core.html revision 035fa5d238ea8a35395e4c0c8a35dfb2bfe1fc0a
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen BGCOLOR="#FFFFFF"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen TEXT="#000000"
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen LINK="#0000FF"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen VLINK="#000080"
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen ALINK="#FF0000"
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<!--#include virtual="header.html" -->
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThese configuration parameters control the core Apache features, and are
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenalways available.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<li><A HREF="#accessfilename">AccessFileName</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#clearmodulelist">ClearModuleList</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#coredumpdirectory">CoreDumpDirectory</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#directorymatch"><DirectoryMatch></A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#filesmatch"><FilesMatch></A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#hostnamelookups">HostNameLookups</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#keepalivetimeout">KeepAliveTimeout</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#locationmatch"><LocationMatch></A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#maxkeepaliverequests">MaxKeepAliveRequests</a>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#maxrequestsperchild">MaxRequestsPerChild</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#maxspareservers">MaxSpareServers</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#minspareservers">MinSpareServers</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#resourceconfig">ResourceConfig</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#scoreboardfile">ScoreBoardFile</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#sendbuffersize">SendBufferSize</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#threadsperchild">ThreadsPerChild</a>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li><A HREF="#virtualhost"><VirtualHost></A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<h2><A name="accessconfig">AccessConfig directive</A></h2>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt AccessConfig} directive> -->
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Syntax:</strong> AccessConfig <em>filename</em><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Default:</strong> <code>AccessConfig conf/access.conf</code><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Context:</strong> server config, virtual host<br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThe server will read this file for more directives after reading the
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<A HREF="#resourceconfig">ResourceConfig</A> file. <em>Filename</em> is
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenrelative to the <A HREF="#serverroot">ServerRoot</A>.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThis feature can be disabled using:
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<blockquote><code>AccessConfig /dev/null</code></blockquote>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenHistorically, this file only contained
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<A HREF="#directory"><Directory></A> sections; in fact it can now
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainencontain any server directive allowed in the <em>server config</em> context.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<h2><A name="accessfilename">AccessFileName directive</A></h2>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt AccessFileName} directive> -->
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Syntax:</strong> AccessFileName <em>filename filename ...</em><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Default:</strong> <code>AccessFileName .htaccess</code><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Context:</strong> server config, virtual host<br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Compatibility:</strong> AccessFileName can accept more than one filename only in Apache 1.3 and later<p>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenWhen returning a document to the client the server looks for the first existing
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenaccess control file from this list of names in every directory of the path to
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenthe document, if access control files are enabled for that directory.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<blockquote><code>AccessFileName .acl</code></blockquote>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenbefore returning the document /usr/local/web/index.html, the
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainenserver will read /.acl, /usr/.acl, /usr/local/.acl and /usr/local/web/.acl
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenfor directives, unless they have been disabled with
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<Directory /><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenAllowOverride None<br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<h2><A name="addmodule">AddModule directive</A></h2>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt AddModule} directive> -->
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Syntax:</strong> AddModule <em>module module ...</em><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Compatibility:</strong> AddModule is only available in Apache 1.2 and later<p>
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo SirainenThe server can have modules compiled in which are not actively in use.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThis directive can be used to enable the use of those modules. The
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenserver comes with a pre-loaded list of active modules; this list can
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenbe cleared with the <A HREF="#clearmodulelist">ClearModuleList</A>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<h2><A name="allowoverride">AllowOverride directive</A></h2>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<!--%plaintext <?INDEX {\tt AllowOverride} directive> -->
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<strong>Syntax:</strong> AllowOverride <em>override override ...</em><br>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<strong>Default:</strong> <code>AllowOverride All</code><br>
d482b35af87f5fd872bad007da0475813a401a49Timo SirainenWhen the server finds an .htaccess file (as specified by
d482b35af87f5fd872bad007da0475813a401a49Timo Sirainen<A HREF="#accessfilename">AccessFileName</A>) it needs to know which
d482b35af87f5fd872bad007da0475813a401a49Timo Sirainendirectives declared in that file can override earlier access information.<p>
d482b35af87f5fd872bad007da0475813a401a49Timo Sirainen<em>Override</em> can be set to <code>None</code>, in which case the server
d482b35af87f5fd872bad007da0475813a401a49Timo Sirainenwill not read the file, <code>All</code> in which case the server will
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenallow all the directives, or one or more of the following:
d482b35af87f5fd872bad007da0475813a401a49Timo Sirainen<dt>AuthConfig
d482b35af87f5fd872bad007da0475813a401a49Timo Sirainen<!--%plaintext <?INDEX {\tt AuthConfig} override> -->
d482b35af87f5fd872bad007da0475813a401a49Timo SirainenAllow use of the authorization directives
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen(<A HREF="mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="#authname">AuthName</A>, <A HREF="#authtype">AuthType</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_auth.html#authuserfile">AuthUserFile</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!--%plaintext <?INDEX {\tt FileInfo} override> -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenAllow use of the directives controlling document types
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen(<A HREF="mod_mime.html#addencoding">AddEncoding</A>,
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<A HREF="mod_mime.html#addlanguage">AddLanguage</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_negotiation.html#languagepriority">LanguagePriority</A>, etc.).
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!--%plaintext <?INDEX {\tt Indexes} override> -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenAllow use of the directives controlling directory indexing
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen(<A HREF="mod_autoindex.html#adddescription">AddDescription</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_autoindex.html#addicon">AddIcon</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_autoindex.html#addiconbyencoding">AddIconByEncoding</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_autoindex.html#addiconbytype">AddIconByType</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_autoindex.html#defaulticon">DefaultIcon</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_autoindex.html#directoryindex">DirectoryIndex</A>,
53238473bf77147660aa6db9daa68a8a685e9381Timo Sirainen<A HREF="mod_autoindex.html#fancyindexing">FancyIndexing</A>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<A HREF="mod_autoindex.html#headername">HeaderName</A>,
7394389230750c45b105cdefb5850c81cae8cdc0Timo Sirainen<A HREF="mod_autoindex.html#indexignore">IndexIgnore</A>,
7394389230750c45b105cdefb5850c81cae8cdc0Timo Sirainen<A HREF="mod_autoindex.html#indexoptions">IndexOptions</A>,
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<A HREF="mod_autoindex.html#readmename">ReadmeName</A>, etc.).
