From: Takashi Sato For more information about this technique, see the
- "Keeping Your Images from Adorning Other Sites"
- tutorial on ServerWatch.
in the default config file, and adapting the httpd-userdir.conf
diff --git a/docs/manual/howto/ssi.xml b/docs/manual/howto/ssi.xml
index 0d81976ce51..9bdb21c7171 100644
--- a/docs/manual/howto/ssi.xml
+++ b/docs/manual/howto/ssi.xml
@@ -100,7 +100,7 @@ existing HTML documents.
One disadvantage to this approach is that if you wanted to
diff --git a/docs/manual/logs.xml b/docs/manual/logs.xml
index ed88ab7fd92..591baa9773e 100644
--- a/docs/manual/logs.xml
+++ b/docs/manual/logs.xml
@@ -163,8 +163,8 @@
directives to control access logging, including
mod_log_referer, mod_log_agent, and the
TransferLog directive. The
The format of the access log is highly configurable. The format
is specified using a format string that looks much like a C-style
@@ -196,11 +196,11 @@
control characters "\n" for new-line and
"\t" for tab.
The
The
The above configuration will write log entries in a format
known as the Common Log Format (CLF). This standard format can
@@ -374,7 +374,7 @@
information. The last two ReferLog and AgentLog directives.
This example also shows that it is not necessary to define a
nickname with the
env= clause of the On startup, Apache httpd saves the process id of the parent
httpd process to the file The The language specification is the two-letter abbreviation
diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index 05439f59a21..cbdebabac04 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -517,11 +517,11 @@ expressions
This directive adds a member to a load balancing group. It must be used
within a This directive is used as an alternate method of setting any of the
parameters available to Proxy balancers and workers normally done via the
@@ -593,7 +593,7 @@ expressions
A Hostname is a fully qualified DNS domain name which can
be resolved to one or more IPAddrs via the
DNS domain name service. It represents a logical host (in contrast to
- Domains, see above) and must be resolvable
+ Domains, see above) and must be resolvable
to at least one IPAddr (or often to a list
of hosts with different IPAddrs). Before we dive into the technical details, here's an example of
- how you might use Before we dive into the technical details, here's an example of
+ how you might use Alternatively you may prefer to default everything to binary: Alternatively you may prefer to default everything to binary: Currently, only GET is supported for FTP in mod_proxy. You can
- of course use HTTP upload (POST or PUT) through an Apache proxy. Currently, only GET is supported for FTP in mod_proxy. You can
+ of course use HTTP upload (POST or PUT) through an Apache proxy. For instance, to rewrite according to the
+ stage, but will be set in a later phase.
+ For instance, to rewrite according to the
On the other hand, because mod_rewrite implements
+ after the URL translation phase (during which mod_rewrite
+ operates). On the other hand, because mod_rewrite implements
its per-directory context ( Explanation: If you use a browser which identifies itself
- as 'Mozilla' (including Netscape Navigator, Mozilla etc), then you
+ as 'Mozilla' (including Netscape Navigator, Mozilla etc), then you
get the max homepage (which could include frames, or other special
- features).
+ features).
If you use the Lynx browser (which is terminal-based), then
- you get the min homepage (which could be a version designed for
- easy, text-only browsing).
- If neither of these conditions apply (you use any other browser,
- or your browser identifies itself as something non-standard), you get
+ you get the min homepage (which could be a version designed for
+ easy, text-only browsing).
+ If neither of these conditions apply (you use any other browser,
+ or your browser identifies itself as something non-standard), you get
the std (standard) homepage. In mod_rewrite, the NOT character
- (' In mod_rewrite, the NOT character
+ (' Back-references are identifiers of the form
- To decide whether or not to use this rule: if you
prefix URLs with CGI-scripts, to force them to be
- processed by the CGI-script, it's likely that you
+ processed by the CGI-script, it's likely that you
will run into problems (or significant overhead) on
sub-requests. In these cases, use this flag. This creates the files /var/logs/logfile.nnnn where nnnn is
the system time at which the log nominally starts (this time
will always be a multiple of the rotation time, so you can
@@ -113,7 +113,7 @@ an offset.
