ('#') treated as
- comments. A document description consists of several header
- records; records may be continued on multiple lines if the
- continuation lines start with spaces. The leading space will be
- deleted and the lines concatenated. A header record consists of
- a keyword name, which always ends in a colon, followed by a
- value. Whitespace is allowed between the header name and value,
- and between the tokens of value. The headers allowed are: </p>
-
- <dl>
- <dt><code>Content-Encoding:</code></dt>
- <dd>The encoding of the file. Apache only recognizes
- encodings that are defined by an <code class="directive"><a href="../mod/mod_mime.html#addencoding">AddEncoding</a></code> directive.
- This normally includes the encodings <code>x-compress</code>
- for compress'd files, and <code>x-gzip</code> for gzip'd
- files. The <code>x-</code> prefix is ignored for encoding
- comparisons.</dd>
-
- <dt><code>Content-Language:</code></dt>
- <dd>The language(s) of the variant, as an Internet standard
- language tag (<a href="http://www.ietf.org/rfc/rfc1766.txt">RFC 1766</a>). An example is <code>en</code>,
- meaning English. If the variant contains more than one
- language, they are separated by a comma.</dd>
-
- <dt><code>Content-Length:</code></dt>
- <dd>The length of the file, in bytes. If this header is not
- present, then the actual length of the file is used.</dd>
-
- <dt><code>Content-Type:</code></dt>
-
- <dd>
- The <a class="glossarylink" href="../glossary.html#mime-type" title="see glossary">MIME media type</a> of
- the document, with optional parameters. Parameters are
- separated from the media type and from one another by a
- semi-colon, with a syntax of <code>name=value</code>. Common
- parameters include:
-
- <dl>
- <dt><code>level</code></dt>
- <dd>an integer specifying the version of the media type.
- For <code>text/html</code> this defaults to 2, otherwise
- 0.</dd>
-
- <dt><code>qs</code></dt>
- <dd>a floating-point number with a value in the range 0[.000]
- to 1[.000], indicating the relative 'quality' of this variant
- compared to the other available variants, independent of
- the client's capabilities. For example, a jpeg file is
- usually of higher source quality than an ascii file if it
- is attempting to represent a photograph. However, if the
- resource being represented is ascii art, then an ascii
- file would have a higher source quality than a jpeg file.
- All <code>qs</code> values are therefore specific to a given
- resource.</dd>
- </dl>
-
- <div class="example"><h3>Example</h3><p><code>
- Content-Type: image/jpeg; qs=0.8
- </code></p></div>
- </dd>
-
- <dt><code>URI:</code></dt>
- <dd>uri of the file containing the variant (of the given
- media type, encoded with the given content encoding). These
- are interpreted as URLs relative to the map file; they must
- be on the same server (!), and they must refer to files to
- which the client would be granted access if they were to be
- requested directly.</dd>
-
- <dt><code>Body:</code></dt>
- <dd>New in Apache 2.0, the actual content of the resource may
- be included in the type-map file using the Body header. This
- header must contain a string that designates a delimiter for
- the body content. Then all following lines in the type map
- file will be considered part of the resource body until the
- delimiter string is found.
-
- <div class="example"><h3>Example:</h3><p><code>
- Body:----xyz----<br />
- <html><br />
- <body><br />
- <p>Content of the page.</p><br />
- </body><br />
- </html><br />
- ----xyz----
- </code></p></div>
- </dd>
- </dl>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="multiviews" id="multiviews">MultiViews</a></h2>
- <p>A MultiViews search is enabled by the <code>MultiViews</code>
- <code class="directive"><a href="../mod/core.html#options">Options</a></code>. If the server receives a
- request for <code>/some/dir/foo</code> and
- <code>/some/dir/foo</code> does <em>not</em> exist, then the
- server reads the directory looking for all files named
- <code>foo.*</code>, and effectively fakes up a type map which
- names all those files, assigning them the same media types and
- content-encodings it would have if the client had asked for one
- of them by name. It then chooses the best match to the client's
- requirements, and returns that document.</p>
-
- <p>The <code class="directive"><a href="../mod/mod_mime.html#multiviewsmatch">MultiViewsMatch</a></code>
- directive configures whether Apache will consider files
- that do not have content negotiation meta-information assigned
- to them when choosing files.</p>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_negotiation.html" title="English"> en </a> |
<li><img alt="" src="../images/down.gif" /> <a href="#securelisten">SecureListen</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="NWSSLTrustedCerts" id="NWSSLTrustedCerts">NWSSLTrustedCerts</a> <a name="nwssltrustedcerts" id="nwssltrustedcerts">Directive</a></h2>
<table class="directive">
parameter also enables mutual authentication.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_nw_ssl.html" title="English"> en </a></p>
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. These additional modules will need
to be loaded and configured to take advantage of these features.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#forwardreverse">Forward Proxies and Reverse
+ Proxies/Gateways</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Basic Examples</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#workers">Workers</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#access">Controlling access to your proxy</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#startup">Slow Startup</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#intranet">Intranet Proxy</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#envsettings">Protocol Adjustments</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#request-bodies">Request Bodies</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#x-headers">Reverse Proxy Request Headers</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#allowconnect">AllowCONNECT</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#balancermember">BalancerMember</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxytimeout">ProxyTimeout</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyvia">ProxyVia</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#forwardreverse">Forward Proxies and Reverse
- Proxies/Gateways</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#examples">Basic Examples</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#workers">Workers</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#access">Controlling access to your proxy</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#startup">Slow Startup</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#intranet">Intranet Proxy</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#envsettings">Protocol Adjustments</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#request-bodies">Request Bodies</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#x-headers">Reverse Proxy Request Headers</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code></li>
<li><code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code></li>
<li><code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to <code>CONNECT</code> through the
-proxy</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AllowCONNECT <var>port</var> [<var>port</var>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AllowCONNECT 443 563</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
- <p>The <code class="directive">AllowCONNECT</code> directive specifies a list
- of port numbers to which the proxy <code>CONNECT</code> method may
- connect. Today's browsers use this method when a <code>https</code>
- connection is requested and proxy tunneling over HTTP is in effect.</p>
+<div class="section">
+<h2><a name="forwardreverse" id="forwardreverse">Forward Proxies and Reverse
+ Proxies/Gateways</a></h2>
+ <p>Apache can be configured in both a <dfn>forward</dfn> and
+ <dfn>reverse</dfn> proxy (also known as <dfn>gateway</dfn>) mode.</p>
- <p>By default, only the default https port (<code>443</code>) and the
- default snews port (<code>563</code>) are enabled. Use the
- <code class="directive">AllowCONNECT</code> directive to override this default and
- allow connections to the listed ports only.</p>
+ <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
+ server that sits between the client and the <em>origin
+ server</em>. In order to get content from the origin server,
+ the client sends a request to the proxy naming the origin server
+ as the target and the proxy then requests the content from the
+ origin server and returns it to the client. The client must be
+ specially configured to use the forward proxy to access other
+ sites.</p>
- <p>Note that you'll need to have <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> present
- in the server in order to get the support for the <code>CONNECT</code> at
- all.</p>
+ <p>A typical usage of a forward proxy is to provide Internet
+ access to internal clients that are otherwise restricted by a
+ firewall. The forward proxy can also use caching (as provided
+ by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="BalancerMember" id="BalancerMember">BalancerMember</a> <a name="balancermember" id="balancermember">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Add a member to a load balancing group</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>BalancerMember [<var>balancerurl</var>] <var>url</var> [<var>key=value [key=value ...]]</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerMember is only available in Apache 2.2
- and later.</td></tr>
-</table>
- <p>This directive adds a member to a load balancing group. It could be used
- within a <code><Proxy <var>balancer://</var>...></code> container
- directive, and can take any of the key value pairs available to
- <code class="directive"><a href="#proxypass">ProxyPass</a></code> directives.</p>
- <p>The balancerurl is only needed when not in <code><Proxy <var>balancer://</var>...></code>
- container directive. It corresponds to the url of a balancer defined in
- <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
+ <p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive. Because
+ forward proxies allow clients to access arbitrary sites through
+ your server and to hide their true origin, it is essential that
+ you <a href="#access">secure your server</a> so that only
+ authorized clients can access the proxy before activating a
+ forward proxy.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="NoProxy" id="NoProxy">NoProxy</a> <a name="noproxy" id="noproxy">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hosts, domains, or networks that will be connected to
-directly</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>NoProxy <var>host</var> [<var>host</var>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
- <p>This directive is only useful for Apache proxy servers within
- intranets. The <code class="directive">NoProxy</code> directive specifies a
- list of subnets, IP addresses, hosts and/or domains, separated by
- spaces. A request to a host which matches one or more of these is
- always served directly, without forwarding to the configured
- <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>
+ <p>A <dfn>reverse proxy</dfn> (or <dfn>gateway</dfn>), by
+ contrast, appears to the client just like an ordinary web
+ server. No special configuration on the client is necessary.
+ The client makes ordinary requests for content in the name-space
+ of the reverse proxy. The reverse proxy then decides where to
+ send those requests, and returns the content as if it was itself
+ the origin.</p>
- <div class="example"><h3>Example</h3><p><code>
- ProxyRemote * http://firewall.example.com:81<br />
- NoProxy .example.com 192.168.112.0/21
- </code></p></div>
+ <p>A typical usage of a reverse proxy is to provide Internet
+ users access to a server that is behind a firewall. Reverse
+ proxies can also be used to balance load among several back-end
+ servers, or to provide caching for a slower back-end server.
+ In addition, reverse proxies can be used simply to bring
+ several servers into the same URL space.</p>
- <p>The <var>host</var> arguments to the <code class="directive">NoProxy</code>
- directive are one of the following type list:</p>
+ <p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the
+ <code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive. It is
+ <strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to
+ configure a reverse proxy.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Basic Examples</a></h2>
- <dl>
-
- <dt><var><a name="domain" id="domain">Domain</a></var></dt>
- <dd>
- <p>A <dfn>Domain</dfn> is a partially qualified DNS domain name, preceded
- by a period. It represents a list of hosts which logically belong to the
- same DNS domain or zone (<em>i.e.</em>, the suffixes of the hostnames are
- all ending in <var>Domain</var>).</p>
+ <p>The examples below are only a very basic idea to help you
+ get started. Please read the documentation on the individual
+ directives.</p>
- <div class="example"><h3>Examples</h3><p><code>
- .com .apache.org.
+ <p>In addition, if you wish to have caching enabled, consult
+ the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
+
+ <div class="example"><h3>Reverse Proxy</h3><p><code>
+ ProxyPass /foo http://foo.example.com/bar<br />
+ ProxyPassReverse /foo http://foo.example.com/bar
</code></p></div>
- <p>To distinguish <var>Domain</var>s from <var><a href="#hostname">Hostname</a></var>s (both syntactically and semantically; a DNS domain can
- have a DNS A record, too!), <var>Domain</var>s are always written with a
- leading period.</p>
-
- <div class="note"><h3>Note</h3>
- <p>Domain name comparisons are done without regard to the case, and
- <var>Domain</var>s are always assumed to be anchored in the root of the
- DNS tree, therefore two domains <code>.ExAmple.com</code> and
- <code>.example.com.</code> (note the trailing period) are considered
- equal. Since a domain comparison does not involve a DNS lookup, it is much
- more efficient than subnet comparison.</p>
- </div></dd>
+ <div class="example"><h3>Forward Proxy</h3><p><code>
+ ProxyRequests On<br />
+ ProxyVia On<br />
+ <br />
+ <Proxy *><br />
+ <span class="indent">
+ Order deny,allow<br />
+ Deny from all<br />
+ Allow from internal.example.com<br />
+ </span>
+ </Proxy>
+ </code></p></div>
-
- <dt><var><a name="subnet" id="subnet">SubNet</a></var></dt>
- <dd>
- <p>A <dfn>SubNet</dfn> is a partially qualified internet address in
- numeric (dotted quad) form, optionally followed by a slash and the netmask,
- specified as the number of significant bits in the <var>SubNet</var>. It is
- used to represent a subnet of hosts which can be reached over a common
- network interface. In the absence of the explicit net mask it is assumed
- that omitted (or zero valued) trailing digits specify the mask. (In this
- case, the netmask can only be multiples of 8 bits wide.) Examples:</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="workers" id="workers">Workers</a></h2>
+ <p>The proxy manages the configuration of origin servers and their
+ communication parameters in objects called <dfn>workers</dfn>.
+ There are two built-in workers, the default forward proxy worker and the
+ default reverse proxy worker. Additional workers can be configured
+ explicitly.</p>
- <dl>
- <dt><code>192.168</code> or <code>192.168.0.0</code></dt>
- <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
- (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
- <dt><code>192.168.112.0/21</code></dt>
- <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
- valid bits (also used in the form <code>255.255.248.0</code>)</dd>
- </dl>
+ <p>The two default workers have a fixed configuration
+ and will be used if no other worker matches the request.
+ They do not use HTTP Keep-Alive or connection pooling.
+ The TCP connections to the origin server will instead be
+ opened and closed for each request.</p>
- <p>As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
- equivalent to an <var><a href="#ipaddr">IPAddr</a></var>, while a <var>SubNet</var> with zero
- valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
- <var>_Default_</var>, matching any IP address.</p></dd>
+ <p>Explicitly configured workers are identified by their URL.
+ They are usually created and configured using
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> or
+ <code class="directive"><a href="#proxypassmatch">ProxyPassMatch</a></code> when used
+ for a reverse proxy:</p>
-
- <dt><var><a name="ipaddr" id="ipaddr">IPAddr</a></var></dt>
- <dd>
- <p>A <dfn>IPAddr</dfn> represents a fully qualified internet address in
- numeric (dotted quad) form. Usually, this address represents a host, but
- there need not necessarily be a DNS domain name connected with the
- address.</p>
- <div class="example"><h3>Example</h3><p><code>
- 192.168.123.7
- </code></p></div>
-
- <div class="note"><h3>Note</h3>
- <p>An <var>IPAddr</var> does not need to be resolved by the DNS system, so
- it can result in more effective apache performance.</p>
- </div></dd>
+ <div class="example"><p><code>
+ ProxyPass /example http://backend.example.com connectiontimeout=5 timeout=30
+ </code></p></div>
-
- <dt><var><a name="hostname" id="hostname">Hostname</a></var></dt>
- <dd>
- <p>A <dfn>Hostname</dfn> is a fully qualified DNS domain name which can
- be resolved to one or more <var><a href="#ipaddr">IPAddrs</a></var> via the
- DNS domain name service. It represents a logical host (in contrast to
- <var><a href="#domain">Domain</a></var>s, see above) and must be resolvable
- to at least one <var><a href="#ipaddr">IPAddr</a></var> (or often to a list
- of hosts with different <var><a href="#ipaddr">IPAddr</a></var>s).</p>
+ <p>This will create a worker associated with the origin server URL
+ <code>http://backend.example.com</code> and using the given timeout
+ values. When used in a forward proxy, workers are usually defined
+ via the <code class="directive"><a href="#proxyset">ProxySet</a></code> directive:</p>
- <div class="example"><h3>Examples</h3><p><code>
- prep.ai.example.com<br />
- www.apache.org
- </code></p></div>
+ <div class="example"><p><code>
+ ProxySet http://backend.example.com connectiontimeout=5 timeout=30
+ </code></p></div>
- <div class="note"><h3>Note</h3>
- <p>In many situations, it is more effective to specify an <var><a href="#ipaddr">IPAddr</a></var> in place of a <var>Hostname</var> since a
- DNS lookup can be avoided. Name resolution in Apache can take a remarkable
- deal of time when the connection to the name server uses a slow PPP
- link.</p>
- <p><var>Hostname</var> comparisons are done without regard to the case,
- and <var>Hostname</var>s are always assumed to be anchored in the root
- of the DNS tree, therefore two hosts <code>WWW.ExAmple.com</code>
- and <code>www.example.com.</code> (note the trailing period) are
- considered equal.</p>
- </div></dd>
- </dl>
-
-<h3>See also</h3>
-<ul>
-<li><a href="../dns-caveats.html">DNS Issues</a></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="Proxy" id="Proxy"><Proxy></a> <a name="proxy" id="proxy">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to proxied resources</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><Proxy <var>wildcard-url</var>> ...</Proxy></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
- <p>Directives placed in <code class="directive"><Proxy></code>
- sections apply only to matching proxied content. Shell-style wildcards are
- allowed.</p>
+ <p>or alternatively using <code class="directive"><a href="#proxy">Proxy</a></code>
+ and <code class="directive"><a href="#proxyset">ProxySet</a></code>:</p>
- <p>For example, the following will allow only hosts in
- <code>yournetwork.example.com</code> to access content via your proxy
- server:</p>
+ <div class="example"><p><code>
+ <Proxy http://backend.example.com><br />
+ <span class="indent">
+ ProxySet connectiontimeout=5 timeout=30
+ </span>
+ </Proxy>
+ </code></p></div>
- <div class="example"><p><code>
- <Proxy *><br />
- <span class="indent">
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from yournetwork.example.com<br />
- </span>
- </Proxy>
- </code></p></div>
+ <p>Using explicitly configured workers in the forward mode is
+ not very common, because forward proxies usually communicate with many
+ different origin servers. Creating explicit workers for some of the
+ origin servers can still be useful, if they are used very often.