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt Limit} override> -->
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenAllow use of the directives controlling host access (allow, deny and order).
03dbd273251103f745c08966f1809c02870390ffTimo Sirainen<!--%plaintext <?INDEX {\tt Options} override> -->
03dbd273251103f745c08966f1809c02870390ffTimo SirainenAllow use of the directives controlling specific directory features
03dbd273251103f745c08966f1809c02870390ffTimo Sirainen<A HREF="mod_include.html#xbithack">XBitHack</A>).
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<h2><A name="authname">AuthName directive</A></h2>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<!--%plaintext <?INDEX {\tt AuthName} directive> -->
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Syntax:</strong> AuthName <em>auth-domain</em><br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Context:</strong> directory, .htaccess<br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThis directive sets the name of the authorization realm for a directory.
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThis realm is given to the client so that the user knows which username and
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenpassword to send.
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo SirainenIt must be accompanied by <A HREF="#authtype">AuthType</A> and
567e57b09a49bbb2a146b13f8617698eb56237feTimo Sirainen<A HREF="#require">require</A> directives, and directives such as
567e57b09a49bbb2a146b13f8617698eb56237feTimo Sirainen<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and
567e57b09a49bbb2a146b13f8617698eb56237feTimo Sirainen<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<p><hr>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<h2><A name="authtype">AuthType directive</A></h2>
53238473bf77147660aa6db9daa68a8a685e9381Timo Sirainen<!--%plaintext <?INDEX {\tt AuthType} directive> -->
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<strong>Syntax:</strong> AuthType <em>type</em><br>
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<strong>Context:</strong> directory, .htaccess<br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThis directive selects the type of user authentication for a directory.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenOnly <code>Basic</code> is currently implemented.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt Basic} authentication scheme> -->
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenIt must be accompanied by <A HREF="#authname">AuthName</A> and
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<A HREF="#require">require</A> directives, and directives such as
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<p><hr>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<h2><A name="bindaddress">BindAddress directive</A></h2>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt BindAddress} directive> -->
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen<strong>Syntax:</strong> BindAddress <em>saddr</em><br>
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo Sirainen<strong>Default:</strong> <code>BindAddress *</code><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenA Unix® http server can either listen for connections to every
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenIP address of the server machine, or just one IP address of the server
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li>An IP address
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<li>A fully-qualified Internet domain name
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo SirainenIf the value is *, then the server will listen for connections on
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenevery IP address, otherwise it will only listen on the IP address
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenspecified. <p>
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo SirainenOnly one <code>BindAddress</code> directive can be used. For more
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainencontrol over which address and ports Apache listens to, use the
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<code><a href="#listen">Listen</a></code> directive instead of
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<code>BindAddress</code> can be used as an alternative method for
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainensupporting <A HREF="/virtual-host.html">virtual hosts</A> using
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainenmultiple independent servers, instead of using <code><A
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenHREF="#virtualhost"><VirtualHost></A></code> sections.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<a href="/bind.html">Setting which addresses and ports Apache uses</a></p>
7394389230750c45b105cdefb5850c81cae8cdc0Timo Sirainen<h2><A name="clearmodulelist">ClearModuleList directive</A></h2>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<!--%plaintext <?INDEX {\tt ClearModuleList} directive> -->
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<strong>Compatibility:</strong> ClearModuleList is only available in Apache 1.2 and later<p>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenThe server comes with a built-in list of active modules. This
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainendirective clears the list. It is assumed that the list will then be
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenre-populated using the <A HREF="#addmodule">AddModule</A> directive.<p><hr>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<h2><A name="coredumpdirectory">CoreDumpDirectory directive</A></h2>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<!--%plaintext <?INDEX {\tt CoreDumpDirectory} directive> -->
ace3c14e47a5a865df8aeea2fabc993b609dd163Timo Sirainen<strong>Syntax:</strong> CoreDumpDirectory <em>directory</em><br>
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo Sirainen<strong>Default:</strong> the same location as ServerRoot<br>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenThis controls the directory to which Apache attempts to switch before
ace3c14e47a5a865df8aeea2fabc993b609dd163Timo Sirainendumping core. The default is in the <A HREF="#serverroot">ServerRoot</A>
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo Sirainendirectory, however since this should not be writable by the user
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenthe server runs as, core dumps won't normally get written. If you
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenwant a core dump for debugging, you can use this directive to place
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<h2><A name="defaulttype">DefaultType directive</A></h2>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<!--%plaintext <?INDEX {\tt DefaultType} directive> -->
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<strong>Syntax:</strong> DefaultType <em>mime-type</em><br>
ace3c14e47a5a865df8aeea2fabc993b609dd163Timo Sirainen<strong>Default:</strong> <code>DefaultType text/html</code><br>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenThere will be times when the server is asked to provide a document
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenwhose type cannot be determined by its MIME types mappings.<p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenThe server must inform the client of the content-type of the document, so in
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenthe event of an unknown type it uses the <CODE>DefaultType</CODE>. For
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<blockquote><code>DefaultType image/gif</code></blockquote>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenwould be appropriate for a directory which contained many gif images
7394389230750c45b105cdefb5850c81cae8cdc0Timo Sirainenwith filenames missing the .gif extension.<p><hr>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<h2><A name="directory"><Directory> directive</A></h2>
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<!--%plaintext <?INDEX {\tt Directory} section directive> -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<strong>Syntax:</strong> <Directory <em>directory</em>> ... </Directory> <br>
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainen<strong>Context:</strong> server config, virtual host<br>
659fe5d24825b160cae512538088020d97a60239Timo Sirainen<Directory> and </Directory> are used to enclose a group of
03dbd273251103f745c08966f1809c02870390ffTimo Sirainendirectives which will apply only to the named directory and sub-directories
03dbd273251103f745c08966f1809c02870390ffTimo Sirainenof that directory. Any directive which is allowed in a directory
03dbd273251103f745c08966f1809c02870390ffTimo Sirainencontext may be used. <em>Directory</em> is either the full path to a directory,
03dbd273251103f745c08966f1809c02870390ffTimo Sirainenor a wild-card string. In a wild-card string, `?' matches any single character,
03dbd273251103f745c08966f1809c02870390ffTimo Sirainenand `*' matches any sequences of characters. As of Apache 1.3, you
03dbd273251103f745c08966f1809c02870390ffTimo Sirainenmay also use `[]' character ranges like in the shell. Also as of Apache 1.3
03dbd273251103f745c08966f1809c02870390ffTimo Sirainennone of the wildcards match a `/' character, which more closely mimics the
567e57b09a49bbb2a146b13f8617698eb56237feTimo Sirainenbehaviour of Unix shells.
