<
li><
a href="#limit"><Limit></
a></
li>
<
li><
a href="#limitexcept"><LimitExcept></
a></
li>
<
li><
a href="#limitrequestbody">LimitRequestBody</
a></
li>
<
li><
a href="#limitrequestfields">LimitRequestFields</
a></
li>
"#limitrequestfieldsize">LimitRequestFieldsize</
a></
li>
<
li><
a href="#limitrequestline">LimitRequestLine</
a></
li>
"#limitxmlrequestbody">LimitXMLRequestBody</
a></
li>
<
li><
a href="#location"><Location></
a></
li>
<
li><
a href="#locationmatch"><LocationMatch></
a></
li>
<
li><
a href="#loglevel">LogLevel</
a></
li>
"#maxkeepaliverequests">MaxKeepAliveRequests</
a></
li>
<
li><
a href="#namevirtualhost">NameVirtualHost</
a></
li>
<
li><
a href="#options">Options</
a></
li>
<
li><
a href="#port">Port</
a></
li>
<
li><
a href="#require">Require</
a></
li>
<
li><
a href="#rlimitcpu">RLimitCPU</
a></
li>
<
li><
a href="#rlimitmem">RLimitMEM</
a></
li>
<
li><
a href="#rlimitnproc">RLimitNPROC</
a></
li>
<
li><
a href="#satisfy">Satisfy</
a></
li>
"#scriptinterpretersource">ScriptInterpreterSource</
a></
li>
<
li><
a href="#serveradmin">ServerAdmin</
a></
li>
<
li><
a href="#serveralias">ServerAlias</
a></
li>
<
li><
a href="#servername">ServerName</
a></
li>
<
li><
a href="#serverpath">ServerPath</
a></
li>
<
li><
a href="#serverroot">ServerRoot</
a></
li>
<
li><
a href="#serversignature">ServerSignature</
a></
li>
<
li><
a href="#servertokens">ServerTokens</
a></
li>
<
li><
a href="#sethandler">SetHandler</
a></
li>
<
li><
a href="#setinputfilter">SetInputFilter</
a></
li>
<
li><
a href="#setoutputfilter">SetOutputFilter</
a></
li>
<
li><
a href="#timeout">TimeOut</
a></
li>
<
li><
a href="#usecanonicalname">UseCanonicalName</
a></
li>
<
li><
a href="#virtualhost"><VirtualHost></
a></
li>
<
h2><
a name="accessfilename">AccessFileName directive</
a></
h2>
<!--%plaintext <?INDEX {\tt AccessFileName} directive> --> "Help"><
strong>Syntax:</
strong></
a> AccessFileName
<
em>filename</
em> [<
em>filename</
em>] ...<
br>
"Help"><
strong>Default:</
strong></
a> <
code>AccessFileName
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> AccessFileName can
accept more than one filename only in Apache 1.3 and later
<
p>When returning a document to the client the server looks for
the first existing access control file from this list of names
in every directory of the path to the document, if access
control files are enabled for that directory. For example:</
p>
<
code>AccessFileName .acl</
code>
<
code><Directory /><
br>
</Directory></
code>
<
p><
strong>See Also:</
strong> <
a href= "#allowoverride">AllowOverride</
a></
p>
<
h2><
a name="adddefaultcharset">AddDefaultCharset
"Help"><
strong>Syntax:</
strong></
a> AddDefaultCharset
On|Off|<
em>charset</
em><
br>
"Help"><
strong>Context:</
strong></
a> all<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Default:</
strong></
a> <
code>AddDefaultCharset
"Help"><
strong>Compatibility:</
strong></
a> AddDefaultCharset is
only available in Apache 1.3.12 and later
<
p>This directive specifies the name of the character set that
will be added to any response that does not have any parameter
on the content type in the HTTP headers. This will override any
character set specified in the body of the document via a
<
code>META</
code> tag. A setting of <
code>AddDefaultCharset
Off</
code> disables this functionality. <
code>AddDefaultCharset
On</
code> enables Apache's internal default charset of
<
code>iso-8859-1</
code> as required by the directive. You can
also specify an alternate <
em>charset</
em> to be used;
e.g. <
code>AddDefaultCharset utf-8</
code>.</
p>
<
h2><
a name="addmodule">AddModule directive</
a></
h2>
<!--%plaintext <?INDEX {\tt AddModule} directive> --> "Help"><
strong>Syntax:</
strong></
a> AddModule <
em>module</
em>
[<
em>module</
em>] ...<
br>
"Help"><
strong>Context:</
strong></
a> server config <
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> AddModule is only
available in Apache 1.2 and later
<
p>The server can have modules compiled in which are not
actively in use. This directive can be used to enable the use
of those modules. The server comes with a pre-loaded list of
active modules; this list can be cleared with the <
a href= "#clearmodulelist">ClearModuleList</
a> directive.</
p>
<
h2><
a name="allowoverride">AllowOverride directive</
a></
h2>
<!--%plaintext <?INDEX {\tt AllowOverride} directive> --> "Help"><
strong>Syntax:</
strong></
a> AllowOverride
All|None|<
em>directive-type</
em> [<
em>directive-type</
em>]
"Help"><
strong>Default:</
strong></
a> <
code>AllowOverride
"Help"><
strong>Context:</
strong></
a> directory<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>When the server finds an .htaccess file (as specified by <
a href="#accessfilename">AccessFileName</
a>) it needs to know
which directives declared in that file can override earlier
<
p>When this directive is set to <
code>None</
code>, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
<
p>When this directive is set to <
code>All</
code>, then any
directive which has the .htaccess <
a href= <
p>The <
em>directive-type</
em> can be one of the following
groupings of directives.</
p>
