couple of features to give more intelligent handling of requests from
browsers which send incomplete negotiation information. <p>
-Content negotiation is provided by the
+Content negotiation is provided by the
<a href="mod/mod_negotiation.html">mod_negotiation</a> module,
which is compiled in by default.
</pre>
Note that this preference will only be applied when there is a choice
-of representations and they vary by language.
+of representations and they vary by language.
<p>
As an example of a more complex request, this browser has been
In order to negotiate a resource, the server needs to be given
information about each of the variants. This is done in one of two
-ways:
+ways:
<ul>
<li> Using a type map (i.e., a <code>*.var</code> file) which
names the files containing the variants explicitly
- <li> Or using a 'MultiViews' search, where the server does an implicit
+ <li> Or using a 'MultiViews' search, where the server does an implicit
filename pattern match, and chooses from among the results.
</ul>
interpreted as URLs relative to the map file; they must be on
the same server (!), and they must refer to files to which the
client would be granted access if they were to be requested
- directly.
+ directly.
<dt> <code>Content-type:</code>
<dd> media type --- charset, level and "qs" parameters may be given. These
are often referred to as MIME types; typical media types are
<tr><th>Dimension
<th>Notes
<tr><td>Media Type
-<td>Browser indicates preferences on Accept: header. Each item
+<td>Browser indicates preferences on Accept: header. Each item
can have an associated quality factor. Variant description can also
have a quality factor.
<tr><td>Language
else the order of languages on the Accept-Language header.
<li>Select the variants with the highest 'level' media parameter
- (used to give the version of text/html media types).
+ (used to give the version of text/html media types).
<li>Select only unencoded variants, if there is a mix of encoded
and non-encoded variants. If either all variants are encoded
The explicit types have no quality factor, so they default to a
preference of 1.0 (the highest). The wildcard */* is given
a low preference of 0.01, so other types will only be returned if
-no variant matches an explicitly listed type.
+no variant matches an explicitly listed type.
<p>
If the Accept: header contains <i>no</i> q factors at all, Apache sets
The reason for setting this language quality factor for
variant with no language to a very low value is to allow
for a default variant which can be supplied if none of the
-other variants match the browser's language preferences.
+other variants match the browser's language preferences.
For example, consider the situation with three variants:
document, provided it is still within date. But if the resource is
subject to content negotiation at the server, this would result in
only the first requested variant being cached, and subsequent cache
-hits could return the wrong response. To prevent this,
+hits could return the wrong response. To prevent this,
Apache normally marks all responses that are returned after content negotiation
-as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1
+as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1
protocol features to allow caching of negotiated responses. <P>
For requests which come from a HTTP/1.0 compliant client (either a
couple of features to give more intelligent handling of requests from
browsers which send incomplete negotiation information. <p>
-Content negotiation is provided by the
+Content negotiation is provided by the
<a href="mod/mod_negotiation.html">mod_negotiation</a> module,
which is compiled in by default.
</pre>
Note that this preference will only be applied when there is a choice
-of representations and they vary by language.
+of representations and they vary by language.
<p>
As an example of a more complex request, this browser has been
In order to negotiate a resource, the server needs to be given
information about each of the variants. This is done in one of two
-ways:
+ways:
<ul>
<li> Using a type map (i.e., a <code>*.var</code> file) which
names the files containing the variants explicitly
- <li> Or using a 'MultiViews' search, where the server does an implicit
+ <li> Or using a 'MultiViews' search, where the server does an implicit
filename pattern match, and chooses from among the results.
</ul>
interpreted as URLs relative to the map file; they must be on
the same server (!), and they must refer to files to which the
client would be granted access if they were to be requested
- directly.
+ directly.
<dt> <code>Content-type:</code>
<dd> media type --- charset, level and "qs" parameters may be given. These
are often referred to as MIME types; typical media types are
<tr><th>Dimension
<th>Notes
<tr><td>Media Type
-<td>Browser indicates preferences on Accept: header. Each item
+<td>Browser indicates preferences on Accept: header. Each item
can have an associated quality factor. Variant description can also
have a quality factor.
<tr><td>Language
else the order of languages on the Accept-Language header.
<li>Select the variants with the highest 'level' media parameter
- (used to give the version of text/html media types).
+ (used to give the version of text/html media types).
<li>Select only unencoded variants, if there is a mix of encoded
and non-encoded variants. If either all variants are encoded
The explicit types have no quality factor, so they default to a
preference of 1.0 (the highest). The wildcard */* is given
a low preference of 0.01, so other types will only be returned if
-no variant matches an explicitly listed type.
+no variant matches an explicitly listed type.
<p>
If the Accept: header contains <i>no</i> q factors at all, Apache sets
The reason for setting this language quality factor for
variant with no language to a very low value is to allow
for a default variant which can be supplied if none of the
-other variants match the browser's language preferences.
+other variants match the browser's language preferences.
For example, consider the situation with three variants:
document, provided it is still within date. But if the resource is
subject to content negotiation at the server, this would result in
only the first requested variant being cached, and subsequent cache
-hits could return the wrong response. To prevent this,
+hits could return the wrong response. To prevent this,
Apache normally marks all responses that are returned after content negotiation
-as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1
+as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1
protocol features to allow caching of negotiated responses. <P>
For requests which come from a HTTP/1.0 compliant client (either a
response, then this response can be replaced with either some
friendlier text or by a redirection to another URL (local or
external).
-
<P>
-
+
<DT>Old behavior
- <DD>NCSA httpd 1.3 would return some boring old error/problem message
- which would often be meaningless to the user, and would provide no
+ <DD>NCSA httpd 1.3 would return some boring old error/problem message
+ which would often be meaningless to the user, and would provide no
means of logging the symptoms which caused it.<BR>
<P>
REDIRECT_URL=/cgi-bin/buggy.pl <br>
</code></blockquote>
- <P>note the <code>REDIRECT_</code> prefix.
+ <P>note the <code>REDIRECT_</code> prefix.
<P>At least <code>REDIRECT_URL</code> and <code>REDIRECT_QUERY_STRING</code> will
be passed to the new URL (assuming it's a cgi-script or a cgi-include). The
ErrorDocument 401 /Subscription/how_to_subscribe.html
</code></blockquote>
- <P>The syntax is,
+ <P>The syntax is,
<P><code><A HREF="mod/core.html#errordocument">ErrorDocument</A></code>
-<3-digit-code> action
+<3-digit-code> action
<P>where the action can be,
<OL>
<LI>Text to be displayed. Prefix the text with a quote ("). Whatever
- follows the quote is displayed. <em>Note: the (") prefix isn't
+ follows the quote is displayed. <em>Note: the (") prefix isn't
displayed.</em>
<LI>An external URL to redirect to.
response, then this response can be replaced with either some
friendlier text or by a redirection to another URL (local or
external).
-
<P>
-
+
<DT>Old behavior
- <DD>NCSA httpd 1.3 would return some boring old error/problem message
- which would often be meaningless to the user, and would provide no
+ <DD>NCSA httpd 1.3 would return some boring old error/problem message
+ which would often be meaningless to the user, and would provide no
means of logging the symptoms which caused it.<BR>
<P>
REDIRECT_URL=/cgi-bin/buggy.pl <br>
</code></blockquote>
- <P>note the <code>REDIRECT_</code> prefix.
+ <P>note the <code>REDIRECT_</code> prefix.
<P>At least <code>REDIRECT_URL</code> and <code>REDIRECT_QUERY_STRING</code> will
be passed to the new URL (assuming it's a cgi-script or a cgi-include). The
ErrorDocument 401 /Subscription/how_to_subscribe.html
</code></blockquote>
- <P>The syntax is,
+ <P>The syntax is,
<P><code><A HREF="mod/core.html#errordocument">ErrorDocument</A></code>
-<3-digit-code> action
+<3-digit-code> action
<P>where the action can be,
<OL>
<LI>Text to be displayed. Prefix the text with a quote ("). Whatever
- follows the quote is displayed. <em>Note: the (") prefix isn't
+ follows the quote is displayed. <em>Note: the (") prefix isn't
displayed.</em>
<LI>An external URL to redirect to.
<h2><a name="basics">Basic concepts.</a></h2>
-We begin with an overview of the basic concepts behind the
+We begin with an overview of the basic concepts behind the
API, and how they are manifested in the code.
<h3><a name="HMR">Handlers, Modules, and Requests</a></h3>
<li> `Fixups' --- there aren't any of these yet, but the phase is
intended as a hook for possible extensions like
<code>SetEnv</code>, which don't really fit well elsewhere.
- <li> Actually sending a response back to the client.
+ <li> Actually sending a response back to the client.
<li> Logging the request
</ul>
<ul>
<li> <em>Handle</em> the request, and indicate that it has done so
- by returning the magic constant <code>OK</code>.
+ by returning the magic constant <code>OK</code>.
<li> <em>Decline</em> to handle the request, by returning the magic
integer constant <code>DECLINED</code>. In this case, the
server behaves in all respects as if the handler simply hadn't
(such as <code>ScriptAlias</code>).
With no further ado, the module itself:
-
+
<pre>
/* Declarations of handlers. */
server_rec *server;
/* What object is being requested */
-
+
char *uri;
char *filename;
char *path_info;
char *args; /* QUERY_ARGS, if any */
struct stat finfo; /* Set by server core;
* st_mode set to zero if no such file */
-
+
char *content_type;
char *content_encoding;
-
+
/* MIME header environments, in and out. Also, an array containing
* environment variables to be passed to subprocesses, so people can
* write modules to add to that environment.
* redirects (so the headers printed for ErrorDocument handlers will
* have them).
*/
-
+
table *headers_in;
table *headers_out;
table *err_headers_out;
table *subprocess_env;
/* Info about the request itself... */
-
+
int header_only; /* HEAD request, as opposed to GET */
char *protocol; /* Protocol, as given to us, or HTTP/0.9 */
char *method; /* GET, HEAD, POST, etc. */
* These are config vectors, with one void* pointer for each module
* (the thing pointed to being the module's business).
*/
-
+
void *per_dir_config; /* Options set in config files, etc. */
void *request_config; /* Notes on *this* request */
-
+
};
</pre>
{
int errstatus;
FILE *f;
-
+
if (r->method_number != M_GET) return DECLINED;
if (r->finfo.st_mode == 0) return NOT_FOUND;
if ((errstatus = set_content_length (r, r->finfo.st_size))
|| (errstatus = set_last_modified (r, r->finfo.st_mtime)))
return errstatus;
-
+
f = fopen (r->filename, "r");
if (f == NULL) {
r->filename, r);
return FORBIDDEN;
}
-
+
register_timeout ("send", r);
send_http_header (r);
handlers in such cases is the one which was originally built for the
initial request from the client; note that the bytes_sent field will
only be correct in the last request in the chain (the one for which a
-response was actually sent).
+response was actually sent).
<h2><a name="pools">Resource allocation and resource pools</a></h2>
<h3>Other sorts of resources --- cleanup functions</h3>
More text goes here. Describe the the cleanup primitives in terms of
-which the file stuff is implemented; also, <code>spawn_process</code>.
+which the file stuff is implemented; also, <code>spawn_process</code>.
<h3>Fine control --- creating and dealing with sub-pools, with a note
on sub-requests</h3>
new->forced_types = make_table (p, 4);
new->encoding_types = make_table (p, 4);
-
+
return new;
}
</pre>
<pre>
command_rec mime_cmds[] = {
-{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
+{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
"a mime type followed by a file extension" },
-{ "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
+{ "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
"an encoding (e.g., gzip), followed by a file extension" },
{ NULL }
};
should be present. If the arguments in the actual config file
are not as required, this string will be used to help give a
more specific error message. (You can safely leave this
- <code>NULL</code>).
+ <code>NULL</code>).
</ul>
Finally, having set this all up, we have to use it. This is
r->content_type = DIR_MAGIC_TYPE;
return OK;
}
-
+
if((i=rind(fn,'.')) < 0) return DECLINED;
++i;
{
r->content_type = type;
}
-
+
return OK;
}
alias_entry *new = push_array (conf->redirects);
if (!is_url (url)) return "Redirect to non-URL";
-
+
new->fake = f; new->real = url;
return NULL;
}
than not booting at all depending on what the webserver is supposed
to accomplish.
-<p>As HTTP/1.1 is deployed and browsers and proxies start issuing the
+<p>As HTTP/1.1 is deployed and browsers and proxies start issuing the
<code>Host</code> header it will become possible to avoid the use of
IP-based virtual hosts entirely. In this event a webserver has no requirement
to do DNS lookups during configuration. But as of March 1997 these
<P>Interoperability problems have led to the introduction of
mechanisms to modify the way Apache behaves when talking to particular
clients. To make these mechanisms as flexible as possible, they
-are invoked by defining environment variables, typically with
-<A HREF="mod/mod_browser.html#browsermatch">BrowserMatch</A>, though
-<A HREF="mod/mod_env.html#setenv">SetEnv</A> and
+are invoked by defining environment variables, typically with
+<A HREF="mod/mod_browser.html#browsermatch">BrowserMatch</A>, though
+<A HREF="mod/mod_env.html#setenv">SetEnv</A> and
<A HREF="mod/mod_env.html#passenv">PassEnv</A> could also be used, for
example.</P>
<P>Interoperability problems have led to the introduction of
mechanisms to modify the way Apache behaves when talking to particular
clients. To make these mechanisms as flexible as possible, they
-are invoked by defining environment variables, typically with
-<A HREF="mod/mod_browser.html#browsermatch">BrowserMatch</A>, though
-<A HREF="mod/mod_env.html#setenv">SetEnv</A> and
+are invoked by defining environment variables, typically with
+<A HREF="mod/mod_browser.html#browsermatch">BrowserMatch</A>, though
+<A HREF="mod/mod_env.html#setenv">SetEnv</A> and
<A HREF="mod/mod_env.html#passenv">PassEnv</A> could also be used, for
example.</P>
web server at <A
HREF="http://www.apache.org/">http://www.apache.org/</A>. This will
list the current release, any more recent beta-test release, together
-with details of mirror web and anonymous ftp sites.