This creates the files /var/logs/logfile.yyyy.mm.dd where
yyyy is the year, mm is the month, and dd is the day of the month.
Logging will switch to a new file every day at midnight, local time. Errors such as `` Cryptographic software needs a source of unpredictable data
to work correctly. Many open source operating systems provide
a "randomness device" that serves this purpose (usually named
@@ -160,7 +160,7 @@ relative hyperlinks?
Yes. HTTP and HTTPS use different server ports (HTTP binds to
port 80, HTTPS to port 443), so there is no direct conflict between
them. You can either run two separate server instances bound to
@@ -327,24 +327,24 @@ Certificate for testing purposes?
The following lists all support possibilities for mod_ssl, in order of
- preference. Please go through these possibilities
- in this order - don't just pick the one you like the look of. To force clients to authenticate using certificates for a particular URL,
- you can use the per-directory reconfiguration features of To force clients to authenticate using certificates for a particular URL,
+ you can use the per-directory reconfiguration features of
+ The key to doing this is checking that part of the client certificate
matches what you expect. Usually this means checking all or part of the
diff --git a/docs/manual/ssl/ssl_intro.xml b/docs/manual/ssl/ssl_intro.xml
index ec1f4933656..554cf22ec3a 100644
--- a/docs/manual/ssl/ssl_intro.xml
+++ b/docs/manual/ssl/ssl_intro.xml
@@ -356,7 +356,7 @@ dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==
they also manage them -- that is, they determine for how long
certificates remain valid, they renew them, and they keep lists of
certificates that were issued in the past but are no longer valid
- (Certificate Revocation Lists, or CRLs). For example, if Alice is entitled to a certificate as an
employee of a company, but has now left
diff --git a/docs/manual/style/lang/pt-br.xml b/docs/manual/style/lang/pt-br.xml
index 93b0c206431..9ee1395e91a 100644
--- a/docs/manual/style/lang/pt-br.xml
+++ b/docs/manual/style/lang/pt-br.xml
@@ -129,7 +129,7 @@
However, it is additionally useful to use Any of the
- techniques discussed here can be extended to any number of IP
- addresses. Any of the techniques discussed here can be extended to any
+ number of IP addresses. The server has two IP addresses. On one ( You have multiple domains going to the same IP and also want to
@@ -236,31 +236,31 @@
Listen 80 The server has two IP addresses ( The server machine has two IP addresses ( On some of my addresses, I want to do name-based virtual hosts, and
@@ -363,30 +363,30 @@
Catching every request to any unspecified IP address and
@@ -476,7 +476,7 @@
# ... The name-based vhost with the hostname
@@ -534,9 +534,9 @@
Listen 80 We have a server with two name-based vhosts. In order to match the
correct virtual host a client must send the correct In the event of problems you can: In the event of problems you can: For this case, a single It is recommended that you use an IP address instead of a
hostname (see DNS caveats). With more complicated setups, you can use Apache's normal
If the first VirtualHost block does not include a
- If the first VirtualHost block does not include a
+ The next step is to create a logs/httpd.pid. This
filename can be changed with the
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
-
- AuthDigestProvider file
+
+ AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
Require valid-user
diff --git a/docs/manual/mod/mod_authn_anon.xml b/docs/manual/mod/mod_authn_anon.xml
index 4aeb14a6277..4f26560bfa8 100644