<!--%plaintext <?INDEX {\tt AuthConfig} override> --> Allow use of the authorization directives (<
a href= href="#authname">AuthName</
a>, <
a href= "#authtype">AuthType</
a>, <
a href= "#require">Require</
a>, <
em>etc.</
em>).</
dd>
<
dd>
<!--%plaintext <?INDEX {\tt FileInfo} override> --> Allow use of the directives controlling document types (<
a href="#defaulttype">DefaultType</
a>, <
a href= "#errordocument">ErrorDocument</
a>, <
a href= "#forcetype">ForceType</
a>, <
a href= <
a href="#sethandler">SetHandler</
a>, <
a href= "#setinputfilter">SetInputFilter</
a>, <
a href= "#setoutputfilter">SetOutputFilter</
a>, and <
a href= <
dd>
<!--%plaintext <?INDEX {\tt Indexes} override> --> Allow use of the directives controlling directory indexing
<
dd>
<!--%plaintext <?INDEX {\tt Limit} override> --> Allow use of the directives controlling host access (Allow,
<
dd>
<!--%plaintext <?INDEX {\tt Options} override> --> Allow use of the directives controlling specific directory
features (<
a href="#options">Options</
a> and <
a href= <
p><
strong>See Also:</
strong> <
a href= "#accessfilename">AccessFileName</
a></
p>
<
h2><
a name="authname">AuthName directive</
a></
h2>
<!--%plaintext <?INDEX {\tt AuthName} directive> --> "Help"><
strong>Syntax:</
strong></
a> AuthName
"Help"><
strong>Context:</
strong></
a> directory, .htaccess<
br>
"Help"><
strong>Override:</
strong></
a> AuthConfig<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>This directive sets the name of the authorization realm for
a directory. This realm is given to the client so that the user
knows which username and password to send.
<
samp>AuthName</
samp> takes a single argument; if the realm
name contains spaces, it must be enclosed in quotation marks.
It must be accompanied by <
a href="#authtype">AuthType</
a> and
<
a href="#require">Require</
a> directives, and directives such
<
h2><
a name="authtype">AuthType directive</
a></
h2>
<!--%plaintext <?INDEX {\tt AuthType} directive> --> "Help"><
strong>Syntax:</
strong></
a> AuthType Basic|Digest<
br>
"Help"><
strong>Context:</
strong></
a> directory, .htaccess<
br>
"Help"><
strong>Override:</
strong></
a> AuthConfig<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>This directive selects the type of user authentication for a
directory. Only <
code>Basic</
code> and <
code>Digest</
code> are
<!--%plaintext <?INDEX {\tt Basic} authentication scheme> --> It must be accompanied by <
a href="#authname">AuthName</
a> and
<
a href="#require">Require</
a> directives, and directives such
<
h2><
a name="clearmodulelist">ClearModuleList
<!--%plaintext <?INDEX {\tt ClearModuleList} directive> --> "Help"><
strong>Syntax:</
strong></
a> ClearModuleList<
br>
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> ClearModuleList is
only available in Apache 1.2 and later
<
p>The server comes with a built-in list of active modules.
This directive clears the list. It is assumed that the list
will then be re-populated using the <
a href= "#addmodule">AddModule</
a> directive.</
p>
<
h2><
a name="contentdigest">ContentDigest directive</
a></
h2>
<!--%plaintext <?INDEX {\tt ContentDigest} directive> --> "Help"><
strong>Syntax:</
strong></
a> ContentDigest on|off<
br>
"Help"><
strong>Default:</
strong></
a> <
code>ContentDigest
"Help"><
strong>Context:</
strong></
a> server config, virtual
host, directory, .htaccess<
br>
"Help"><
strong>Override:</
strong></
a> Options<
br>
"Help"><
strong>Status:</
strong></
a> experimental<
br>
"Help"><
strong>Compatibility:</
strong></
a> ContentDigest is
only available in Apache 1.1 and later
<
p>This directive enables the generation of
<
code>Content-MD5</
code> headers as defined in RFC1864
respectively RFC2068.</
p>
<
p>MD5 is an algorithm for computing a "message digest"
(sometimes called "fingerprint") of arbitrary-length data, with
a high degree of confidence that any alterations in the data
will be reflected in alterations in the message digest.</
p>
<
p>The <
code>Content-MD5</
code> header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:</
p>
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
<
p>Note that this can cause performance problems on your server
since the message digest is computed on every request (the
values are not cached).</
p>
<
p><
code>Content-MD5</
code> is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
<
h2><
a name="defaulttype">DefaultType directive</
a></
h2>
<!--%plaintext <?INDEX {\tt DefaultType} directive> --> "Help"><
strong>Syntax:</
strong></
a> DefaultType
"Help"><
strong>Default:</
strong></
a> <
code>DefaultType
"Help"><
strong>Context:</
strong></
a> server config, virtual
host, directory, .htaccess<
br>
"Help"><
strong>Override:</
strong></
a> FileInfo<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>There will be times when the server is asked to provide a
document whose type cannot be determined by its MIME types
<
p>The server must inform the client of the content-type of the
document, so in the event of an unknown type it uses the
<
code>DefaultType</
code>. For example:</
p>
would be appropriate for a directory which contained many gif
images with filenames missing the .gif extension.