+with details of mirror web and anonymous ftp sites.
<P>
In addition to these three files, the server behavior can be configured
on a directory-by-directory basis by using <CODE>.htaccess</CODE>
-files in directories accessed by the server.
+files in directories accessed by the server.
<H3>Starting and Stopping the Server</H3>
If all goes well this will return to the command prompt almost
immediately. This indicates that the server is now up and running. If
anything goes wrong during the initialization of the server you will
-see an error message on the screen.
+see an error message on the screen.
If the server started ok, you can now use your browser to
connect to the server and read the documentation. If you are running
<i>child</i> processes to handle the requests. If you started Apache
as the root user, the parent process will continue to run as root
while the children will change to the user as given in the httpd.conf
-file.
+file.
<P>
web server at <A
HREF="http://www.apache.org/">http://www.apache.org/</A>. This will
list the current release, any more recent beta-test release, together
-with details of mirror web and anonymous ftp sites.
+with details of mirror web and anonymous ftp sites.
<P>
In addition to these three files, the server behavior can be configured
on a directory-by-directory basis by using <CODE>.htaccess</CODE>
-files in directories accessed by the server.
+files in directories accessed by the server.
<H3>Starting and Stopping the Server</H3>
If all goes well this will return to the command prompt almost
immediately. This indicates that the server is now up and running. If
anything goes wrong during the initialization of the server you will
-see an error message on the screen.
+see an error message on the screen.
If the server started ok, you can now use your browser to
connect to the server and read the documentation. If you are running
<i>child</i> processes to handle the requests. If you started Apache
as the root user, the parent process will continue to run as root
while the children will change to the user as given in the httpd.conf
-file.
+file.
<P>
<h2>Invoking Apache</h2>
The <code>httpd</code> program is usually run as a daemon which executes
continuously, handling requests. It is possible to invoke Apache by
-the Internet daemon <code>inetd</code> each time a connection to the HTTP
-service is made (use the
+the Internet daemon <code>inetd</code> each time a connection to the HTTP
+service is made (use the
<A HREF="mod/core.html#servertype">ServerType</A> directive)
-but this is not recommended.
+but this is not recommended.
<h2>Command line options</h2>
The following options are recognized on the httpd command line:
<h2>Invoking Apache</h2>
The <code>httpd</code> program is usually run as a daemon which executes
continuously, handling requests. It is possible to invoke Apache by
-the Internet daemon <code>inetd</code> each time a connection to the HTTP
-service is made (use the
+the Internet daemon <code>inetd</code> each time a connection to the HTTP
+service is made (use the
<A HREF="mod/core.html#servertype">ServerType</A> directive)
-but this is not recommended.
+but this is not recommended.
<h2>Command line options</h2>
The following options are recognized on the httpd command line:
<h2><a name="basics">Basic concepts.</a></h2>
-We begin with an overview of the basic concepts behind the
+We begin with an overview of the basic concepts behind the
API, and how they are manifested in the code.
<h3><a name="HMR">Handlers, Modules, and Requests</a></h3>
<li> `Fixups' --- there aren't any of these yet, but the phase is
intended as a hook for possible extensions like
<code>SetEnv</code>, which don't really fit well elsewhere.
- <li> Actually sending a response back to the client.
+ <li> Actually sending a response back to the client.
<li> Logging the request
</ul>
<ul>
<li> <em>Handle</em> the request, and indicate that it has done so
- by returning the magic constant <code>OK</code>.
+ by returning the magic constant <code>OK</code>.
<li> <em>Decline</em> to handle the request, by returning the magic
integer constant <code>DECLINED</code>. In this case, the
server behaves in all respects as if the handler simply hadn't
(such as <code>ScriptAlias</code>).
With no further ado, the module itself:
-
+
<pre>
/* Declarations of handlers. */
server_rec *server;
/* What object is being requested */
-
+
char *uri;
char *filename;
char *path_info;
char *args; /* QUERY_ARGS, if any */
struct stat finfo; /* Set by server core;
* st_mode set to zero if no such file */
-
+
char *content_type;
char *content_encoding;
-
+
/* MIME header environments, in and out. Also, an array containing
* environment variables to be passed to subprocesses, so people can
* write modules to add to that environment.
* redirects (so the headers printed for ErrorDocument handlers will
* have them).
*/
-
+
table *headers_in;
table *headers_out;
table *err_headers_out;
table *subprocess_env;
/* Info about the request itself... */
-
+
int header_only; /* HEAD request, as opposed to GET */
char *protocol; /* Protocol, as given to us, or HTTP/0.9 */
char *method; /* GET, HEAD, POST, etc. */
* These are config vectors, with one void* pointer for each module
* (the thing pointed to being the module's business).
*/
-
+
void *per_dir_config; /* Options set in config files, etc. */
void *request_config; /* Notes on *this* request */
-
+
};
</pre>
{
int errstatus;
FILE *f;
-
+
if (r->method_number != M_GET) return DECLINED;
if (r->finfo.st_mode == 0) return NOT_FOUND;
if ((errstatus = set_content_length (r, r->finfo.st_size))
|| (errstatus = set_last_modified (r, r->finfo.st_mtime)))
return errstatus;
-
+
f = fopen (r->filename, "r");
if (f == NULL) {
r->filename, r);
return FORBIDDEN;
}
-
+
register_timeout ("send", r);
send_http_header (r);
handlers in such cases is the one which was originally built for the
initial request from the client; note that the bytes_sent field will
only be correct in the last request in the chain (the one for which a
-response was actually sent).
+response was actually sent).
<h2><a name="pools">Resource allocation and resource pools</a></h2>
<h3>Other sorts of resources --- cleanup functions</h3>
More text goes here. Describe the the cleanup primitives in terms of
-which the file stuff is implemented; also, <code>spawn_process</code>.
+which the file stuff is implemented; also, <code>spawn_process</code>.
<h3>Fine control --- creating and dealing with sub-pools, with a note
on sub-requests</h3>
new->forced_types = make_table (p, 4);
new->encoding_types = make_table (p, 4);
-
+
return new;
}
</pre>
<pre>
command_rec mime_cmds[] = {
-{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
+{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
"a mime type followed by a file extension" },
-{ "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
+{ "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
"an encoding (e.g., gzip), followed by a file extension" },
{ NULL }
};
should be present. If the arguments in the actual config file
are not as required, this string will be used to help give a
more specific error message. (You can safely leave this
- <code>NULL</code>).
+ <code>NULL</code>).
</ul>
Finally, having set this all up, we have to use it. This is
r->content_type = DIR_MAGIC_TYPE;
return OK;
}
-
+
if((i=rind(fn,'.')) < 0) return DECLINED;
++i;
{
r->content_type = type;
}
-
+
return OK;
}
alias_entry *new = push_array (conf->redirects);
if (!is_url (url)) return "Redirect to non-URL";
-
+
new->fake = f; new->real = url;
return NULL;
}
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Apache Server Frequently Asked Questions</H1>
<P>
- $Revision: 1.81 $ ($Date: 1997/07/06 14:54:47 $)
+ $Revision: 1.82 $ ($Date: 1997/07/06 17:19:04 $)
</P>
<P>
The latest version of this FAQ is always available from the main
<LI><A HREF="#why">Why was Apache created?</A>
</LI>
<LI><A HREF="#relate">How does The Apache Group's work relate to
- other servers?</A>
+ other servers?</A>
</LI>
<LI><A HREF="#name">Why the name "Apache"?</A>
</LI>
</LI>
<LI><A HREF="#premature-script-headers">What does it mean when my
CGIs fail with "<SAMP>Premature end of script
- headers</SAMP>"?</A>
+ headers</SAMP>"?</A>
</LI>
<LI><A HREF="#ssi-part-i">How do I enable SSI (parsed HTML)?</A>
</LI>
</LI>
<LI><A HREF="#cookies1">Why does Apache send a cookie on every response?</A>
</LI>
- <LI><A HREF="#cookies2">Why don't my cookies work, I even compiled in
+ <LI><A HREF="#cookies2">Why don't my cookies work, I even compiled in
<SAMP>mod_cookies</SAMP>?</A>
</LI>
<LI><A HREF="#jdk1-and-http1.1">Why do my Java app[let]s give me plain text
<LI><A HREF="#addlog">How do I add browsers and referrers to my
logs?</A>
</LI>
- <LI><A HREF="#bind8.1">Why do I get an error about an undefined
+ <LI><A HREF="#bind8.1">Why do I get an error about an undefined
reference to "<SAMP>__inet_ntoa</SAMP>" or other
<SAMP>__inet_*</SAMP> symbols?</A>
</LI>
<P>
To address the concerns of a group of WWW providers and part-time httpd
programmers that httpd didn't behave as they wanted it to behave.
- Apache is an entirely volunteer effort, completely funded by its
+ Apache is an entirely volunteer effort, completely funded by its
members, not by commercial sales.
</P>
<HR>
For an independent assessment, see
<A
HREF="http://webcompare.iworld.com/compare/chart.html"
- >Web Compare</A>'s
+ >Web Compare</A>'s
comparison chart.
</P>
<P>
<P>
Apache tries to be helpful when it encounters a problem. In many
cases, it will provide some details by writing one or messages to
- the server error log. Sometimes this is enough for you to diagnose
+ the server error log. Sometimes this is enough for you to diagnose
& fix the problem yourself (such as file permissions or the like).
- The default location of the error log is
- <SAMP>/usr/local/etc/httpd/logs/error_log</SAMP>, but see the
+ The default location of the error log is
+ <SAMP>/usr/local/etc/httpd/logs/error_log</SAMP>, but see the
<A
HREF="../mod/core.html#errorlog"
><SAMP>ErrorLog</SAMP></A>
NCSA httpd 1.4 and NCSA httpd 1.5.
</P>
<P>
- NCSA httpd appears to be moving toward adding experimental features
+ NCSA httpd appears to be moving toward adding experimental features
which are not generally required at the moment. Some of the experiments
will succeed while others will inevitably be dropped. The Apache
philosophy is to add what's needed as and when it is needed.
<LI><A NAME="premature-script-headers">
<STRONG>What does it mean when my CGIs fail with
"<SAMP>Premature end of script headers</SAMP>"?</STRONG>
- </A>
+ </A>
<P>
It means just what it says: the server was expecting a complete set of
HTTP headers (one or more followed by a blank line), and didn't get
<P>
The second most common cause of this (aside from people not
outputting the required headers at all) is a result of an interaction
- with Perl's output buffering. To make Perl flush its buffers
+ with Perl's output buffering. To make Perl flush its buffers
after each output statement, insert the following statements around
the <CODE>print</CODE> or <CODE>write</CODE> statements that send your
HTTP headers:
</DL>
</P>
<P>
- This is generally only necessary when you are calling external
+ This is generally only necessary when you are calling external
programs from your script that send output to stdout, or if there will
be a long delay between the time the headers are sent and the actual
content starts being emitted. To maximise performance, you should
</P>
<P>
If your script isn't written in Perl, do the equivalent thing for
- whatever language you <EM>are</EM> using (<EM>e.g.</EM>, for C, call
+ whatever language you <EM>are</EM> using (<EM>e.g.</EM>, for C, call
<CODE>fflush()</CODE> after writing the headers).
</P>
<HR>
SSI (an acronym for Server-Side Include) directives allow static HTML
documents to be enhanced at run-time (<EM>e.g.</EM>, when delivered to
a client by Apache). The format of SSI directives is covered
- in the <A HREF="../mod/mod_include.html">mod_include manual</A>;
+ in the <A HREF="../mod/mod_include.html">mod_include manual</A>;
suffice it to say that Apache supports not only SSI but
xSSI (eXtended SSI) directives.
</P>
HREF="../mod/mod_proxy.html"
>proxy module</A>.
If compiled
- in, this will make Apache act as a caching-proxy server.
+ in, this will make Apache act as a caching-proxy server.
</P>
<HR>
</LI>
<P>
"Multiviews" is the general name given to the Apache
server's ability to provide language-specific document variants in
- response to a request. This is documented quite thoroughly in the
+ response to a request. This is documented quite thoroughly in the
<A
HREF="../content-negotiation.html"
REL="Help"
virtual hosts?</STRONG>
</A>
<P>
- You are probably running into resource limitations in your
- operating system. The most common limitation is the
- <EM>per</EM>-process limit on <STRONG>file descriptors</STRONG>,
- which is almost always the cause of problems seen when adding
- virtual hosts. Apache often does not give an intuitive error
- message because it is normally some library routine (such as
- <CODE>gethostbyname()</CODE>) which needs file descriptors and
- doesn't complain intelligibly when it can't get them.