659fe5d24825b160cae512538088020d97a60239Timo Sirainen Options Indexes FollowSymLinks
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen </Directory>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo SirainenExtended regular expressions can also be used, with the addition of the
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen <Directory ~ "^/www/.*/[0-9]{3}">
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenwould match directories in /www/ that consisted of three numbers.</p>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<p>If multiple (non-regular expression) directory sections match the
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainendirectory (or its parents) containing
46ba60afe16f39d49100ee79f45cd8b70e0e857cTimo Sirainena document, then the directives are applied in the order of shortest match
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo Sirainenfirst, interspersed with the directives from the
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen<A HREF="#accessfilename">.htaccess</A> files. For example, with
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<Directory /><br>
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo SirainenAllowOverride None<br>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<Directory /home/*><br>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo SirainenAllowOverride FileInfo<br>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenfor access to the document <code>/home/web/dir/doc.html</code> the
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<li>Apply directive <code>AllowOverride None</code> (disabling
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<li>Apply directive <code>AllowOverride FileInfo</code> (for directory
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<li>Apply any FileInfo directives in <code>/home/web/.htaccess</code>
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenRegular expression directory sections are handled slightly differently
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenby Apache 1.2 and 1.3. In Apache 1.2 they are interspersed with the normal
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainendirectory sections and applied in the order they appear in the configuration
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenfile. They are applied only once, and apply when the shortest match
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenpossible occurs. In Apache 1.3 regular expressions are not considered
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenuntil after all of the normal sections have been applied. Then all of
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenthe regular expressions are tested in the order they appeared in the
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenconfiguration file. For example, with
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<Directory ~ abc$><br>
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen... directives here ...<br>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen</Directory><br>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenSuppose that the filename being accessed is
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<code>/home/abc/public_html/abc/index.html</code>. The server
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenconsiders each of <code>/</code>, <code>/home</code>, <code>/home/abc</code>,
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<code>/home/abc/public_html</code>, and <code>/home/abc/public_html/abc</code>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenin that order. In Apache 1.2, when
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<code>/home/abc</code> is considered, the regular expression will match
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenand be applied. In Apache 1.3 the regular expression isn't considered
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenat all at that point in the tree. It won't be considered until after
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenall normal <Directory>s and <code>.htaccess</code> files have
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenbeen applied. Then the regular expression will
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenmatch on <code>/home/abc/public_html/abc</code> and be applied.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenNote that the default Apache access for <Directory /> is
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<SAMP>Allow from All</SAMP>. This means that Apache will serve any file
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenmapped from an URL. It is recommended that you change this with a block
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen <Directory />
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen Order Deny,Allow
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen Deny from All
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen </Directory>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenand then override this for directories you <EM>want</EM> accessible.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen>Security Tips</A>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenpage for more details.
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThe directory sections typically occur in the access.conf file, but they
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenmay appear in any configuration file. <Directory> directives cannot
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainennest, and cannot appear in a <A HREF="#limit"><Limit></A> section.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>See also</strong>: <a href="/sections.html">How Directory,
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenLocation and Files sections work</a> for an explanation of how these
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainendifferent sections are combined when a request is received
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<h2><A name="directorymatch"><DirectoryMatch></A></h2>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Syntax:</strong> <DirectoryMatch <em>regex</em>> ... </DirectoryMatch> <br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Context:</strong> server config, virtual host<br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Compatibility:</strong> Available in Apache 1.3 and later
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<p><DirectoryMatch> and </DirectoryMatch> are used to enclose a group of
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainendirectives which will apply only to the named directory and sub-directories
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenof that directory, the same as <a
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenhref="#directory"><Directory></a>. However, it takes as an
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenargument a regular expression. For example:</p>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen <DirectoryMatch "^/www/.*/[0-9]{3}">
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<p>would match directories in /www/ that consisted of three numbers.</p>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<a href="#directory"><Directory></a> for a description of how
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenregular expressions are mixed in with normal <Directory>s.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>See also</strong>: <a href="/sections.html">How Directory,
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenLocation and Files sections work</a> for an explanation of how these
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainendifferent sections are combined when a request is received
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<h2><A NAME="documentroot">DocumentRoot directive</A></h2>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<!--%plaintext <?INDEX {\tt DocumentRoot} directive> -->
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Syntax:</strong> DocumentRoot <em>directory-filename</em><br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Context:</strong> server config, virtual host<br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThis directive sets the directory from which httpd will serve files.