--- a/docs/manual/mod/mod_authn_anon.xml
+++ b/docs/manual/mod/mod_authn_anon.xml
@@ -87,7 +87,7 @@
AuthType Basic
AuthBasicProvider file anon
AuthUserFile /path/to/your/.htpasswd
-
+
Anonymous_NoUserID off
Anonymous_MustGiveEmail on
Anonymous_VerifyEmail on
diff --git a/docs/manual/mod/mod_dav.xml b/docs/manual/mod/mod_dav.xml
index 4e377f22dc9..9894f4e0c32 100644
--- a/docs/manual/mod/mod_dav.xml
+++ b/docs/manual/mod/mod_dav.xml
@@ -79,23 +79,23 @@
- <Directory /usr/local/apache2/htdocs/foo>
-
- Allow from all
- Dav On
-
- AuthType Basic
- AuthName DAV
- AuthUserFile user.passwd
-
- <LimitExcept GET POST OPTIONS>
-
-
-
+ <Directory /usr/local/apache2/htdocs/foo>
+
+ Allow from all
+ Dav On
+
+ AuthType Basic
+ AuthName DAV
+ AuthUserFile user.passwd
+
+ <LimitExcept GET POST OPTIONS>
+
+
+
- Content-Type: text/plain; charset=ISO-8859-1
+ Content-Type: text/plain; charset=ISO-8859-1
<Proxy balancer://...> container
@@ -542,7 +542,7 @@ expressions
-
Single letter value defining the initial status of
this worker: 'D' is disabled, 'S' is stopped, 'I' is ignore-errors,
- 'H' is hot-standby and 'E' is in an error state. Status
- can be set (which is the default) by prepending with '+' or
+ 'H' is hot-standby and 'E' is in an error state. Status
+ can be set (which is the default) by prepending with '+' or
cleared by prepending with '-'.
Thus, a setting of 'S-E' sets this worker to Stopped and
clears the in-error flag.
@@ -1277,7 +1277,7 @@ directly
- BalancerMember http://192.168.1.50:80
- BalancerMember http://192.168.1.51:80
- </Proxy>
- ProxyPass /test balancer://mycluster/
-
+ BalancerMember http://192.168.1.50:80
+ BalancerMember http://192.168.1.51:80
+ </Proxy>
+ ProxyPass /test balancer://mycluster/
+ application/octet-stream bin dms lha lzh exe class tgz taz
DefaultType application/octet-stream
@@ -625,8 +625,8 @@ Result:
has to be re-injected into the Apache kernel.
This is not the serious overhead it may seem to be -
this re-injection is completely internal to the
- Apache server (and the same procedure is used by
- many other operations within Apache).
+ Apache server (and the same procedure is used by
+ many other operations within Apache).
@@ -661,7 +661,7 @@ Result:
(0 <= N <= 9), which provide access to the grouped
parts (in parentheses) of the pattern, from the
stdout. Avoid this, as it will cause a deadloop!
``$|=1'' is used above, to prevent this.RewriteRule which is subject to the current
- set of RewriteCond conditions..
+ set of RewriteCond conditions..
${mapname:key|default}.
+ >${mapname:key|default}.
See the documentation for
RewriteMap for more details.
+
HTTP headers: connection & request:
-
-
- HTTP_USER_AGENT
+
+ HTTP_USER_AGENT
-
-
HTTP_REFERER
HTTP_COOKIE
HTTP_FORWARDED
@@ -716,17 +716,17 @@ Result:
QUERY_STRING
AUTH_TYPE
+
+
+
server internals: date and time: specials:
-
-
- DOCUMENT_ROOT
+
+ DOCUMENT_ROOT
SERVER_ADMIN
SERVER_NAME
SERVER_ADDR
@@ -764,7 +764,7 @@ Result:
Most are documented elsewhere in the Manual or in
the CGI specification. Those that are special to
mod_rewrite include those below.
-
IS_SUBREQ%{ENV:variable}, where variable can be
- any environment variable, is also available.
- This is looked-up via internal
+ any environment variable, is also available.
+ This is looked-up via internal
Apache structures and (if not found there) via
getenv() from the Apache server process.%{HTTP:header}, where header can be
- any HTTP MIME-header name, can always be used to obtain the
- value of a header sent in the HTTP request.
+ any HTTP MIME-header name, can always be used to obtain the
+ value of a header sent in the HTTP request.