<
p>Note that unlike <
a href="#forcetype">ForceType</
a>, this
directive is only provides the default mime-type. All other
mime-type definitions, including filename extensions, that
might identify the media type will override this default.</
p>
<
h2><
a name="directory"><Directory> directive</
a></
h2>
<!--%plaintext <?INDEX {\tt Directory} section directive> --> "Help"><
strong>Syntax:</
strong></
a> <Directory
<
em>directory-path</
em>> ... </Directory> <
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> Core.
<
p><Directory> and </Directory> are used to enclose
a group of directives which will apply only to the named
directory and sub-directories of that directory. Any directive
which is allowed in a directory context may be used.
<
em>Directory-path</
em> is either the full path to a directory,
or a wild-card string. In a wild-card string, `?' matches any
single character, and `*' matches any sequences of characters.
As of Apache 1.3, you may also use `[]' character ranges like
in the shell. Also as of Apache 1.3 none of the wildcards match
a `/' character, which more closely mimics the behavior of
Unix shells. Example:</
p>
Options Indexes FollowSymLinks
<
p><
strong>Apache 1.2 and above:</
strong> Extended regular
expressions can also be used, with the addition of the
<
code>~</
code> character. For example:</
p>
<Directory ~ "^/www/.*/[0-9]{3}">
would match directories in /www/ that consisted of three
<
p>If multiple (non-regular expression) directory sections
match the directory (or its parents) containing a document,
then the directives are applied in the order of shortest match
first, interspersed with the directives from the <
a href= "#accessfilename">.htaccess</
a> files. For example, with</
p>
<
code><Directory /><
br>
<Directory /home/*><
br>
AllowOverride FileInfo<
br>
</Directory></
code>
<
li>Apply directive <
code>AllowOverride None</
code>
(disabling <
code>.htaccess</
code> files).</
li>
<
li>Apply directive <
code>AllowOverride FileInfo</
code> (for
directory <
code>/
home/
web</
code>).</
li>
<
li>Apply any FileInfo directives in
<
p>Regular expression directory sections are handled slightly
differently by Apache 1.2 and 1.3. In Apache 1.2 they are
interspersed with the normal directory sections and applied in
the order they appear in the configuration file. They are
applied only once, and apply when the shortest match possible
occurs. In Apache 1.3 regular expressions are not considered
until after all of the normal sections have been applied. Then
all of the regular expressions are tested in the order they
appeared in the configuration file. For example, with</
p>
<
code><Directory ~ abc$><
br>
... directives here ...<
br>
Suppose that the filename being accessed is
considers each of <
code>/</
code>, <
code>/home</
code>,
1.2, when <
code>/
home/
abc</
code> is considered, the regular
expression will match and be applied. In Apache 1.3 the regular
expression isn't considered at all at that point in the tree.
It won't be considered until after all normal
<Directory>s and <
code>.htaccess</
code> files have been
applied. Then the regular expression will match on
<
p><
strong>Note that the default Apache access for
<Directory /> is <
samp>Allow from All</
samp>. This means
that Apache will serve any file mapped from an URL. It is
recommended that you change this with a block such
<
p><
strong>and then override this for directories you
<
em>want</
em> accessible. See the <
a href= The directory sections typically occur in the
access.conf file,
but they may appear in any configuration file.
<Directory> directives cannot nest, and cannot appear in
a <
a href="#limit"><Limit></
a> or <
a href= "#limitexcept"><LimitExcept></
a> section.