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenUnless matched by a directive like Alias, the server appends the path
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenfrom the requested URL to the document root to make the path to the
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainendocument. Example:
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<blockquote><code>DocumentRoot /usr/web</code></blockquote>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenthen an access to <code>http://www.my.host.com/index.html</code> refers
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<P>There appears to be a bug in mod_dir which causes problems when the
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenDocumentRoot has a trailing slash (i.e. "DocumentRoot /usr/web/") so
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenplease avoid that.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<h2><A name="errordocument">ErrorDocument directive</A></h2>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<!--%plaintext <?INDEX {\tt ErrorDocument} directive> -->
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Syntax:</strong> ErrorDocument <em>error-code document</em><br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Compatibility:</strong> The directory and .htaccess contexts
413fbe597e7ae0fa9dd6c8c66de6637658eea5e5Timo Sirainenare only available in Apache 1.1 and later.<p>
413fbe597e7ae0fa9dd6c8c66de6637658eea5e5Timo SirainenIn the event of a problem or error, Apache can be configured to do
413fbe597e7ae0fa9dd6c8c66de6637658eea5e5Timo Sirainenone of four things,
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<LI>output a simple hardcoded error message
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<LI>output a customized message
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<LI>redirect to a local URL to handle the problem/error
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<LI>redirect to an external URL to handle the problem/error
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<P>The first option is the default, while options 2-4 are configured
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenusing the <CODE>ErrorDocument</CODE> directive, which is followed by
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenthe HTTP response code and a message or URL.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<P><em>Messages</em> in this context begin with a single quote
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen(<code>"</code>), which does not form part of the message itself.
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenApache will sometimes offer additional information regarding the
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<P>URLs can begin with a slash (/) for local URLs, or be a full
e82bfcae96f16dbb9af21b477d5afeab3a859481Timo SirainenURL which the client can resolve. Examples:
413fbe597e7ae0fa9dd6c8c66de6637658eea5e5Timo SirainenErrorDocument 500 http://foo.example.com/cgi-bin/tester<br>
413fbe597e7ae0fa9dd6c8c66de6637658eea5e5Timo SirainenErrorDocument 403 "Sorry can't allow you access today
413fbe597e7ae0fa9dd6c8c66de6637658eea5e5Timo Sirainen<P>Note that when you specify an <CODE>ErrorDocument</CODE> that
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenpoints to a remote URL (ie. anything with a method such as "http" in
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenfront of it) Apache will send a redirect to the client to tell it
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenwhere to find the document, even if the document ends up being
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenon the same server.. This has several implications, the
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenmost important being that <STRONG>if you use an "ErrorDocument 401"
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainendirective then it must refer to a local document.</STRONG> This results
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenfrom the nature of the HTTP basic authentication scheme.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<P>See Also: <A HREF="/custom-error.html">documentation of customizable
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<h2><A name="errorlog">ErrorLog directive</A></h2>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<!--%plaintext <?INDEX {\tt ErrorLog} directive> -->
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Syntax:</strong> ErrorLog <em>filename</em><br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Default:</strong> <code>ErrorLog logs/error_log</code><br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Context:</strong> server config, virtual host<br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThe error log directive sets the name of the file to which the server will log
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenany errors it encounters. If the filename does not begin with a slash (/)
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenthen it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<blockquote><code>ErrorLog /dev/null</code></blockquote>
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThis effectively turns off error logging.<p>
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenSECURITY: See the <A HREF="/misc/security_tips.html">security tips</A>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainendocument for details on why your security could be compromised if
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenthe directory where logfiles are stored is writable by anyone other
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenthan the user that starts the server.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<h2><A name="files"><Files> directive</A></h2>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Syntax:</strong> <Files <em>filename</em>>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen... </Files><br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Context:</strong> server config, virtual host, .htaccess<br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Compatibility:</strong> only available in Apache
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen1.2 and above.<p>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<p>The <Files> directive provides for access control by
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenfilename. It is comparable to the <a
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenhref="#directory"><Directory></a> directive and
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<a href="#location"><Location></a> directives. It
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenshould be matched with a </Files> directive. Directives that
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenapply to the filename given should be listed
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenwithin. <code><Files></code> sections are processed in the
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenorder they appear in the configuration file, after the
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<Directory> sections and <code>.htaccess</code> files are
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenread, but before <Location> sections.</p>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<p>The <em>filename</em> argument should include a filename, or a
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenwild-card string, where `?' matches any single character, and `*' matches any
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainensequences of characters. Extended regular expressions can also be used,
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenwith the addition of
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen <Files ~ "\.(gif|jpe?g|png)$">
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenwould match most common Internet graphics formats. In Apache 1.3 and
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenlater, <a href="#filesmatch"><FilesMatch></a> is preferred,
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenhref="#directory"><code><Directory></code></a> and <a
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenhref="#location"><code><Location></code></a> sections,
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen<code><Files></code> sections can be used inside .htaccess
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainenfiles. This allows users to control access to their own files, at a
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenfile-by-file level. When used in an .htaccess file, if the
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<em>filename</em> does not begin with a <code>/</code> character,
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenthe directory being applied will be prefixed automatically.
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<strong>See also</strong>: <a href="/sections.html">How Directory,
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenLocation and Files sections work</a> for an explanation of how these
d143077bd518de129b8d446fb58e003903e50867Timo Sirainendifferent sections are combined when a request is received
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<h2><A name="filesmatch"><FilesMatch></A></h2>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Syntax:</strong> <FilesMatch <em>regex</em>>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen... </Files><br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Context:</strong> server config, virtual host, .htaccess<br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Compatibility:</strong> only available in Apache
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen1.3 and above.<p>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<p>The <FilesMatch> directive provides for access control by
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenfilename, just as the <a href="#files"><Files></a> directive
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainendoes. However, it accepts a regular expression. For example:</p>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen <FilesMatch "\.(gif|jpe?g|png)$">
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<p>would match most common Internet graphics formats.</p>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>See also</strong>: <a href="/sections.html">How Directory,
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenLocation and Files sections work</a> for an explanation of how these
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainendifferent sections are combined when a request is received
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt Group} directive> -->
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Syntax:</strong> Group <em>unix-group</em><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Default:</strong> <code>Group #-1</code><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Context:</strong> server config, virtual host<br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThe Group directive sets the group under which the server will answer requests.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenIn order to use this directive, the stand-alone server must be run initially
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<dt>A group name
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<dd>Refers to the given group by name.
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<dt># followed by a group number.
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<dd>Refers to a group by its number.
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenIt is recommended that you set up a new group specifically for running the
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenserver. Some admins use user <code>nobody</code>, but this is not always
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenpossible or desirable.<p>
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenNote: if you start the server as a non-root user, it will fail to change
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainento the specified group, and will instead continue to run as the group of the
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenoriginal user. <p>
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenSpecial note: Use of this directive in <VirtualHost> requires a
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenproperly configured <A HREF="/suexec.html">suEXEC wrapper</A>.