Example: %{HTTP:Proxy-Connection} is
the value of the HTTP header
``Proxy-Connection:''.
@@ -863,21 +863,21 @@ Result:
%{LA-U:variable} can be used for look-aheads which perform
an internal (URL-based) sub-request to determine the final
- value of variable. This can be used to access
+ value of variable. This can be used to access
variable for rewriting which is not available at the current
- stage, but will be set in a later phase.
- REMOTE_USER variable from within the
per-server context (httpd.conf file) you must
use %{LA-U:REMOTE_USER} - this
variable is set by the authorization phases, which come
- after the URL translation phase (during which mod_rewrite
- operates)..htaccess file) via
the Fixup phase of the API and because the authorization
phases come before this phase, you just can use
- %{REMOTE_USER} in that context.%{REMOTE_USER} in that context.
%{LA-F:variable} can be used to perform an internal
@@ -908,7 +908,7 @@ Result:
+ precedes)
Treats the CondPattern as a plain string and
compares it lexicographically to TestString. True if
TestString lexicographically precedes
@@ -955,9 +955,9 @@ Result:
Treats the TestString as a pathname and tests
- whether or not it exists, and has executable permissions.
- These permissions are determined according to
- the underlying OS.
@@ -983,7 +983,7 @@ Result:
[flags]
as the third argument to the RewriteCond
@@ -994,7 +994,7 @@ Result:
nocase|NC'
(no case)
This makes the test case-insensitive - differences
- between 'A-Z' and 'a-z' are ignored, both in the
+ between 'A-Z' and 'a-z' are ignored, both in the
expanded TestString and the CondPattern.
This flag is effective only for comparisons between
TestString and CondPattern. It has no
@@ -1051,14 +1051,14 @@ RewriteRule ^/$ /homepage.std.html [L]
!') is also available as a possible pattern
+ !') is also available as a possible pattern
prefix. This enables you to negate a pattern; to say, for instance:
``if the current URL does NOT match this
pattern''. This can be used for exceptional cases, where
@@ -1184,7 +1184,7 @@ cannot use $N in the substitution string!
$N
+ $N
(N=0..9), which will be replaced
by the contents of the Nth group of the
matched Pattern. The server-variables are the same
@@ -1273,17 +1273,17 @@ cannot use $N in the substitution string!
%N) which will be expanded. You can use this
flag more than once, to set more than one variable. The
variables can later be dereferenced in many situations, most commonly
- from within XSSI (via <!--#echo
+ from within XSSI (via <!--#echo
var="VAR"-->) or CGI ($ENV{'VAR'}).
- You can also dereference the variable in a later RewriteCond pattern, using
+ You can also dereference the variable in a later RewriteCond pattern, using
%{ENV:VAR}. Use this to strip
information from URLs, while maintaining a record of that information.
forbidden|F' (force URL
to be forbidden)$N in the substitution string!
Force the Content-handler of the target file to be
Content-handler. For instance, this can be used to
simulate the cgi-script''.
@@ -1369,7 +1369,7 @@ cannot use $N in the substitution string!
exclude some rules.$N in the substitution string!
'proxy|P' (force
proxy)$N in the substitution string!
If you omit the PT flag,
mod_rewrite will rewrite
- uri=/abc/... to
+ uri=/abc/... to
filename=/def/... as a full API-compliant
URI-to-filename translator should do. Then
mod_alias will try to do a
diff --git a/docs/manual/mod/mod_usertrack.xml b/docs/manual/mod/mod_usertrack.xml
index bc6bfc18090..093a168971b 100644
--- a/docs/manual/mod/mod_usertrack.xml
+++ b/docs/manual/mod/mod_usertrack.xml
@@ -136,7 +136,6 @@ time late in the year "37".
should still use your actual domain, as you would with any other top
level domain (for example .foo.co.uk).
mod_ssl: Child could not open
SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows)
[...] System: Permission denied (errno: 13)'' are usually
@@ -123,8 +123,8 @@ generate temporary 512 bit RSA private key" when I start Apache?
server.key and
server.crt files:
- $ openssl req -new -x509 -nodes -out server.crt
- -keyout server.key
- These can be used as follows in your httpd.conf
- file:
+ $ openssl req -new -x509 -nodes -out server.crt
+ -keyout server.key
+ These can be used as follows in your httpd.conf
+ file:
SSLCertificateFile /path/to/this/server.crt
SSLCertificateKeyFile /path/to/this/server.key
-
+
server.key does not have any passphrase.