+ You are probably running into resource limitations in your
+ operating system. The most common limitation is the
+ <EM>per</EM>-process limit on <STRONG>file descriptors</STRONG>,
+ which is almost always the cause of problems seen when adding
+ virtual hosts. Apache often does not give an intuitive error
+ message because it is normally some library routine (such as
+ <CODE>gethostbyname()</CODE>) which needs file descriptors and
+ doesn't complain intelligibly when it can't get them.
</P>
<P>
Each log file requires a file descriptor, which means that if you are
using separate access and error logs for each virtual host, each
- virtual host needs two file descriptors. Each
+ virtual host needs two file descriptors. Each
<A
HREF="../mod/core.html#listen"
><SAMP>Listen</SAMP></A>
- directive also needs a file descriptor.
+ directive also needs a file descriptor.
</P>
<P>
Typical values for <<EM>n</EM>> that we've seen are in
<A
HREF="../mod/core.html#listen"
><SAMP>Listen</SAMP></A>
- directives. If there are no other servers running on the machine
+ directives. If there are no other servers running on the machine
on the same port then you normally don't
need any Listen directives at all. By default Apache listens to
all addresses on port 80.
</LI>
- <LI>Reduce the number of log files. You can use
+ <LI>Reduce the number of log files. You can use
<A
HREF="../mod/mod_log_config.html"
><SAMP>mod_log_config</SAMP></A>
to log all requests to a single log file while including the name
- of the virtual host in the log file. You can then write a
+ of the virtual host in the log file. You can then write a
script to split the logfile into separate files later if
necessary.
</LI>
</A>
<P>
On FreeBSD 2.2 and older <SAMP>FD_SETSIZE</SAMP>, which limits the
- number of open
+ number of open
files on the system, is limited to 256. This can restrict the number of
virtual hosts you can use; especially if they all use different log
files. Increasing this limit (and recompiling Apache) is not enough,
<P>
You need to use it with a URL in the form
"<SAMP>/foo/bar</SAMP>" and not one with a method and
- hostname such as "<SAMP>http://host/foo/bar</SAMP>". See the
+ hostname such as "<SAMP>http://host/foo/bar</SAMP>". See the
<A
HREF="../mod/core.html#errordocument"
><SAMP>ErrorDocument</SAMP></A>
</A>
<P>
Apache does <EM>not</EM> send automatically send a cookie on every
- response, unless you have re-compiled it with the
+ response, unless you have re-compiled it with the
<A
HREF="../mod/mod_cookies.html"
><SAMP>mod_cookies</SAMP></A>
This module may help track users, and uses cookies to do this. If
you are not using the data generated by <SAMP>mod_cookies</SAMP>, do
not compile it into Apache. Note that in 1.2 this module was renamed
- to the more correct name
+ to the more correct name
<A
HREF="../mod/mod_usertrack.html"
><SAMP>mod_usertrack</SAMP></A>,
- and cookies
+ and cookies
have to be specifically enabled with the
<A
HREF="../mod/mod_usertrack.html#cookietracking"
<LI><A NAME="nodelay">
<STRONG>Why am I getting "<SAMP>httpd: could not set socket
option TCP_NODELAY</SAMP>" in my error log?</STRONG>
- </A>
+ </A>
<P>
This message almost always indicates that the client disconnected
before Apache reached the point of calling <CODE>setsockopt()</CODE>
<LI><A NAME="peerreset">
<STRONG>Why am I getting "<SAMP>connection reset by
peer</SAMP>" in my error log?</STRONG>
- </A>
+ </A>
<P>
This is a normal message and nothing about which to be alarmed. It simply
means that the client cancelled the connection before it had been
<P>
<UL>
<LI>Remove the definition of <CODE>struct iovec</CODE> from your C
- library includes. It is located in <CODE>/usr/include/sys/uio.h</CODE>.
+ library includes. It is located in <CODE>/usr/include/sys/uio.h</CODE>.
<STRONG>Or,</STRONG>
</LI>
<LI>Add <CODE>-DNO_WRITEV</CODE> to the <CODE>EXTRA_CFLAGS</CODE>
In Apache version 1.2, the error log message
about dumped core includes the directory where the dump file should be
located. However, many Unixes do not allow a process that has
- called <CODE>setuid()</CODE> to dump core for security reasons;
- the typical Apache setup has the server started as root to bind to
- port 80, after which it changes UIDs to a non-privileged user to
+ called <CODE>setuid()</CODE> to dump core for security reasons;
+ the typical Apache setup has the server started as root to bind to
+ port 80, after which it changes UIDs to a non-privileged user to
serve requests.
</P>
<P>
encryption technology. If Apache included SSL in the base package,
its distribution would involve all sorts of legal and bureaucratic
issues, and it would no longer be freely available. Also, some of
- the technology required to talk to current clients using SSL is
- patented by <A HREF="http://www.rsa.com/">RSA Data Security</A>,
+ the technology required to talk to current clients using SSL is
+ patented by <A HREF="http://www.rsa.com/">RSA Data Security</A>,
who restricts its use without a license.
</P>
<P>
<HR>
</LI>
<LI><A NAME="HPUX-core">
- <STRONG>Why do I get core dumps under HPUX using HP's ANSI
+ <STRONG>Why do I get core dumps under HPUX using HP's ANSI
C compiler?</STRONG>
</A>
<P>
the operating system.
</LI>
<LI><STRONG>Your operating system or compiler may be out of
- revision.</STRONG>
+ revision.</STRONG>
<BR>
Software vendors (including those that develop operating systems)
issue new releases for a reason; sometimes to add functionality, but
<HR>
</LI>
<LI><A NAME="bind8.1">
- <STRONG>Why do I get an error about an undefined reference to
+ <STRONG>Why do I get an error about an undefined reference to
"<SAMP>__inet_ntoa</SAMP>" or other
<SAMP>__inet_*</SAMP> symbols?</STRONG>
</A>
<P>
If you have installed <A HREF="http://www.isc.org/bind.html">BIND-8</A>
then this is normally due to a conflict between your include files
- and your libraries. BIND-8 installs its include files and libraries
+ and your libraries. BIND-8 installs its include files and libraries
<CODE>/usr/local/include/</CODE> and <CODE>/usr/local/lib/</CODE>, while
the resolver that comes with your system is probably installed in
<CODE>/usr/include/</CODE> and <CODE>/usr/lib/</CODE>. If
your system uses the header files in <CODE>/usr/local/include/</CODE>
before those in <CODE>/usr/include/</CODE> but you do not use the new
- resolver library, then the two versions will conflict.
+ resolver library, then the two versions will conflict.
</P>
<P>
To resolve this, you can either make sure you use the include files
and libraries that came with your system or make sure to use the
new include files and libraries. Adding <CODE>-lbind</CODE> to the
- <CODE>EXTRA_LDFLAGS</CODE> line in your <SAMP>Configuration</SAMP>
+ <CODE>EXTRA_LDFLAGS</CODE> line in your <SAMP>Configuration</SAMP>
file, then re-running <SAMP>Configure</SAMP>, should resolve the
problem. (Apache versions 1.2.* and earlier use
<CODE>EXTRA_LFLAGS</CODE> instead.)
<HR>
</LI>
<LI><A NAME="set-servername">
- <STRONG>Why does accessing directories only work when I include
+ <STRONG>Why does accessing directories only work when I include
the trailing "/"
(<EM>e.g.</EM>, <SAMP>http://foo.domain.com/~user/</SAMP>)
- but not when I omit it
+ but not when I omit it
(<EM>e.g.</EM>, <SAMP>http://foo.domain.com/~user</SAMP>)?</STRONG>
</A>
<P>
When you access a directory without a trailing "/", Apache needs
to send what is called a redirect to the client to tell it to
add the trailing slash. If it did not do so, relative URLs would
- not work properly. When it sends the redirect, it needs to know
+ not work properly. When it sends the redirect, it needs to know
the name of the server so that it can include it in the redirect.
There are two ways for Apache to find this out; either it can guess,
or you can tell it. If your DNS is configured correctly, it can
normally guess without any problems. If it is not, however, then
- you need to tell it.
+ you need to tell it.
</P>
<P>
- Add a <A HREF="../mod/core.html#servername">ServerName</A> directive
+ Add a <A HREF="../mod/core.html#servername">ServerName</A> directive
to the config file to tell it what the domain name of the server is.
</P>
<HR>
</LI>
<LI><A NAME="user-authentication">
- <STRONG>How do I set up Apache to require a username and
+ <STRONG>How do I set up Apache to require a username and
password to access certain documents?</STRONG>
</A>
<P>
- There are several ways to do this; some of the more popular
+ There are several ways to do this; some of the more popular
ones are to use the <A HREF="../mod/mod_auth.html">mod_auth</A>,
<A HREF="../mod/mod_auth_db.html">mod_auth_db</A>, or
<A HREF="../mod/mod_auth_dbm.html">mod_auth_dbm</A> modules.
<A
HREF="http://www.apacheweek.com/features/userauth"
><CITE>Using User Authentication</CITE></A>
- or
+ or
<A
HREF="http://www.apacheweek.com/features/dbmauth"
><CITE>DBM User Authentication</CITE></A>.
<HR>
</LI>
<LI><A NAME="remote-auth-only">
- <STRONG>How do I set up Apache to allow access to certain
+ <STRONG>How do I set up Apache to allow access to certain
documents only if a site is either a local site <EM>or</EM>
the user supplies a password and username?</STRONG>
</A>
the database, rather than a fast internal device. The
<SAMP>libmsql</SAMP>, the mSQL FAQ, and the <SAMP>mod_auth_msql</SAMP>
documentation warn you about this. If you have to use different
- hosts, check out the <SAMP>mod_auth_msql</SAMP> code for
+ hosts, check out the <SAMP>mod_auth_msql</SAMP> code for
some compile time flags which might - or might not - suit you.
</P>
<HR>
100 response is defeated). Never call this function more than once.
<li>Finally, call <code>get_client_block</code> in a loop. Pass it a
- buffer and its
+ buffer and its
size. It will put data into the buffer (not necessarily the full
buffer, in the case of chunked inputs), and return the length of
the input block. When it is done reading, it will
<OL>
-<LI>The basic mod_auth <CODE>AuthGroupFile</CODE>-specified group file
+<LI>The basic mod_auth <CODE>AuthGroupFile</CODE>-specified group file
format allows commas between user names - Apache does not.<BR>
<I>- added 12/1/96</I>
</LI>
<LI><CODE>AuthUserFile</CODE> requires a full pathname. In earlier
versions of NCSA httpd and Apache, you could use a filename
relative to the .htaccess file. This could be a major security hole,
- as it made it trivially easy to make a ".htpass" file in the a
+ as it made it trivially easy to make a ".htpass" file in the a
directory easily accessible by the world. We recommend you store
your passwords outside your document tree.
<P>
- <LI>Icons for FancyIndexing broken - well, no, they're not broken, we've just upgraded the
- icons from flat .xbm files to pretty and much smaller .gif files, courtesy of
+ <LI>Icons for FancyIndexing broken - well, no, they're not broken,
+ we've just upgraded the
+ icons from flat .xbm files to pretty and much smaller .gif files, courtesy of
<a href="mailto:kevinh@eit.com">Kevin Hughes</a> at
-<a href="http://www.eit.com">EIT</a>.
- If you are using the same srm.conf from an old distribution, make sure you add the new
- AddIcon, AddIconByType, and DefaultIcon commands.
+<a href="http://www.eit.com/">EIT</a>.
+ If you are using the same srm.conf from an old distribution, make sure
+ you add the new
+ <A
+ HREF="../mod/mod_dir.html#addicon"
+ >AddIcon</A>,
+ <A
+ HREF="../mod/mod_dir.html#addiconbytype"
+ >AddIconByType</A>,
+ and
+ <A
+ HREF="../mod/mod_dir.html#defaulticon"
+ >DefaultIcon</A>
+ directives.
<P>
- <LI>Under IRIX, the "Group" directive in httpd.conf needs to be a valid group name
- (i.e. "nogroup") not the numeric group ID. The distribution httpd.conf, and earlier
- ones, had the default Group be "#-1", which was causing silent exits at startup.<p>
+ <LI>Under IRIX, the "Group" directive in httpd.conf needs to be a
+ valid group name
+ (<EM>i.e.</EM>, "nogroup") not the numeric group ID. The distribution
+ httpd.conf, and earlier ones, had the default Group be "#-1", which
+ was causing silent exits at startup.<p>
<li><code>.asis</code> files: Apache 0.6.5 did not require a Status header;
it added one automatically if the .asis file contained a Location header.
</LI>
<LI>Apache does not permit commas delimiting the methods in <Limit>.
-
+
</OL>
More to come when we notice them....
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Descriptors and Apache</H1>
-<p>A <i>descriptor</i>, also commonly called a <i>file handle</i> is
+<p>A <EM>descriptor</EM>, also commonly called a <EM>file handle</EM> is
an object that a program uses to read or write an open file, or open
network socket, or a variety of other devices. It is represented
by an integer, and you may be familiar with <code>stdin</code>,
that a program can have open at a time. There are typically three limits
involved here. One is a kernel limitation, depending on your operating
system you will either be able to tune the number of descriptors available
-to higher numbers (this is frequently called <i>FD_SETSIZE</i>). Or you
+to higher numbers (this is frequently called <EM>FD_SETSIZE</EM>). Or you
may be stuck with a (relatively) low amount. The second limit is called
-the <i>hard resource</i> limit, and it is sometimes set by root in an
+the <EM>hard resource</EM> limit, and it is sometimes set by root in an
obscure operating system file, but frequently is the same as the kernel
-limit. The third limit is called the <i>soft
-resource</i> limit. The soft limit is always less than or equal to
+limit. The third limit is called the <EM>soft
+resource</EM> limit. The soft limit is always less than or equal to
the hard limit. For example, the hard limit may be 1024, but the soft
limit only 64. Any user can raise their soft limit up to the hard limit.