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenWhen used inside a <VirtualHost> in this manner, only the group
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenthat CGIs are run as is affected. Non-CGI requests are still processed
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenas the group specified in the main Group directive.<p>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenSECURITY: See <A HREF="#user">User</A> for a discussion of the security
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<h2><A name="hostnamelookups">HostNameLookups directive</A></h2>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<!--%plaintext <?INDEX {\tt HostNameLookups} directive> -->
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Syntax:</strong> HostNameLookups <em>on | off | double</em><br>
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen<strong>Default:</strong> <code>HostNameLookups off</code><br>
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen<strong>Context:</strong> server config, virtual host<br>
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen<strong>Compatibility:</strong> <code>double</code> available only in Apache
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen1.3 and above.<br>
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen<strong>Compatibility:</strong> Default was <code>on</code> prior to Apache
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThis directive enables DNS lookups so that host names can be logged (and
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenpassed to CGIs/SSIs in <code>REMOTE_HOST</code>).
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThe value <code>double</code> refers to doing double-reverse DNS.
bbf796c17f02538058d7559bfe96d677e5b55015Timo SirainenThat is, after a reverse lookup is performed, a forward lookup is then
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenperformed on that result. At least one of the ip addresses in the forward
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenlookup must match the original address. (In "tcpwrappers" terminology
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenRegardless of the setting, when <a href="mod_access.html">mod_access</a>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenis used for controlling access by hostname, a double reverse lookup
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenwill be performed. This is necessary for security. Note that the
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenresult of this double-reverse isn't generally available unless
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenyou set <code>HostnameLookups double</code>. For example, if only
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<code>HostnameLookups on</code> and a request is made to an object that
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenis protected by hostname restrictions, regardless of whether the
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainendouble-reverse fails or not, CGIs will still be passed the single-reverse
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThe default for this directive was previously <code>on</code> in
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenversions of Apache prior to 1.3. It was changed to <code>off</code>
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenin order to save the network traffic for those sites that don't truly
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenneed the reverse lookups done. It is also better for the end users
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenbecause they don't have to suffer the extra latency that a lookup
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenHeavily loaded sites should leave this directive <code>off</code>, since DNS
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenlookups can take considerable amounts of time. The utility <i>logresolve</i>,
7394389230750c45b105cdefb5850c81cae8cdc0Timo Sirainenprovided in the <i>/support</i> directory, can be used to look up host names
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<h2><A name="identitycheck">IdentityCheck directive</A></h2>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt IdentityCheck} directive> -->
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<strong>Syntax:</strong> IdentityCheck <em>boolean</em><br>
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<strong>Default:</strong> <code>IdentityCheck off</code><br>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<strong>Context:</strong> server config, virtual host<br>
d143077bd518de129b8d446fb58e003903e50867Timo SirainenThis directive enables RFC1413-compliant logging of the remote user name
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenfor each connection, where the client machine runs identd or something similar.
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenThis information is logged in the access log. <em>Boolean</em> is either
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenThe information should not be trusted in any way except for rudimentary usage
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenNote that this can cause serious latency problems accessing your server
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainensince every request requires one of these lookups to be performed. When
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainenfirewalls are involved each lookup might possibly fail and add 30 seconds
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainenof latency to each hit. So in general this is not very useful on public
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenservers accessible from the Internet.
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<H2><A NAME="ifmodule"><IfModule> directive</A></H2>
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen<b>Syntax:</b> <IfModule [!]<i>module-name</i>> <i>...</i>
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen</IfModule><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Compatibility:</strong> IfModule is only available in 1.2 and
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo SirainenThe <IfModule <i>test</i>>...</IfModule>
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainensection is used to mark directives that are conditional. The
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainendirectives within an IfModule section are only
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenprocessed if the <i>test</i> is true. If <i>test</i>
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenis false, everything between the start and end markers
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainenis ignored.<p>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThe <i>test</i> in the <IfModule> section directive
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainencan be one of two forms:
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen<p>In the former case, the directives between the start and end markers
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenare only processed if the module named <i>module name</i> is compiled
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenin to Apache. The second format reverses the test, and only processes
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainenthe directives if <i>module name</i> is <b>not</b> compiled in.
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<p>The <i>module name</i> argument is a module name as given as the file
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenname of the module, at the time it was compiled. For example,
1175f27441385a7011629f295f42708f9a3a4ffcTimo Sirainen<p><IfModule> sections are nest-able, which can be used to implement
d143077bd518de129b8d446fb58e003903e50867Timo Sirainensimple multiple-module tests.
7394389230750c45b105cdefb5850c81cae8cdc0Timo Sirainen<h2><a name="include">Include directive</a></h2>
1175f27441385a7011629f295f42708f9a3a4ffcTimo Sirainen<strong>Syntax: (Apache 1.2)</strong> Include <em>filename</em><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Compatibility:</strong> Include is only available in Apache 1.3 and later.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThis directive allows inclusion of other configuration files from within the server configuration files.
024815ea2ffdda9ea79919f18e865663977f73eaTimo Sirainen<h2><a name="keepalive">KeepAlive directive</a></h2>
567e57b09a49bbb2a146b13f8617698eb56237feTimo Sirainen<strong>Syntax: (Apache 1.1)</strong> KeepAlive <em>max-requests</em><br>
567e57b09a49bbb2a146b13f8617698eb56237feTimo Sirainen<strong>Default: (Apache 1.1)</strong> <code>KeepAlive 5</code><br>
1175f27441385a7011629f295f42708f9a3a4ffcTimo Sirainen<strong>Syntax: (Apache 1.2)</strong> KeepAlive <em>on/off</em><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Default: (Apache 1.2)</strong> <code>KeepAlive On</code><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Compatibility:</strong> KeepAlive is only available in Apache
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen1.1 and later.<p>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThis directive enables
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<p><strong>Apache 1.1</strong>: Set <em>max-requests</em>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainento the maximum number of requests you want Apache to entertain per
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenrequest. A limit is imposed to prevent a client from hogging your
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenserver resources. Set this to <code>0</code> to disable support.