+ Explicitly configured workers have no concept of forward or reverse
+ proxying by themselves. They encapsulate a common concept of
+ communication with origin servers. A worker created by
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> for use in a
+ reverse proxy will be also used for forward proxy requests whenever
+ the URL to the origin server matches the worker URL and vice versa.</p>
- <p>The following example will process all files in the <code>foo</code>
- directory of <code>example.com</code> through the <code>INCLUDES</code>
- filter when they are sent through the proxy server:</p>
+ <p>The URL identifying a direct worker is the URL of its
+ origin server including any path components given:</p>
- <div class="example"><p><code>
- <Proxy http://example.com/foo/*><br />
- <span class="indent">
- SetOutputFilter INCLUDES<br />
- </span>
- </Proxy>
- </code></p></div>
+ <div class="example"><p><code>
+ ProxyPass /examples http://backend.example.com/examples<br />
+ ProxyPass /docs http://backend.example.com/docs
+ </code></p></div>
- <div class="note"><h3>Differences from the Location configuration section</h3>
- <p>A backend URL matches the configuration section if it begins with the
- the <var>wildcard-url</var> string, even if the last path segment in the
- directive only matches a prefix of the backend URL. For example,
- <Proxy http://example.com/foo> matches all of
- http://example.com/foo, http://example.com/foo/bar, and
- http://example.com/foobar. The matching of the final URL differs
- from the behavior of the <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, which for purposes of this note
- treats the final path component as if it ended in a slash.</p>
- <p>For more control over the matching, see <code class="directive"><ProxyMatch></code>.</p>
- </div>
+ <p>This example defines two different workers, each using a separate
+ connection pool and configuration.</p>
+ <div class="warning"><h3>Worker Sharing</h3>
+ <p>Worker sharing happens if the worker URLs overlap, which occurs when
+ the URL of some worker is a leading substring of the URL of another
+ worker defined later in the configuration file. In the following example</p>
-<h3>See also</h3>
-<ul>
-<li><code class="directive"><a href="#proxymatch"><ProxyMatch></a></code></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyBadHeader" id="ProxyBadHeader">ProxyBadHeader</a> <a name="proxybadheader" id="proxybadheader">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines how to handle bad header lines in a
-response</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBadHeader IsError|Ignore|StartBody</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyBadHeader IsError</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.44 and later</td></tr>
-</table>
- <p>The <code class="directive">ProxyBadHeader</code> directive determines the
- behaviour of <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> if it receives syntactically invalid
- response header lines (<em>i.e.</em> containing no colon) from the origin
- server. The following arguments are possible:</p>
+ <div class="example"><p><code>
+ ProxyPass /apps http://backend.example.com/ timeout=60<br />
+ ProxyPass /examples http://backend.example.com/examples timeout=10
+ </code></p></div>
- <dl>
- <dt><code>IsError</code></dt>
- <dd>Abort the request and end up with a 502 (Bad Gateway) response. This is
- the default behaviour.</dd>
+ <p>the second worker isn't actually created. Instead the first
+ worker is used. The benefit is, that there is only one connection pool,
+ so connections are more often reused. Note that all configuration attributes
+ given explicitly for the later worker and some configuration defaults will
+ overwrite the configuration given for the first worker. This will be logged
+ as a warning. In the above example the resulting timeout value
+ for the URL <code>/apps</code> will be <code>10</code> instead
+ of <code>60</code>!</p>
- <dt><code>Ignore</code></dt>
- <dd>Treat bad header lines as if they weren't sent.</dd>
+ <p>If you want to avoid worker sharing, sort your worker definitions
+ by URL length, starting with the longest worker URLs. If you want to maximize
+ worker sharing use the reverse sort order. See also the related warning about
+ ordering <code class="directive"><a href="#proxypass">ProxyPass</a></code> directives.</p>
- <dt><code>StartBody</code></dt>
- <dd>When receiving the first bad header line, finish reading the headers and
- treat the remainder as body. This helps to work around buggy backend servers
- which forget to insert an empty line between the headers and the body.</dd>
- </dl>
+ </div>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyBlock" id="ProxyBlock">ProxyBlock</a> <a name="proxyblock" id="proxyblock">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Words, hosts, or domains that are banned from being
-proxied</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBlock *|<var>word</var>|<var>host</var>|<var>domain</var>
-[<var>word</var>|<var>host</var>|<var>domain</var>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
- <p>The <code class="directive">ProxyBlock</code> directive specifies a list of
- words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and
- FTP document requests to sites whose names contain matched words,
- hosts or domains are <em>blocked</em> by the proxy server. The proxy
- module will also attempt to determine IP addresses of list items which
- may be hostnames during startup, and cache them for match test as
- well. That may slow down the startup time of the server.</p>
+ <p>Explicitly configured workers come in two flavors:
+ <dfn>direct workers</dfn> and <dfn>(load) balancer workers</dfn>.
+ They support many important configuration attributes which are
+ described below in the <code class="directive"><a href="#proxypass">ProxyPass</a></code>
+ directive. The same attributes can also be set using
+ <code class="directive"><a href="#proxyset">ProxySet</a></code>.</p>
- <div class="example"><h3>Example</h3><p><code>
- ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
- </code></p></div>
+ <p>The set of options available for a direct worker
+ depends on the protocol, which is specified in the origin server URL.
+ Available protocols include <code>ajp</code>,
+ <code>ftp</code>, <code>http</code> and <code>scgi</code>.</p>
- <p><code>rocky.wotsamattau.edu</code> would also be matched if referenced by
- IP address.</p>
+ <p>Balancer workers are virtual workers that use direct workers known
+ as their members to actually handle the requests. Each balancer can
+ have multiple members. When it handles a request, it chooses a member
+ based on the configured load balancing algorithm.</p>
- <p>Note that <code>wotsamattau</code> would also be sufficient to match
- <code>wotsamattau.edu</code>.</p>
+ <p>A balancer worker is created if its worker URL uses
+ <code>balancer</code> as the protocol scheme.
+ The balancer URL uniquely identifies the balancer worker.
+ Members are added to a balancer using
+ <code class="directive"><a href="#balancermember">BalancerMember</a></code>.</p>
- <p>Note also that</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="access" id="access">Controlling access to your proxy</a></h2>
+ <p>You can control who can access your proxy via the <code class="directive"><a href="#proxy"><Proxy></a></code> control block as in
+ the following example:</p>
- <div class="example"><p><code>
- ProxyBlock *
- </code></p></div>
+ <div class="example"><p><code>
+ <Proxy *><br />
+ <span class="indent">
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from 192.168.0<br />
+ </span>
+ </Proxy>
+ </code></p></div>
- <p>blocks connections to all sites.</p>
+ <p>For more information on access control directives, see
+ <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyDomain" id="ProxyDomain">ProxyDomain</a> <a name="proxydomain" id="proxydomain">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default domain name for proxied requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyDomain <var>Domain</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
- <p>This directive is only useful for Apache proxy servers within
- intranets. The <code class="directive">ProxyDomain</code> directive specifies
- the default domain which the apache proxy server will belong to. If a
- request to a host without a domain name is encountered, a redirection
- response to the same host with the configured <var>Domain</var> appended
- will be generated.</p>
+ <p>Strictly limiting access is essential if you are using a
+ forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive).
+ Otherwise, your server can be used by any client to access
+ arbitrary hosts while hiding his or her true identity. This is
+ dangerous both for your network and for the Internet at large.
+ When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with
+ <code>ProxyRequests Off</code>), access control is less
+ critical because clients can only contact the hosts that you
+ have specifically configured.</p>
- <div class="example"><h3>Example</h3><p><code>
- ProxyRemote * http://firewall.example.com:81<br />
- NoProxy .example.com 192.168.112.0/21<br />
- ProxyDomain .example.com
- </code></p></div>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="startup" id="startup">Slow Startup</a></h2>
+ <p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up
+ and cached during startup for later match test. This may take a few
+ seconds (or more) depending on the speed with which the hostname lookups
+ occur.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>
+ <p>An Apache proxy server situated in an intranet needs to forward
+ external requests through the company's firewall (for this, configure
+ the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive
+ to forward the respective <var>scheme</var> to the firewall proxy).
+ However, when it has to
+ access resources within the intranet, it can bypass the firewall when
+ accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>
+ directive is useful for specifying which hosts belong to the intranet and
+ should be accessed directly.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyErrorOverride" id="ProxyErrorOverride">ProxyErrorOverride</a> <a name="proxyerroroverride" id="proxyerroroverride">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Override error pages for proxied content</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyErrorOverride On|Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyErrorOverride Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0 and later</td></tr>
-</table>
- <p>This directive is useful for reverse-proxy setups, where you want to
- have a common look and feel on the error pages seen by the end user.
- This also allows for included files (via
- <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>'s SSI) to get
- the error code and act accordingly (default behavior would display
- the error page of the proxied server, turning this on shows the SSI
- Error message).</p>
+ <p>Users within an intranet tend to omit the local domain name from their
+ WWW requests, thus requesting "http://somehost/" instead of
+ <code>http://somehost.example.com/</code>. Some commercial proxy servers
+ let them get away with this and simply serve the request, implying a
+ configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return
+ a redirect response and send the client to the correct, fully qualified,
+ server address. This is the preferred method since the user's bookmark
+ files will then contain fully qualified hosts.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>
+ <p>For circumstances where <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> is sending
+ requests to an origin server that doesn't properly implement
+ keepalives or HTTP/1.1, there are two <a href="../env.html">environment variables</a> that can force the
+ request to use HTTP/1.0 with no keepalive. These are set via the
+ <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>
- <p>This directive does not affect the processing of informational (1xx),
- normal success (2xx), or redirect (3xx) responses.</p>
+ <p>These are the <code>force-proxy-request-1.0</code> and
+ <code>proxy-nokeepalive</code> notes.</p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyFtpDirCharset" id="ProxyFtpDirCharset">ProxyFtpDirCharset</a> <a name="proxyftpdircharset" id="proxyftpdircharset">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define the character set for proxied FTP listings</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyFtpDirCharset <var>character set</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyFtpDirCharset ISO-8859-1</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.2.7 and later</td></tr>
-</table>
- <p>The <code class="directive">ProxyFtpDirCharset</code> directive defines the
- character set to be set for FTP directory listings in HTML generated by
- <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>.</p>
+ <div class="example"><p><code>
+ <Location /buggyappserver/><br />
+ <span class="indent">
+ ProxyPass http://buggyappserver:7001/foo/<br />
+ SetEnv force-proxy-request-1.0 1<br />
+ SetEnv proxy-nokeepalive 1<br />
+ </span>
+ </Location>
+ </code></p></div>
-</div>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="request-bodies" id="request-bodies">Request Bodies</a></h2>
+
+ <p>Some request methods such as POST include a request body.
+ The HTTP protocol requires that requests which include a body
+ either use chunked transfer encoding or send a
+ <code>Content-Length</code> request header. When passing these
+ requests on to the origin server, <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>
+ will always attempt to send the <code>Content-Length</code>. But
+ if the body is large and the original request used chunked
+ encoding, then chunked encoding may also be used in the upstream
+ request. You can control this selection using <a href="../env.html">environment variables</a>. Setting
+ <code>proxy-sendcl</code> ensures maximum compatibility with
+ upstream servers by always sending the
+ <code>Content-Length</code>, while setting
+ <code>proxy-sendchunked</code> minimizes resource usage by using
+ chunked encoding.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="x-headers" id="x-headers">Reverse Proxy Request Headers</a></h2>
+
+ <p>When acting in a reverse-proxy mode (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive, for example),
+ <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> adds several request headers in
+ order to pass information to the origin server. These headers
+ are:</p>
+
+ <dl>
+ <dt><code>X-Forwarded-For</code></dt>
+ <dd>The IP address of the client.</dd>
+ <dt><code>X-Forwarded-Host</code></dt>
+ <dd>The original host requested by the client in the <code>Host</code>
+ HTTP request header.</dd>
+ <dt><code>X-Forwarded-Server</code></dt>
+ <dd>The hostname of the proxy server.</dd>
+ </dl>
+
+ <p>Be careful when using these headers on the origin server, since
+ they will contain more than one (comma-separated) value if the
+ original request already contained one of these headers. For
+ example, you can use <code>%{X-Forwarded-For}i</code> in the log
+ format string of the origin server to log the original clients IP
+ address, but you may get more than one address if the request
+ passes through several proxies.</p>
+
+ <p>See also the <code class="directive"><a href="#proxypreservehost">ProxyPreserveHost</a></code> and <code class="directive"><a href="#proxyvia">ProxyVia</a></code> directives, which control
+ other request headers.</p>
+
+ </div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyIOBufferSize" id="ProxyIOBufferSize">ProxyIOBufferSize</a> <a name="proxyiobuffersize" id="proxyiobuffersize">Directive</a></h2>
+<div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determine size of internal data throughput buffer</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyIOBufferSize <var>bytes</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyIOBufferSize 8192</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to <code>CONNECT</code> through the
+proxy</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AllowCONNECT <var>port</var> [<var>port</var>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AllowCONNECT 443 563</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
- <p>The <code class="directive">ProxyIOBufferSize</code> directive adjusts the size
- of the internal buffer, which is used as a scratchpad for the data between
- input and output. The size must be at least <code>8192</code>.</p>
+ <p>The <code class="directive">AllowCONNECT</code> directive specifies a list
+ of port numbers to which the proxy <code>CONNECT</code> method may
+ connect. Today's browsers use this method when a <code>https</code>
+ connection is requested and proxy tunneling over HTTP is in effect.</p>
- <p>When the <code class="module"><a href="../mod/mod_proxy_ajp.html">mod_proxy_ajp</a></code> module is used, this value is
- aligned to a 1024 byte boundary, and values larger than 65536 are set to
- 65536 in accordance with the AJP protocol.</p>
+ <p>By default, only the default https port (<code>443</code>) and the
+ default snews port (<code>563</code>) are enabled. Use the
+ <code class="directive">AllowCONNECT</code> directive to override this default and
+ allow connections to the listed ports only.</p>
- <p>In almost every case there's no reason to change that value.</p>
+ <p>Note that you'll need to have <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> present
+ in the server in order to get the support for the <code>CONNECT</code> at
+ all.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyMatch" id="ProxyMatch"><ProxyMatch></a> <a name="proxymatch" id="proxymatch">Directive</a></h2>
+<div class="directive-section"><h2><a name="BalancerMember" id="BalancerMember">BalancerMember</a> <a name="balancermember" id="balancermember">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to regular-expression-matched
-proxied resources</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><ProxyMatch <var>regex</var>> ...</ProxyMatch></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Add a member to a load balancing group</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>BalancerMember [<var>balancerurl</var>] <var>url</var> [<var>key=value [key=value ...]]</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerMember is only available in Apache 2.2
+ and later.</td></tr>
</table>
- <p>The <code class="directive"><ProxyMatch></code> directive is
- identical to the <code class="directive"><a href="#proxy"><Proxy></a></code> directive, except it matches URLs
- using <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expressions</a>.</p>
+ <p>This directive adds a member to a load balancing group. It could be used
+ within a <code><Proxy <var>balancer://</var>...></code> container
+ directive, and can take any of the key value pairs available to
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directives.</p>
+ <p>The balancerurl is only needed when not in <code><Proxy <var>balancer://</var>...></code>
+ container directive. It corresponds to the url of a balancer defined in
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
-<h3>See also</h3>
-<ul>
-<li><code class="directive"><a href="#proxy"><Proxy></a></code></li>
-</ul>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyMaxForwards" id="ProxyMaxForwards">ProxyMaxForwards</a> <a name="proxymaxforwards" id="proxymaxforwards">Directive</a></h2>
+<div class="directive-section"><h2><a name="NoProxy" id="NoProxy">NoProxy</a> <a name="noproxy" id="noproxy">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximium number of proxies that a request can be forwarded
-through</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyMaxForwards <var>number</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyMaxForwards -1</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hosts, domains, or networks that will be connected to
+directly</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>NoProxy <var>host</var> [<var>host</var>] ...</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0 and later;
- default behaviour changed in 2.2.7</td></tr>
</table>
- <p>The <code class="directive">ProxyMaxForwards</code> directive specifies the
- maximum number of proxies through which a request may pass, if there's no
- <code>Max-Forwards</code> header supplied with the request. This may
- be set to prevent infinite proxy loops, or a DoS attack.</p>
+ <p>This directive is only useful for Apache proxy servers within
+ intranets. The <code class="directive">NoProxy</code> directive specifies a
+ list of subnets, IP addresses, hosts and/or domains, separated by
+ spaces. A request to a host which matches one or more of these is
+ always served directly, without forwarding to the configured
+ <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>
<div class="example"><h3>Example</h3><p><code>
- ProxyMaxForwards 15
+ ProxyRemote * http://firewall.example.com:81<br />
+ NoProxy .example.com 192.168.112.0/21
</code></p></div>
- <p>Note that setting <code class="directive">ProxyMaxForwards</code> is a
- violation of the HTTP/1.1 protocol (RFC2616), which forbids a Proxy
- setting <code>Max-Forwards</code> if the Client didn't set it.