Directory, Location and Files sections work</
a> for an
explanation of how these different sections are combined when a
<
h2><
a name="directorymatch"><DirectoryMatch></
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> <DirectoryMatch
<
em>regex</
em>> ... </DirectoryMatch> <
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> Core.<
br>
"Help"><
strong>Compatibility:</
strong></
a> Available in Apache
<
p><DirectoryMatch> and </DirectoryMatch> are used
to enclose a group of directives which will apply only to the
named directory and sub-directories of that directory, the same
as <
a href="#directory"><Directory></
a>. However, it
takes as an argument a regular expression. For example:</
p>
<DirectoryMatch "^/www/.*/[0-9]{3}">
<
p>would match directories in /www/ that consisted of three
<
p><
strong>See Also:</
strong> <
a href= "#directory"><Directory></
a> for a description of how
regular expressions are mixed in with normal
Directory, Location and Files sections work</
a> for an
explanation of how these different sections are combined when a
<
h2><
a name="documentroot">DocumentRoot directive</
a></
h2>
<!--%plaintext <?INDEX {\tt DocumentRoot} directive> --> "Help"><
strong>Syntax:</
strong></
a> DocumentRoot
<
em>directory-path</
em><
br>
"Help"><
strong>Default:</
strong></
a> <
code>DocumentRoot
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core
<
p>This directive sets the directory from which httpd will
serve files. Unless matched by a directive like Alias, the
server appends the path from the requested URL to the document
root to make the path to the document. Example:</
p>
<
code>DocumentRoot /
usr/
web</
code>
<
p>There appears to be a bug in mod_dir which causes problems
when the DocumentRoot has a trailing slash (<
em>
i.e.</
em>,
"DocumentRoot /
usr/
web/") so please avoid that.</
p>
<
h2><
a name="errordocument">ErrorDocument directive</
a></
h2>
<!--%plaintext <?INDEX {\tt ErrorDocument} directive> --> "Help"><
strong>Syntax:</
strong></
a> ErrorDocument
<
em>error-code document</
em><
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
host, directory, .htaccess<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Override:</
strong></
a> FileInfo<
br>
"Help"><
strong>Compatibility:</
strong></
a> The directory and
.htaccess contexts are only available in Apache 1.1 and later.
The quoting syntax prior to Apache 2.0 was different.
<
p>In the event of a problem or error, Apache can be configured
to do one of four things,</
p>
<
li>output a simple hardcoded error message</
li>
<
li>output a customized message</
li>
<
li>redirect to a local <
em>URL-path</
em> to handle the
<
li>redirect to an external <
em>URL</
em> to handle the
<
p>The first option is the default, while options 2-4 are
configured using the <
code>ErrorDocument</
code> directive,
which is followed by the HTTP response code and a URL or a
message. Apache will sometimes offer additional information
<
p>URLs can begin with a slash (/) for local URLs, or be a full
URL which the client can resolve. Alternatively, a message can
be provided to be displayed by the browser. Examples:</
p>
ErrorDocument 403 "Sorry can't allow you access
<
p>Note that when you specify an <
code>ErrorDocument</
code>
that points to a remote URL (ie. anything with a method such as
"http" in front of it), Apache will send a redirect to the
client to tell it where to find the document, even if the
document ends up being on the same server. This has several
implications, the most important being that the client will not
receive the original error status code, but instead will
receive a redirect status code. This in turn can confuse web
robots and other clients which try to determine if a URL is
valid using the status code. In addition, if you use a remote
URL in an <
code>ErrorDocument 401</
code>, the client will not
know to prompt the user for a password since it will not
receive the 401 status code. Therefore, <
strong>if you use an
"ErrorDocument 401" directive then it must refer to a local
<
p>Prior to version 2.0, messages were indicated by prefixing
them with a single unmatched double quote character.</
p>
customizable responses.</
a></
p>
<
h2><
a name="errorlog">ErrorLog directive</
a></
h2>
<!--%plaintext <?INDEX {\tt ErrorLog} directive> --> "Help"><
strong>Syntax:</
strong></
a> ErrorLog
<
em>file-path</
em>|syslog[:<
em>facility</
em>] <
br>
"Help"><
strong>Default:</
strong></
a> <
code>ErrorLog
"Help"><
strong>Default:</
strong></
a> <
code>ErrorLog
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core
<
p>The error log directive sets the name of the file to which
the server will log any errors it encounters. If the
<
em>file-path</
em> does not begin with a slash (/) then it is
assumed to be relative to the <
a href= "#serverroot">ServerRoot</
a>. If the <
em>file-path</
em> begins
with a pipe (|) then it is assumed to be a command to spawn to
handle the error log.</
p>
<
p><
strong>Apache 1.3 and above:</
strong> Using
<
code>syslog</
code> instead of a filename enables logging via
syslogd(8) if the system supports it. The default is to use
syslog facility <
code>local7</
code>, but you can override this
by using the <
code>syslog:</
code><
em>facility</
em> syntax where
<
em>facility</
em> can be one of the names usually documented in
<
p>SECURITY: See the <
a href= document for details on why your security could be compromised