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<p><strong>Apache 1.2 and later</strong>: Set to "On" to enable
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainenpersistent connections, "Off" to disable. See also the <a
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenhref="#maxkeepaliverequests">MaxKeepAliveRequests</a> directive.</p><hr>
1175f27441385a7011629f295f42708f9a3a4ffcTimo Sirainen<h2><a name="keepalivetimeout">KeepAliveTimeout directive</a></h2>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Syntax:</strong> KeepAliveTimeout <em>seconds</em><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Default:</strong> <code>KeepAliveTimeout 15</code><br>
1175f27441385a7011629f295f42708f9a3a4ffcTimo Sirainen<strong>Compatibility:</strong> KeepAliveTimeout is only available in Apache
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen1.1 and later.<p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenThe number of seconds Apache will wait for a subsequent request before
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenclosing the connection. Once a request has been received, the timeout
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenvalue specified by the <a
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenhref="#timeout"><code>Timeout</code></a> directive
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenListen [<em>IP address</em>:]<em>port number</em><br>
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainen<strong>Compatibility:</strong> Listen is only available in Apache
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainen1.1 and later.<p>
690af4a90eaf8611c2573d34126bb7a852c50a44Timo Sirainen<p>The Listen directive instructs Apache to listen to more than one IP
690af4a90eaf8611c2573d34126bb7a852c50a44Timo Sirainenaddress or port; by default it responds to requests on all IP
e4fb5bfcdff32d337d054cce36e00e1cdfaae9f8Timo Siraineninterfaces, but only on the port given by the <code><a
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenhref="bindaddress">BindAddress</a></tt> and <tt>Port</tt>. It tells
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenthe server to accept incoming requests on the specified port or
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenaddress-and-port combination. If the first format is used, with a port
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainennumber only, the server listens to the given port on all interfaces,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Siraineninstead of the port given by the <tt>Port</tt> directive. If an IP
ea546eaab672d441e180b7619d4750be813c08d8Timo Sirainenaddress is given as well as a port, the server will listen on the
ea546eaab672d441e180b7619d4750be813c08d8Timo Sirainengiven port and interface. <p>
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenNote that you may still require a <tt>Port</tt> directive so
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenthat URLs that Apache generates that point to your server still
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenMultiple Listen directives may be used
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainento specify a number of addresses and ports to listen to. The server
ea546eaab672d441e180b7619d4750be813c08d8Timo Sirainenwill respond to requests from any of the listed addresses and
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenFor example, to make the server accept connections on both port
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen80 and port 8000, use:
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenTo make the server accept connections on two specified
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Siraineninterfaces and port numbers, use
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainen Listen 192.170.2.1:80
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen Listen 192.170.2.5:8000
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<a href="/bind.html">Setting which addresses and ports Apache uses</a><br>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<a href="/misc/known_bugs.html#listenbug">Known Bugs</a></p>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<H2><A NAME="listenbacklog">ListenBacklog directive</A></H2>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<strong>Syntax:</strong> ListenBacklog <em>backlog</em><br>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<strong>Default:</strong> <code>ListenBacklog 511</code><br>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<strong>Compatibility:</strong> ListenBacklog is only available in Apache
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainenversions after 1.2.0.<p>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo SirainenThe maximum length of the queue of pending connections. Generally no
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainentuning is needed or desired, however on some systems it is desirable
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainento increase this when under a TCP SYN flood attack. See
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainenthe backlog parameter to the <code>listen(2)</code> system call.</p><hr>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<h2><A name="limit"><Limit> directive</A></h2>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<!--%plaintext <?INDEX {\tt Limit} section directive> -->
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen <Limit <em>method method</em> ... > ... </Limit><br>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<Limit> and </Limit> are used to enclose a group of
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainenaccess control directives which will then apply only to the specified
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainenaccess methods, where <em>method</em> is any valid HTTP method.
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo SirainenAny directive except another <Limit> or
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<A HREF="#directory"><Directory></A> may be used; the majority will be
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainenunaffected by the <Limit>. Example:
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<Limit GET POST><br>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainenrequire valid-user<br>
d143077bd518de129b8d446fb58e003903e50867Timo SirainenIf an access control directive appears outside a <Limit> directive,
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<h2><a name="location"><Location> directive</a></h2>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Syntax:</strong> <Location <em>URL</em>>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen... </Location><br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Context:</strong> server config, virtual host<br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Compatibility:</strong> Location is only available in Apache
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen1.1 and later.<p>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<p>The <Location> directive provides for access control by
d143077bd518de129b8d446fb58e003903e50867Timo SirainenURL. It is comparable to the <a
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenhref="#directory"><Directory></a> directive, and
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenshould be matched with a </Location> directive. Directives that
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenapply to the URL given should be listed
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenwithin. <code><Location></code> sections are processed in the
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenorder they appear in the configuration file, after the
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<Directory> sections and <code>.htaccess</code> files are
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<p>Note that, due to the way HTTP functions, <em>URL prefix</em>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenshould, save for proxy requests, be of the form <code>/path/</code>,
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenand should not include the <code>http://servername</code>. It doesn't
d143077bd518de129b8d446fb58e003903e50867Timo Sirainennecessarily have to protect a directory (it can be an individual
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenfile, or a number of files), and can include wild-cards. In a wild-card
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenstring, `?' matches any single character, and `*' matches any
d143077bd518de129b8d446fb58e003903e50867Timo Sirainensequences of characters.