Root can raise the hard limit up to the system maximum limit. The soft
<dl>
- <dt> <b>BSDI 2.0</b>
- <dd> Under BSDI 2.0 you can build Apache to support more descriptors
- by adding <code>-DFD_SETSIZE=nnn</code> to
- <code>EXTRA_CFLAGS</code> (where nnn is the number of descriptors
- you wish to support, keep it less than the hard limit). But it
- will run into trouble if more than approximately 240 Listen
- directives are used. This may be cured by rebuilding your kernel
- with a higher FD_SETSIZE.
+ <dt><STRONG>BSDI 2.0</STRONG>
+ <dd>Under BSDI 2.0 you can build Apache to support more descriptors
+ by adding <code>-DFD_SETSIZE=nnn</code> to
+ <code>EXTRA_CFLAGS</code> (where nnn is the number of descriptors
+ you wish to support, keep it less than the hard limit). But it
+ will run into trouble if more than approximately 240 Listen
+ directives are used. This may be cured by rebuilding your kernel
+ with a higher FD_SETSIZE.
<p>
- <dt> <b>FreeBSD 2.2, BSDI 2.1+</b>
- <dd> Similar to the BSDI 2.0 case, you should define
- <code>FD_SETSIZE</code> and rebuild. But the extra
- Listen limitation doesn't exist.
+ <dt><STRONG>FreeBSD 2.2, BSDI 2.1+</STRONG>
+ <dd>Similar to the BSDI 2.0 case, you should define
+ <code>FD_SETSIZE</code> and rebuild. But the extra
+ Listen limitation doesn't exist.
<p>
- <dt> <b>Linux</b>
- <dd> By default Linux has a kernel maximum of 256 open descriptors
- per process. There are several patches available for the
- 2.0.x series which raise this to 1024 and beyond, and you
- can find them in the "unofficial patches" section of <a
- href="http://www.linuxhq.com/">the Linux Information HQ</a>.
- None of these patches are perfect, and an entirely different
- approach is likely to be taken during the 2.1.x development.
- Applying these patches will raise the FD_SETSIZE used to compile
- all programs, and unless you rebuild all your libraries you should
- avoid running any other program with a soft descriptor limit above
- 256. As of this writing the patches available for increasing
- the number of descriptors do not take this into account. On a
- dedicated webserver you probably won't run into trouble.
+ <dt><STRONG>Linux</STRONG>
+ <dd>By default Linux has a kernel maximum of 256 open descriptors
+ per process. There are several patches available for the
+ 2.0.x series which raise this to 1024 and beyond, and you
+
can find them in the "unofficial patches" section of <a
+ href="http://www.linuxhq.com/">the Linux Information HQ</a>.
+ None of these patches are perfect, and an entirely different
+ approach is likely to be taken during the 2.1.x development.
+ Applying these patches will raise the FD_SETSIZE used to compile
+ all programs, and unless you rebuild all your libraries you should
+ avoid running any other program with a soft descriptor limit above
+ 256. As of this writing the patches available for increasing
+ the number of descriptors do not take this into account. On a
+ dedicated webserver you probably won't run into trouble.
<p>
- <dt> <b>Solaris through 2.5.1</b>
- <dd> Solaris has a kernel hard limit of 1024 (may be lower in earlier
- versions). But it has a limitation that files using
- the stdio library cannot have a descriptor above 255.
- Apache uses the stdio library for the ErrorLog directive.
- When you have more than approximately 110 virtual hosts
- (with an error log and an access log each) you will need to
- build Apache with <code>-DHIGH_SLACK_LINE=256</code> added to
- <code>EXTRA_CFLAGS</code>. You will be limited to approximately
- 240 error logs if you do this.
+ <dt><STRONG>Solaris through 2.5.1</STRONG>
+ <dd>Solaris has a kernel hard limit of 1024 (may be lower in earlier
+ versions). But it has a limitation that files using
+ the stdio library cannot have a descriptor above 255.
+ Apache uses the stdio library for the ErrorLog directive.
+ When you have more than approximately 110 virtual hosts
+ (with an error log and an access log each) you will need to
+ build Apache with <code>-DHIGH_SLACK_LINE=256</code> added to
+ <code>EXTRA_CFLAGS</code>. You will be limited to approximately
+ 240 error logs if you do this.
<p>
- <dt> <b>AIX version ??</b>
- <dd> AIX appears to have a hard limit of 128 descriptors. End of
- story.
+ <dt><STRONG>AIX version ??</STRONG>
+ <dd>AIX appears to have a hard limit of 128 descriptors. End of
+ story.
<p>
- <dt> <b>Others</b>
- <dd> If you have details on another operating system, please submit
- it through our <a href="http://www.apache.org/bug_report.html">Bug
- Report Page</a>.
+ <dt><STRONG>Others</STRONG>
+ <dd>If you have details on another operating system, please submit
+
it through our <a href="http://www.apache.org/bug_report.html">Bug
+ Report Page</a>.
<p>
</dl>
fails if it ends up with a descriptor above 256. We suspect there
are other libraries that similar limitations. So the code as of 1.2.1
takes a defensive stance and tries to save descriptors less than 16
-for use while processing each request. This is called the <i>low
-slack line</i>.
+for use while processing each request. This is called the <EM>low
+slack line</EM>.
<p>Note that this shouldn't waste descriptors. If you really are pushing
the limits and Apache can't get a descriptor above 16 when it wants
state that the connection is in during the period between when the
server gets the ACK from the client and the server gets the FIN from
the client is known as FIN_WAIT_2. See the <A
-HREF="ftp://ds.internic.net/rfc/rfc793.txt">TCP RFC</A> for the
+HREF="ftp://ds.internic.net/rfc/rfc793.txt">TCP RFC</A> for the
technical details of the state transitions.<P>
-The FIN_WAIT_2 state is somewhat unusual in that there is no timeout
+The FIN_WAIT_2 state is somewhat unusual in that there is no timeout
defined in the standard for it. This means that on many operating
systems, a connection in the FIN_WAIT_2 state will stay around until
the system is rebooted. If the system does not have a timeout and
<LI><A HREF="http://www.freebsd.org/">FreeBSD</A> versions starting at 2.0 or possibly earlier.
<LI><A HREF="http://www.netbsd.org/">NetBSD</A> version 1.2(?)
<LI><A HREF="http://www.openbsd.org/">OpenBSD</A> all versions(?)
- <LI><A HREF="http://www.bsdi.com/">BSD/OS</A> 2.1, with the
+ <LI><A HREF="http://www.bsdi.com/">BSD/OS</A> 2.1, with the
<A HREF="ftp://ftp.bsdi.com/bsdi/patches/patches-2.1/K210-027">
- K210-027</A> patch installed.
+ K210-027</A> patch installed.
<LI><A HREF="http://www.sun.com/">Solaris</A> as of around version
- 2.2. The timeout can be tuned by using <CODE>ndd</CODE> to
+ 2.2. The timeout can be tuned by using <CODE>ndd</CODE> to
modify <CODE>tcp_fin_wait_2_flush_interval</CODE>, but the
- default should be appropriate for most servers and improper
+ default should be appropriate for most servers and improper
tuning can have negative impacts.
<LI><A HREF="http://www.sco.com/">SCO TCP/IP Release 1.2.1</A>
can be modified to have a timeout by following
<A HREF="http://www.sco.com/cgi-bin/waisgate?WAISdocID=2242622956+0+0+0&WAISaction=retrieve"> SCO's instructions</A>.
<LI><A HREF="http://www.linux.org/">Linux</A> 2.0.x and
earlier(?)
- <LI><A HREF="http://www.hp.com/">HP-UX</A> 10.x defaults to
- terminating connections in the FIN_WAIT_2 state after the
+ <LI><A HREF="http://www.hp.com/">HP-UX</A> 10.x defaults to
+ terminating connections in the FIN_WAIT_2 state after the
normal keepalive timeouts. This does not
refer to the persistent connection or HTTP keepalive
- timeouts, but the <CODE>SO_LINGER</CODE> socket option
- which is enabled by Apache. This parameter can be adjusted
+ timeouts, but the <CODE>SO_LINGER</CODE> socket option
+ which is enabled by Apache. This parameter can be adjusted
by using <CODE>nettune</CODE> to modify parameters such as
<CODE>tcp_keepstart</CODE> and <CODE>tcp_keepstop</CODE>.
In later revisions, there is an explicit timer for
connections in FIN_WAIT_2 that can be modified; contact HP
support for details.
<LI><A HREF="http://www.sgi.com/">SGI IRIX</A> can be patched to
- support a timeout. For IRIX 5.3, 6.2, and 6.3,
+ support a timeout. For IRIX 5.3, 6.2, and 6.3,
use patches 1654, 1703 and 1778 respectively. If you
have trouble locating these patches, please contact your
SGI support channel for help.
<LI><A HREF="http://www.ncr.com/">NCR's MP RAS Unix</A> 2.xx and
3.xx both have FIN_WAIT_2 timeouts. In 2.xx it is non-tunable
at 600 seconds, while in 3.xx it defaults to 600 seconds and
- is calculated based on the tunable "max keep alive probes"
+ is calculated based on the tunable "max keep alive probes"
(default of 8) multiplied by the "keep alive interval" (default
75 seconds).
<LI><A HREF="http://www.sequent.com">Squent's ptx/TCP/IP for
source should be easy to patch.
</UL>
<P>
-There is a
+There is a
<A HREF="http://www.apache.org/dist/contrib/patches/1.2/fin_wait_2.patch">
patch available</A> for adding a timeout to the FIN_WAIT_2 state; it
was originally intended for BSD/OS, but should be adaptable to most
<CODE>lingering_close()</CODE> function. This will result in that
section of code being similar to that which was in 1.1. If you do
this, be aware that it can cause problems with PUTs, POSTs and
-persistent connections, especially if the client uses pipelining.
-That said, it is no worse than on 1.1, and we understand that keeping your
+persistent connections, especially if the client uses pipelining.
+That said, it is no worse than on 1.1, and we understand that keeping your
server running is quite important.<P>
To compile without the <CODE>lingering_close()</CODE> function, add
The exact way to increase them may depend on your OS; look
for some reference to the number of "mbufs" or "mbuf clusters". On
-many systems, this can be done by adding the line
-<CODE>NMBCLUSTERS="n"</CODE>, where <CODE>n</CODE> is the number of
-mbuf clusters you want to your kernel config file and rebuilding your
+many systems, this can be done by adding the line
+<CODE>NMBCLUSTERS="n"</CODE>, where <CODE>n</CODE> is the number of
+mbuf clusters you want to your kernel config file and rebuilding your
kernel.<P>
</DL>
There are two conditions under which this is likely to occur:
<OL>
<LI>sending POST or PUT data without proper authorization
-<LI>sending multiple requests before each response (pipelining)
+<LI>sending multiple requests before each response (pipelining)
and one of the middle requests resulting in an error or
other break-the-connection result.
</OL>
<H2>Permissions on Log File Directories</H2>
<P>When Apache starts, it opens the log files as the user who started the
-server before switching to the user defined in the
+server before switching to the user defined in the
<a href="../mod/core.html#user"><b>User</b></a> directive. Anyone who
has write permission for the directory where any log files are
being written to can append pseudo-arbitrary data to any file on the
system which is writable by the user who starts Apache. Since the
server is normally started by root, you should <EM>NOT</EM> give anyone
write permission to the directory where logs are stored unless you
-want them to have root access.
+want them to have root access.
<P>
<HR>
<H2>Server Side Includes</H2>
<LI>redirect to an external URL to handle the problem/error
</OL>
-<P>The first option is the default, while options 2-4 are configured
-using the <CODE>ErrorDocument</CODE> directive, which is followed by
+<P>The first option is the default, while options 2-4 are configured
+using the <CODE>ErrorDocument</CODE> directive, which is followed by
the HTTP response code and a message or URL.
<P><em>Messages</em> in this context begin with a single quote
-(<code>"</code>), which does not form part of the message itself.
-Apache will sometimes offer additional information regarding the
-problem/error.
+(<code>"</code>), which does not form part of the message itself.
+Apache will sometimes offer additional information regarding the
+problem/error.
<P>URLs can begin with a slash (/) for local URLs, or be a full
URL which the client can resolve. Examples:
ErrorDocument 403 "Sorry can't allow you access today
</code></blockquote>
-<P>Note that when you specify an <CODE>ErrorDocument</CODE> that
-points to a remote URL (ie. anything with a method such as "http" in
+<P>Note that when you specify an <CODE>ErrorDocument</CODE> that
+points to a remote URL (ie. anything with a method such as "http" in
front of it) Apache will send a redirect to the client to tell it
-where to find the document, even if the document ends up being
+where to find the document, even if the document ends up being
on the same server.. This has several implications, the
most important being that <STRONG>if you use an "ErrorDocument 401"
directive then it must refer to a local document.</STRONG> This results
<blockquote><code>ErrorLog /dev/null</code></blockquote>
This effectively turns off error logging.<p>
-SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A>
+SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A>
document for details on why your security could be compromised if
the directory where logfiles are stored is writable by anyone other
than the user that starts the server.