if the directory where logfiles are stored is writable by
anyone other than the user that starts the server.</
p>
<
p><
strong>See also:</
strong> <
a href="#loglevel">LogLevel</
a>
and <
a href="/logs.html">Apache Log Files</
a></
p>
<
h2><
a name="files"><Files> directive</
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> <Files
<
em>filename</
em>> ... </Files><
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> only available in
<
p>The <Files> directive provides for access control by
filename. It is comparable to the <
a href= "#directory"><Directory></
a> directive and <
a href= "#location"><Location></
a> directives. It should be
matched with a </Files> directive. The directives given
within this section will be applied to any object with a
basename (last component of filename) matching the specified
filename. <
code><Files></
code> sections are processed in
the order they appear in the configuration file, after the
<Directory> sections and <
code>.htaccess</
code> files are
read, but before <Location> sections. Note that
<Files> can be nested inside <Directory> sections
to restrict the portion of the filesystem they apply to.</
p>
<
p>The <
em>filename</
em> argument should include a filename, or
a wild-card string, where `?' matches any single character, and
`*' matches any sequences of characters. Extended regular
expressions can also be used, with the addition of the
<
code>~</
code> character. For example:</
p>
<Files ~ "\.(gif|jpe?g|png)$">
would match most common Internet graphics formats. In Apache
1.3 and later, <
a href="#filesmatch"><FilesMatch></
a> is
<
p>Note that unlike <
a href= "#directory"><
code><Directory></
code></
a> and <
a href= "#location"><
code><Location></
code></
a> sections,
<
code><Files></
code> sections can be used inside
.htaccess files. This allows users to control access to their
own files, at a file-by-file level.</
p>
Directory, Location and Files sections work</
a> for an
explanation of how these different sections are combined when a
<
h2><
a name="filesmatch"><FilesMatch></
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> <FilesMatch
<
em>regex</
em>> ... </FilesMatch><
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> only available in
<
p>The <FilesMatch> directive provides for access control
by filename, just as the <
a href="#files"><Files></
a>
directive does. However, it accepts a regular expression. For
<FilesMatch "\.(gif|jpe?g|png)$">
<
p>would match most common Internet graphics formats.</
p>
Directory, Location and Files sections work</
a> for an
explanation of how these different sections are combined when a
<
h2><
a name="forcetype">ForceType</
a> directive</
h2>
"Help"><
strong>Syntax:</
strong></
a> ForceType
"Help"><
strong>Context:</
strong></
a> directory, .htaccess<
br>
"Help"><
strong>Status:</
strong></
a> Base<
br>
"Help"><
strong>Module:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> ForceType was
introduced in mod_mime with Apache 1.1, and moved to the core
<
p>When placed into an <
code>.htaccess</
code> file or a
<
code><Directory></
code>, or
<
code><Location></
code> or or <
code><Files></
code>
section, this directive forces all matching files to be served
with the content type identification given by
<
em>mime-type</
em>. For example, if you had a directory full of
GIF files, but did not want to label them all with ".gif", you
<
p>Note that unlike <
a href="#defaulttype">DefaultType</
a>,
this directive overrides all mime-type associations, including
filename extensions, that might identify the media type.</
p>
<
h2><
a name="hostnamelookups">HostNameLookups
<!--%plaintext <?INDEX {\tt HostNameLookups} directive> --> "Help"><
strong>Syntax:</
strong></
a> HostNameLookups
"Help"><
strong>Default:</
strong></
a> <
code>HostNameLookups
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> <
code>double</
code>
available only in Apache 1.3 and above.<
br>
"Help"><
strong>Compatibility:</
strong></
a> Default was
<
code>on</
code> prior to Apache 1.3.
<
p>This directive enables DNS lookups so that host names can be
logged (and passed to
CGIs/
SSIs in <
code>REMOTE_HOST</
code>).
The value <
code>double</
code> refers to doing double-reverse
DNS. That is, after a reverse lookup is performed, a forward
lookup is then performed on that result. At least one of the ip
addresses in the forward lookup must match the original
address. (In "tcpwrappers" terminology this is called
<
code>PARANOID</
code>.)</
p>
<
p>Regardless of the setting, when <
a href= by hostname, a double reverse lookup will be performed. This is
necessary for security. Note that the result of this
double-reverse isn't generally available unless you set
<
code>HostnameLookups double</
code>. For example, if only
<
code>HostnameLookups on</
code> and a request is made to an
object that is protected by hostname restrictions, regardless
of whether the double-reverse fails or not, CGIs will still be
passed the single-reverse result in
<
code>REMOTE_HOST</
code>.</
p>
<
p>The default for this directive was previously
<
code>on</
code> in versions of Apache prior to 1.3. It was
changed to <
code>off</
code> in order to save the network
traffic for those sites that don't truly need the reverse
lookups done. It is also better for the end users because they
don't have to suffer the extra latency that a lookup entails.