d143077bd518de129b8d446fb58e003903e50867Timo SirainenExtended regular expressions can also be used, with the addition of
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen <Location ~ "/(extra|special)/data">
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<p>would match URLs that contained the substring "/extra/data" or
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen"/special/data". However, in Apache 1.3 and above, use of <a
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenhref="#locationmatch"><LocationMatch></a> is preferred.</p>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<p>The <code>Location</code> functionality is especially useful when
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenhref="mod_mime.html#sethandler">SetHandler</a></code> directive. For example, to enable status requests, but allow them only
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenfrom browsers at foo.com, you might use:
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen <Location /status>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen SetHandler server-status
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen order deny,allow
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen deny from all
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen </Location>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>See also</strong>: <a href="/sections.html">How Directory,
d143077bd518de129b8d446fb58e003903e50867Timo SirainenLocation and Files sections work</a> for an explanation of how these
d143077bd518de129b8d446fb58e003903e50867Timo Sirainendifferent sections are combined when a request is received
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<h2><a name="locationmatch"><LocationMatch></a></h2>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Syntax:</strong> <LocationMatch <em>regex</em>>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen... </LocationMatch><br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Context:</strong> server config, virtual host<br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Compatibility:</strong> Location is only available in Apache
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen1.3 and later.<p>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<p>The <LocationMatch> directive provides for access control by
d143077bd518de129b8d446fb58e003903e50867Timo SirainenURL, in an identical manner to <a
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenhref="#location"><Location></a>. However, it takes a regular
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenexpression as an argument instead of a simple string. For example:</p>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen <LocationMatch "/(extra|special)/data">
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<p>would match URLs that contained the substring "/extra/data" or
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>See also</strong>: <a href="/sections.html">How Directory,
d143077bd518de129b8d446fb58e003903e50867Timo SirainenLocation and Files sections work</a> for an explanation of how these
d143077bd518de129b8d446fb58e003903e50867Timo Sirainendifferent sections are combined when a request is received
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<H2><A NAME="lockfile">LockFile directive</A></H2>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Syntax:</strong> LockFile <em>filename</em><BR>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Default:</strong> <code>LockFile logs/accept.lock</code><BR>
d143077bd518de129b8d446fb58e003903e50867Timo SirainenThe LockFile directive sets the path to the lockfile used when
d143077bd518de129b8d446fb58e003903e50867Timo SirainenApache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
d143077bd518de129b8d446fb58e003903e50867Timo SirainenUSE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenleft at its default value. The main reason for changing it is if
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenthe <code>logs</code> directory is NFS mounted, since the lockfile
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenshould be stored on a local disk if possible. The PID of the main
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenserver process is automatically appended to the filename.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<h2><A name="maxclients">MaxClients directive</A></h2>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<!--%plaintext <?INDEX {\tt MaxClients} directive> -->
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Syntax:</strong> MaxClients <em>number</em><br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Default:</strong> <code>MaxClients 256</code><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThe MaxClients directive sets the limit on the number of simultaneous
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenrequests that can be supported; not more than this number of child server
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<h2><A name="maxkeepaliverequests">MaxKeepAliveRequests directive</A></h2>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen<strong>Syntax:</strong> MaxKeepAliveRequests <em>number</em><br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Default:</strong> <code>MaxKeepAliveRequests 100</code><br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Compatibility:</strong> Only available in Apache
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen1.2 and later.
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<p>The MaxKeepAliveRequests directive limits the number of requests
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenallowed per connection when <a href="#keepalive">KeepAlive</a> is
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenon. If it is set to "<code>0</code>", unlimited requests will be
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenallowed. We recommend that this setting be kept to a high value for
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<h2><A name="maxrequestsperchild">MaxRequestsPerChild directive</A></h2>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<!--%plaintext <?INDEX {\tt MaxRequestsPerChild} directive> -->
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Syntax:</strong> MaxRequestsPerChild <em>number</em><br>
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen<strong>Default:</strong> <code>MaxRequestsPerChild 0</code><br>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenThe MaxRequestsPerChild directive sets the limit on the number of requests
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainenthat an individual child server process will handle. After MaxRequestsPerChild
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainenrequests, the child process will die. If MaxRequestsPerChild is 0, then
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenthe process will never expire.<p>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenSetting MaxRequestsPerChild to a non-zero limit has two beneficial effects:
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<li>it limits the amount of memory that process can consume by (accidental)
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainenmemory leakage;
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<li> by giving processes a finite lifetime, it helps reduce the
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainennumber of processes when the server load reduces.
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<h2><A name="maxspareservers">MaxSpareServers directive</A></h2>
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<!--%plaintext <?INDEX {\tt MaxSpareServers} directive> -->
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<strong>Syntax:</strong> MaxSpareServers <em>number</em><br>
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<strong>Default:</strong> <code>MaxSpareServers 10</code><br>
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo SirainenThe MaxSpareServers directive sets the desired maximum number of <em>idle</em>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenchild server processes. An idle process is one which is not handling
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainena request. If there are more than MaxSpareServers idle, then the parent
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenprocess will kill off the excess processes.<p>
7394389230750c45b105cdefb5850c81cae8cdc0Timo SirainenTuning of this parameter should only be necessary on very busy sites.
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenSetting this parameter to a large number is almost always a bad idea.<p>
fec0e90484c5f2c9da9cdc62c0897408023d4c6eTimo SirainenSee also <A HREF="#minspareservers">MinSpareServers</A> and
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<A HREF="#startservers">StartServers</A>.<p><hr>
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainen<h2><A name="minspareservers">MinSpareServers directive</A></h2>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<!--%plaintext <?INDEX {\tt MinSpareServers} directive> -->
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<strong>Syntax:</strong> MinSpareServers <em>number</em><br>
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen<strong>Default:</strong> <code>MinSpareServers 5</code><br>
fec0e90484c5f2c9da9cdc62c0897408023d4c6eTimo SirainenThe MinSpareServers directive sets the desired minimum number of <em>idle</em>
ea546eaab672d441e180b7619d4750be813c08d8Timo Sirainenchild server processes. An idle process is one which is not handling
5c1a8aee989af87bddefd71e2aa83aa2bd695155Timo Sirainena request. If there are fewer than MinSpareServers idle, then the parent
fec0e90484c5f2c9da9cdc62c0897408023d4c6eTimo Sirainenprocess creates new children at a maximum rate of 1 per second.<p>
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenTuning of this parameter should only be necessary on very busy sites.