- Earlier Apache versions would always set it. A negative
- <code class="directive">ProxyMaxForwards</code> value, including the
- default -1, gives you protocol-compliant behaviour, but may
- leave you open to loops.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyPass" id="ProxyPass">ProxyPass</a> <a name="proxypass" id="proxypass">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps remote servers into the local server URL-space</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPass [<var>path</var>] !|<var>url</var> [<var>key=value</var>
-<var>[key=value</var> ...]] [nocanon] [interpolate]</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
- <p>This directive allows remote servers to be mapped into the
- space of the local server; the local server does not act as a
- proxy in the conventional sense, but appears to be a mirror of the
- remote server. The local server is often called a <dfn>reverse
- proxy</dfn> or <dfn>gateway</dfn>. The <var>path</var> is the name of
- a local virtual path; <var>url</var> is a partial URL for the
- remote server and cannot include a query string.</p>
-
- <div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should
- usually be set <strong>off</strong> when using
- <code class="directive">ProxyPass</code>.</div>
+ <p>The <var>host</var> arguments to the <code class="directive">NoProxy</code>
+ directive are one of the following type list:</p>
- <p>Suppose the local server has address <code>http://example.com/</code>;
- then</p>
+ <dl>
+
+ <dt><var><a name="domain" id="domain">Domain</a></var></dt>
+ <dd>
+ <p>A <dfn>Domain</dfn> is a partially qualified DNS domain name, preceded
+ by a period. It represents a list of hosts which logically belong to the
+ same DNS domain or zone (<em>i.e.</em>, the suffixes of the hostnames are
+ all ending in <var>Domain</var>).</p>
- <div class="example"><p><code>
- ProxyPass /mirror/foo/ http://backend.example.com/
+ <div class="example"><h3>Examples</h3><p><code>
+ .com .apache.org.
</code></p></div>
- <p>will cause a local request for
- <code>http://example.com/mirror/foo/bar</code> to be internally converted
- into a proxy request to <code>http://backend.example.com/bar</code>.</p>
-
- <div class="warning">
- <p>If the first argument ends with a trailing <strong>/</strong>, the second
- argument should also end with a trailing <strong>/</strong> and vice
- versa. Otherwise the resulting requests to the backend may miss some
- needed slashes and do not deliver the expected results.
- </p>
- </div>
+ <p>To distinguish <var>Domain</var>s from <var><a href="#hostname">Hostname</a></var>s (both syntactically and semantically; a DNS domain can
+ have a DNS A record, too!), <var>Domain</var>s are always written with a
+ leading period.</p>
+
+ <div class="note"><h3>Note</h3>
+ <p>Domain name comparisons are done without regard to the case, and
+ <var>Domain</var>s are always assumed to be anchored in the root of the
+ DNS tree, therefore two domains <code>.ExAmple.com</code> and
+ <code>.example.com.</code> (note the trailing period) are considered
+ equal. Since a domain comparison does not involve a DNS lookup, it is much
+ more efficient than subnet comparison.</p>
+ </div></dd>
- <p>The <code>!</code> directive is useful in situations where you don't want
+
+ <dt><var><a name="subnet" id="subnet">SubNet</a></var></dt>
+ <dd>
+ <p>A <dfn>SubNet</dfn> is a partially qualified internet address in
+ numeric (dotted quad) form, optionally followed by a slash and the netmask,
+ specified as the number of significant bits in the <var>SubNet</var>. It is
+ used to represent a subnet of hosts which can be reached over a common
+ network interface. In the absence of the explicit net mask it is assumed
+ that omitted (or zero valued) trailing digits specify the mask. (In this
+ case, the netmask can only be multiples of 8 bits wide.) Examples:</p>
+
+ <dl>
+ <dt><code>192.168</code> or <code>192.168.0.0</code></dt>
+ <dd>the subnet 192.168.0.0 with an implied netmask of 16 valid bits
+ (sometimes used in the netmask form <code>255.255.0.0</code>)</dd>
+ <dt><code>192.168.112.0/21</code></dt>
+ <dd>the subnet <code>192.168.112.0/21</code> with a netmask of 21
+ valid bits (also used in the form <code>255.255.248.0</code>)</dd>
+ </dl>
+
+ <p>As a degenerate case, a <em>SubNet</em> with 32 valid bits is the
+ equivalent to an <var><a href="#ipaddr">IPAddr</a></var>, while a <var>SubNet</var> with zero
+ valid bits (<em>e.g.</em>, 0.0.0.0/0) is the same as the constant
+ <var>_Default_</var>, matching any IP address.</p></dd>
+
+
+ <dt><var><a name="ipaddr" id="ipaddr">IPAddr</a></var></dt>
+ <dd>
+ <p>A <dfn>IPAddr</dfn> represents a fully qualified internet address in
+ numeric (dotted quad) form. Usually, this address represents a host, but
+ there need not necessarily be a DNS domain name connected with the
+ address.</p>
+ <div class="example"><h3>Example</h3><p><code>
+ 192.168.123.7
+ </code></p></div>
+
+ <div class="note"><h3>Note</h3>
+ <p>An <var>IPAddr</var> does not need to be resolved by the DNS system, so
+ it can result in more effective apache performance.</p>
+ </div></dd>
+
+
+ <dt><var><a name="hostname" id="hostname">Hostname</a></var></dt>
+ <dd>
+ <p>A <dfn>Hostname</dfn> is a fully qualified DNS domain name which can
+ be resolved to one or more <var><a href="#ipaddr">IPAddrs</a></var> via the
+ DNS domain name service. It represents a logical host (in contrast to
+ <var><a href="#domain">Domain</a></var>s, see above) and must be resolvable
+ to at least one <var><a href="#ipaddr">IPAddr</a></var> (or often to a list
+ of hosts with different <var><a href="#ipaddr">IPAddr</a></var>s).</p>
+
+ <div class="example"><h3>Examples</h3><p><code>
+ prep.ai.example.com<br />
+ www.apache.org
+ </code></p></div>
+
+ <div class="note"><h3>Note</h3>
+ <p>In many situations, it is more effective to specify an <var><a href="#ipaddr">IPAddr</a></var> in place of a <var>Hostname</var> since a
+ DNS lookup can be avoided. Name resolution in Apache can take a remarkable
+ deal of time when the connection to the name server uses a slow PPP
+ link.</p>
+ <p><var>Hostname</var> comparisons are done without regard to the case,
+ and <var>Hostname</var>s are always assumed to be anchored in the root
+ of the DNS tree, therefore two hosts <code>WWW.ExAmple.com</code>
+ and <code>www.example.com.</code> (note the trailing period) are
+ considered equal.</p>
+ </div></dd>
+ </dl>
+
+<h3>See also</h3>
+<ul>
+<li><a href="../dns-caveats.html">DNS Issues</a></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="Proxy" id="Proxy"><Proxy></a> <a name="proxy" id="proxy">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to proxied resources</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><Proxy <var>wildcard-url</var>> ...</Proxy></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>Directives placed in <code class="directive"><Proxy></code>
+ sections apply only to matching proxied content. Shell-style wildcards are
+ allowed.</p>
+
+ <p>For example, the following will allow only hosts in
+ <code>yournetwork.example.com</code> to access content via your proxy
+ server:</p>
+
+ <div class="example"><p><code>
+ <Proxy *><br />
+ <span class="indent">
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from yournetwork.example.com<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <p>The following example will process all files in the <code>foo</code>
+ directory of <code>example.com</code> through the <code>INCLUDES</code>
+ filter when they are sent through the proxy server:</p>
+
+ <div class="example"><p><code>
+ <Proxy http://example.com/foo/*><br />
+ <span class="indent">
+ SetOutputFilter INCLUDES<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
+ <div class="note"><h3>Differences from the Location configuration section</h3>
+ <p>A backend URL matches the configuration section if it begins with the
+ the <var>wildcard-url</var> string, even if the last path segment in the
+ directive only matches a prefix of the backend URL. For example,
+ <Proxy http://example.com/foo> matches all of
+ http://example.com/foo, http://example.com/foo/bar, and
+ http://example.com/foobar. The matching of the final URL differs
+ from the behavior of the <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, which for purposes of this note
+ treats the final path component as if it ended in a slash.</p>
+ <p>For more control over the matching, see <code class="directive"><ProxyMatch></code>.</p>
+ </div>
+
+
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="#proxymatch"><ProxyMatch></a></code></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyBadHeader" id="ProxyBadHeader">ProxyBadHeader</a> <a name="proxybadheader" id="proxybadheader">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines how to handle bad header lines in a
+response</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBadHeader IsError|Ignore|StartBody</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyBadHeader IsError</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.44 and later</td></tr>
+</table>
+ <p>The <code class="directive">ProxyBadHeader</code> directive determines the
+ behaviour of <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> if it receives syntactically invalid
+ response header lines (<em>i.e.</em> containing no colon) from the origin
+ server. The following arguments are possible:</p>
+
+ <dl>
+ <dt><code>IsError</code></dt>
+ <dd>Abort the request and end up with a 502 (Bad Gateway) response. This is
+ the default behaviour.</dd>
+
+ <dt><code>Ignore</code></dt>
+ <dd>Treat bad header lines as if they weren't sent.</dd>
+
+ <dt><code>StartBody</code></dt>
+ <dd>When receiving the first bad header line, finish reading the headers and
+ treat the remainder as body. This helps to work around buggy backend servers
+ which forget to insert an empty line between the headers and the body.</dd>
+ </dl>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyBlock" id="ProxyBlock">ProxyBlock</a> <a name="proxyblock" id="proxyblock">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Words, hosts, or domains that are banned from being
+proxied</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyBlock *|<var>word</var>|<var>host</var>|<var>domain</var>
+[<var>word</var>|<var>host</var>|<var>domain</var>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>The <code class="directive">ProxyBlock</code> directive specifies a list of
+ words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and
+ FTP document requests to sites whose names contain matched words,
+ hosts or domains are <em>blocked</em> by the proxy server. The proxy
+ module will also attempt to determine IP addresses of list items which
+ may be hostnames during startup, and cache them for match test as
+ well. That may slow down the startup time of the server.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
+ </code></p></div>
+
+ <p><code>rocky.wotsamattau.edu</code> would also be matched if referenced by
+ IP address.</p>
+
+ <p>Note that <code>wotsamattau</code> would also be sufficient to match
+ <code>wotsamattau.edu</code>.</p>
+
+ <p>Note also that</p>
+
+ <div class="example"><p><code>
+ ProxyBlock *
+ </code></p></div>
+
+ <p>blocks connections to all sites.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyDomain" id="ProxyDomain">ProxyDomain</a> <a name="proxydomain" id="proxydomain">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Default domain name for proxied requests</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyDomain <var>Domain</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>This directive is only useful for Apache proxy servers within
+ intranets. The <code class="directive">ProxyDomain</code> directive specifies
+ the default domain which the apache proxy server will belong to. If a
+ request to a host without a domain name is encountered, a redirection
+ response to the same host with the configured <var>Domain</var> appended
+ will be generated.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyRemote * http://firewall.example.com:81<br />
+ NoProxy .example.com 192.168.112.0/21<br />
+ ProxyDomain .example.com
+ </code></p></div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyErrorOverride" id="ProxyErrorOverride">ProxyErrorOverride</a> <a name="proxyerroroverride" id="proxyerroroverride">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Override error pages for proxied content</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyErrorOverride On|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyErrorOverride Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.0 and later</td></tr>
+</table>
+ <p>This directive is useful for reverse-proxy setups, where you want to
+ have a common look and feel on the error pages seen by the end user.
+ This also allows for included files (via
+ <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>'s SSI) to get
+ the error code and act accordingly (default behavior would display
+ the error page of the proxied server, turning this on shows the SSI
+ Error message).</p>
+
+ <p>This directive does not affect the processing of informational (1xx),
+ normal success (2xx), or redirect (3xx) responses.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyFtpDirCharset" id="ProxyFtpDirCharset">ProxyFtpDirCharset</a> <a name="proxyftpdircharset" id="proxyftpdircharset">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define the character set for proxied FTP listings</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyFtpDirCharset <var>character set</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyFtpDirCharset ISO-8859-1</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.2.7 and later</td></tr>
+</table>
+ <p>The <code class="directive">ProxyFtpDirCharset</code> directive defines the
+ character set to be set for FTP directory listings in HTML generated by
+ <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyIOBufferSize" id="ProxyIOBufferSize">ProxyIOBufferSize</a> <a name="proxyiobuffersize" id="proxyiobuffersize">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determine size of internal data throughput buffer</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyIOBufferSize <var>bytes</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyIOBufferSize 8192</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>The <code class="directive">ProxyIOBufferSize</code> directive adjusts the size
+ of the internal buffer, which is used as a scratchpad for the data between
+ input and output. The size must be at least <code>8192</code>.</p>
+
+ <p>When the <code class="module"><a href="../mod/mod_proxy_ajp.html">mod_proxy_ajp</a></code> module is used, this value is
+ aligned to a 1024 byte boundary, and values larger than 65536 are set to
+ 65536 in accordance with the AJP protocol.</p>
+
+ <p>In almost every case there's no reason to change that value.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyMatch" id="ProxyMatch"><ProxyMatch></a> <a name="proxymatch" id="proxymatch">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container for directives applied to regular-expression-matched
+proxied resources</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><ProxyMatch <var>regex</var>> ...</ProxyMatch></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>The <code class="directive"><ProxyMatch></code> directive is
+ identical to the <code class="directive"><a href="#proxy"><Proxy></a></code> directive, except it matches URLs
+ using <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expressions</a>.</p>
+
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="#proxy"><Proxy></a></code></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyMaxForwards" id="ProxyMaxForwards">ProxyMaxForwards</a> <a name="proxymaxforwards" id="proxymaxforwards">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximium number of proxies that a request can be forwarded
+through</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyMaxForwards <var>number</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyMaxForwards -1</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0 and later;
+ default behaviour changed in 2.2.7</td></tr>
+</table>
+ <p>The <code class="directive">ProxyMaxForwards</code> directive specifies the
+ maximum number of proxies through which a request may pass, if there's no
+ <code>Max-Forwards</code> header supplied with the request. This may
+ be set to prevent infinite proxy loops, or a DoS attack.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyMaxForwards 15
+ </code></p></div>
+
+ <p>Note that setting <code class="directive">ProxyMaxForwards</code> is a
+ violation of the HTTP/1.1 protocol (RFC2616), which forbids a Proxy
+ setting <code>Max-Forwards</code> if the Client didn't set it.
