From: dgaudet Date: Thu, 3 Jul 1997 06:01:21 +0000 (+0000) Subject: merge in marc's weblinting changes X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=178e867714d2bda20b4e3640553a2222b2c77a33;p=thirdparty%2Fapache%2Fhttpd.git merge in marc's weblinting changes git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3@78505 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/APACHE_1_2_X/htdocs/manual/misc/descriptors.html b/APACHE_1_2_X/htdocs/manual/misc/descriptors.html index bc654d70d23..e5c97f3d21b 100644 --- a/APACHE_1_2_X/htdocs/manual/misc/descriptors.html +++ b/APACHE_1_2_X/htdocs/manual/misc/descriptors.html @@ -47,7 +47,7 @@ of files a process can have open.

To summarize: 

-  #open files  <=  soft limit  <=  hard limit  <=  kernel limit
+  #open files  <=  soft limit  <=  hard limit  <=  kernel limit

You control the hard and soft limits using the limit (csh) @@ -73,13 +73,13 @@ situation somewhat. Here is a partial list of systems and workarounds will run into trouble if more than approximately 240 Listen directives are used. This may be cured by rebuilding your kernel with a higher FD_SETSIZE. -

+

FreeBSD 2.2, BSDI 2.1+
Similar to the BSDI 2.0 case, you should define FD_SETSIZE and rebuild. But the extra Listen limitation doesn't exist. -

+

Linux
By default Linux has a kernel maximum of 256 open descriptors @@ -95,7 +95,7 @@ situation somewhat. Here is a partial list of systems and workarounds 256. As of this writing the patches available for increasing the number of descriptors do not take this into account. On a dedicated webserver you probably won't run into trouble. -

+

Solaris through 2.5.1
Solaris has a kernel hard limit of 1024 (may be lower in earlier @@ -107,18 +107,18 @@ situation somewhat. Here is a partial list of systems and workarounds build Apache with -DHIGH_SLACK_LINE=256 added to EXTRA_CFLAGS. You will be limited to approximately 240 error logs if you do this. -

+

AIX version ??
AIX appears to have a hard limit of 128 descriptors. End of story. -

+

Others
If you have details on another operating system, please submit it through our Bug Report Page. -

+

diff --git a/APACHE_1_2_X/htdocs/manual/misc/security_tips.html b/APACHE_1_2_X/htdocs/manual/misc/security_tips.html index cba41ada90f..dc08450aeda 100644 --- a/APACHE_1_2_X/htdocs/manual/misc/security_tips.html +++ b/APACHE_1_2_X/htdocs/manual/misc/security_tips.html @@ -170,7 +170,13 @@ Also be wary of playing games with the >UserDir directive; setting it to something like "./" would have the same effect, for root, as the first example above. +If you are using Apache 1.3 or above, we strongly recommend that you +include the following line in your server configuration files:

+
+
UserDir disabled root +
+

Please send any other useful security tips to The Apache Group diff --git a/APACHE_1_2_X/htdocs/manual/mod/mod_auth_msql.html b/APACHE_1_2_X/htdocs/manual/mod/mod_auth_msql.html index f1cae193335..865df430d60 100644 --- a/APACHE_1_2_X/htdocs/manual/mod/mod_auth_msql.html +++ b/APACHE_1_2_X/htdocs/manual/mod/mod_auth_msql.html @@ -155,13 +155,13 @@ An example mSQL table could be created with the following commands: 

      % msqladmin create www               

      % msql www                           

-     -> create table user_records (       

-     ->   User_id  char(32) primary key,  

-     ->   Cpasswd  char(32),              

-     ->   Xgroup   char(32)               

-     ->   ) \g                            

+     -> create table user_records (       

+     ->   User_id  char(32) primary key,  

+     ->   Cpasswd  char(32),              

+     ->   Xgroup   char(32)               

+     ->   ) \g                            

      query OK                             

-     -> \q                                

+     -> \q                                

      %

diff --git a/APACHE_1_2_X/htdocs/manual/mod/mod_rewrite.html b/APACHE_1_2_X/htdocs/manual/mod/mod_rewrite.html index 8d432e4c4ef..4cb6c83b85c 100644 --- a/APACHE_1_2_X/htdocs/manual/mod/mod_rewrite.html +++ b/APACHE_1_2_X/htdocs/manual/mod/mod_rewrite.html @@ -44,7 +44,6 @@ substitution. It operates on the full URLs (including the PATH_INFO part) both in per-server context (httpd.conf) and per-dir context (.htaccess) and even can generate QUERY_STRING parts on result. The rewritten result can lead to internal sub-processing, external request redirection or to internal proxy throughput. -

The latest version can be found on
@@ -147,7 +146,7 @@ with a slash ('/') then it is assumed to be relative to the config.