<Directory> sections and <code>.htaccess</code> files are
read, but before <Location> sections.</p>
-<p>The <em>filename</em> argument should include a filename, or a
+<p>The <em>filename</em> argument should include a filename, or a
wild-card string, where `?' matches any single character, and `*' matches any
-sequences of characters. Extended regular expressions can also be used, with the addition of
+sequences of characters. Extended regular expressions can also be used,
+with the addition of
the <code>~</code> character. For example:</p>
<pre>
The maximum length of the queue of pending connections. Generally no
tuning is needed or desired, however on some systems it is desirable
-to increase this when under a TCP SYN flood attack. See
+to increase this when under a TCP SYN flood attack. See
the backlog parameter to the <code>listen(2)</code> system call.
<h2><A name="limit"><Limit> directive</A></h2>
<strong>Status:</strong> core<p>
The Options directive controls which server features are available in
-a particular directory.
+a particular directory.
<p>
<em>option</em> can be set to <code>None</code>, in which case none of
the extra features are enabled, or one or more of the following:
sets the <code>SERVER_PORT</code> environment variable (for
<a href="mod_cgi.html">CGI</a> and <a href="mod_include.html">SSI</a>),
and is used when the server must generate a URL that refers to itself
-(for example when creating an external redirect to itself).
+(for example when creating an external redirect to itself).
</ul>
In no event does a Port setting affect
See also <A HREF="#accessconfig">AccessConfig</A>.<p><hr>
-<H2><A name="rlimit">RLimitCPU</A> <A NAME="rlimit">directive</A></H2>
+<H2><A name="rlimit">RLimitCPU</A> <A NAME="rlimitcpu">directive</A></H2>
<!--%plaintext <?INDEX {\tt RLimitCPU} directive> -->
<strong>Syntax:</strong> RLimitCPU <em># or 'max'</em> <em>[# or 'max']</em><br>
<strong>Default:</strong> <code>Unset uses operating system defaults</code><br>
<LI>The total amount of time it takes to receive a GET request.
<LI>The amount of time between receipt of TCP packets on a POST or
PUT request.
- <LI>The amount of time between ACKs on transmissions of TCP packets
+ <LI>The amount of time between ACKs on transmissions of TCP packets
in responses.
</OL>
<VirtualHost> and </VirtualHost> are used to enclose a group of
directives which will apply only to a particular virtual host.
-Any directive which is allowed in a virtual host context may be used.
+Any directive which is allowed in a virtual host context may be used.
When the server receives a request for a document on a particular virtual
host, it uses the configuration directives enclosed in the <VirtualHost>
section. <em>Addr</em> can be
(This is recommended when used with <code>_default_</code>.)<p>
<strong>SECURITY</strong>: See the
-<A HREF="../misc/security_tips.html">security tips</A>
+<A HREF="../misc/security_tips.html">security tips</A>
document for details on why your security could be compromised if
the directory where logfiles are stored is writable by anyone other
than the user that starts the server.
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
-<H1 ALIGN="CENTER">Apache directives</H1>
+<H1 ALIGN="CENTER">Apache Directives</H1>
<ul>
<li><A HREF="core.html#accessconfig">AccessConfig</A>
<dt><A HREF="mod_log_agent.html">mod_log_agent</A>
<dd>Logging of User Agents.
<dt><A HREF="mod_log_common.html">mod_log_common</A> up to Apache 1.1.1
-<dd>Standard logging in the Common Logfile Format. Replaced by the
+<dd>Standard logging in the Common Logfile Format. Replaced by the
mod_log_config module in Apache 1.2 and up
<dt><A HREF="mod_log_config.html">mod_log_config</A>
<dd>User-configurable logging replacement for mod_log_common.
<dt><A HREF="mod_userdir.html">mod_userdir</A>
<dd>User home directories.
<dt><A HREF="mod_usertrack.html">mod_usertrack</A> Apache 1.2 and up
-<dd>User tracking using Cookies (replacement for mod_cookies.c)
+<dd>User tracking using Cookies (replacement for mod_cookies.c)
</dl>
<!--#include virtual="footer.html" -->
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_access</h1>
-
+<P>
This module is contained in the <code>mod_access.c</code> file, and
is compiled in by default. It provides access control based on client
hostname or IP address.
+</P>
-
-<menu>
+<UL>
<li><A HREF="#allow">allow</A>
<li><A HREF="#allowfromenv">allow from env=</A>
<li><A HREF="#deny">deny</A>
<li><A HREF="#denyfromenv">deny from env=</A>
<li><A HREF="#order">order</A>
-</menu>
+</UL>
<hr>
-<A name="allow"><h2>allow</h2></A>
+<h2><A name="allow">allow directive</A></h2>
+<P>
<!--%plaintext <?INDEX {\tt allow} directive> -->
<strong>Syntax:</strong> allow from <em>host host ...</em><br>
<Strong>Context:</strong> directory, .htaccess<br>
<Strong>Override:</strong> Limit<br>
<strong>Status:</strong> Base<br>
-<strong>Module:</strong> mod_access<p>
-
+<strong>Module:</strong> mod_access
+</p>
+<P>
The allow directive affects which hosts can access a given directory.
<em>Host</em> is one of the following:
+</P>
<dl>
<dt><code>all</code>
-<dd>all hosts are allowed access
+<dd>All hosts are allowed access
<dt>A (partial) domain-name
-<dd>host whose name is, or ends in, this string are allowed access.
+<dd>Hosts whose names match, or end in, this string are allowed access.
<dt>A full IP address
<dd>An IP address of a host allowed access
<dt>A partial IP address
<dd>The first 1 to 3 bytes of an IP address, for subnet restriction.
</dl>
-
-Example:<blockquote><code>allow from .ncsa.uiuc.edu</code></blockquote>
-All hosts in the specified domain are allowed access.<p>
-
+<P>
+Example:
+</P>
+<blockquote><code>allow from .ncsa.uiuc.edu</code></blockquote>
+<P>
+All hosts in the specified domain are allowed access.
+</p>
+<P>
Note that this compares whole components; <code>bar.edu</code>
-would not match <code>foobar.edu</code>.<p>
-
+would not match <code>foobar.edu</code>.
+</P>
+<P>
See also <A HREF="#deny">deny</A>, <A HREF="#order">order</A>, and
-<a href="mod_browser.html#browsermatch">BrowserMatch</a>.<p>
+<a href="mod_browser.html#browsermatch">BrowserMatch</a>.
+</p>
+<P>
<a name="allowfromenv"><strong>Syntax:</strong> allow from env=<em>variablename</em></a><br>
<Strong>Context:</strong> directory, .htaccess<br>
<Strong>Override:</strong> Limit<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_access<br>
-<strong>Compatibility:</strong> Apache 1.2 and above<p>
-
+<strong>Compatibility:</strong> Apache 1.2 and above
+</p>
+<P>
The allow from env directive controls access to a directory by the
existence (or non-existence) of an environment variable.
-
-Example:<blockquote><pre>
+</P>
+<P>
+Example:
+</P>
+<blockquote><pre>
BrowserMatch ^KnockKnock/2.0 let_me_in
<Directory /docroot>
order allow,deny
deny from all
</Directory>
</pre></blockquote>
-
+<P>
See also <A HREF="#denyfromenv">deny from env</A>
-and <A HREF="#order">order</A>.<p><hr>
+and <A HREF="#order">order</A>.
+</p>
+<hr>
-<A name="deny"><h2>deny</h2></A>
+<h2><A name="deny">deny directive</A></h2>
+<P>
<!--%plaintext <?INDEX {\tt deny} directive> -->
<strong>Syntax:</strong> deny from <em>host host ...</em><br>
<Strong>Context:</strong> directory, .htaccess<br>
<Strong>Override:</strong> Limit<br>
<strong>Status:</strong> Base<br>
-<strong>Module:</strong> mod_access<p>
-
+<strong>Module:</strong> mod_access
+</p>
+<P>
The deny directive affects which hosts can access a given directory.
<em>Host</em> is one of the following:
+</P>
<dl>
<dt><code>all</code>
<dd>all hosts are denied access
<dt>A partial IP address
<dd>The first 1 to 3 bytes of an IP address, for subnet restriction.
</dl>
-
-Example:<blockquote><code>deny from 16</code></blockquote>
-All hosts in the specified network are denied access.<p>
-
+<P>
+Example:
+</P>
+<blockquote><code>deny from 16</code></blockquote>
+<P>
+All hosts in the specified network are denied access.
+</p>
+<P>
Note that this compares whole components; <code>bar.edu</code>
-would not match <code>foobar.edu</code>.<p>
-
-See also <A HREF="#allow">allow</A> and <A HREF="#order">order</A>.<p>
+would not match <code>foobar.edu</code>.
+</p>
+<P>
+See also <A HREF="#allow">allow</A> and <A HREF="#order">order</A>.
+</p>
+<P>
<a name="denyfromenv"><strong>Syntax:</strong> deny from env=<em>variablename</em></a><br>
<Strong>Context:</strong> directory, .htaccess<br>
<Strong>Override:</strong> Limit<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_access<br>
-<strong>Compatibility:</strong> Apache 1.2 and above<p>
-
+<strong>Compatibility:</strong> Apache 1.2 and above
+</p>
+<P>
The deny from env directive controls access to a directory by the
existence (or non-existence) of an environment variable.
-
-Example:<blockquote><pre>
+</P>
+<P>
+Example:
+</P>
+<blockquote><pre>
BrowserMatch ^BadRobot/0.9 go_away
<Directory /docroot>
order deny,allow
</Directory>
</pre></blockquote>
+<P>
See also <A HREF="#allowfromenv">allow from env</A>
-and <A HREF="#order">order</A>.<p><hr>
+and <A HREF="#order">order</A>.
+</p>
+<hr>
-<A name="order"><h2>order</h2></A>
+<h2><A name="order">order directive</A></h2>
+<P>
<!--%plaintext <?INDEX {\tt order} directive> -->
<strong>Syntax:</strong> order <em>ordering</em><br>
<strong>Default:</strong> <code>order deny,allow</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> Limit<br>
<strong>Status:</strong> Base<br>
-<strong>Module:</strong> mod_access<p>
-
+<strong>Module:</strong> mod_access
+</p>
+<P>
The order directive controls the order in which <A HREF="#allow">allow</A> and
<A HREF="#deny">deny</A> directives are evaluated. <em>Ordering</em> is one
of
+</P>
<dl>
<dt>deny,allow
<dd>the deny directives are evaluated before the allow directives. (The
<dd>Only those hosts which appear on the allow list and do not appear
on the deny list are granted access. (The initial state is irrelevant.)
</dl>
-
+<P>
Note that in all cases every <code>allow</code> and <code>deny</code>
statement is evaluated, there is no "short-circuiting".
-
-<p>Example:
+</P>
+<p>
+Example:
+</P>
<blockquote><code>
order deny,allow<br>
deny from all<br>
allow from .ncsa.uiuc.edu<br>
</code></blockquote>
+<P>
Hosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are
denied access.
-
+</P>
<!--#include virtual="footer.html" -->
</BODY>
</HTML>
-
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_actions</h1>
-
+<P>
This module is contained in the <code>mod_actions.c</code> file, and
is compiled in by default. It provides for
executing CGI scripts based on media type or request method. It is not
present in versions prior to Apache 1.1.
-
+</P>
<h2>Summary</h2>
-
+<P>
This module lets you run CGI scripts whenever a file of a certain type
is requested. This makes it much easier to execute scripts that
process files.
-
+</P>
<h2>Directives</h2>
<ul>
<li><A HREF="#action">Action</A>
<hr>
-<A name="action"><h2>Action</h2></A>
+<h2><A name="action">Action directive</A></h2>
+<P>
<strong>Syntax:</strong> Action <em>mime-type cgi-script</em><br>
<strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
<strong>Override:</strong> FileInfo<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_actions<br>
<strong>Compatibility:</strong> Action is only available in Apache 1.1
-and later<p>
-
+and later
+</p>
+<P>
This directive adds an action, which will activate <em>cgi-script</em> when
a file of content type <em>mime-type</em> is requested. It sends the
URL and file path of the requested document using the standard
CGI PATH_INFO and PATH_TRANSLATED environment variables.
-
+</P>
<hr>
-<A name="script"><h2>Script</h2></A>
+<h2><A name="script">Script directive</A></h2>
+<P>
<strong>Syntax:</strong> Script <em>method cgi-script</em><br>
<strong>Context:</strong> server config, virtual host, directory<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_actions<br>
<strong>Compatibility:</strong> Script is only available in Apache 1.1
-and later<p>
+and later
+</p>
-<p>This directive adds an action, which will activate <em>cgi-script</em> when
+<p>
+This directive adds an action, which will activate <em>cgi-script</em> when
a file is requested using the method of <em>method</em>, which can be
one of <code>GET</code>, <code>POST</code>, <code>PUT</code> or
<code>DELETE</code>. It sends the
URL and file path of the requested document using the standard
-CGI PATH_INFO and PATH_TRANSLATED environment variables.
-
-<p>Note that the Script command defines default actions only. If a CGI
+CGI PATH_INFO and PATH_TRANSLATED environment variables.
+</P>
+<p>
+Note that the Script command defines default actions only. If a CGI
script is called, or some other resource that is capable of handling
-the requested method internally, it will do so. Also note that script
+the requested method internally, it will do so. Also note that Script
with a method of <code>GET</code> will only be called if there are
query arguments present (e.g. foo.html?hi). Otherwise, the request
will proceed normally.