+ Earlier Apache versions would always set it. A negative
+ <code class="directive">ProxyMaxForwards</code> value, including the
+ default -1, gives you protocol-compliant behaviour, but may
+ leave you open to loops.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyPass" id="ProxyPass">ProxyPass</a> <a name="proxypass" id="proxypass">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps remote servers into the local server URL-space</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyPass [<var>path</var>] !|<var>url</var> [<var>key=value</var>
+<var>[key=value</var> ...]] [nocanon] [interpolate]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>This directive allows remote servers to be mapped into the
+ space of the local server; the local server does not act as a
+ proxy in the conventional sense, but appears to be a mirror of the
+ remote server. The local server is often called a <dfn>reverse
+ proxy</dfn> or <dfn>gateway</dfn>. The <var>path</var> is the name of
+ a local virtual path; <var>url</var> is a partial URL for the
+ remote server and cannot include a query string.</p>
+
+ <div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should
+ usually be set <strong>off</strong> when using
+ <code class="directive">ProxyPass</code>.</div>
+
+ <p>Suppose the local server has address <code>http://example.com/</code>;
+ then</p>
+
+ <div class="example"><p><code>
+ ProxyPass /mirror/foo/ http://backend.example.com/
+ </code></p></div>
+
+ <p>will cause a local request for
+ <code>http://example.com/mirror/foo/bar</code> to be internally converted
+ into a proxy request to <code>http://backend.example.com/bar</code>.</p>
+
+ <div class="warning">
+ <p>If the first argument ends with a trailing <strong>/</strong>, the second
+ argument should also end with a trailing <strong>/</strong> and vice
+ versa. Otherwise the resulting requests to the backend may miss some
+ needed slashes and do not deliver the expected results.
+ </p>
+ </div>
+
+ <p>The <code>!</code> directive is useful in situations where you don't want
to reverse-proxy a subdirectory, <em>e.g.</em></p>
<div class="example"><p><code>
are supported by this module. When using <code>https</code>, the requests
are forwarded through the remote proxy using the HTTP CONNECT method.</p>
- <div class="example"><h3>Example</h3><p><code>
- ProxyRemote http://goodguys.example.com/ http://mirrorguys.example.com:8000<br />
- ProxyRemote * http://cleverproxy.localdomain<br />
- ProxyRemote ftp http://ftpproxy.mydomain:8080
- </code></p></div>
-
- <p>In the last example, the proxy will forward FTP requests, encapsulated
- as yet another HTTP proxy request, to another proxy which can handle
- them.</p>
-
- <p>This option also supports reverse proxy configuration - a backend
- webserver can be embedded within a virtualhost URL space even if that
- server is hidden by another forward proxy.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyRemoteMatch" id="ProxyRemoteMatch">ProxyRemoteMatch</a> <a name="proxyremotematch" id="proxyremotematch">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle requests matched by regular
-expressions</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemoteMatch <var>regex</var> <var>remote-server</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
- <p>The <code class="directive">ProxyRemoteMatch</code> is identical to the
- <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive, except the
- first argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>
- match against the requested URL.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyRequests" id="ProxyRequests">ProxyRequests</a> <a name="proxyrequests" id="proxyrequests">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables forward (standard) proxy requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRequests On|Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyRequests Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-</table>
- <p>This allows or prevents Apache from functioning as a forward proxy
- server. (Setting ProxyRequests to <code>Off</code> does not disable use of
- the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.)</p>
-
- <p>In a typical reverse proxy or gateway configuration, this
- option should be set to
- <code>Off</code>.</p>
-
- <p>In order to get the functionality of proxying HTTP or FTP sites, you
- need also <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> or <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>
- (or both) present in the server.</p>
-
- <p>In order to get the functionality of (forward) proxying HTTPS sites, you
- need <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> enabled in the server.</p>
-
- <div class="warning"><h3>Warning</h3>
- <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous
- both to your network and to the Internet at large.</p>
- </div>
-
-<h3>See also</h3>
-<ul>
-<li><a href="#forwardreverse">Forward and Reverse Proxies/Gateways</a></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxySet" id="ProxySet">ProxySet</a> <a name="proxyset" id="proxyset">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set various Proxy balancer or member parameters</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxySet <var>url</var> <var>key=value [key=value ...]</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxySet is only available in Apache 2.2
- and later.</td></tr>
-</table>
- <p>This directive is used as an alternate method of setting any of the
- parameters available to Proxy balancers and workers normally done via the
- <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive. If used
- within a <code><Proxy <var>balancer url|worker url</var>></code>
- container directive, the <var>url</var> argument is not required. As a side
- effect the respective balancer or worker gets created. This can be useful
- when doing reverse proxying via a
- <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> instead of a
- <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
-
- <div class="example"><p><code>
- <Proxy balancer://hotcluster><br />
- <span class="indent">
- BalancerMember http://www2.example.com:8080 loadfactor=1<br />
- BalancerMember http://www3.example.com:8080 loadfactor=2<br />
- ProxySet lbmethod=bytraffic<br />
- </span>
- </Proxy>
- </code></p></div>
-
- <div class="example"><p><code>
- <Proxy http://backend><br />
- <span class="indent">
- ProxySet keepalive=On<br />
- </span>
- </Proxy>
- </code></p></div>
-
- <div class="example"><p><code>
- ProxySet balancer://foo lbmethod=bytraffic timeout=15
- </code></p></div>
-
- <div class="example"><p><code>
- ProxySet ajp://backend:7001 timeout=15
- </code></p></div>
-
- <div class="warning"><h3>Warning</h3>
- <p>Keep in mind that the same parameter key can have a different meaning
- depending whether it is applied to a balancer or a worker as shown by the two
- examples above regarding timeout.</p>
- </div>
-
+ <div class="example"><h3>Example</h3><p><code>
+ ProxyRemote http://goodguys.example.com/ http://mirrorguys.example.com:8000<br />
+ ProxyRemote * http://cleverproxy.localdomain<br />
+ ProxyRemote ftp http://ftpproxy.mydomain:8080
+ </code></p></div>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyStatus" id="ProxyStatus">ProxyStatus</a> <a name="proxystatus" id="proxystatus">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Show Proxy LoadBalancer status in mod_status</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyStatus Off|On|Full</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyStatus Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2 and later</td></tr>
-</table>
- <p>This directive determines whether or not proxy
- loadbalancer status data is displayed via the <code class="module"><a href="../mod/mod_status.html">mod_status</a></code>
- server-status page.</p>
- <div class="note"><h3>Note</h3>
- <p><strong>Full</strong> is synonymous with <strong>On</strong></p>
- </div>
+ <p>In the last example, the proxy will forward FTP requests, encapsulated
+ as yet another HTTP proxy request, to another proxy which can handle
+ them.</p>
+ <p>This option also supports reverse proxy configuration - a backend
+ webserver can be embedded within a virtualhost URL space even if that
+ server is hidden by another forward proxy.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyTimeout" id="ProxyTimeout">ProxyTimeout</a> <a name="proxytimeout" id="proxytimeout">Directive</a></h2>
+<div class="directive-section"><h2><a name="ProxyRemoteMatch" id="ProxyRemoteMatch">ProxyRemoteMatch</a> <a name="proxyremotematch" id="proxyremotematch">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network timeout for proxied requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyTimeout <var>seconds</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>Value of <code class="directive"><a href="../mod/core.html#timeout">Timeout</a></code></code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Remote proxy used to handle requests matched by regular
+expressions</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRemoteMatch <var>regex</var> <var>remote-server</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later</td></tr>
</table>
- <p>This directive allows a user to specify a timeout on proxy requests.
- This is useful when you have a slow/buggy appserver which hangs, and you
- would rather just return a timeout and fail gracefully instead of waiting
- however long it takes the server to return.</p>
+ <p>The <code class="directive">ProxyRemoteMatch</code> is identical to the
+ <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive, except the
+ first argument is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>
+ match against the requested URL.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="ProxyVia" id="ProxyVia">ProxyVia</a> <a name="proxyvia" id="proxyvia">Directive</a></h2>
+<div class="directive-section"><h2><a name="ProxyRequests" id="ProxyRequests">ProxyRequests</a> <a name="proxyrequests" id="proxyrequests">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Information provided in the <code>Via</code> HTTP response
-header for proxied requests</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyVia On|Off|Full|Block</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyVia Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables forward (standard) proxy requests</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyRequests On|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyRequests Off</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
</table>
- <p>This directive controls the use of the <code>Via:</code> HTTP
- header by the proxy. Its intended use is to control the flow of
- proxy requests along a chain of proxy servers. See <a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> (HTTP/1.1), section
- 14.45 for an explanation of <code>Via:</code> header lines.</p>
-
- <ul>
- <li>If set to <code>Off</code>, which is the default, no special processing
- is performed. If a request or reply contains a <code>Via:</code> header,
- it is passed through unchanged.</li>
-
- <li>If set to <code>On</code>, each request and reply will get a
- <code>Via:</code> header line added for the current host.</li>
-
- <li>If set to <code>Full</code>, each generated <code>Via:</code> header
- line will additionally have the Apache server version shown as a
- <code>Via:</code> comment field.</li>
-
- <li>If set to <code>Block</code>, every proxy request will have all its
- <code>Via:</code> header lines removed. No new <code>Via:</code> header will
- be generated.</li>
- </ul>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="forwardreverse" id="forwardreverse">Forward Proxies and Reverse
- Proxies/Gateways</a></h2>
- <p>Apache can be configured in both a <dfn>forward</dfn> and
- <dfn>reverse</dfn> proxy (also known as <dfn>gateway</dfn>) mode.</p>
-
- <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
- server that sits between the client and the <em>origin
- server</em>. In order to get content from the origin server,
- the client sends a request to the proxy naming the origin server
- as the target and the proxy then requests the content from the
- origin server and returns it to the client. The client must be
- specially configured to use the forward proxy to access other
- sites.</p>
-
- <p>A typical usage of a forward proxy is to provide Internet
- access to internal clients that are otherwise restricted by a
- firewall. The forward proxy can also use caching (as provided
- by <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>) to reduce network usage.</p>
-
- <p>The forward proxy is activated using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive. Because
- forward proxies allow clients to access arbitrary sites through
- your server and to hide their true origin, it is essential that
- you <a href="#access">secure your server</a> so that only
- authorized clients can access the proxy before activating a
- forward proxy.</p>
-
- <p>A <dfn>reverse proxy</dfn> (or <dfn>gateway</dfn>), by
- contrast, appears to the client just like an ordinary web
- server. No special configuration on the client is necessary.
- The client makes ordinary requests for content in the name-space
- of the reverse proxy. The reverse proxy then decides where to
- send those requests, and returns the content as if it was itself
- the origin.</p>
-
- <p>A typical usage of a reverse proxy is to provide Internet
- users access to a server that is behind a firewall. Reverse
- proxies can also be used to balance load among several back-end
- servers, or to provide caching for a slower back-end server.
- In addition, reverse proxies can be used simply to bring
- several servers into the same URL space.</p>
-
- <p>A reverse proxy is activated using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive or the
- <code>[P]</code> flag to the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive. It is
- <strong>not</strong> necessary to turn <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> on in order to
- configure a reverse proxy.</p>
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="examples" id="examples">Basic Examples</a></h2>
-
- <p>The examples below are only a very basic idea to help you
- get started. Please read the documentation on the individual
- directives.</p>
-
- <p>In addition, if you wish to have caching enabled, consult
- the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
-
- <div class="example"><h3>Reverse Proxy</h3><p><code>
- ProxyPass /foo http://foo.example.com/bar<br />
- ProxyPassReverse /foo http://foo.example.com/bar
- </code></p></div>
-
- <div class="example"><h3>Forward Proxy</h3><p><code>
- ProxyRequests On<br />
- ProxyVia On<br />
- <br />
- <Proxy *><br />
- <span class="indent">
- Order deny,allow<br />
- Deny from all<br />
- Allow from internal.example.com<br />
- </span>
- </Proxy>
- </code></p></div>
-
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="workers" id="workers">Workers</a></h2>
- <p>The proxy manages the configuration of origin servers and their
- communication parameters in objects called <dfn>workers</dfn>.
- There are two built-in workers, the default forward proxy worker and the
- default reverse proxy worker. Additional workers can be configured
- explicitly.</p>
-
- <p>The two default workers have a fixed configuration
- and will be used if no other worker matches the request.
- They do not use HTTP Keep-Alive or connection pooling.
- The TCP connections to the origin server will instead be
- opened and closed for each request.</p>
-
- <p>Explicitly configured workers are identified by their URL.
- They are usually created and configured using
- <code class="directive"><a href="#proxypass">ProxyPass</a></code> or
- <code class="directive"><a href="#proxypassmatch">ProxyPassMatch</a></code> when used
- for a reverse proxy:</p>
-
- <div class="example"><p><code>
- ProxyPass /example http://backend.example.com connectiontimeout=5 timeout=30
- </code></p></div>
-
- <p>This will create a worker associated with the origin server URL
- <code>http://backend.example.com</code> and using the given timeout
- values. When used in a forward proxy, workers are usually defined
- via the <code class="directive"><a href="#proxyset">ProxySet</a></code> directive:</p>
-
- <div class="example"><p><code>
- ProxySet http://backend.example.com connectiontimeout=5 timeout=30
- </code></p></div>
-
- <p>or alternatively using <code class="directive"><a href="#proxy">Proxy</a></code>
- and <code class="directive"><a href="#proxyset">ProxySet</a></code>:</p>
-
- <div class="example"><p><code>
- <Proxy http://backend.example.com><br />
- <span class="indent">
- ProxySet connectiontimeout=5 timeout=30
- </span>
- </Proxy>
- </code></p></div>
-
- <p>Using explicitly configured workers in the forward mode is
- not very common, because forward proxies usually communicate with many
- different origin servers. Creating explicit workers for some of the
- origin servers can still be useful, if they are used very often.
- Explicitly configured workers have no concept of forward or reverse
- proxying by themselves. They encapsulate a common concept of
- communication with origin servers. A worker created by
- <code class="directive"><a href="#proxypass">ProxyPass</a></code> for use in a
- reverse proxy will be also used for forward proxy requests whenever
- the URL to the origin server matches the worker URL and vice versa.</p>
-
- <p>The URL identifying a direct worker is the URL of its
- origin server including any path components given:</p>
-
- <div class="example"><p><code>
- ProxyPass /examples http://backend.example.com/examples<br />
- ProxyPass /docs http://backend.example.com/docs
- </code></p></div>
-
- <p>This example defines two different workers, each using a separate
- connection pool and configuration.</p>
-
- <div class="warning"><h3>Worker Sharing</h3>
- <p>Worker sharing happens if the worker URLs overlap, which occurs when
- the URL of some worker is a leading substring of the URL of another
- worker defined later in the configuration file. In the following example</p>
-
- <div class="example"><p><code>
- ProxyPass /apps http://backend.example.com/ timeout=60<br />
- ProxyPass /examples http://backend.example.com/examples timeout=10
- </code></p></div>
-
- <p>the second worker isn't actually created. Instead the first
- worker is used. The benefit is, that there is only one connection pool,
- so connections are more often reused. Note that all configuration attributes
- given explicitly for the later worker and some configuration defaults will
- overwrite the configuration given for the first worker. This will be logged
- as a warning. In the above example the resulting timeout value
- for the URL <code>/apps</code> will be <code>10</code> instead
- of <code>60</code>!</p>
-
- <p>If you want to avoid worker sharing, sort your worker definitions
- by URL length, starting with the longest worker URLs. If you want to maximize
- worker sharing use the reverse sort order. See also the related warning about
- ordering <code class="directive"><a href="#proxypass">ProxyPass</a></code> directives.</p>
-
- </div>
-
- <p>Explicitly configured workers come in two flavors:
- <dfn>direct workers</dfn> and <dfn>(load) balancer workers</dfn>.