- To add a passphrase to the key, you should run the following
- command, and enter & verify the passphrase as requested.
- $ openssl rsa -des3 -in server.key -out
- server.key.new
- $ mv server.key.new server.keyserver.key file, and the passphrase
- you entered, in a secure location.
+ server.key does not have any passphrase.
+ To add a passphrase to the key, you should run the following
+ command, and enter & verify the passphrase as requested.
+ $ openssl rsa -des3 -in server.key -out
+ server.key.new
+ $ mv server.key.new server.keyserver.key file, and the passphrase
+ you entered, in a secure location.
$ openssl req -new -x509 -nodes -sha1 -days 365
- -key server.key -out server.crt
+ -key server.key -out server.crt
This signs the server CSR and results in a server.crt file.
You can see the details of this Certificate using:
@@ -924,16 +924,16 @@ for my core dump?
- First check the F.A.Q. (this text). If your problem is a common
- one, it may have been answered several times before, and been included
- in this doc.
+ http://httpd.apache.org/docs/&httpd.docs;/ssl/ssl_faq.html
+ First check the F.A.Q. (this text). If your problem is a common
+ one, it may have been answered several times before, and been included
+ in this doc.
modssl-users@modssl.org
This is the preferred way of submitting your problem report, because this way,
- others can see the problem, and learn from any answers. You must subscribe to
+ others can see the problem, and learn from any answers. You must subscribe to
the list first, but you can then easily discuss your problem with both the
- author and the whole mod_ssl user community.
+ author and the whole mod_ssl user community.
@@ -962,11 +962,11 @@ of mod_ssl problems?
-
- http://httpd.apache.org/bug_report.html
+
+ http://httpd.apache.org/bug_report.html
This is the last way of submitting your problem report. You should only
- do this if you've already posted to the mailing lists, and had no success.
- Please follow the instructions on the above page carefully.
+ do this if you've already posted to the mailing lists, and had no success.
+ Please follow the instructions on the above page carefully.
CoreDumpDirectory /tmp'' to
- make sure that the core-dump file can be written. This should result
- in a /tmp/core or /tmp/httpd.core file. If you
+ make sure that the core-dump file can be written. This should result
+ in a /tmp/core or /tmp/httpd.core file. If you
don't get one of these, try running your server under a non-root UID.
Many modern kernels do not allow a process to dump core after it has
done a setuid() (unless it does an exec()) for
@@ -1041,7 +1041,7 @@ the reason for my core dump?
gdb /path/to/httpd
/tmp/httpd.core or a similar command. In GDB, all you
- have to do then is to enter bt, and voila, you get the
+ have to do then is to enter bt, and voila, you get the
backtrace. For other debuggers consult your local debugger manual.
@@ -177,7 +178,7 @@ Intranet website, for clients coming from the Internet?
-
+
<VirtualHost 172.20.30.40>
- # etc ...
+ # etc ...
*
@@ -120,15 +120,15 @@
configuration will not work for, in fact, is when you are serving
different content based on differing IP addresses or ports.172.20.30.40), we
@@ -139,31 +139,31 @@
-
+
# This is the "main" server running on 172.20.30.40
ServerName server.domain.com
DocumentRoot /www/mainserver
-
+
# This is the other address
NameVirtualHost 172.20.30.50
-
+
<VirtualHost 172.20.30.50>
ServerName www.example.com
-
+
# Other directives here ...
-
+
-
+
<VirtualHost 172.20.30.50>
ServerName www.example.org
-
+
# Other directives here ...
-
+
Host: header, will be served from
www.example.com.