-
-<p>Examples:
+</P>
+<p>
+Examples:
+</P>
<pre>
Script GET /cgi-bin/search #e.g. for <ISINDEX>-style searching
Script PUT /~bob/put.cgi
-
</pre>
<!--#include virtual="footer.html" -->
</BODY>
</HTML>
-
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_alias</h1>
-
+<P>
This module is contained in the <code>mod_alias.c</code> file, and
is compiled in by default. It provides for mapping different parts of the
host filesystem in the the document tree, and for URL redirection.
+</P>
-
-<menu>
+<H2>Directives</H2>
+<UL>
<li><A HREF="#alias">Alias</A>
<li><A HREF="#redirect">Redirect</A>
<li><A HREF="#redirecttemp">RedirectTemp</A>
<li><A HREF="#redirectperm">RedirectPermanent</A>
<li><A HREF="#scriptalias">ScriptAlias</A>
-</menu>
+</UL>
<hr>
-<A name="alias"><h2>Alias</h2></A>
+<h2><A name="alias">Alias directive</A></h2>
+<P>
<!--%plaintext <?INDEX {\tt Alias} directive> -->
<strong>Syntax:</strong> Alias <em>url-path directory-filename</em><br>
<Strong>Context:</strong> server config, virtual host<br>
<strong>Status:</strong> Base<br>
-<strong>Module:</strong> mod_alias<br>
-
+<strong>Module:</strong> mod_alias
+</P>
+<P>
The Alias directive allows documents to be stored in the local filesystem
other than under the <A HREF="core.html#documentroot">DocumentRoot</A>.
URLs with a (%-decoded) path beginning with <em>url-path</em> will be
mapped to local files beginning with <em>directory-filename</em>.
+<P>
Example:
+</P>
<blockquote><code>Alias /image /ftp/pub/image</code></blockquote>
+<P>
A request for http://myserver/image/foo.gif would cause the server to
-return the file /ftp/pub/image/foo.gif.<p>
-
+return the file /ftp/pub/image/foo.gif.
+</p>
+<P>
Note that if you include a trailing / on the <em>url-path</em> then the
server will require a trailing / in order to expand the alias. That is,
if you use <code>Alias /icons/ /usr/local/etc/httpd/icons/</code> then
-the url <code>/icons</code> will not be aliased.<p>
-
-See also <A HREF="#scriptalias">ScriptAlias</A>.<p><hr>
+the url <code>/icons</code> will not be aliased.
+</p>
+<P>
+See also <A HREF="#scriptalias">ScriptAlias</A>.
+</p>
+<hr>
-<A name="redirect"><h2>Redirect</h2></A>
+<h2><A name="redirect">Redirect directive</A></h2>
+<P>
<!--%plaintext <?INDEX {\tt Redirect} directive> -->
<strong>Syntax:</strong> Redirect [ <em>status</em> ] <em>url-path url</em><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_alias<br>
<strong>Compatibility:</strong> The directory and .htaccess context's
-are only available in versions 1.1 and later. The <em>status</em> argument is only available in Apache 1.2 or later.<p>
-
+are only available in versions 1.1 and later. The <em>status</em>
+argument is only available in Apache 1.2 or later.
+</P>
+<P>
The Redirect directive maps an old URL into a new one. The new URL is returned
to the client which attempts to fetch it again with the new address.
<em>Url-path</em> a (%-decoded) path; any requests for documents beginning with
this path will be returned a redirect error to a new (%-encoded) url
-beginning with <em>url</em>. Example:
+beginning with <em>url</em>.
+</P>
+<P>
+Example:
+</P>
<blockquote><code>Redirect /service
http://foo2.bar.com/service</code></blockquote>
+<P>
If the client requests http://myserver/service/foo.txt, it will be told to
-access http://foo2.bar.com/service/foo.txt instead.<p>
-
-Note: Redirect directives take precedence over Alias and ScriptAlias
+access http://foo2.bar.com/service/foo.txt instead.
+</p>
+<P>
+<STRONG>Note:</STRONG> Redirect directives take precedence over Alias
+and ScriptAlias
directives, irrespective of their ordering in the configuration file. Also,
-<em>Url-path</em> must be an absolute path, not a relative path, even when used with
-.htaccess files or inside of <Directory> sections.<p>
-
+<em>Url-path</em> must be an absolute path, not a relative path, even
+when used with .htaccess files or inside of <Directory> sections.
+</p>
+<P>
If no <em>status</em> argument is given, the redirect will be
-"temporary" (HTTP status 302). This indicates to the client that the
+"temporary" (HTTP status 302). This indicates to the client that the
resources is has moved temporarily. The <em>status</em>
argument can be used to return other HTTP status codes:
+<P>
<dl>
-<dt>permanent<dd>Returns a permanent redirect status (301) indicating that
+<dt>permanent
+<dd>Returns a permanent redirect status (301) indicating that
the resource has moved permanently.
-<dt>temp<dd>Returns a temporary redirect status (302). This is the
+<dt>temp
+<dd>Returns a temporary redirect status (302). This is the
default.
-<dt>seeother<dd>Returns a "See Other" status (303) indicating that
+<dt>seeother
+<dd>Returns a "See Other" status (303) indicating that
the resource has been replaced.
-<dt>gone<dd>Returns a "Gone" status (410) indicating that the resource
+<dt>gone
+<dd>Returns a "Gone" status (410) indicating that the resource
has been permanently removed. When this status is used the <em>url</em>
argument should be omitted.
</dl>
-
+<P>
Other status codes can be returned by giving the numeric status code
as the value of <em>status</em>. If the status is between 300 and 399,
the <em>url</em> argument must be present, otherwise it must be
omitted. Note that the status must be known to the Apache code (see
the function <code>send_error_response</code> in http_protocol.c).
+</P>
+<HR>
-<A name="redirecttemp"><h2>RedirectTemp</h2></A>
+<h2><A name="redirecttemp">RedirectTemp directive</A></h2>
+<P>
<!--%plaintext <?INDEX {\tt Redirect} directive> -->
<strong>Syntax:</strong> RedirectTemp <em>url-path url</em><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_alias<br>
-<strong>Compatibility:</strong> This directive is only available in 1.2<P>
-
+<strong>Compatibility:</strong> This directive is only available in 1.2
+</P>
+<P>
This directive makes the client know that the Redirect is only
-temporary. (Status 302). Exactly equivalent to <code>Redirect temporary </code><P>
+temporary (status 302). Exactly equivalent to <code>Redirect
+temporary</code>.
+</P>
+<HR>
-<A name="redirectperm"><h2>RedirectPermanent</h2></A>
+<h2><A name="redirectperm">RedirectPermanent directive</A></h2>
+<P>
<!--%plaintext <?INDEX {\tt Redirect} directive> -->
<strong>Syntax:</strong> RedirectPermanent <em>url-path url</em><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_alias<br>
-<strong>Compatibility:</strong> This directive is only available in 1.2<P>
-
-This directive makes the client know that the Redirect is permanent.
-(Status 301). Exactly equivalent to <code>Redirect permanent</code><P>
-
+<strong>Compatibility:</strong> This directive is only available in 1.2
+</P>
+<P>
+This directive makes the client know that the Redirect is permanent
+(status 301). Exactly equivalent to <code>Redirect permanent</code>.
+</P>
<hr>
-<A name="scriptalias"><h2>ScriptAlias</h2></A>
+
+<h2><A name="scriptalias">ScriptAlias directive</A></h2>
+<P>
<!--%plaintext <?INDEX {\tt ScriptAlias} directive> -->
<strong>Syntax:</strong> ScriptAlias <em>url-path directory-filename</em><br>
<Strong>Context:</strong> server config, virtual host<br>
<strong>Status:</strong> Base<br>
-<strong>Module:</strong> mod_alias<br>
-
+<strong>Module:</strong> mod_alias
+</P>
+<P>
The ScriptAlias directive has the same behavior as the
<A HREF="#alias">Alias</A> directive, except that in addition it
marks the target directory as containing CGI scripts.
URLs with a (%-decoded) path beginning with <em>url-path</em> will be
mapped to scripts beginning with <em>directory-filename</em>.
+<P>
Example:
+</P>
<blockquote><code>ScriptAlias /cgi-bin/ /web/cgi-bin/</code></blockquote>
+<P>
A request for http://myserver/cgi-bin/foo would cause the server to
-run the script /web/cgi-bin/foo.<p>
+run the script /web/cgi-bin/foo.
+</P>
<!--#include virtual="footer.html" -->
</BODY>
</HTML>
-
<hr>
-<A name="anonymous"><h2>Anonymous</h2></a>
+<h2><A name="anonymous">Anonymous directive</A></h2>
<!--%plaintext <?INDEX {\tt Anonymous} directive> -->
<strong>Syntax:</strong> Anonymous <em>user user ...</em><br>
<strong>Default:</strong> none<br>
'I Don't Know'.
<HR>
-<A name="Authoritative"><h2>Anonymous_Authoritative</h2></A>
+<h2><A name="Authoritative">Anonymous_Authoritative directive</A></h2>
<strong>Syntax:</strong> Anonymous_Authoritative <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_Authoritative off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
userID does not match the values specified in the
<code>Anonymous</code> directive, access is denied.
<p>
- Be sure you know what you are doing when you decide to switch
+ Be sure you know what you are doing when you decide to switch
it on. And remember that it is the linking order of the modules
(in the Configuration / Make file) which details the order
in which the Authorization modules are queried.
<hr>
-<A name="LogEmail"><h2>Anonymous_LogEmail</h2></A>
+<h2><A name="LogEmail">Anonymous_LogEmail directive</A></h2>
<strong>Syntax:</strong> Anonymous_LogEmail <em>on | off</em><br>
<strong>Default:</strong> <code>off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
contains a sensible email address) is logged in the httpd-log file.
<hr>
-<A name="MustGiveEmail"><h2>Anonymous_MustGiveEmail</h2></a>
+<h2><A name="MustGiveEmail">Anonymous_MustGiveEmail directive</A></h2>
<!--%plaintext <?INDEX {\tt Anonymous_MustGiveEmail} directive> -->
<strong>Syntax:</strong> Anonymous_MustGiveEmail <em>on</em> | <em>off</em><br>
<strong>Default:</strong> off<br>
address as the password. This prohibits blank passwords.
<HR>
-<A name="NoUserID"><h2>Anonymous_NoUserID</h2></A>
+<h2><A name="NoUserID">Anonymous_NoUserID directive</A></h2>
<strong>Syntax:</strong> Anonymous_NoUserID <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_NoUserID off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<hr>
-<A name="VerifyEmail"><h2>Anonymous_VerifyEmail</h2></A>
+<h2><A name="VerifyEmail">Anonymous_VerifyEmail directive</A></h2>
<strong>Syntax:</strong> Anonymous <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_VerifyEmail off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
checked for at least one '@' and a '.' to encourage users to enter
valid email addresses (see the above <code>Auth_LogEmail</code>).
-<hr><a name="Example"><h2>Example</h2></a>
+<hr>
+<h2><a name="Example">Example</A></h2>
The example below (when combined with the Auth directives
of a htpasswd-file based (or GDM, mSQL etc) base access
</dl>
-<hr><h2><a name="CompileTimeOptions">Compile Time Options</a></h2>
+<hr>
+<h2><a name="CompileTimeOptions">Compile Time Options</a></h2>
Currently there are no Compile options.
-<hr><h2><a name="RevisionHistory">Revision History</a></h2>
+<hr>
+<h2><a name="RevisionHistory">Revision History</a></h2>
This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.
</dl>
-<hr><h2><a name="Person">Contact/person to blame</a></h2>
+<hr>
+<h2><a name="Person">Contact/person to blame</a></h2>
This module was written for the
<a href="http://ewse.ceo.org">European Wide Service Exchange</a> by
<p>
-<hr><h2><a NAME="Sourcecode">Sourcecode</a></h2>
+<hr>
+<h2><a NAME="Sourcecode">Sourcecode</a></h2>
The source code can be found at <a href="http://www.apache.org"><code>
http://www.apache.org</code></a>. A snapshot of a development version
This module is contained in the <code>mod_auth_dbm.c</code> file, and
is not compiled in by default. It provides for user authentication using
-DBM files.
+DBM files.
<menu>
format (<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the text tag
given for an icon for non-graphical browsers.<p>
-<em>Mime-encoding</em> is a wildcard expression matching required the
+<em>Mime-encoding</em> is a wildcard expression matching required the
content-encoding. Examples:
<blockquote><code>
AddIconByEncoding /icons/compress.xbm x-compress
<h2>Summary</h2>
-Emulate the CERN HTTPD Meta file semantics. Meta files are HTTP
+Emulate the CERN HTTPD Meta file semantics. Meta files are HTTP
headers that can be output in addition to the normal range of headers
for each file accessed. They appear rather like the Apache
.asis files, and are able to provide a crude way of influencing
the Expires: header, as well as providing other curiosities.
There are many ways to manage meta information, this one was
chosen because there is already a large number of CERN users
-who can exploit this module.
+who can exploit this module.