Heavily loaded sites should leave this directive
<
code>off</
code>, since DNS lookups can take considerable
amounts of time. The utility <
a href= <
em>/support</
em> directory, can be used to look up host names
from logged IP addresses offline.</
p>
<
h2><
a name="identitycheck">IdentityCheck directive</
a></
h2>
<!--%plaintext <?INDEX {\tt IdentityCheck} directive> --> "Help"><
strong>Syntax:</
strong></
a> IdentityCheck on|off<
br>
"Help"><
strong>Default:</
strong></
a> <
code>IdentityCheck
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core
<
p>This directive enables RFC1413-compliant logging of the
remote user name for each connection, where the client machine
runs identd or something similar. This information is logged in
the access log. <
em>Boolean</
em> is either <
code>on</
code> or
<
p>The information should not be trusted in any way except for
rudimentary usage tracking.</
p>
<
p>Note that this can cause serious latency problems accessing
your server since every request requires one of these lookups
to be performed. When firewalls are involved each lookup might
possibly fail and add 30 seconds of latency to each hit. So in
general this is not very useful on public servers accessible
<
h2><
a name="ifdefine"><IfDefine> directive</
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> <IfDefine
[!]<
em>parameter-name</
em>> <
em>...</
em>
"Help"><
strong>Default:</
strong></
a> None<
br>
"Help"><
strong>Context:</
strong></
a> all<
br>
"Help"><
strong>Status:</
strong></
a> Core<
br>
"Help"><
strong>Compatibility:</
strong></
a> <IfDefine> is
only available in 1.3.1 and later.
<
p>The <IfDefine <
em>test</
em>>...</IfDefine>
section is used to mark directives that are conditional. The
directives within an IfDefine section are only processed if the
<
em>test</
em> is true. If <
em>test</
em> is false, everything
between the start and end markers is ignored.</
p>
<
p>The <
em>test</
em> in the <IfDefine> section directive
can be one of two forms:</
p>
<
li><
em>parameter-name</
em></
li>
<
li><
code>!</
code><
em>parameter-name</
em></
li>
<
p>In the former case, the directives between the start and end
markers are only processed if the parameter named
<
em>parameter-name</
em> is defined. The second format reverses
the test, and only processes the directives if
<
em>parameter-name</
em> is <
strong>not</
strong> defined.</
p>
<
p>The <
em>parameter-name</
em> argument is a define as given on
the <
code>httpd</
code> command line via
<
code>-D</
code><
em>parameter-</
em>, at the time the server was
<
p><IfDefine> sections are nest-able, which can be used
to implement simple multiple-parameter tests. Example:</
p>
$ httpd -DReverseProxy ...
<IfDefine ReverseProxy>
<
h2><
a name="ifmodule"><IfModule> directive</
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> <IfModule
[!]<
em>module-name</
em>> <
em>...</
em> </IfModule><
br>
"Help"><
strong>Default:</
strong></
a> None<
br>
"Help"><
strong>Context:</
strong></
a> all<
br>
"Help"><
strong>Status:</
strong></
a> Core<
br>
"Help"><
strong>Compatibility:</
strong></
a> IfModule is only
available in 1.2 and later.
<
p>The <IfModule <
em>test</
em>>...</IfModule>
section is used to mark directives that are conditional. The
directives within an IfModule section are only processed if the
<
em>test</
em> is true. If <
em>test</
em> is false, everything
between the start and end markers is ignored.</
p>
<
p>The <
em>test</
em> in the <IfModule> section directive
can be one of two forms:</
p>
<
li><
em>module name</
em></
li>
<
li>!<
em>module name</
em></
li>
<
p>In the former case, the directives between the start and end
markers are only processed if the module named <
em>module
name</
em> is compiled in to Apache. The second format reverses
the test, and only processes the directives if <
em>module
name</
em> is <
strong>not</
strong> compiled in.</
p>
<
p>The <
em>module name</
em> argument is a module name as given
as the file name of the module, at the time it was compiled.
<
p><IfModule> sections are nest-able, which can be used
to implement simple multiple-module tests.</
p>
<
h2><
a name="include">Include directive</
a></
h2>
<
strong>Syntax:</
strong> Include
<
em>file-path</
em>|<
em>directory-path</
em><
br>
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> Core<
br>
"Help"><
strong>Compatibility:</
strong></
a> Include is only
available in Apache 1.3 and later.
<
p>This directive allows inclusion of other configuration files
from within the server configuration files.</
p>
<
p>If <
code>Include</
code> points to a directory, rather than a
file, Apache will read all files in that directory, and any
subdirectory, and parse those as configuration files.</
p>
<
h2><
a name="keepalive">KeepAlive directive</
a></
h2>
<
strong>Syntax:</
strong> KeepAlive
on/
off<
br>
<
strong>Default:</
strong> <
code>KeepAlive On</
code><
br>
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> Core<
br>
"Help"><
strong>Compatibility:</
strong></
a> KeepAlive is only
available in Apache 1.1 and later.
<
p>The Keep-Alive extension to
HTTP/
1.0 and the persistent
connection feature of
HTTP/
1.1 provide long-lived HTTP sessions
which allow multiple requests to be sent over the same TCP
connection. In some cases this has been shown to result in an
almost 50% speedup in latency times for HTML documents with
many images. To enable Keep-Alive connections in Apache 1.2 and
later, set <
code>KeepAlive On</
code>.</
p>
<
p>For
HTTP/
1.0 clients, Keep-Alive connections will only be
used if they are specifically requested by a client. In
addition, a Keep-Alive connection with an
HTTP/
1.0 client can
only be used when the length of the content is known in
advance. This implies that dynamic content such as CGI output,
SSI pages, and server-generated directory listings will
generally not use Keep-Alive connections to
HTTP/
1.0 clients.