- They support many important configuration attributes which are
- described below in the <code class="directive"><a href="#proxypass">ProxyPass</a></code>
- directive. The same attributes can also be set using
- <code class="directive"><a href="#proxyset">ProxySet</a></code>.</p>
+ <p>This allows or prevents Apache from functioning as a forward proxy
+ server. (Setting ProxyRequests to <code>Off</code> does not disable use of
+ the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.)</p>
- <p>The set of options available for a direct worker
- depends on the protocol, which is specified in the origin server URL.
- Available protocols include <code>ajp</code>,
- <code>ftp</code>, <code>http</code> and <code>scgi</code>.</p>
+ <p>In a typical reverse proxy or gateway configuration, this
+ option should be set to
+ <code>Off</code>.</p>
- <p>Balancer workers are virtual workers that use direct workers known
- as their members to actually handle the requests. Each balancer can
- have multiple members. When it handles a request, it chooses a member
- based on the configured load balancing algorithm.</p>
+ <p>In order to get the functionality of proxying HTTP or FTP sites, you
+ need also <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> or <code class="module"><a href="../mod/mod_proxy_ftp.html">mod_proxy_ftp</a></code>
+ (or both) present in the server.</p>
- <p>A balancer worker is created if its worker URL uses
- <code>balancer</code> as the protocol scheme.
- The balancer URL uniquely identifies the balancer worker.
- Members are added to a balancer using
- <code class="directive"><a href="#balancermember">BalancerMember</a></code>.</p>
+ <p>In order to get the functionality of (forward) proxying HTTPS sites, you
+ need <code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> enabled in the server.</p>
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="access" id="access">Controlling access to your proxy</a></h2>
- <p>You can control who can access your proxy via the <code class="directive"><a href="#proxy"><Proxy></a></code> control block as in
- the following example:</p>
+ <div class="warning"><h3>Warning</h3>
+ <p>Do not enable proxying with <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> until you have <a href="#access">secured your server</a>. Open proxy servers are dangerous
+ both to your network and to the Internet at large.</p>
+ </div>
- <div class="example"><p><code>
- <Proxy *><br />
- <span class="indent">
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from 192.168.0<br />
- </span>
- </Proxy>
- </code></p></div>
+<h3>See also</h3>
+<ul>
+<li><a href="#forwardreverse">Forward and Reverse Proxies/Gateways</a></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxySet" id="ProxySet">ProxySet</a> <a name="proxyset" id="proxyset">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set various Proxy balancer or member parameters</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxySet <var>url</var> <var>key=value [key=value ...]</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxySet is only available in Apache 2.2
+ and later.</td></tr>
+</table>
+ <p>This directive is used as an alternate method of setting any of the
+ parameters available to Proxy balancers and workers normally done via the
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive. If used
+ within a <code><Proxy <var>balancer url|worker url</var>></code>
+ container directive, the <var>url</var> argument is not required. As a side
+ effect the respective balancer or worker gets created. This can be useful
+ when doing reverse proxying via a
+ <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> instead of a
+ <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
- <p>For more information on access control directives, see
- <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
+ <div class="example"><p><code>
+ <Proxy balancer://hotcluster><br />
+ <span class="indent">
+ BalancerMember http://www2.example.com:8080 loadfactor=1<br />
+ BalancerMember http://www3.example.com:8080 loadfactor=2<br />
+ ProxySet lbmethod=bytraffic<br />
+ </span>
+ </Proxy>
+ </code></p></div>
- <p>Strictly limiting access is essential if you are using a
- forward proxy (using the <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive).
- Otherwise, your server can be used by any client to access
- arbitrary hosts while hiding his or her true identity. This is
- dangerous both for your network and for the Internet at large.
- When using a reverse proxy (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive with
- <code>ProxyRequests Off</code>), access control is less
- critical because clients can only contact the hosts that you
- have specifically configured.</p>
+ <div class="example"><p><code>
+ <Proxy http://backend><br />
+ <span class="indent">
+ ProxySet keepalive=On<br />
+ </span>
+ </Proxy>
+ </code></p></div>
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="startup" id="startup">Slow Startup</a></h2>
- <p>If you're using the <code class="directive"><a href="#proxyblock">ProxyBlock</a></code> directive, hostnames' IP addresses are looked up
- and cached during startup for later match test. This may take a few
- seconds (or more) depending on the speed with which the hostname lookups
- occur.</p>
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="intranet" id="intranet">Intranet Proxy</a></h2>
- <p>An Apache proxy server situated in an intranet needs to forward
- external requests through the company's firewall (for this, configure
- the <code class="directive"><a href="#proxyremote">ProxyRemote</a></code> directive
- to forward the respective <var>scheme</var> to the firewall proxy).
- However, when it has to
- access resources within the intranet, it can bypass the firewall when
- accessing hosts. The <code class="directive"><a href="#noproxy">NoProxy</a></code>
- directive is useful for specifying which hosts belong to the intranet and
- should be accessed directly.</p>
+ <div class="example"><p><code>
+ ProxySet balancer://foo lbmethod=bytraffic timeout=15
+ </code></p></div>
- <p>Users within an intranet tend to omit the local domain name from their
- WWW requests, thus requesting "http://somehost/" instead of
- <code>http://somehost.example.com/</code>. Some commercial proxy servers
- let them get away with this and simply serve the request, implying a
- configured local domain. When the <code class="directive"><a href="#proxydomain">ProxyDomain</a></code> directive is used and the server is <a href="#proxyrequests">configured for proxy service</a>, Apache can return
- a redirect response and send the client to the correct, fully qualified,
- server address. This is the preferred method since the user's bookmark
- files will then contain fully qualified hosts.</p>
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="envsettings" id="envsettings">Protocol Adjustments</a></h2>
- <p>For circumstances where <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> is sending
- requests to an origin server that doesn't properly implement
- keepalives or HTTP/1.1, there are two <a href="../env.html">environment variables</a> that can force the
- request to use HTTP/1.0 with no keepalive. These are set via the
- <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code> directive.</p>
+ <div class="example"><p><code>
+ ProxySet ajp://backend:7001 timeout=15
+ </code></p></div>
- <p>These are the <code>force-proxy-request-1.0</code> and
- <code>proxy-nokeepalive</code> notes.</p>
+ <div class="warning"><h3>Warning</h3>
+ <p>Keep in mind that the same parameter key can have a different meaning
+ depending whether it is applied to a balancer or a worker as shown by the two
+ examples above regarding timeout.</p>
+ </div>
- <div class="example"><p><code>
- <Location /buggyappserver/><br />
- <span class="indent">
- ProxyPass http://buggyappserver:7001/foo/<br />
- SetEnv force-proxy-request-1.0 1<br />
- SetEnv proxy-nokeepalive 1<br />
- </span>
- </Location>
- </code></p></div>
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="request-bodies" id="request-bodies">Request Bodies</a></h2>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyStatus" id="ProxyStatus">ProxyStatus</a> <a name="proxystatus" id="proxystatus">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Show Proxy LoadBalancer status in mod_status</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyStatus Off|On|Full</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyStatus Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.2 and later</td></tr>
+</table>
+ <p>This directive determines whether or not proxy
+ loadbalancer status data is displayed via the <code class="module"><a href="../mod/mod_status.html">mod_status</a></code>
+ server-status page.</p>
+ <div class="note"><h3>Note</h3>
+ <p><strong>Full</strong> is synonymous with <strong>On</strong></p>
+ </div>
- <p>Some request methods such as POST include a request body.
- The HTTP protocol requires that requests which include a body
- either use chunked transfer encoding or send a
- <code>Content-Length</code> request header. When passing these
- requests on to the origin server, <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code>
- will always attempt to send the <code>Content-Length</code>. But
- if the body is large and the original request used chunked
- encoding, then chunked encoding may also be used in the upstream
- request. You can control this selection using <a href="../env.html">environment variables</a>. Setting
- <code>proxy-sendcl</code> ensures maximum compatibility with
- upstream servers by always sending the
- <code>Content-Length</code>, while setting
- <code>proxy-sendchunked</code> minimizes resource usage by using
- chunked encoding.</p>
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="x-headers" id="x-headers">Reverse Proxy Request Headers</a></h2>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyTimeout" id="ProxyTimeout">ProxyTimeout</a> <a name="proxytimeout" id="proxytimeout">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Network timeout for proxied requests</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyTimeout <var>seconds</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>Value of <code class="directive"><a href="../mod/core.html#timeout">Timeout</a></code></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.0.31 and later</td></tr>
+</table>
+ <p>This directive allows a user to specify a timeout on proxy requests.
+ This is useful when you have a slow/buggy appserver which hangs, and you
+ would rather just return a timeout and fail gracefully instead of waiting
+ however long it takes the server to return.</p>
- <p>When acting in a reverse-proxy mode (using the <code class="directive"><a href="#proxypass">ProxyPass</a></code> directive, for example),
- <code class="module"><a href="../mod/mod_proxy_http.html">mod_proxy_http</a></code> adds several request headers in
- order to pass information to the origin server. These headers
- are:</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="ProxyVia" id="ProxyVia">ProxyVia</a> <a name="proxyvia" id="proxyvia">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Information provided in the <code>Via</code> HTTP response
+header for proxied requests</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyVia On|Off|Full|Block</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyVia Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
+</table>
+ <p>This directive controls the use of the <code>Via:</code> HTTP
+ header by the proxy. Its intended use is to control the flow of
+ proxy requests along a chain of proxy servers. See <a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> (HTTP/1.1), section
+ 14.45 for an explanation of <code>Via:</code> header lines.</p>
- <dl>
- <dt><code>X-Forwarded-For</code></dt>
- <dd>The IP address of the client.</dd>
- <dt><code>X-Forwarded-Host</code></dt>
- <dd>The original host requested by the client in the <code>Host</code>
- HTTP request header.</dd>
- <dt><code>X-Forwarded-Server</code></dt>
- <dd>The hostname of the proxy server.</dd>
- </dl>
+ <ul>
+ <li>If set to <code>Off</code>, which is the default, no special processing
+ is performed. If a request or reply contains a <code>Via:</code> header,
+ it is passed through unchanged.</li>
- <p>Be careful when using these headers on the origin server, since
- they will contain more than one (comma-separated) value if the
- original request already contained one of these headers. For
- example, you can use <code>%{X-Forwarded-For}i</code> in the log
- format string of the origin server to log the original clients IP
- address, but you may get more than one address if the request
- passes through several proxies.</p>
+ <li>If set to <code>On</code>, each request and reply will get a
+ <code>Via:</code> header line added for the current host.</li>
- <p>See also the <code class="directive"><a href="#proxypreservehost">ProxyPreserveHost</a></code> and <code class="directive"><a href="#proxyvia">ProxyVia</a></code> directives, which control
- other request headers.</p>
+ <li>If set to <code>Full</code>, each generated <code>Via:</code> header
+ line will additionally have the Apache server version shown as a
+ <code>Via:</code> comment field.</li>
- </div>
+ <li>If set to <code>Block</code>, every proxy request will have all its
+ <code>Via:</code> header lines removed. No new <code>Via:</code> header will
+ be generated.</li>
+ </ul>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy.html" title="English"> en </a> |
large.</p>
</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
- directives.</p>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#usage">Usage</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#env">Environment Variables</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#basppacketstruct">Basic Packet Structure</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#rpacetstruct">Request Packet Structure</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#resppacketstruct">Response Packet Structure</a></li>
-</ul><h3>See also</h3>
+</ul><h3 class="directives">Directives</h3>
+<p>This module provides no
+ directives.</p>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></li>
<li><a href="../env.html">Environment Variable documentation</a></li>
large.</p>
</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
- directives.</p>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#scheduler">Load balancer scheduler algorithm</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#stickyness">Load balancer stickyness</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#balancer_manager">Enabling Balancer Manager Support</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#stickyness_implementation">Details on load balancer stickyness</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#stickyness_troubleshooting">Troubleshooting load balancer stickyness</a></li>
-</ul><h3>See also</h3>
+</ul><h3 class="directives">Directives</h3>
+<p>This module provides no
+ directives.</p>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
large.</p>
</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
- directives.</p>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#mimetypes">Why doesn't file type <var>xxx</var>
download via FTP?</a></li>
of my home directory?</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ftppass">How can I hide the FTP cleartext password
in my browser's URL line?</a></li>
-</ul><h3>See also</h3>
+</ul><h3 class="directives">Directives</h3>
+<p>This module provides no
+ directives.</p>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
large.</p>
</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
- directives.</p>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#env">Environment Variables</a></li>
-</ul><h3>See also</h3>
+</ul><h3 class="directives">Directives</h3>
+<p>This module provides no
+ directives.</p>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></li>
<li><code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code></li>
large.</p>
</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#proxyscgiinternalredirect">ProxySCGIInternalRedirect</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxyscgisendfile">ProxySCGISendfile</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></li>
<li><code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Examples</a></h2>
+ <p>Remember, in order to make the following examples work, you have to
+ enable <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> and <code class="module"><a href="../mod/mod_proxy_scgi.html">mod_proxy_scgi</a></code>.</p>
+
+ <div class="example"><h3>Simple gateway</h3><p><code>
+ ProxyPass /scgi-bin/ scgi://localhost:4000/
+ </code></p></div>
+
+ <p>The balanced gateway needs <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code> in
+ addition to the already mentioned proxy modules.</p>
+
+ <div class="example"><h3>Balanced gateway</h3><p><code>
+ ProxyPass /scgi-bin/ balancer://somecluster/<br />
+ <Proxy balancer://somecluster/><br />
+ <span class="indent">
+ BalancerMember scgi://localhost:4000/<br />
+ BalancerMember scgi://localhost:4001/<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxySCGIInternalRedirect" id="ProxySCGIInternalRedirect">ProxySCGIInternalRedirect</a> <a name="proxyscgiinternalredirect" id="proxyscgiinternalredirect">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable or disable internal redirect responses from the
</code></p></div>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="examples" id="examples">Examples</a></h2>
- <p>Remember, in order to make the following examples work, you have to
- enable <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> and <code class="module"><a href="../mod/mod_proxy_scgi.html">mod_proxy_scgi</a></code>.</p>
-
- <div class="example"><h3>Simple gateway</h3><p><code>
- ProxyPass /scgi-bin/ scgi://localhost:4000/
- </code></p></div>
-
- <p>The balanced gateway needs <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code> in
- addition to the already mentioned proxy modules.</p>
-
- <div class="example"><h3>Balanced gateway</h3><p><code>
- ProxyPass /scgi-bin/ balancer://somecluster/<br />
- <Proxy balancer://somecluster/><br />
- <span class="indent">
- BalancerMember scgi://localhost:4000/<br />
- BalancerMember scgi://localhost:4001/<br />
- </span>
- </Proxy>
- </code></p></div>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy_scgi.html" title="English"> en </a> |
<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_reqtimeout.c</td></tr>
<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.2.15 and later</td></tr></table>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#requestreadtimeout">RequestReadTimeout</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Examples</a></h2>
+
+ <ol>
+ <li>
+ Allow 10 seconds to receive the request including the headers and
+ 30 seconds for receiving the request body:
+
+ <div class="example"><p><code>
+ RequestReadTimeout header=10 body=30
+ </code></p></div>
+ </li>
+
+ <li>
+ Allow at least 10 seconds to receive the request body.
+ If the client sends data, increase the timeout by 1 second for every
+ 1000 bytes received, with no upper limit for the timeout (exept for
+ the limit given indirectly by
+ <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>):
+
+ <div class="example"><p><code>
+ RequestReadTimeout body=10,MinRate=1000
+ </code></p></div>
+ </li>
+
+ <li>
+ Allow at least 10 seconds to receive the request including the headers.