<p>More information on the
<a href="http://www.w3.org/pub/WWW/Daemon/User/Config/General.html#MetaDir
format (<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the text tag
given for an icon for non-graphical browsers.<p>
-<em>Mime-encoding</em> is a wildcard expression matching required the
+<em>Mime-encoding</em> is a wildcard expression matching required the
content-encoding. Examples:
<blockquote><code>
AddIconByEncoding /icons/compress.xbm x-compress
CERN web-servers are able to do this, so this module is especially
useful to web-admins who wish to migrate from CERN to Apache without
rewriting all their scripts
-
+
<h2>Directives</h2>
<ul>
<li><A HREF="#passenv">PassEnv</A>
<dt><code>none</code>
<dd>If ImapMenu is
<code>none</code>, no menu is generated, and the <code>default</code>
- action is performed.
+ action is performed.
<dt><code>formatted</code>
<dd>A <code>formatted</code> menu is the simplest menu. Comments
in the imagemap file are ignored. A level one header is
<h3>Imagemap File Directives</h3>
There are six directives allowed in the imagemap file. The directives
can come in any order, but are processed in the order they are found
-in the imagemap file.
-<dl>
+in the imagemap file.
+<dl>
<dt><code>base</code> Directive
<dd>Has the effect of <code><BASE href="value"></code>. The
non-absolute URLs of the map-file are taken relative to this value.
<dt><code>referer</code>
<dd>Equivalent to the URL of the referring document.
Defaults to <code>http://servername/</code> if no Referer:
- header was present.
+ header was present.
<p>
<dt><code>nocontent</code>
<dd>Sends a status code of <code>204 No Content</code>,
<dt><code>error</code>
<dd>Fails with a <code>500 Server Error</code>. Valid for all but
<code>base</code>, but sort of silly for anything but
- <code>default</code>.
+ <code>default</code>.
</dl>
<h3>Coordinates</h3>
separated by a comma. The coordinates are separated from each other
by whitespace. To accommodate the way Lynx handles imagemaps, should a
user select the coordinate <code>0,0</code>, it is as if
- no coordinate had been selected.
+ no coordinate had been selected.
</dl>
<h3>Quoted Text</h3>
<dl>
<dt><code>"Menu Text"</code>
- <dd>After the value or after the coordinates, the line optionally may
+ <dd>After the value or after the coordinates, the line optionally may
contain text within double quotes. This string is used as the
text for the link if a menu is generated:<br>
<code><a href="http://foo.com/">Menu text</a></code><br>
is compiled in by default. It provides for server-parsed html
documents. Several directives beyond the original NCSA definition have been
included in Apache 1.2 - these are flagged below with the phrase
-"Apache 1.2 and above". Of particular significance are the new flow
+"Apache 1.2 and above". Of particular significance are the new flow
control directives documented at the bottom.
<H2>Enabling Server-Side Includes</H2>
<dt>value
<dd>The value to give a variable.
</dl>
-For example:
+For example:
<CODE><!--#set var="category" value="help" --></CODE>
<dd>Apache 1.2 and above.
In addition to the variables in the standard CGI environment, these are
available for the <code>echo</code> command, for <code>if</code> and
-<code>elif</code>, and to any program invoked by the document.
+<code>elif</code>, and to any program invoked by the document.
<dl>
<dt>DATE_GMT
"<SAMP>X</SAMP>" and <SAMP>REQUEST_METHOD</SAMP> is
"<SAMP>Y</SAMP>".
-<P> EXAMPLE: the below example will print "in foo" if the DOCUMENT_URI is
-/foo/file.html, "in bar" if it is /bar/file.html and "in neither"
+<P> EXAMPLE: the below example will print "in foo" if the DOCUMENT_URI is
+/foo/file.html, "in bar" if it is /bar/file.html and "in neither"
otherwise:
<PRE>
<!--#if expr="\"$DOCUMENT_URI\" = \"/foo/file.html\"" -->
if the original test_condition was false. These elements
are optional.
-<P> The <B><CODE>endif</CODE></B> element ends the
+<P> The <B><CODE>endif</CODE></B> element ends the
<B><CODE>if</CODE></B> element and is required.
<P> <I>test_condition</I> is one of the following:
Unix egrep command.
<DT>( <I>test_condition</I> )
- <DD>true if <I>test_condition</I> is true
+ <DD>true if <I>test_condition</I> is true
<DT>! <I>test_condition</I>
<DD>true if <I>test_condition</I> is false
<DT><I>test_condition1</I> && <I>test_condition2</I>
<DD>true if both <I>test_condition1</I> and
- <I>test_condition2</I> are true
+ <I>test_condition2</I> are true
<DT><I>test_condition1</I> || <I>test_condition2</I>
<DD>true if either <I>test_condition1</I> or
- <I>test_condition2</I> is true
+ <I>test_condition2</I> is true
</DL>
<P> "<I>=</I>" and "<I>!=</I>" bind more tightly than "<I>&&</I>" and
- "<I>||</I>".
+ "<I>||</I>".
"<I>!</I>" binds most tightly. Thus, the following are equivalent:
<PRE>
The XBitHack directives controls the parsing of ordinary html documents.
This directive only affects files associated with the MIME type
-<CODE>text/html</CODE>.
+<CODE>text/html</CODE>.
<em>Status</em> can have the following values:
<dl>
<dt>off
This module is contained in the <code>mod_negotiation.c</code> file,
and is compiled in by default. It provides for <A
-HREF="../content-negotiation.html">content negotiation</A>.
+HREF="../content-negotiation.html">content negotiation</A>.
<h2>Summary</h2>
Content negotiation, or more accurately content selection, is the
<dd>The length of the file, in bytes. If this header is not present, then
the actual length of the file is used.
<dt>Content-Type:
-<dd>The MIME media type of the document, with optional parameters.
+<dd>The MIME media type of the document, with optional parameters.
parameters are separated from the media type and from one another by
semi-colons. Parameter syntax is name=value; allowed parameters are:
<dl>
This directive only applies to requests which come from HTTP/1.0 browsers.
HTTP/1.1 provides much better control over the caching of negotiated
-documents, and this directive has no effect in responses to
+documents, and this directive has no effect in responses to
HTTP/1.1 requests.
Note that this directive only has an effect if a 'best' language
cannot be determined by other any other means. Correctly implemented
-HTTP/1.1 requests will mean this directive has no effect.
+HTTP/1.1 requests will mean this directive has no effect.
<!--#include virtual="footer.html" -->
</BODY>
<h2>Summary</h2>
This module implements a proxy/cache for Apache. It implements
-proxying capability for
+proxying capability for
<code>FTP</code>,
<code>CONNECT</code> (for SSL),
<code>HTTP/0.9</code>, and
<h2><a name="socks">Can I use the Apache proxy module with my SOCKS proxy?</a></h2>
Yes. Just build Apache with the rule <code>SOCKS4=yes</code> in your
-<i>Configuration</i> file, and follow the instructions there. SOCKS5
+<i>Configuration</i> file, and follow the instructions there. SOCKS5
capability can be added in a similar way (there's no <code>SOCKS5</code>
rule yet), so use the <code>EXTRA_LDFLAGS</code> definition, or build Apache
normally and run it with the <i>runsocks</i> wrapper provided with SOCKS5,
<h2>Summary</h2>
This module uses a rule-based rewriting engine (based on a
-regular-expression parser) to rewrite requested URLs on the fly.
+regular-expression parser) to rewrite requested URLs on the fly.
<p>
It supports an unlimited number of additional rule conditions (which can
<blockquote>
<i>Ralf S. Engelschall</i><br>
<a href="mailto:rse@engelschall.com"><tt>rse@engelschall.com</tt></a><br>
- <a href="http://www.engelschall.com/"><tt>www.engelschall.com</tt></a>
+ <a href="http://www.engelschall.com/"><tt>www.engelschall.com</tt></a>
</blockquote>
<!--%hypertext -->
The <tt>RewriteEngine</tt> directive enables or disables the
runtime rewriting engine. If it is set to <code>off</code> this module does
no runtime processing at all. It does not even update the <tt>SCRIPT_URx</tt>
-environment variables.
+environment variables.
<p>
Use this directive to disable the module instead of commenting out
server logs any rewriting actions it performs. If the name does not begin
with a slash ('<tt>/</tt>') then it is assumed to be relative to the
<em>Server Root</em>. The directive should occur only once per server
-config.
+config.
<p>
<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
# map.real-to-user -- maps realnames to usernames
#
-Ralf.S.Engelschall rse # Bastard Operator From Hell
+Ralf.S.Engelschall rse # Bastard Operator From Hell
Dr.Fred.Klabuster fred # Mr. DAU
</pre></td></tr>
</table>
#!/usr/bin/perl
$| = 1;
while (<STDIN>) {
- # ...here any transformations
+ # ...here any transformations
# or lookups should occur...
print $_;
}
mapping-function use one <tt>RewriteMap</tt> directive to declare its
rewriting mapfile. While you cannot <b>declare</b> a map in per-directory
context it is of course possible to <b>use</b> this map in per-directory
-context.
+context.
<p>
<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
prefix is the corresponding filepath itself. <b>But at most websites URLs are
<b>NOT</b> directly related to physical filename paths, so this assumption
will be usually be wrong!</b> There you have to use the <tt>RewriteBase</tt>
-directive to specify the correct URL-prefix.
+directive to specify the correct URL-prefix.
<p>
<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
RewriteEngine On
-# let the server know that we are reached via /xyz and not
+# let the server know that we are reached via /xyz and not
# via the physical path prefix /abc/def
RewriteBase /xyz
<p>
In the above example, a request to <tt>/xyz/oldstuff.html</tt> gets correctly
-rewritten to the physical file <tt>/abc/def/newstuff.html</tt>.
+rewritten to the physical file <tt>/abc/def/newstuff.html</tt>.
<p>
<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
when it occurs the (rewritten) request has to be re-injected into the Apache
kernel! BUT: While this seems like a serious overhead, it really isn't, because
this re-injection happens fully internal to the Apache server and the same
-procedure is used by many other operations inside Apache. So, you can be
+procedure is used by many other operations inside Apache. So, you can be
sure the design and implementation is correct.
</font>
</td></tr>
<em>TestString</em> is a string which contains server-variables of the form
<blockquote><strong>
-<tt>%{</tt> <em>NAME_OF_VARIABLE</em> <tt>}</tt>
+<tt>%{</tt> <em>NAME_OF_VARIABLE</em> <tt>}</tt>
</strong></blockquote>
where <em>NAME_OF_VARIABLE</em> can be a string
<em>CondPattern</em> is the condition pattern, i.e. a regular expression
which gets applied to the current instance of the <em>TestString</em>, i.e.
<em>TestString</em> gets evaluated and then matched against
-<em>CondPattern</em>.
+<em>CondPattern</em>.
<p>
<b>Remember:</b> <em>CondPattern</em> is a standard
<blockquote><pre>
RewriteCond %{REMOTE_HOST} ^host1.* [OR]
RewriteCond %{REMOTE_HOST} ^host2.* [OR]
-RewriteCond %{REMOTE_HOST} ^host3.*
+RewriteCond %{REMOTE_HOST} ^host3.*
RewriteRule ...some special stuff for any of these hosts...
</pre></blockquote>
Without this flag you had to write down the cond/rule three times.
<strong><code>^</code></strong> Start of line
<strong><code>$</code></strong> End of line
<strong><code>.</code></strong> Any single character
-<strong><code>[</code></strong>chars<strong><code>]</code></strong> One of chars
-<strong><code>[^</code></strong>chars<strong><code>]</code></strong> None of chars
+<strong><code>[</code></strong>chars<strong><code>]</code></strong> One of chars
+<strong><code>[^</code></strong>chars<strong><code>]</code></strong> None of chars
<strong><code>?</code></strong> 0 or 1 of the preceding char
<strong><code>*</code></strong> 0 or N of the preceding char
<strong><code>+</code></strong> 1 or N of the preceding char
-<strong><code>\</code></strong>char escape that specific char
+<strong><code>\</code></strong>char escape that specific char
(e.g. for specifying the chars "<code>.[]()</code>" etc.)
<strong><code>(</code></strong>string<strong><code>)</code></strong> Grouping of chars (the <b>N</b>th group can be used on the RHS with <code>$</code><b>N</b>)
<p>
<a name="rhs"><em>Substitution</em></a> of a rewriting rule is the string
which is substituted for (or replaces) the original URL for which
-<em>Pattern</em> matched. Beside plain text you can use
+<em>Pattern</em> matched. Beside plain text you can use
<ol>
<li>pattern-group back-references (<code>$N</code>)
<ul>
<li>'<strong><code>redirect|R</code>[=<i>code</i>]</strong>' (force <a name="redirect"><b>r</b>edirect</a>)<br>
- Prefix <em>Substitution</em>
+ Prefix <em>Substitution</em>
with <code>http://thishost[:thisport]/</code> (which makes the new URL a URI) to
force a external redirection. If no <i>code</i> is given a HTTP response
of 302 (MOVED TEMPORARILY) is used. If you want to use other response
codes in the range 300-400 just specify them as a number or use
one of the following symbolic names: <tt>temp</tt> (default), <tt>permanent</tt>,
<tt>seeother</tt>.