For
HTTP/
1.1 clients, persistent connections are the default
unless otherwise specified. If the client requests it, chunked
encoding will be used in order to send content of unknown
length over persistent connections.</
p>
"#maxkeepaliverequests">MaxKeepAliveRequests</
a>.</
p>
<
h2><
a name="keepalivetimeout">KeepAliveTimeout
"Help"><
strong>Syntax:</
strong></
a> KeepAliveTimeout
"Help"><
strong>Default:</
strong></
a> <
code>KeepAliveTimeout
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> Core<
br>
"Help"><
strong>Compatibility:</
strong></
a> KeepAliveTimeout is
only available in Apache 1.1 and later.
<
p>The number of seconds Apache will wait for a subsequent
request before closing the connection. Once a request has been
received, the timeout value specified by the <
a href= "#timeout"><
code>Timeout</
code></
a> directive applies.</
p>
<
p>Setting <
code>KeepAliveTimeout</
code> to a high value may
cause performance problems in heavily loaded servers. The
higher the timeout, the more server processes will be kept
occupied waiting on connections with idle clients.</
p>
<
h2><
a name="limit"><Limit> directive</
a></
h2>
<!--%plaintext <?INDEX {\tt Limit} section directive> --> "Help"><
strong>Syntax:</
strong></
a> <Limit <
em>method</
em>
[<
em>method</
em>] ... > ... </Limit><
br>
"Help"><
strong>Context:</
strong></
a> any<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>Access controls are normally effective for
<
strong>all</
strong> access methods, and this is the usual
desired behavior. <
strong>In the general case, access control
directives should not be placed within a
<
code><limit></
code> section.</
strong></
p>
<
p>The purpose of the <Limit> directive is to restrict
the effect of the access controls to the nominated HTTP
methods. For all other methods, the access restrictions that
are enclosed in the <Limit> bracket <
strong>will have no
effect</
strong>. The following example applies the access
control only to the methods POST, PUT, and DELETE, leaving all
other methods unprotected:</
p>
<
code><Limit POST PUT DELETE><
br>
The method names listed can be one or more of: GET, POST, PUT,
DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH,
MKCOL, COPY, MOVE, LOCK, and UNLOCK. <
strong>The method name is
case-sensitive.</
strong> If GET is used it will also restrict
<
h2><
a name="limitexcept"><LimitExcept>
<!--%plaintext <?INDEX {\tt LimitExcept} section directive> --> "Help"><
strong>Syntax:</
strong></
a> <LimitExcept
<
em>method</
em> [<
em>method</
em>] ... > ...
"Help"><
strong>Context:</
strong></
a> any<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> Available in Apache
<
p><LimitExcept> and </LimitExcept> are used to
enclose a group of access control directives which will then
apply to any HTTP access method <
strong>not</
strong> listed in
the arguments;
i.e., it is the opposite of a <
a href= "#limit"><Limit></
a> section and can be used to control
documentation for <
a href="#limit"><Limit></
a> for more
<
h2><
a name="limitrequestbody">LimitRequestBody
<!--%plaintext <?INDEX {\tt LimitRequestBody} directive> --> "Help"><
strong>Syntax:</
strong></
a> LimitRequestBody
"Help"><
strong>Default:</
strong></
a> <
code>LimitRequestBody
"Help"><
strong>Context:</
strong></
a> server config, virtual
host, directory, .htaccess<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> LimitRequestBody is
only available in Apache 1.3.2 and later.
<
p>This directive specifies the number of <
em>bytes</
em> from 0
(meaning unlimited) to 2147483647 (2GB) that are allowed in a
request body. The default value is defined by the compile-time
constant <
code>DEFAULT_LIMIT_REQUEST_BODY</
code> (0 as
<
p>The LimitRequestBody directive allows the user to set a
limit on the allowed size of an HTTP request message body
within the context in which the directive is given (server,
per-directory, per-file or per-location). If the client request
exceeds that limit, the server will return an error response
instead of servicing the request. The size of a normal request
message body will vary greatly depending on the nature of the
resource and the methods allowed on that resource. CGI scripts
typically use the message body for passing form information to
the server. Implementations of the PUT method will require a
value at least as large as any representation that the server
wishes to accept for that resource.</
p>
<
p>This directive gives the server administrator greater
control over abnormal client request behavior, which may be
useful for avoiding some forms of denial-of-service
<
h2><
a name="limitrequestfields">LimitRequestFields
<!--%plaintext <?INDEX {\tt LimitRequestFields} directive> --> "Help"><
strong>Syntax:</
strong></
a> LimitRequestFields
"Help"><
strong>Default:</
strong></
a> <
code>LimitRequestFields
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> LimitRequestFields
is only available in Apache 1.3.2 and later.