+ If the client sends data, increase the timeout by 1 second for every
+ 500 bytes received. But do not allow more than 30 seconds for the
+ request including the headers:
+
+ <div class="example"><p><code>
+ RequestReadTimeout header=10-30,MinRate=500
+ </code></p></div>
+ </li>
+
+ <li>
+ Usually, a server should have both header and body timeouts configured.
+ If a common configuration is used for http and https virtual hosts, the
+ timeouts should not be set too low:
+
+ <div class="example"><p><code>
+ RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+ </code></p></div>
+ </li>
+
+ </ol>
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="RequestReadTimeout" id="RequestReadTimeout">RequestReadTimeout</a> <a name="requestreadtimeout" id="requestreadtimeout">Directive</a></h2>
<table class="directive">
</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="examples" id="examples">Examples</a></h2>
-
- <ol>
- <li>
- Allow 10 seconds to receive the request including the headers and
- 30 seconds for receiving the request body:
-
- <div class="example"><p><code>
- RequestReadTimeout header=10 body=30
- </code></p></div>
- </li>
-
- <li>
- Allow at least 10 seconds to receive the request body.
- If the client sends data, increase the timeout by 1 second for every
- 1000 bytes received, with no upper limit for the timeout (exept for
- the limit given indirectly by
- <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>):
-
- <div class="example"><p><code>
- RequestReadTimeout body=10,MinRate=1000
- </code></p></div>
- </li>
-
- <li>
- Allow at least 10 seconds to receive the request including the headers.
- If the client sends data, increase the timeout by 1 second for every
- 500 bytes received. But do not allow more than 30 seconds for the
- request including the headers:
-
- <div class="example"><p><code>
- RequestReadTimeout header=10-30,MinRate=500
- </code></p></div>
- </li>
-
- <li>
- Usually, a server should have both header and body timeouts configured.
- If a common configuration is used for http and https virtual hosts, the
- timeouts should not be set too low:
-
- <div class="example"><p><code>
- RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
- </code></p></div>
- </li>
-
- </ol>
</div>
</div>
<div class="bottomlang">
<p>Further details, discussion, and examples, are provided in the
<a href="../rewrite/">detailed mod_rewrite documentation</a>.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#quoting">Quoting Special Characters</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#EnvVar">Environment Variables</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#vhosts">Rewriting in Virtual Hosts</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#Solutions">Practical Solutions</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#rewritebase">RewriteBase</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#rewritecond">RewriteCond</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#rewriteoptions">RewriteOptions</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#rewriterule">RewriteRule</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#quoting">Quoting Special Characters</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#EnvVar">Environment Variables</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#vhosts">Rewriting in Virtual Hosts</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#Solutions">Practical Solutions</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="#rewriteflags">Rewrite Flags</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="quoting" id="quoting">Quoting Special Characters</a></h2>
+
+ <p>As of Apache 1.3.20, special characters in
+ <em>TestString</em> and <em>Substitution</em> strings can be
+ escaped (that is, treated as normal characters without their
+ usual special meaning) by prefixing them with a backslash ('\')
+ character. In other words, you can include an actual
+ dollar-sign character in a <em>Substitution</em> string by
+ using '<code>\$</code>'; this keeps mod_rewrite from trying
+ to treat it as a backreference.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="EnvVar" id="EnvVar">Environment Variables</a></h2>
+
+ <p>This module keeps track of two additional (non-standard)
+ CGI/SSI environment variables named <code>SCRIPT_URL</code>
+ and <code>SCRIPT_URI</code>. These contain the
+ <em>logical</em> Web-view to the current resource, while the
+ standard CGI/SSI variables <code>SCRIPT_NAME</code> and
+ <code>SCRIPT_FILENAME</code> contain the <em>physical</em>
+ System-view. </p>
+
+ <p>Notice: These variables hold the URI/URL <em>as they were
+ initially requested</em>, that is, <em>before</em> any
+ rewriting. This is important to note because the rewriting process is
+ primarily used to rewrite logical URLs to physical
+ pathnames.</p>
+
+<div class="example"><h3>Example</h3><pre>SCRIPT_NAME=/sw/lib/w3s/tree/global/u/rse/.www/index.html
+SCRIPT_FILENAME=/u/rse/.www/index.html
+SCRIPT_URL=/u/rse/
+SCRIPT_URI=http://en1.engelschall.com/u/rse/</pre></div>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="vhosts" id="vhosts">Rewriting in Virtual Hosts</a></h2>
+
+ <p>By default, <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> configuration
+ settings from the main server context are not inherited by
+ virtual hosts. To make the main server settings apply to virtual
+ hosts, you must place the following directives in each <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code> section:</p>
+
+ <div class="example"><p><code>
+ RewriteEngine On<br />
+ RewriteOptions Inherit
+ </code></p></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="Solutions" id="Solutions">Practical Solutions</a></h2>
+
+ <p>For numerous examples of common, and not-so-common, uses for
+ mod_rewrite, see the <a href="../rewrite/">extended rewrite
+ documentation.</a></p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="RewriteBase" id="RewriteBase">RewriteBase</a> <a name="rewritebase" id="rewritebase">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the base URL for per-directory rewrites</td></tr>
^localpath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
via internal proxy</pre></div>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="quoting" id="quoting">Quoting Special Characters</a></h2>
-
- <p>As of Apache 1.3.20, special characters in
- <em>TestString</em> and <em>Substitution</em> strings can be
- escaped (that is, treated as normal characters without their
- usual special meaning) by prefixing them with a backslash ('\')
- character. In other words, you can include an actual
- dollar-sign character in a <em>Substitution</em> string by
- using '<code>\$</code>'; this keeps mod_rewrite from trying
- to treat it as a backreference.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="EnvVar" id="EnvVar">Environment Variables</a></h2>
-
- <p>This module keeps track of two additional (non-standard)
- CGI/SSI environment variables named <code>SCRIPT_URL</code>
- and <code>SCRIPT_URI</code>. These contain the
- <em>logical</em> Web-view to the current resource, while the
- standard CGI/SSI variables <code>SCRIPT_NAME</code> and
- <code>SCRIPT_FILENAME</code> contain the <em>physical</em>
- System-view. </p>
-
- <p>Notice: These variables hold the URI/URL <em>as they were
- initially requested</em>, that is, <em>before</em> any
- rewriting. This is important to note because the rewriting process is
- primarily used to rewrite logical URLs to physical
- pathnames.</p>
-
-<div class="example"><h3>Example</h3><pre>SCRIPT_NAME=/sw/lib/w3s/tree/global/u/rse/.www/index.html
-SCRIPT_FILENAME=/u/rse/.www/index.html
-SCRIPT_URL=/u/rse/
-SCRIPT_URI=http://en1.engelschall.com/u/rse/</pre></div>
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="vhosts" id="vhosts">Rewriting in Virtual Hosts</a></h2>
-
- <p>By default, <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> configuration
- settings from the main server context are not inherited by
- virtual hosts. To make the main server settings apply to virtual
- hosts, you must place the following directives in each <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code> section:</p>
-
- <div class="example"><p><code>
- RewriteEngine On<br />
- RewriteOptions Inherit
- </code></p></div>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="Solutions" id="Solutions">Practical Solutions</a></h2>
-
- <p>For numerous examples of common, and not-so-common, uses for
- mod_rewrite, see the <a href="../rewrite/">extended rewrite
- documentation.</a></p>
-
</div>
</div>
<div class="bottomlang">
<ul class="seealso">
<li><a href="../env.html">Environment Variables in Apache</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="BrowserMatch" id="BrowserMatch">BrowserMatch</a> <a name="browsermatch" id="browsermatch">Directive</a></h2>
<table class="directive">
combination.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_setenvif.html" title="English"> en </a> |
load or compile into Apache 2.0.</p>
</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#windows">Creating Loadable Modules for Windows</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#loadfile">LoadFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#loadmodule">LoadModule</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#windows">Creating Loadable Modules for Windows</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LoadFile" id="LoadFile">LoadFile</a> <a name="loadfile" id="loadfile">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Link in the named object file or library</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LoadFile <em>filename</em> [<em>filename</em>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_so</td></tr>
-</table>
-
- <p>The LoadFile directive links in the named object files or
- libraries when the server is started or restarted; this is used
- to load additional code which may be required for some module
- to work. <em>Filename</em> is either an absolute path or
- relative to <a href="core.html#serverroot">ServerRoot</a>.</p>
-
- <p>For example:</p>
-
- <div class="example"><p><code>LoadFile libexec/libxmlparse.so</code></p></div>
-
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LoadModule" id="LoadModule">LoadModule</a> <a name="loadmodule" id="loadmodule">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Links in the object file or library, and adds to the list
-of active modules</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LoadModule <em>module filename</em></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_so</td></tr>
-</table>
- <p>The LoadModule directive links in the object file or library
- <em>filename</em> and adds the module structure named
- <em>module</em> to the list of active modules. <em>Module</em>
- is the name of the external variable of type
- <code>module</code> in the file, and is listed as the <a href="module-dict.html#ModuleIdentifier">Module Identifier</a>
- in the module documentation. Example:</p>
-
- <div class="example"><p><code>
- LoadModule status_module modules/mod_status.so
- </code></p></div>
-
- <p>loads the named module from the modules subdirectory of the
- ServerRoot.</p>
-
-</div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="windows" id="windows">Creating Loadable Modules for Windows</a></h2>
root, and use the <code class="directive">LoadModule</code>
directive to load it.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LoadFile" id="LoadFile">LoadFile</a> <a name="loadfile" id="loadfile">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Link in the named object file or library</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LoadFile <em>filename</em> [<em>filename</em>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_so</td></tr>
+</table>
+
+ <p>The LoadFile directive links in the named object files or
+ libraries when the server is started or restarted; this is used
+ to load additional code which may be required for some module
+ to work. <em>Filename</em> is either an absolute path or
+ relative to <a href="core.html#serverroot">ServerRoot</a>.</p>
+
+ <p>For example:</p>
+
+ <div class="example"><p><code>LoadFile libexec/libxmlparse.so</code></p></div>
+
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LoadModule" id="LoadModule">LoadModule</a> <a name="loadmodule" id="loadmodule">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Links in the object file or library, and adds to the list
+of active modules</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LoadModule <em>module filename</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_so</td></tr>
+</table>
+ <p>The LoadModule directive links in the object file or library
+ <em>filename</em> and adds the module structure named
+ <em>module</em> to the list of active modules. <em>Module</em>
+ is the name of the external variable of type
+ <code>module</code> in the file, and is listed as the <a href="module-dict.html#ModuleIdentifier">Module Identifier</a>
+ in the module documentation. Example:</p>
+
+ <div class="example"><p><code>
+ LoadModule status_module modules/mod_status.so
+ </code></p></div>
+
+ <p>loads the named module from the modules subdirectory of the
+ ServerRoot.</p>
+
</div>
</div>
<div class="bottomlang">
<li><img alt="" src="../images/down.gif" /> <a href="#checkspelling">CheckSpelling</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CheckCaseOnly" id="CheckCaseOnly">CheckCaseOnly</a> <a name="checkcaseonly" id="checkcaseonly">Directive</a></h2>
<table class="directive">
</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_speling.html" title="English"> en </a> |
<p>Further details, discussion, and examples are provided in the
<a href="../ssl/">SSL documentation</a>.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#envvars">Environment Variables</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#logformats">Custom Log Formats</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#sslcacertificatefile">SSLCACertificateFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslcacertificatepath">SSLCACertificatePath</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslverifyclient">SSLVerifyClient</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sslverifydepth">SSLVerifyDepth</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#envvars">Environment Variables</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#logformats">Custom Log Formats</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="envvars" id="envvars">Environment Variables</a></h2>
+
+<p>This module can be configured to provide several items of SSL information
+as additional environment variables to the SSI and CGI namespace. This
+information is not provided by default for performance reasons. (See
+<code class="directive">SSLOptions</code> StdEnvVars, below.) The generated variables
+are listed in the table below. For backward compatibility the information can
+be made available under different names, too. Look in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter for details on the
+compatibility variables.</p>
+
+<table class="bordered">
+
+<tr>
+ <th><a name="table3">Variable Name:</a></th>
+ <th>Value Type:</th>
+ <th>Description:</th>
+</tr>
+<tr><td><code>HTTPS</code></td> <td>flag</td> <td>HTTPS is being used.</td></tr>
+<tr><td><code>SSL_PROTOCOL</code></td> <td>string</td> <td>The SSL protocol version (SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2)</td></tr>
+<tr><td><code>SSL_SESSION_ID</code></td> <td>string</td> <td>The hex-encoded SSL session id</td></tr>
+<tr><td><code>SSL_CIPHER</code></td> <td>string</td> <td>The cipher specification name</td></tr>
+<tr><td><code>SSL_CIPHER_EXPORT</code></td> <td>string</td> <td><code>true</code> if cipher is an export cipher</td></tr>
+<tr><td><code>SSL_CIPHER_USEKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (actually used)</td></tr>
+<tr><td><code>SSL_CIPHER_ALGKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (possible)</td></tr>
+<tr><td><code>SSL_COMPRESS_METHOD</code></td> <td>string</td> <td>SSL compression method negotiated</td></tr>
+<tr><td><code>SSL_VERSION_INTERFACE</code></td> <td>string</td> <td>The mod_ssl program version</td></tr>
+<tr><td><code>SSL_VERSION_LIBRARY</code></td> <td>string</td> <td>The OpenSSL program version</td></tr>
+<tr><td><code>SSL_CLIENT_M_VERSION</code></td> <td>string</td> <td>The version of the client certificate</td></tr>
+<tr><td><code>SSL_CLIENT_M_SERIAL</code></td> <td>string</td> <td>The serial of the client certificate</td></tr>
+<tr><td><code>SSL_CLIENT_S_DN</code></td> <td>string</td> <td>Subject DN in client's certificate</td></tr>
+<tr><td><code>SSL_CLIENT_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Subject DN</td></tr>
+<tr><td><code>SSL_CLIENT_I_DN</code></td> <td>string</td> <td>Issuer DN of client's certificate</td></tr>
+<tr><td><code>SSL_CLIENT_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Issuer DN</td></tr>
+<tr><td><code>SSL_CLIENT_V_START</code></td> <td>string</td> <td>Validity of client's certificate (start time)</td></tr>
+<tr><td><code>SSL_CLIENT_V_END</code></td> <td>string</td> <td>Validity of client's certificate (end time)</td></tr>
+<tr><td><code>SSL_CLIENT_V_REMAIN</code></td> <td>string</td> <td>Number of days until client's certificate expires</td></tr>
+<tr><td><code>SSL_CLIENT_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of client's certificate</td></tr>
+<tr><td><code>SSL_CLIENT_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of client's certificate</td></tr>
+<tr><td><code>SSL_CLIENT_CERT</code></td> <td>string</td> <td>PEM-encoded client certificate</td></tr>
+<tr><td><code>SSL_CLIENT_CERT_CHAIN_</code><em>n</em></td> <td>string</td> <td>PEM-encoded certificates in client certificate chain</td></tr>
+<tr><td><code>SSL_CLIENT_VERIFY</code></td> <td>string</td> <td><code>NONE</code>, <code>SUCCESS</code>, <code>GENEROUS</code> or <code>FAILED:</code><em>reason</em></td></tr>
+<tr><td><code>SSL_SERVER_M_VERSION</code></td> <td>string</td> <td>The version of the server certificate</td></tr>
+<tr><td><code>SSL_SERVER_M_SERIAL</code></td> <td>string</td> <td>The serial of the server certificate</td></tr>
+<tr><td><code>SSL_SERVER_S_DN</code></td> <td>string</td> <td>Subject DN in server's certificate</td></tr>
+<tr><td><code>SSL_SERVER_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Subject DN</td></tr>
+<tr><td><code>SSL_SERVER_I_DN</code></td> <td>string</td> <td>Issuer DN of server's certificate</td></tr>
+<tr><td><code>SSL_SERVER_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Issuer DN</td></tr>