- +
To disable the logging of rewriting actions it is not recommended to set Filename @@ -161,7 +160,7 @@ To disable logging either remove or comment out the

- +
SECURITY: See the Apache Security @@ -198,7 +197,7 @@ To disable the logging of rewriting actions simply set Level to 0. This disables all rewrite action logs.

- +
Notice: Using a high value for Level will slow down your Apache server dramatically! Use the rewriting logfile only for debugging or at least @@ -289,7 +288,7 @@ RewriteMap real-to-host txt:/path/to/file/map.real-to-user
  • DBM Hashfile Format

    This is a binary NDBM format file containing the - same contents as the Plain Text Format files. You can create + same contents as the Plain Text Format files. You can create such a file with any NDBM tool or with the dbmmanage program from the support directory of the Apache distribution.

    @@ -346,7 +345,7 @@ context it is of course possible to use this map in per-directory context.

    - +
    For plain text and DBM format files the looked-up keys are cached in-core until the mtime of the mapfile changes or the server does a @@ -384,7 +383,7 @@ will be usually be wrong! There you have to use the RewriteBase directive to specify the correct URL-prefix.

    - +
    So, if your webserver's URLs are not directly related to physical file paths, you have to use RewriteBase in every @@ -424,7 +423,7 @@ In the above example, a request to /xyz/oldstuff.html gets correctly rewritten to the physical file /abc/def/newstuff.html.

    - +
    For the Apache hackers:
    @@ -437,10 +436,10 @@ Request: /xyz/oldstuff.html Internal Processing: - /xyz/oldstuff.html -> /abc/def/oldstuff.html (per-server Alias) - /abc/def/oldstuff.html -> /abc/def/newstuff.html (per-dir RewriteRule) - /abc/def/newstuff.html -> /xyz/newstuff.html (per-dir RewriteBase) - /xyz/newstuff.html -> /abc/def/newstuff.html (per-server Alias) + /xyz/oldstuff.html -> /abc/def/oldstuff.html (per-server Alias) + /abc/def/oldstuff.html -> /abc/def/newstuff.html (per-dir RewriteRule) + /abc/def/newstuff.html -> /xyz/newstuff.html (per-dir RewriteBase) + /xyz/newstuff.html -> /abc/def/newstuff.html (per-server Alias) Result: /abc/def/newstuff.html @@ -471,7 +470,7 @@ sure the design and implementation is correct.

    The RewriteCond directive defines a rule condition. Precede a -RewriteRule directive with one or more RewriteCond +RewriteRule directive with one or more RewriteCond directives. The following rewriting rule is only used if its pattern matches the current @@ -562,7 +561,7 @@ IS_SUBREQ

    - +
    These variables all correspond to the similar named HTTP MIME-headers, C variables of the Apache server or struct tm fields of the Unix @@ -770,7 +769,7 @@ for special cases where it is better to match the negative pattern or as a last default rule.

    - +
    Notice! When using the NOT character to negate a pattern you cannot have grouped wildcard parts in the pattern. This is impossible because when @@ -814,7 +813,7 @@ conjunction with the C (chain) flag to be able to have more than one pattern to be applied before a substitution occurs.

    - +
    Notice: There is a special feature. When you prefix a substitution field with http://thishost[:thisport] then @@ -962,7 +961,7 @@ comma-separated list of the following flags: typical example is the use of mod_alias and mod_rewrite..

    - +
    - -
    For the Apache hackers:
    @@ -995,7 +994,7 @@ comma-separated list of the following flags:

    - +
    Remember: Never forget that Pattern gets applied to a complete URL in per-server configuration files. But in per-directory configuration @@ -1012,7 +1011,7 @@ external redirect or proxy throughput (if flag P is used!) is forced!

    - +
    Notice! To enable the rewriting engine for per-directory configuration files you need to set ``RewriteEngine On'' in these files and @@ -1120,10 +1119,6 @@ request ``GET /somepath/localpath/pathinfo'':
    -

    -

    Example:

    diff --git a/APACHE_1_2_X/htdocs/manual/mod/mod_userdir.html b/APACHE_1_2_X/htdocs/manual/mod/mod_userdir.html index cca87f5020e..fb0a201c890 100644 --- a/APACHE_1_2_X/htdocs/manual/mod/mod_userdir.html +++ b/APACHE_1_2_X/htdocs/manual/mod/mod_userdir.html @@ -33,42 +33,71 @@ is compiled in by default. It provides for user-specific directories. Status: Base
    Module: mod_userdir
    Compatibility: All forms except the UserDir -public_html form are only available in Apache 1.1 or above.