-
NameVirtualHost 172.20.30.40
-
+
<VirtualHost 192.168.1.1 172.20.30.40>
@@ -220,9 +220,9 @@
respond the same on all addresses.
-
Listen 8080
-
+
NameVirtualHost 172.20.30.40:80
NameVirtualHost 172.20.30.40:8080
-
+
<VirtualHost 172.20.30.40:80>
DocumentRoot /www/domain-80
-
+
<VirtualHost 172.20.30.40:8080>
DocumentRoot /www/domain-8080
-
+
<VirtualHost 172.20.30.40:80>
DocumentRoot /www/otherdomain-80
-
+
<VirtualHost 172.20.30.40:8080>
@@ -269,9 +269,9 @@
</VirtualHost>
- 172.20.30.40 and
172.20.30.50) which resolve to the names
@@ -282,14 +282,14 @@
-
+
<VirtualHost 172.20.30.40>
ServerName www.example.com
-
+
<VirtualHost 172.20.30.50>
@@ -303,10 +303,10 @@
localhost, for example) will go to the main server, if
there is one.
- 172.20.30.40 and
172.20.30.50) which resolve to the names
@@ -321,28 +321,28 @@
Listen 172.20.30.40:8080
Listen 172.20.30.50:80
Listen 172.20.30.50:8080
-
+
<VirtualHost 172.20.30.40:80>
ServerName www.example.com
-
+
<VirtualHost 172.20.30.40:8080>
ServerName www.example.com
-
-
+
<VirtualHost 172.20.30.50:80>
ServerName www.example.org
-
+
<VirtualHost 172.20.30.50:8080>
@@ -351,9 +351,9 @@
</VirtualHost>
-
-
+
NameVirtualHost 172.20.30.40
-
+
<VirtualHost 172.20.30.40>
ServerName www.example.com
-
+
<VirtualHost 172.20.30.40>
ServerName www.example.org
-
+
<VirtualHost 172.20.30.40>
ServerName www.example3.net
-
+
# IP-based
<VirtualHost 172.20.30.50>
-
+
<VirtualHost 172.20.30.60>
@@ -403,7 +403,7 @@
</VirtualHost>
- Virtual_host and
mod_proxy together_default_
+ _default_
vhosts_default_ vhosts
+ _default_ vhosts
for all ports
</VirtualHost>
-
+
<VirtualHost _default_:*>
@@ -511,9 +511,9 @@
served from the main server.
ServerName www.example.com
DocumentRoot /www/example1
-
+
NameVirtualHost 172.20.30.40
-
+
<VirtualHost 172.20.30.40 172.20.30.50>
@@ -544,7 +544,7 @@
# ...
-
+
<VirtualHost 172.20.30.40>
@@ -559,10 +559,10 @@
IP-based vhost) and through the old address (as a name-based
vhost).ServerPath
- directiveServerPath
+ directiveHost:
@@ -577,7 +577,7 @@
-
+
<VirtualHost 172.20.30.40>
@@ -587,7 +587,7 @@
# ...
-
+
<VirtualHost 172.20.30.40>
DocumentRoot /www/subdomain/sub1
-
+
<VirtualHost 172.20.30.40>
@@ -629,6 +629,6 @@
Host: header can use both URL variants, i.e.,
with or without URL prefix.
-
</VirtualHost>
-
+
<VirtualHost www.baygroup.org>
ServerAdmin webmaster@mail.baygroup.org
DocumentRoot /groups/baygroup/www
@@ -133,7 +133,7 @@
ErrorLog /groups/baygroup/logs/error_log
TransferLog /groups/baygroup/logs/access_log
</VirtualHost>
-
+
<VirtualHost> directives to control the
@@ -242,15 +242,15 @@ LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
ServerName
- none.example.com) can be added to get around this
- behaviour.ServerName
+ none.example.com) can be added to get around this
+ behaviour.