- Use it for rules which should
+ Use it for rules which should
canonicalize the URL and gives it back to the client, e.g. translate
``<code>/~</code>'' into ``<code>/u/</code>'' or always append a slash to
<code>/u/</code><em>user</em>, etc.<br>
from the last rewriting rule. This corresponds to the Perl
<code>next</code> command or the <code>continue</code> command from the C
language. Use this flag to restart the rewriting process, i.e. to
- immediately go to the top of the loop. <br>
+ immediately go to the top of the loop. <br>
<b>But be careful not to create a deadloop!</b>
<p>
<li>'<strong><code>chain|C</code></strong>' (<b>c</b>hained with next rule)<br>
with <tt>mod_alias</tt>:
<pre>
RewriteRule ^/abc(.*) /def$1 [PT]
- Alias /def /ghi
+ Alias /def /ghi
</pre>
If you omit the <tt>PT</tt> flag then <tt>mod_rewrite</tt>
will do its job fine, i.e. it rewrites <tt>uri=/abc/...</tt> to
<tt><!--#echo var="VAR"--></tt>) or CGI (e.g. <tt>$ENV{'VAR'}</tt>).
But additionally you can also dereference it in a following RewriteCond
pattern via <tt>%{ENV:VAR}</tt>. Use this to strip but remember
- information from URLs.
+ information from URLs.
</ul>
<p>
<li>A total number of accesses and byte count served (*)
<li>The time the server was started/restarted and the
time it has been running for
-<li>Averages giving the number of requests per second,
+<li>Averages giving the number of requests per second,
the number of bytes served per second and the average number
of bytes per request (*)
<li>The current percentage CPU used by each child and in total by
<pre>
<Location /server-status>
SetHandler server-status
-
+
order deny,allow
deny from all
allow from .foo.com
You can now access server statistics by using a Web browser to access the
page <code>http://your.server.name/server-status</code>
<p>
-Note that mod_status will only work when you are running Apache in
-<A HREF="core.html#servertype">standalone</A> mode and not
+Note that mod_status will only work when you are running Apache in
+<A HREF="core.html#servertype">standalone</A> mode and not
<A HREF="core.html#servertype">inetd</A> mode.
<h3>Automatic Updates</h3>
<STRONG>
Be careful when using this directive; for instance,
<SAMP>"UserDir ./"</SAMP> would map
- <SAMP>"/~root"</SAMP> to
+ <SAMP>"/~root"</SAMP> to
<SAMP>"/"</SAMP> - which is probably undesirable. If you are
running Apache 1.3 or above, it is strongly recommended that your
configuration include a
<p>
After the edit, recompile the kernel and recompile the Apache server
-then reboot.
+then reboot.
<P>
which time its mbufs are not yet freed. Another reason is that, on server
timeouts, some connections end up in FIN_WAIT_2 state forever, because
this state doesn't time out on the server, and the browser never sent
-a final FIN. For more details see the
-<A HREF="fin_wait_2.html">FIN_WAIT_2</A> page.
+a final FIN. For more details see the
+<A HREF="fin_wait_2.html">FIN_WAIT_2</A> page.
<p>
Be aware that your system may not boot with a kernel that is configured
to use more resources than you have available system RAM. <b>ALWAYS</b>
have a known bootable kernel available when tuning your system this way,
-and use the system tools beforehand to learn if you need to buy more
+and use the system tools beforehand to learn if you need to buy more
memory before tuning.
<p>
Below is a set of newsgroup posts made by an engineer from DEC in
response to queries about how to modify DEC's Digital Unix OS for more
-heavily loaded web sites. Copied with permission.
+heavily loaded web sites. Copied with permission.
<HR>
Digital UNIX
</A></H3>
-<UL>
- <LI><A HREF="http://www.digital.com/info/internet/document/ias/tuning.html">DIGITAL
- UNIX Tuning Parameters for Web Servers</A>
- <LI>We have some <A HREF="perf-dec.html">newsgroup postings</A> on how to tune
- Digital UNIX 3.2 and 4.0.
+<UL>
+ <LI><A
+ HREF="http://www.digital.com/info/internet/document/ias/tuning.html"
+ >DIGITAL UNIX Tuning Parameters for Web Servers</A>
+ <LI>We have some <A HREF="perf-dec.html">newsgroup postings</A> on how
+ to tune Digital UNIX 3.2 and 4.0.
</UL>
<P><HR>
<UL>
<LI><A href="http://www.sun.com/sun-on-net/Sun.Internet.Solutions/performance/">
-World Wide Web Server Performance,
+World Wide Web Server Performance,
<http://www.sun.com/sun-on-net/Sun.Internet.Solutions/performance/></a>
<LI><A HREF="http://www.sun.com/solaris/products/siss/">
Solaris Internet Server Supplement for 2.5.1</A>
SunOS 4.x
</A></H3>
-More information on tuning SOMAXCONN on SunOS can be found at
+More information on tuning SOMAXCONN on SunOS can be found at
<A HREF="http://www.islandnet.com/~mark/somaxconn.html">
-http://www.islandnet.com/~mark/somaxconn.html</A>.
+http://www.islandnet.com/~mark/somaxconn.html</A>.
<P><HR>
"spare" - every couple of seconds the parent checks the actual number
of spare servers and adjusts accordingly. This should keep the number
of servers concurrently running relatively low while still ensuring
-minimal forking.
+minimal forking.
<P>
<LI><A HREF="#enable">Enabling & Disabling suEXEC</A></LI>
<LI><A HREF="#debug">Debugging suEXEC</A></LI>
<LI><A HREF="#jabberwock">Beware the Jabberwock: Warnings &
- Examples</A></LI>
+ Examples</A></LI>
</OL>
</P>
with allowing users to develop and run private CGI or SSI programs. However,
if suEXEC is improperly configured, it can cause any number of problems and
possibly create new holes in your computer's security. If you aren't familiar
-with managing setuid root programs and the security issues they present, we
+with managing setuid root programs and the security issues they present, we
highly recommend that you not consider using suEXEC.
-</P>
+</P>
<P ALIGN="CENTER">
<STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG>
</P>
<P ALIGN="LEFT">
-Second, it is assumed you are familiar with some basic concepts of your
+Second, it is assumed you are familiar with some basic concepts of your
computer's security and its administration. This involves an understanding
of <STRONG>setuid/setgid</STRONG> operations and the various effects they
may have on your system and its level of security.
version of suEXEC code. All code for suEXEC has been carefully scrutinized and
tested by the developers as well as numerous beta testers. Every precaution has
been taken to ensure a simple yet solidly safe base of code. Altering this
-code can cause unexpected problems and new security risks. It is
-<STRONG>highly</STRONG> recommended you not alter the suEXEC code unless you
+code can cause unexpected problems and new security risks. It is
+<STRONG>highly</STRONG> recommended you not alter the suEXEC code unless you
are well versed in the particulars of security programming and are willing to
share your work with the Apache Group for consideration.
</P>
<P ALIGN="LEFT">
-Fourth, and last, it has been the decision of the Apache Group to
+Fourth, and last, it has been the decision of the Apache Group to
<STRONG>NOT</STRONG> make suEXEC part of the default installation of Apache.
To this end, suEXEC configuration is a manual process requiring of the
administrator careful attention to details. It is through this process
called by the main Apache web server. This wrapper is called when an HTTP
request is made for a CGI or SSI program that the administrator has designated
to run as a userid other than that of the main server. When such a request
-is made, Apache provides the suEXEC wrapper with the program's name and the
+is made, Apache provides the suEXEC wrapper with the program's name and the
user and group IDs under which the program is to execute.
</P>
#define GID_MIN 100
/*
- * USERDIR_SUFFIX -- Define to be the subdirectory under users'
+ * USERDIR_SUFFIX -- Define to be the subdirectory under users'
* home directories where suEXEC access should
* be allowed. All executables under this directory
- * will be executable by suEXEC as the user so
- * they should be "safe" programs. If you are
- * using a "simple" UserDir directive (ie. one
- * without a "*" in it) this should be set to
+ * will be executable by suEXEC as the user so
+ * they should be "safe" programs. If you are
+ * using a "simple" UserDir directive (ie. one
+ * without a "*" in it) this should be set to
* the same value. suEXEC will not work properly
- * in cases where the UserDir directive points to
+ * in cases where the UserDir directive points to
* a location that is not the same as the user's
* home directory as referenced in the passwd file.
*
<P ALIGN="LEFT">
<STRONG>COMPILING THE SUEXEC WRAPPER</STRONG><BR>
-You now need to compile the suEXEC wrapper. At the shell command prompt,
+You now need to compile the suEXEC wrapper. At the shell command prompt,
type: <STRONG><CODE>cc suexec.c -o suexec [ENTER]</CODE></STRONG>.
This should create the <STRONG><em>suexec</em></STRONG> wrapper executable.
</P>
</P>
<P ALIGN="LEFT">
-In order for the wrapper to set the user ID, it must me installed as owner
-<STRONG><em>root</em></STRONG> and must have the setuserid execution bit
+In order for the wrapper to set the user ID, it must me installed as owner
+<STRONG><em>root</em></STRONG> and must have the setuserid execution bit
set for file modes. If you are not running a <STRONG><em>root</em></STRONG>
user shell, do so now and execute the following commands.
</P>
<P ALIGN="LEFT">
The suEXEC wrapper will write log information to the location defined in
the <code>suexec.h</code> as indicated above. If you feel you have
-configured and installed the wrapper properly, have a look at this log
+configured and installed the wrapper properly, have a look at this log
and the error_log for the server to see where you may have gone astray.
</P>
<LI><A HREF="#enable">Enabling & Disabling suEXEC</A></LI>
<LI><A HREF="#debug">Debugging suEXEC</A></LI>
<LI><A HREF="#jabberwock">Beware the Jabberwock: Warnings &
- Examples</A></LI>
+ Examples</A></LI>
</OL>
</P>
with allowing users to develop and run private CGI or SSI programs. However,
if suEXEC is improperly configured, it can cause any number of problems and
possibly create new holes in your computer's security. If you aren't familiar
-with managing setuid root programs and the security issues they present, we
+with managing setuid root programs and the security issues they present, we
highly recommend that you not consider using suEXEC.
-</P>
+</P>
<P ALIGN="CENTER">
<STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG>
</P>
<P ALIGN="LEFT">
-Second, it is assumed you are familiar with some basic concepts of your
+Second, it is assumed you are familiar with some basic concepts of your
computer's security and its administration. This involves an understanding
of <STRONG>setuid/setgid</STRONG> operations and the various effects they
may have on your system and its level of security.
version of suEXEC code. All code for suEXEC has been carefully scrutinized and
tested by the developers as well as numerous beta testers. Every precaution has
been taken to ensure a simple yet solidly safe base of code. Altering this
-code can cause unexpected problems and new security risks. It is
-<STRONG>highly</STRONG> recommended you not alter the suEXEC code unless you
+code can cause unexpected problems and new security risks. It is
+<STRONG>highly</STRONG> recommended you not alter the suEXEC code unless you
are well versed in the particulars of security programming and are willing to
share your work with the Apache Group for consideration.
</P>
<P ALIGN="LEFT">
-Fourth, and last, it has been the decision of the Apache Group to
+Fourth, and last, it has been the decision of the Apache Group to
<STRONG>NOT</STRONG> make suEXEC part of the default installation of Apache.
To this end, suEXEC configuration is a manual process requiring of the
administrator careful attention to details. It is through this process
called by the main Apache web server. This wrapper is called when an HTTP
request is made for a CGI or SSI program that the administrator has designated
to run as a userid other than that of the main server. When such a request
-is made, Apache provides the suEXEC wrapper with the program's name and the
+is made, Apache provides the suEXEC wrapper with the program's name and the
user and group IDs under which the program is to execute.
</P>
#define GID_MIN 100
/*
- * USERDIR_SUFFIX -- Define to be the subdirectory under users'
+ * USERDIR_SUFFIX -- Define to be the subdirectory under users'
* home directories where suEXEC access should
* be allowed. All executables under this directory
- * will be executable by suEXEC as the user so
- * they should be "safe" programs. If you are
- * using a "simple" UserDir directive (ie. one
- * without a "*" in it) this should be set to
+ * will be executable by suEXEC as the user so
+ * they should be "safe" programs. If you are
+ * using a "simple" UserDir directive (ie. one
+ * without a "*" in it) this should be set to
* the same value. suEXEC will not work properly
- * in cases where the UserDir directive points to
+ * in cases where the UserDir directive points to
* a location that is not the same as the user's
* home directory as referenced in the passwd file.
*
<P ALIGN="LEFT">
<STRONG>COMPILING THE SUEXEC WRAPPER</STRONG><BR>
-You now need to compile the suEXEC wrapper. At the shell command prompt,
+You now need to compile the suEXEC wrapper. At the shell command prompt,
type: <STRONG><CODE>cc suexec.c -o suexec [ENTER]</CODE></STRONG>.
This should create the <STRONG><em>suexec</em></STRONG> wrapper executable.
</P>
</P>
<P ALIGN="LEFT">
-In order for the wrapper to set the user ID, it must me installed as owner
-<STRONG><em>root</em></STRONG> and must have the setuserid execution bit
+In order for the wrapper to set the user ID, it must me installed as owner
+<STRONG><em>root</em></STRONG> and must have the setuserid execution bit
set for file modes. If you are not running a <STRONG><em>root</em></STRONG>
user shell, do so now and execute the following commands.
</P>
<P ALIGN="LEFT">
The suEXEC wrapper will write log information to the location defined in
the <code>suexec.h</code> as indicated above. If you feel you have
-configured and installed the wrapper properly, have a look at this log
+configured and installed the wrapper properly, have a look at this log
and the error_log for the server to see where you may have gone astray.
</P>
projects / thirdparty / apache / httpd.git / commitdiff
