From: Marc Slemko Date: Mon, 22 Dec 1997 21:25:10 +0000 (+0000) Subject: Misc cleanups: X-Git-Tag: APACHE_1_3b5~36 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=417a69836cb9d0abf53c82c14405bd79832fd2fb;p=thirdparty%2Fapache%2Fhttpd.git Misc cleanups: - cleanup HTML, --> - remove bogus security warning about LockFile - add warning about possible denial of service attack with LockFile in world writable directory - remove security encouragement to use inetd; add warning that inetd isn't well supported. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@79758 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/core.html b/docs/manual/mod/core.html index 055fbaee638..43f668bb1d0 100644 --- a/docs/manual/mod/core.html +++ b/docs/manual/mod/core.html @@ -371,7 +371,7 @@ Extended regular expressions can also be used, with the addition of the <Directory ~ "^/www/.*/[0-9]{3}"> -would match directories in /www/ that consisted of three numbers.

+would match directories in /www/ that consisted of three numbers.

If multiple (non-regular expression) directory sections match the directory (or its parents) containing @@ -1029,8 +1029,11 @@ the logs directory is NFS mounted, since the lockfile must be stored on a local disk. The PID of the main server process is automatically appended to the filename.

-The LockFile is subject to the same warnings about log file placement and -security. +SECURITY: It is best to avoid putting this file in a +world writable directory such as /var/tmp because someone +could create a denial of service attack and prevent the server from +starting by creating a lockfile with the same name as the one the +server will try to create.

@@ -1369,7 +1372,7 @@ See also AccessConfig.

RLimitCPU directive

Syntax: RLimitCPU # or 'max' [# or 'max']
-Default: Unset; uses operating system defaults
+Default: Unset; uses operating system defaults
Context: server config, virtual host
Status: core
Compatibility: RLimitCPU is only available in Apache 1.2 and later

@@ -1388,7 +1391,7 @@ See also RLimitMEM or RLimitNPRO

RLimitMEM directive

Syntax: RLimitMEM # or 'max' [# or 'max']
-Default: Unset; uses operating system defaults
+Default: Unset; uses operating system defaults
Context: server config, virtual host
Status: core
Compatibility: RLimitMEM is only available in Apache 1.2 and later

@@ -1407,7 +1410,7 @@ See also RLimitCPU or RLimitNPRO

RLimitNPROC directive

Syntax: RLimitNPROC # or 'max' [# or 'max']
-Default: Unset; uses operating system defaults
+Default: Unset; uses operating system defaults
Context: server config, virtual host
Status: core
Compatibility: RLimitNPROC is only available in Apache 1.2 and later

@@ -1605,6 +1608,8 @@ Inetd is the lesser used of the two options. For each http connection received, a new copy of the server is started from scratch; after the connection is complete, this program exits. There is a high price to pay per connection, but for security reasons, some admins prefer this option. +Inetd mode is no longer recommended and does not always +work properly. Avoid it if at all possible.

Standalone is the most common setting for ServerType since @@ -1612,10 +1617,6 @@ it is far more efficient. The server is started once, and services all subsequent connections. If you intend running Apache to serve a busy site, standalone will probably be your only option.

-SECURITY: if you are paranoid about security, run in inetd mode. Security -cannot be guaranteed in either, but whilst most people are happy to use -standalone, inetd is probably least prone to attack.

-

StartServers directive

Syntax: StartServers number