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo SirainenSetting this parameter to a large number is almost always a bad idea.<p>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo SirainenSee also <A HREF="#maxspareservers">MaxSpareServers</A> and
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<A HREF="#startservers">StartServers</A>.<p><hr>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<h2><A name="options">Options directive</A></h2>
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<!--%plaintext <?INDEX {\tt Options} directive> -->
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<strong>Syntax:</strong> Options <em>[+|-]option [+|-]option ...</em><br>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo SirainenThe Options directive controls which server features are available in
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainena particular directory.
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<em>option</em> can be set to <code>None</code>, in which case none of
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenthe extra features are enabled, or one or more of the following:
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<dd>All options except for MultiViews.
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainen<!--%plaintext <?INDEX {\tt ExecCGI} option> -->
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenExecution of CGI scripts is permitted.
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<dt>FollowSymLinks
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainen<!--%plaintext <?INDEX {\tt FollowSymLinks} option> -->
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo SirainenThe server will follow symbolic links in this directory.
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainen<b>Note</b>: even though the server follows the symlink it does <i>not</i>
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainenchange the pathname used to match against <code><Directory></code>
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainen<!--%plaintext <?INDEX {\tt Includes} option> -->
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo SirainenServer-side includes are permitted.
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainen<dt>IncludesNOEXEC
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<!--%plaintext <?INDEX {\tt IncludesNOEXEC} option> -->
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo SirainenServer-side includes are permitted, but the #exec command and
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainen#include of CGI scripts are disabled.
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainen<!--%plaintext <?INDEX {\tt Indexes} option> -->
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo SirainenIf a URL which maps to a directory is requested, and the there is no
5a07b37a9df398b5189c14872a600384208ab74bTimo SirainenDirectoryIndex (e.g. index.html) in that directory, then the server will
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainenreturn a formatted listing of the directory.
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<dt>MultiViews
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen<!--%plaintext <?INDEX {\tt MultiViews} option> -->
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo Sirainen<A HREF="/content-negotiation.html">Content negotiated</A> MultiViews are
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen<dt>SymLinksIfOwnerMatch
fec0e90484c5f2c9da9cdc62c0897408023d4c6eTimo Sirainen<!--%plaintext <?INDEX {\tt SymLinksIfOwnerMatch} option> -->
fec0e90484c5f2c9da9cdc62c0897408023d4c6eTimo SirainenThe server will only follow symbolic links for which the target
fec0e90484c5f2c9da9cdc62c0897408023d4c6eTimo Sirainenfile or directory is owned by the same user id as the link.
90a6478adca64af3b909498711bb034a5ddb79a9Timo SirainenNormally, if multiple <code>Options</code> could apply to a directory,
90a6478adca64af3b909498711bb034a5ddb79a9Timo Sirainenthen the most specific one is taken complete; the options are not
90a6478adca64af3b909498711bb034a5ddb79a9Timo Sirainenmerged. However if <i>all</i> the options on the <code>Options</code>
90a6478adca64af3b909498711bb034a5ddb79a9Timo Sirainendirective are preceded by a + or - symbol, the options are
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenmerged. Any options preceded by a + are added to the options
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainencurrently in force, and any options preceded by a - are removed from
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenthe options currently in force. <P>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenFor example, without any + and - symbols:
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo SirainenOptions Indexes FollowSymLinks<br>
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen</Directory><br>
fec0e90484c5f2c9da9cdc62c0897408023d4c6eTimo SirainenOptions Includes<br>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen</Directory>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenthen only <code>Includes</code> will be set for the /web/docs/spec
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainendirectory. However if the second <code>Options</code> directive uses the +
ea546eaab672d441e180b7619d4750be813c08d8Timo Sirainenand - symbols:<p>
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo SirainenOptions Indexes FollowSymLinks<br>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen</Directory><br>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenOptions +Includes -Indexes<br>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen</Directory>
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainenthen the options <code>FollowSymLinks</code> and <code>Includes</code>
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen<h2><A name="pidfile">PidFile directive</A></h2>
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen<!--%plaintext <?INDEX {\tt PidFile} directive> -->
b35f7104715edee0cfac6d46ab0b342033867eb7Timo Sirainen<strong>Syntax:</strong> PidFile <em>filename</em><br>
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo Sirainen<strong>Default:</strong> <code>PidFile logs/httpd.pid</code><br>
b35f7104715edee0cfac6d46ab0b342033867eb7Timo SirainenThe PidFile directive sets the file to which the server records the
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenprocess id of the daemon. If the filename does not begin with a slash (/)
b35f7104715edee0cfac6d46ab0b342033867eb7Timo Sirainenthen it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>.
b35f7104715edee0cfac6d46ab0b342033867eb7Timo SirainenThe PidFile is only used in <A HREF="#servertype">standalone</A> mode.<p>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo SirainenIt is often useful to be able to send the server a signal, so that it closes
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainenand then reopens its <A HREF="#errorlog">ErrorLog</A> and TransferLog, and
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainenre-reads its configuration files. This is done by sending a SIGHUP (kill -1)
b2105c78f0fd58281317e6d777ded860f33153a3Timo Sirainensignal to the process id listed in the PidFile.<p>
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo SirainenThe PidFile is subject to the same warnings about log file placement and
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen<a href="/misc/security_tips.html">security</a>.
5c1a8aee989af87bddefd71e2aa83aa2bd695155Timo Sirainen<!--%plaintext <?INDEX {\tt Port} directive> -->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<strong>Syntax:</strong> Port <em>number</em><br>
f172291ed740e6af3ce3e7c9c2ef0fe1d3ad7963Timo Sirainen<strong>Default:</strong> <code>Port 80</code><br>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<em>Number</em> is a number from 0 to 65535; some port numbers (especially below
below 1024 are reserved for system use, i.e. regular (non-root) users cannot
might work with some 1.x installations, but won't work with all of
speed high latency (i.e. 100ms or so, such as transcontinental
It may be worth setting up a dedicated address for this, e.g.
<!--#include virtual="footer.html" -->