    +public_html form are only available in Apache 1.1 or above. Use +of the enabled keyword, or disabled with a +list of usernames, is only available in Apache 1.3 and above.

    The UserDir directive sets the real directory in a user's home directory to use when a request for a document for a user is received. -Directory is either disabled, to disable this feature, - or the name of a directory, following one of the following -patterns. If not disabled, then a request for +Directory/filename is one of the following: +

    +
      +
    • The name of a directory or a pattern such as those shown below. +
      • +
    • The keyword disabled. This turns off all + username-to-directory translations except those explicitly named with + the enabled keyword (see below). +
      • +
    • The keyword disabled followed by a space-delimited + list of usernames. Usernames that appear in such a list will + never have directory translation performed, even if they + appear in an enabled clause. +
      • +
    • The keyword enabled followed by a space-delimited list + of usernames. These usernames will have directory translation + performed even if a global disable is in effect, but not if they also + appear in a disabled clause. +
      • +
    +

    +If neither the enabled nor the disabled +keywords appear in the Userdir directive, the argument is +treated as a filename pattern, and is used to turn the name into a +directory specification. A request for http://www.foo.com/~bob/one/two.html will be translated to: 

    -UserDir public_html     -> ~bob/public_html/one/two.html
-UserDir /usr/web        -> /usr/web/bob/one/two.html
-UserDir /home/*/www     -> /home/bob/www/one/two.html
+UserDir public_html     -> ~bob/public_html/one/two.html
+UserDir /usr/web        -> /usr/web/bob/one/two.html
+UserDir /home/*/www     -> /home/bob/www/one/two.html
    The following directives will send redirects to the client: 
    -UserDir http://www.foo.com/users   -> http//www.foo.com/users/bob/one/two.html
-UserDir http://www.foo.com/*/usr   -> http://www.foo.com/bob/usr/one/two.html
-UserDir http://www.foo.com/~*/     -> http://www.foo.com/~bob/one/two.html
+UserDir http://www.foo.com/users   -> http//www.foo.com/users/bob/one/two.html
+UserDir http://www.foo.com/*/usr   -> http://www.foo.com/bob/usr/one/two.html
+UserDir http://www.foo.com/~*/     -> http://www.foo.com/~bob/one/two.html
    - -

    - -Be careful when using this directive; for instance, "UserDir -./" would map "/~root" to -"/" - which is probably undesirable. See also -the -<Directory> -directive and the -Security Tips -page for more information. -

    +
    + + Be careful when using this directive; for instance, + "UserDir ./" would map + "/~root" to + "/" - which is probably undesirable. If you are + running Apache 1.3 or above, it is strongly recommended that your + configuration include a + "UserDir disabled root" declaration. + See also + the + <Directory> + directive and the + Security Tips + page for more information. + +
    diff --git a/APACHE_1_2_X/htdocs/manual/vhosts-in-depth.html b/APACHE_1_2_X/htdocs/manual/vhosts-in-depth.html index 4e078128a0f..ba7e2e819a0 100644 --- a/APACHE_1_2_X/htdocs/manual/vhosts-in-depth.html +++ b/APACHE_1_2_X/htdocs/manual/vhosts-in-depth.html @@ -357,23 +357,27 @@ Issues page, here are some further tips:
  • Place all main_server definitions before any VirtualHost definitions. (This is to aid the readability of the configuration -- the post-config merging process makes it non-obvious that definitions mixed in around -virtualhosts might affect all virtualhosts.)

    +virtualhosts might affect all virtualhosts.) +

  • Arrange your VirtualHosts such that all name-based virtual hosts come first, followed by IP-based -virtual hosts, followed by any _default_ virtual host

    +virtual hosts, followed by any _default_ virtual host +

  • Avoid ServerPaths which are prefixes of other ServerPaths. If you cannot avoid this then you have to ensure that the longer (more specific) prefix vhost appears earlier in the configuration file than the shorter (less specific) prefix (i.e., "ServerPath /abc" should appear after -"ServerPath /abcdef").

    +"ServerPath /abcdef"). +

  • Do not use port-based vhosts in the same server as name-based vhosts. A loose definition for port-based is a vhost which is determined by the port on the server (i.e. one server with -ports 8000, 8080, and 80 all of which have different configurations).

    +ports 8000, 8080, and 80 all of which have different configurations). +