+<tr><td><code>SSL_SERVER_V_START</code></td> <td>string</td> <td>Validity of server's certificate (start time)</td></tr>
+<tr><td><code>SSL_SERVER_V_END</code></td> <td>string</td> <td>Validity of server's certificate (end time)</td></tr>
+<tr><td><code>SSL_SERVER_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of server's certificate</td></tr>
+<tr><td><code>SSL_SERVER_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of server's certificate</td></tr>
+<tr><td><code>SSL_SERVER_CERT</code></td> <td>string</td> <td>PEM-encoded server certificate</td></tr>
+<tr><td><code>SSL_TLS_SNI</code></td> <td>string</td> <td>Contents of the SNI TLS extension (if supplied with ClientHello)</td></tr>
+</table>
+
+<p><em>x509</em> specifies a component of an X.509 DN; one of
+<code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code>. In Apache 2.1 and
+later, <em>x509</em> may also include a numeric <code>_n</code>
+suffix. If the DN in question contains multiple attributes of the
+same name, this suffix is used as an index to select a particular
+attribute. For example, where the server certificate subject DN
+included two OU fields, <code>SSL_SERVER_S_DN_OU_0</code> and
+<code>SSL_SERVER_S_DN_OU_1</code> could be used to reference each.</p>
+
+<p><code>SSL_CLIENT_V_REMAIN</code> is only available in version 2.1
+and later.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="logformats" id="logformats">Custom Log Formats</a></h2>
+
+<p>When <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> is built into Apache or at least
+loaded (under DSO situation) additional functions exist for the <a href="mod_log_config.html#formats">Custom Log Format</a> of
+<code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code>. First there is an
+additional ``<code>%{</code><em>varname</em><code>}x</code>''
+eXtension format function which can be used to expand any variables
+provided by any module, especially those provided by mod_ssl which can
+you find in the above table.</p>
+<p>
+For backward compatibility there is additionally a special
+``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
+provided. Information about this function is provided in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter.</p>
+<div class="example"><h3>Example</h3><p><code>
+CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</code></p></div>
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCACertificateFile" id="SSLCACertificateFile">SSLCACertificateFile</a> <a name="sslcacertificatefile" id="sslcacertificatefile">Directive</a></h2>
<table class="directive">
SSLVerifyDepth 10
</code></p></div>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="envvars" id="envvars">Environment Variables</a></h2>
-
-<p>This module can be configured to provide several items of SSL information
-as additional environment variables to the SSI and CGI namespace. This
-information is not provided by default for performance reasons. (See
-<code class="directive">SSLOptions</code> StdEnvVars, below.) The generated variables
-are listed in the table below. For backward compatibility the information can
-be made available under different names, too. Look in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter for details on the
-compatibility variables.</p>
-
-<table class="bordered">
-
-<tr>
- <th><a name="table3">Variable Name:</a></th>
- <th>Value Type:</th>
- <th>Description:</th>
-</tr>
-<tr><td><code>HTTPS</code></td> <td>flag</td> <td>HTTPS is being used.</td></tr>
-<tr><td><code>SSL_PROTOCOL</code></td> <td>string</td> <td>The SSL protocol version (SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2)</td></tr>
-<tr><td><code>SSL_SESSION_ID</code></td> <td>string</td> <td>The hex-encoded SSL session id</td></tr>
-<tr><td><code>SSL_CIPHER</code></td> <td>string</td> <td>The cipher specification name</td></tr>
-<tr><td><code>SSL_CIPHER_EXPORT</code></td> <td>string</td> <td><code>true</code> if cipher is an export cipher</td></tr>
-<tr><td><code>SSL_CIPHER_USEKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (actually used)</td></tr>
-<tr><td><code>SSL_CIPHER_ALGKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (possible)</td></tr>
-<tr><td><code>SSL_COMPRESS_METHOD</code></td> <td>string</td> <td>SSL compression method negotiated</td></tr>
-<tr><td><code>SSL_VERSION_INTERFACE</code></td> <td>string</td> <td>The mod_ssl program version</td></tr>
-<tr><td><code>SSL_VERSION_LIBRARY</code></td> <td>string</td> <td>The OpenSSL program version</td></tr>
-<tr><td><code>SSL_CLIENT_M_VERSION</code></td> <td>string</td> <td>The version of the client certificate</td></tr>
-<tr><td><code>SSL_CLIENT_M_SERIAL</code></td> <td>string</td> <td>The serial of the client certificate</td></tr>
-<tr><td><code>SSL_CLIENT_S_DN</code></td> <td>string</td> <td>Subject DN in client's certificate</td></tr>
-<tr><td><code>SSL_CLIENT_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Subject DN</td></tr>
-<tr><td><code>SSL_CLIENT_I_DN</code></td> <td>string</td> <td>Issuer DN of client's certificate</td></tr>
-<tr><td><code>SSL_CLIENT_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of client's Issuer DN</td></tr>
-<tr><td><code>SSL_CLIENT_V_START</code></td> <td>string</td> <td>Validity of client's certificate (start time)</td></tr>
-<tr><td><code>SSL_CLIENT_V_END</code></td> <td>string</td> <td>Validity of client's certificate (end time)</td></tr>
-<tr><td><code>SSL_CLIENT_V_REMAIN</code></td> <td>string</td> <td>Number of days until client's certificate expires</td></tr>
-<tr><td><code>SSL_CLIENT_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of client's certificate</td></tr>
-<tr><td><code>SSL_CLIENT_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of client's certificate</td></tr>
-<tr><td><code>SSL_CLIENT_CERT</code></td> <td>string</td> <td>PEM-encoded client certificate</td></tr>
-<tr><td><code>SSL_CLIENT_CERT_CHAIN_</code><em>n</em></td> <td>string</td> <td>PEM-encoded certificates in client certificate chain</td></tr>
-<tr><td><code>SSL_CLIENT_VERIFY</code></td> <td>string</td> <td><code>NONE</code>, <code>SUCCESS</code>, <code>GENEROUS</code> or <code>FAILED:</code><em>reason</em></td></tr>
-<tr><td><code>SSL_SERVER_M_VERSION</code></td> <td>string</td> <td>The version of the server certificate</td></tr>
-<tr><td><code>SSL_SERVER_M_SERIAL</code></td> <td>string</td> <td>The serial of the server certificate</td></tr>
-<tr><td><code>SSL_SERVER_S_DN</code></td> <td>string</td> <td>Subject DN in server's certificate</td></tr>
-<tr><td><code>SSL_SERVER_S_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Subject DN</td></tr>
-<tr><td><code>SSL_SERVER_I_DN</code></td> <td>string</td> <td>Issuer DN of server's certificate</td></tr>
-<tr><td><code>SSL_SERVER_I_DN_</code><em>x509</em></td> <td>string</td> <td>Component of server's Issuer DN</td></tr>
-<tr><td><code>SSL_SERVER_V_START</code></td> <td>string</td> <td>Validity of server's certificate (start time)</td></tr>
-<tr><td><code>SSL_SERVER_V_END</code></td> <td>string</td> <td>Validity of server's certificate (end time)</td></tr>
-<tr><td><code>SSL_SERVER_A_SIG</code></td> <td>string</td> <td>Algorithm used for the signature of server's certificate</td></tr>
-<tr><td><code>SSL_SERVER_A_KEY</code></td> <td>string</td> <td>Algorithm used for the public key of server's certificate</td></tr>
-<tr><td><code>SSL_SERVER_CERT</code></td> <td>string</td> <td>PEM-encoded server certificate</td></tr>
-<tr><td><code>SSL_TLS_SNI</code></td> <td>string</td> <td>Contents of the SNI TLS extension (if supplied with ClientHello)</td></tr>
-</table>
-
-<p><em>x509</em> specifies a component of an X.509 DN; one of
-<code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code>. In Apache 2.1 and
-later, <em>x509</em> may also include a numeric <code>_n</code>
-suffix. If the DN in question contains multiple attributes of the
-same name, this suffix is used as an index to select a particular
-attribute. For example, where the server certificate subject DN
-included two OU fields, <code>SSL_SERVER_S_DN_OU_0</code> and
-<code>SSL_SERVER_S_DN_OU_1</code> could be used to reference each.</p>
-
-<p><code>SSL_CLIENT_V_REMAIN</code> is only available in version 2.1
-and later.</p>
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="logformats" id="logformats">Custom Log Formats</a></h2>
-
-<p>When <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> is built into Apache or at least
-loaded (under DSO situation) additional functions exist for the <a href="mod_log_config.html#formats">Custom Log Format</a> of
-<code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code>. First there is an
-additional ``<code>%{</code><em>varname</em><code>}x</code>''
-eXtension format function which can be used to expand any variables
-provided by any module, especially those provided by mod_ssl which can
-you find in the above table.</p>
-<p>
-For backward compatibility there is additionally a special
-``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
-provided. Information about this function is provided in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter.</p>
-<div class="example"><h3>Example</h3><p><code>
-CustomLog logs/ssl_request_log \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-</code></p></div>
</div>
</div>
<div class="bottomlang">
<code class="directive"><a href="#extendedstatus">ExtendedStatus</a></code>
is <code>On</code>.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#extendedstatus">ExtendedStatus</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#seerequesttail">SeeRequestTail</a></li>
-</ul>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#enable">Enabling Status Support</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#autoupdate">Automatic Updates</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#machinereadable">Machine Readable Status File</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+</ul><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#extendedstatus">ExtendedStatus</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#seerequesttail">SeeRequestTail</a></li>
+</ul>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="enable" id="enable">Enabling Status Support</a></h2>
+
+
+ <p>To enable status reports only for browsers from the example.com
+ domain add this code to your <code>httpd.conf</code>
+ configuration file</p>
+<div class="example"><p><code>
+ <Location /server-status><br />
+ SetHandler server-status<br />
+<br />
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from .example.com<br />
+ </Location>
+</code></p></div>
+
+ <p>You can now access server statistics by using a Web browser
+ to access the page
+ <code>http://your.server.name/server-status</code></p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="autoupdate" id="autoupdate">Automatic Updates</a></h2>
+
+
+ <p>You can get the status page to update itself automatically if
+ you have a browser that supports "refresh". Access the page
+ <code>http://your.server.name/server-status?refresh=N</code> to
+ refresh the page every N seconds.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="machinereadable" id="machinereadable">Machine Readable Status File</a></h2>
+
+
+ <p>A machine-readable version of the status file is available by
+ accessing the page
+ <code>http://your.server.name/server-status?auto</code>. This
+ is useful when automatically run, see the Perl program in the
+ <code>/support</code> directory of Apache,
+ <code>log_server_status</code>.</p>
+
+ <div class="note">
+ <strong>It should be noted that if <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> is
+ compiled into the server, its handler capability is available
+ in <em>all</em> configuration files, including
+ <em>per</em>-directory files (<em>e.g.</em>,
+ <code>.htaccess</code>). This may have security-related
+ ramifications for your site.</strong>
+ </div>
+
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ExtendedStatus" id="ExtendedStatus">ExtendedStatus</a> <a name="extendedstatus" id="extendedstatus">Directive</a></h2>
<table class="directive">
</table>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="enable" id="enable">Enabling Status Support</a></h2>
-
-
- <p>To enable status reports only for browsers from the example.com
- domain add this code to your <code>httpd.conf</code>
- configuration file</p>
-<div class="example"><p><code>
- <Location /server-status><br />
- SetHandler server-status<br />
-<br />
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from .example.com<br />
- </Location>
-</code></p></div>
-
- <p>You can now access server statistics by using a Web browser
- to access the page
- <code>http://your.server.name/server-status</code></p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="autoupdate" id="autoupdate">Automatic Updates</a></h2>
-
-
- <p>You can get the status page to update itself automatically if
- you have a browser that supports "refresh". Access the page
- <code>http://your.server.name/server-status?refresh=N</code> to
- refresh the page every N seconds.</p>
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="machinereadable" id="machinereadable">Machine Readable Status File</a></h2>
-
-
- <p>A machine-readable version of the status file is available by
- accessing the page
- <code>http://your.server.name/server-status?auto</code>. This
- is useful when automatically run, see the Perl program in the
- <code>/support</code> directory of Apache,
- <code>log_server_status</code>.</p>
-
- <div class="note">
- <strong>It should be noted that if <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> is
- compiled into the server, its handler capability is available
- in <em>all</em> configuration files, including
- <em>per</em>-directory files (<em>e.g.</em>,
- <code>.htaccess</code>). This may have security-related
- ramifications for your site.</strong>
- </div>
-
</div>
</div>
<div class="bottomlang">
<li><img alt="" src="../images/down.gif" /> <a href="#substitute">Substitute</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Substitute" id="Substitute">Substitute</a> <a name="substitute" id="substitute">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_substitute.html" title="English"> en </a></p>
<ul class="seealso">
<li><a href="../suexec.html">SuEXEC support</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SuexecUserGroup" id="SuexecUserGroup">SuexecUserGroup</a> <a name="suexecusergroup" id="suexecusergroup">Directive</a></h2>
<table class="directive">
<li><code class="directive"><a href="../mod/core.html#suexec">Suexec</a></code></li>
</ul>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_suexec.html" title="English"> en </a> |
useful for various reasons which are beyond the scope of this
document.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
- directives.</p>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#theory">Theory</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+</ul><h3 class="directives">Directives</h3>
+<p>This module provides no
+ directives.</p>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="theory" id="theory">Theory</a></h2>
<li><a href="../howto/public_html.html">public_html
tutorial</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="UserDir" id="UserDir">UserDir</a> <a name="userdir" id="userdir">Directive</a></h2>
<table class="directive">
</li>
</ul>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_userdir.html" title="English"> en </a> |
tracking" module, mod_usertrack. This module has been
simplified and new directives added.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cookiedate">2-digit or 4-digit dates for cookies?</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#cookiedomain">CookieDomain</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cookieexpires">CookieExpires</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cookiestyle">CookieStyle</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cookietracking">CookieTracking</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#cookiedate">2-digit or 4-digit dates for cookies?</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="logging" id="logging">Logging</a></h2>
+
+
+ <p>Previously, the cookies module (now the user tracking
+ module) did its own logging, using the <code class="directive">CookieLog</code>
+ directive. In this release, this module does no logging at all.
+ Instead, a configurable log format file should be used to log
+ user click-streams. This is possible because the logging module
+ now allows multiple log files. The cookie itself is logged by
+ using the text <code>%{cookie}n</code> in the log file format. For
+ example:</p>
+<div class="example"><p><code>
+CustomLog logs/clickstream "%{cookie}n %r %t"
+</code></p></div>
+
+ <p>For backward compatibility the configurable log module
+ implements the old <code class="directive"><a href="../mod/mod_log_config.html#cookielog">CookieLog</a></code> directive, but this
+ should be upgraded to the above <code class="directive"><a href="../mod/mod_log_config.html#customlog">CustomLog</a></code> directive. </p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="cookiedate" id="cookiedate">2-digit or 4-digit dates for cookies?</a></h2>
+
+
+ <p>(the following is from message
+ <022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com>
+ in the new-httpd archives) </p>
+<pre>From: "Christian Allen" <christian@sane.com>
+Subject: Re: Apache Y2K bug in mod_usertrack.c
+Date: Tue, 30 Jun 1998 11:41:56 -0400
+
+Did some work with cookies and dug up some info that might be useful.
+
+True, Netscape claims that the correct format NOW is four digit dates, and
+four digit dates do in fact work... for Netscape 4.x (Communicator), that
+is. However, 3.x and below do NOT accept them. It seems that Netscape
+originally had a 2-digit standard, and then with all of the Y2K hype and
+probably a few complaints, changed to a four digit date for Communicator.
+Fortunately, 4.x also understands the 2-digit format, and so the best way to
+ensure that your expiration date is legible to the client's browser is to
+use 2-digit dates.
+
+However, this does not limit expiration dates to the year 2000; if you use
+an expiration year of "13", for example, it is interpreted as 2013, NOT
+1913! In fact, you can use an expiration year of up to "37", and it will be
+understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
+about versions previous to those). Not sure why Netscape used that
+particular year as its cut-off point, but my guess is that it was in respect
+to UNIX's 2038 problem. Netscape/MSIE 4.x seem to be able to understand
+2-digit years beyond that, at least until "50" for sure (I think they
+understand up until about "70", but not for sure).
+
+Summary: Mozilla 3.x and up understands two digit dates up until "37"
+(2037). Mozilla 4.x understands up until at least "50" (2050) in 2-digit
+form, but also understands 4-digit years, which can probably reach up until
+9999. Your best bet for sending a long-life cookie is to send it for some
+time late in the year "37".</pre>
+
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="CookieDomain" id="CookieDomain">CookieDomain</a> <a name="cookiedomain" id="cookiedomain">Directive</a></h2>
<table class="directive">
activate cookies. </p>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="logging" id="logging">Logging</a></h2>
-
-
- <p>Previously, the cookies module (now the user tracking
- module) did its own logging, using the <code class="directive">CookieLog</code>
- directive. In this release, this module does no logging at all.
- Instead, a configurable log format file should be used to log
- user click-streams. This is possible because the logging module
- now allows multiple log files. The cookie itself is logged by
- using the text <code>%{cookie}n</code> in the log file format. For
- example:</p>
-<div class="example"><p><code>
-CustomLog logs/clickstream "%{cookie}n %r %t"
-</code></p></div>
-
- <p>For backward compatibility the configurable log module
- implements the old <code class="directive"><a href="../mod/mod_log_config.html#cookielog">CookieLog</a></code> directive, but this
- should be upgraded to the above <code class="directive"><a href="../mod/mod_log_config.html#customlog">CustomLog</a></code> directive. </p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="cookiedate" id="cookiedate">2-digit or 4-digit dates for cookies?</a></h2>
-
-
- <p>(the following is from message
- <022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com>
- in the new-httpd archives) </p>
-<pre>From: "Christian Allen" <christian@sane.com>
-Subject: Re: Apache Y2K bug in mod_usertrack.c
-Date: Tue, 30 Jun 1998 11:41:56 -0400
-
-Did some work with cookies and dug up some info that might be useful.
-
-True, Netscape claims that the correct format NOW is four digit dates, and
-four digit dates do in fact work... for Netscape 4.x (Communicator), that
-is. However, 3.x and below do NOT accept them. It seems that Netscape
-originally had a 2-digit standard, and then with all of the Y2K hype and
-probably a few complaints, changed to a four digit date for Communicator.
-Fortunately, 4.x also understands the 2-digit format, and so the best way to
-ensure that your expiration date is legible to the client's browser is to
-use 2-digit dates.
-
-However, this does not limit expiration dates to the year 2000; if you use
-an expiration year of "13", for example, it is interpreted as 2013, NOT
-1913! In fact, you can use an expiration year of up to "37", and it will be
-understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
-about versions previous to those). Not sure why Netscape used that
-particular year as its cut-off point, but my guess is that it was in respect
-to UNIX's 2038 problem. Netscape/MSIE 4.x seem to be able to understand
-2-digit years beyond that, at least until "50" for sure (I think they
-understand up until about "70", but not for sure).
-
-Summary: Mozilla 3.x and up understands two digit dates up until "37"
-(2037). Mozilla 4.x understands up until at least "50" (2050) in 2-digit
-form, but also understands 4-digit years, which can probably reach up until
-9999. Your best bet for sending a long-life cookie is to send it for some
-time late in the year "37".</pre>
-
</div>
</div>
<div class="bottomlang">
<li><img alt="" src="../images/down.gif" /> <a href="#ifversion"><IfVersion></a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="IfVersion" id="IfVersion"><IfVersion></a> <a name="ifversion" id="ifversion">Directive</a></h2>
<table class="directive">
<code>=</code>.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_version.html" title="English"> en </a> |
</code></p></div>
</div>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#interpol">Directory Name Interpolation</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#virtualdocumentroot">VirtualDocumentRoot</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#virtualdocumentrootip">VirtualDocumentRootIP</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#virtualscriptalias">VirtualScriptAlias</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#virtualscriptaliasip">VirtualScriptAliasIP</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#interpol">Directory Name Interpolation</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/core.html#usecanonicalname">UseCanonicalName</a></code></li>
<li><a href="../vhosts/mass.html">Dynamically configured mass
virtual hosting</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="VirtualDocumentRoot" id="VirtualDocumentRoot">VirtualDocumentRoot</a> <a name="virtualdocumentroot" id="virtualdocumentroot">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Dynamically configure the location of the document root
-for a given virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>VirtualDocumentRoot <em>interpolated-directory</em>|none</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>VirtualDocumentRoot none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_vhost_alias</td></tr>
-</table>
-
- <p>The <code class="directive">VirtualDocumentRoot</code> directive allows you to
- determine where Apache will find your documents based on the
- value of the server name. The result of expanding
- <em>interpolated-directory</em> is used as the root of the
- document tree in a similar manner to the <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> directive's argument.
- If <em>interpolated-directory</em> is <code>none</code> then
- <code class="directive">VirtualDocumentRoot</code> is turned off. This directive
- cannot be used in the same context as <code class="directive"><a href="#virtualdocumentrootip">VirtualDocumentRootIP</a></code>.</p>
-
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="VirtualDocumentRootIP" id="VirtualDocumentRootIP">VirtualDocumentRootIP</a> <a name="virtualdocumentrootip" id="virtualdocumentrootip">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Dynamically configure the location of the document root
-for a given virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>VirtualDocumentRootIP <em>interpolated-directory</em>|none</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>VirtualDocumentRootIP none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_vhost_alias</td></tr>
-</table>
-
-<p>The <code class="directive">VirtualDocumentRootIP</code> directive is like the
- <code class="directive"><a href="#virtualdocumentroot">VirtualDocumentRoot</a></code>
- directive, except that it uses the IP address of the server end
- of the connection for directory interpolation instead of the server
- name.</p>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="VirtualScriptAlias" id="VirtualScriptAlias">VirtualScriptAlias</a> <a name="virtualscriptalias" id="virtualscriptalias">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Dynamically configure the location of the CGI directory for
-a given virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>VirtualScriptAlias <em>interpolated-directory</em>|none</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>VirtualScriptAlias none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_vhost_alias</td></tr>
-</table>
-
- <p>The <code class="directive">VirtualScriptAlias</code> directive allows you to
- determine where Apache will find CGI scripts in a similar
- manner to <code class="directive"><a href="#virtualdocumentroot">VirtualDocumentRoot</a></code> does for other documents. It matches
- requests for URIs starting <code>/cgi-bin/</code>, much like <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>
- <code>/cgi-bin/</code> would.</p>
-
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="VirtualScriptAliasIP" id="VirtualScriptAliasIP">VirtualScriptAliasIP</a> <a name="virtualscriptaliasip" id="virtualscriptaliasip">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Dynamically configure the location of the cgi directory for
-a given virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>VirtualScriptAliasIP <em>interpolated-directory</em>|none</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>VirtualScriptAliasIP none</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_vhost_alias</td></tr>
-</table>
-
- <p>The <code class="directive">VirtualScriptAliasIP</code> directive is like the
- <code class="directive"><a href="#virtualscriptalias">VirtualScriptAlias</a></code>
- directive, except that it uses the IP address of the server end
- of the connection for directory interpolation instead of the server
- name.</p>
-
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="interpol" id="interpol">Directory Name Interpolation</a></h2>
<p>The <code class="directive"><a href="../mod/mod_log_config.html#logformat">LogFormat</a></code>
directives <code>%V</code> and <code>%A</code> are useful
in conjunction with this module.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="VirtualDocumentRoot" id="VirtualDocumentRoot">VirtualDocumentRoot</a> <a name="virtualdocumentroot" id="virtualdocumentroot">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Dynamically configure the location of the document root
+for a given virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>VirtualDocumentRoot <em>interpolated-directory</em>|none</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>VirtualDocumentRoot none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_vhost_alias</td></tr>
+</table>
+
+ <p>The <code class="directive">VirtualDocumentRoot</code> directive allows you to
+ determine where Apache will find your documents based on the
+ value of the server name. The result of expanding
+ <em>interpolated-directory</em> is used as the root of the
+ document tree in a similar manner to the <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> directive's argument.
+ If <em>interpolated-directory</em> is <code>none</code> then
+ <code class="directive">VirtualDocumentRoot</code> is turned off. This directive
+ cannot be used in the same context as <code class="directive"><a href="#virtualdocumentrootip">VirtualDocumentRootIP</a></code>.</p>
+
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="VirtualDocumentRootIP" id="VirtualDocumentRootIP">VirtualDocumentRootIP</a> <a name="virtualdocumentrootip" id="virtualdocumentrootip">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Dynamically configure the location of the document root
+for a given virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>VirtualDocumentRootIP <em>interpolated-directory</em>|none</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>VirtualDocumentRootIP none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_vhost_alias</td></tr>
+</table>
+
+<p>The <code class="directive">VirtualDocumentRootIP</code> directive is like the
+ <code class="directive"><a href="#virtualdocumentroot">VirtualDocumentRoot</a></code>
+ directive, except that it uses the IP address of the server end
+ of the connection for directory interpolation instead of the server
+ name.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="VirtualScriptAlias" id="VirtualScriptAlias">VirtualScriptAlias</a> <a name="virtualscriptalias" id="virtualscriptalias">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Dynamically configure the location of the CGI directory for
+a given virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>VirtualScriptAlias <em>interpolated-directory</em>|none</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>VirtualScriptAlias none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_vhost_alias</td></tr>
+</table>
+
+ <p>The <code class="directive">VirtualScriptAlias</code> directive allows you to
+ determine where Apache will find CGI scripts in a similar
+ manner to <code class="directive"><a href="#virtualdocumentroot">VirtualDocumentRoot</a></code> does for other documents. It matches
+ requests for URIs starting <code>/cgi-bin/</code>, much like <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>
+ <code>/cgi-bin/</code> would.</p>
+
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="VirtualScriptAliasIP" id="VirtualScriptAliasIP">VirtualScriptAliasIP</a> <a name="virtualscriptaliasip" id="virtualscriptaliasip">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Dynamically configure the location of the cgi directory for
+a given virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>VirtualScriptAliasIP <em>interpolated-directory</em>|none</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>VirtualScriptAliasIP none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_vhost_alias</td></tr>
+</table>
+
+ <p>The <code class="directive">VirtualScriptAliasIP</code> directive is like the
+ <code class="directive"><a href="#virtualscriptalias">VirtualScriptAlias</a></code>
+ directive, except that it uses the IP address of the server end
+ of the connection for directory interpolation instead of the server
+ name.</p>
+
+
</div>
</div>
<div class="bottomlang">
<li><img alt="" src="../images/down.gif" /> <a href="#user">User</a></li>
</ul>
<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AcceptMutex" id="AcceptMutex">AcceptMutex</a> <a name="acceptmutex" id="acceptmutex">Directive</a></h2>
<table class="directive">
</div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../de/mod/mpm_common.html" hreflang="de" rel="alternate" title="Deutsch"> de </a> |
ports Apache uses</a>
</li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="MaxThreads" id="MaxThreads">MaxThreads</a> <a name="maxthreads" id="maxthreads">Directive</a></h2>
<table class="directive">
</code></p></div>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mpm_netware.html" title="English"> en </a></p>
<ul class="seealso">
<li><a href="../platform/windows.html">Using Apache HTTP Server on Microsoft Windows</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Win32DisableAcceptEx" id="Win32DisableAcceptEx">Win32DisableAcceptEx</a> <a name="win32disableacceptex" id="win32disableacceptex">Directive</a></h2>
<table class="directive">
<code>AcceptEx()</code>.</p>
</div>
-
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../de/mod/mpm_winnt.html" hreflang="de" rel="alternate" title="Deutsch"> de </a> |
small enough to assure that there is enough physical RAM for all
processes.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#how-it-works">How it Works</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#acceptmutex">AcceptMutex</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#coredumpdirectory">CoreDumpDirectory</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#startservers">StartServers</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#user">User</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#how-it-works">How it Works</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="../bind.html">Setting which addresses and ports Apache
uses</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="how-it-works" id="how-it-works">How it Works</a></h2>
+ <p>A single control process is responsible for launching child
+ processes which listen for connections and serve them when they
+ arrive. Apache always tries to maintain several <dfn>spare</dfn>
+ or idle server processes, which stand ready to serve incoming
+ requests. In this way, clients do not need to wait for a new
+ child processes to be forked before their requests can be
+ served.</p>
+
+ <p>The <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>,
+ <code class="directive"><a href="#minspareservers">MinSpareServers</a></code>,
+ <code class="directive"><a href="#maxspareservers">MaxSpareServers</a></code>, and
+ <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code> regulate how
+ the parent process creates children to serve requests. In general,
+ Apache is very self-regulating, so most sites do not need to
+ adjust these directives from their default values. Sites which
+ need to serve more than 256 simultaneous requests may need to
+ increase <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code>,
+ while sites with limited memory may need to decrease <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code> to keep the server from
+ thrashing (swapping memory to disk and back). More information
+ about tuning process creation is provided in the <a href="../misc/perf-tuning.html">performance hints</a>
+ documentation.</p>
+
+ <p>While the parent process is usually started as <code>root</code>
+ under Unix in order to bind to port 80, the child processes are
+ launched by Apache as a less-privileged user. The <code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> and <code class="directive"><a href="../mod/mpm_common.html#group">Group</a></code> directives are used to set
+ the privileges of the Apache child processes. The child processes
+ must be able to read all the content that will be served, but
+ should have as few privileges beyond that as possible.</p>
+
+ <p><code class="directive"><a href="../mod/mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></code>
+ controls how frequently the server recycles processes by killing
+ old ones and launching new ones.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="MaxSpareServers" id="MaxSpareServers">MaxSpareServers</a> <a name="maxspareservers" id="maxspareservers">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum number of idle child server processes</td></tr>
<li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li>
</ul>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="how-it-works" id="how-it-works">How it Works</a></h2>
- <p>A single control process is responsible for launching child
- processes which listen for connections and serve them when they
- arrive. Apache always tries to maintain several <dfn>spare</dfn>
- or idle server processes, which stand ready to serve incoming
- requests. In this way, clients do not need to wait for a new
- child processes to be forked before their requests can be
- served.</p>
-
- <p>The <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>,
- <code class="directive"><a href="#minspareservers">MinSpareServers</a></code>,
- <code class="directive"><a href="#maxspareservers">MaxSpareServers</a></code>, and
- <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code> regulate how
- the parent process creates children to serve requests. In general,
- Apache is very self-regulating, so most sites do not need to
- adjust these directives from their default values. Sites which
- need to serve more than 256 simultaneous requests may need to
- increase <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code>,
- while sites with limited memory may need to decrease <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code> to keep the server from
- thrashing (swapping memory to disk and back). More information
- about tuning process creation is provided in the <a href="../misc/perf-tuning.html">performance hints</a>
- documentation.</p>
-
- <p>While the parent process is usually started as <code>root</code>
- under Unix in order to bind to port 80, the child processes are
- launched by Apache as a less-privileged user. The <code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> and <code class="directive"><a href="../mod/mpm_common.html#group">Group</a></code> directives are used to set
- the privileges of the Apache child processes. The child processes
- must be able to read all the content that will be served, but
- should have as few privileges beyond that as possible.</p>
-
- <p><code class="directive"><a href="../mod/mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></code>
- controls how frequently the server recycles processes by killing
- old ones and launching new ones.</p>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../de/mod/prefork.html" hreflang="de" rel="alternate" title="Deutsch"> de </a> |
controls the maximum total number of threads that may be
launched.</p>
</div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#how-it-works">How it Works</a></li>
+</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#acceptmutex">AcceptMutex</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#coredumpdirectory">CoreDumpDirectory</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#threadstacksize">ThreadStackSize</a></li>
<li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#user">User</a></li>
</ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#how-it-works">How it Works</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
<ul class="seealso">
<li><a href="../bind.html">Setting which addresses and ports Apache
uses</a></li>
projects / thirdparty / apache / httpd.git / commitdiff