<
p><
em>Number</
em> is an integer from 0 (meaning unlimited) to
32767. The default value is defined by the compile-time
constant <
code>DEFAULT_LIMIT_REQUEST_FIELDS</
code> (100 as
<
p>The LimitRequestFields directive allows the server
administrator to modify the limit on the number of request
header fields allowed in an HTTP request. A server needs this
value to be larger than the number of fields that a normal
client request might include. The number of request header
fields used by a client rarely exceeds 20, but this may vary
among different client implementations, often depending upon
the extent to which a user has configured their browser to
support detailed content negotiation. Optional HTTP extensions
are often expressed using request header fields.</
p>
<
p>This directive gives the server administrator greater
control over abnormal client request behavior, which may be
useful for avoiding some forms of denial-of-service attacks.
The value should be increased if normal clients see an error
response from the server that indicates too many fields were
<
h2><
a name="limitrequestfieldsize">LimitRequestFieldsize
<!--%plaintext <?INDEX {\tt LimitRequestFieldsize} directive> --> "Help"><
strong>Syntax:</
strong></
a> LimitRequestFieldsize
"Help"><
strong>Default:</
strong></
a>
<
code>LimitRequestFieldsize 8190</
code><
br>
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a>
LimitRequestFieldsize is only available in Apache 1.3.2 and
<
p>This directive specifies the number of <
em>bytes</
em> from 0
to the value of the compile-time constant
<
code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</
code> (8190 as
distributed) that will be allowed in an HTTP request
<
p>The LimitRequestFieldsize directive allows the server
administrator to reduce the limit on the allowed size of an
HTTP request header field below the normal input buffer size
compiled with the server. A server needs this value to be large
enough to hold any one header field from a normal client
request. The size of a normal request header field will vary
greatly among different client implementations, often depending
upon the extent to which a user has configured their browser to
support detailed content negotiation.</
p>
<
p>This directive gives the server administrator greater
control over abnormal client request behavior, which may be
useful for avoiding some forms of denial-of-service attacks.
Under normal conditions, the value should not be changed from
<
h2><
a name="limitrequestline">LimitRequestLine
<!--%plaintext <?INDEX {\tt LimitRequestLine} directive> --> "Help"><
strong>Syntax:</
strong></
a> LimitRequestLine
"Help"><
strong>Default:</
strong></
a> <
code>LimitRequestLine
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> LimitRequestLine is
only available in Apache 1.3.2 and later.
<
p>This directive sets the number of <
em>bytes</
em> from 0 to
the value of the compile-time constant
<
code>DEFAULT_LIMIT_REQUEST_LINE</
code> (8190 as distributed)
that will be allowed on the HTTP request-line.</
p>
<
p>The LimitRequestLine directive allows the server
administrator to reduce the limit on the allowed size of a
client's HTTP request-line below the normal input buffer size
compiled with the server. Since the request-line consists of
the HTTP method, URI, and protocol version, the
LimitRequestLine directive places a restriction on the length
of a request-URI allowed for a request on the server. A server
needs this value to be large enough to hold any of its resource
names, including any information that might be passed in the
query part of a GET request.</
p>
<
p>This directive gives the server administrator greater
control over abnormal client request behavior, which may be
useful for avoiding some forms of denial-of-service attacks.
Under normal conditions, the value should not be changed from
<
h2><
a name="limitxmlrequestbody">LimitXMLRequestBody
"Help"><
strong>Syntax:</
strong></
a> LimitXMLRequestBody
"Help"><
strong>Default:</
strong></
a> <
code>LimitXMLRequestBody
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
<
p>Limit (in bytes) on maximum size of an XML-based request
<
h2><
a name="location"><Location> directive</
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> <Location
<
em>URL-path</
em>|<
em>URL</
em>> ... </Location><
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> Location is only
available in Apache 1.1 and later.
<
p>The <Location> directive provides for access control
by URL. It is similar to the <
a href= "#directory"><Directory></
a> directive, and starts a
subsection which is terminated with a </Location>
directive. <
code><Location></
code> sections are processed
in the order they appear in the configuration file, after the
<Directory> sections and <
code>.htaccess</
code> files are
read, and after the <Files> sections.</
p>
<
p>Note that URLs do not have to line up with the filesystem at
all, it should be emphasized that <Location> operates
completely outside the filesystem.</
p>
<
p>For all origin (non-proxy) requests, the URL to be matched
is of the form <
code>/path/</
code>, and you should not include
the URL to be matched is of the form
<
p>The URL may use wildcards In a wild-card string, `?' matches
any single character, and `*' matches any sequences of
<
p><
strong>Apache 1.2 and above:</
strong> Extended regular
expressions can also be used, with the addition of the
<
code>~</
code> character. For example:</
p>
<Location ~ "/(extra|special)/data">
<
p>would match URLs that contained the substring "/
extra/
data"
or "/
special/
data". In Apache 1.3 and above, a new directive <
a href="#locationmatch"><LocationMatch></
a> exists which
behaves identical to the regex version of
<
code><Location></
code>.</
p>
<
p>The <
code>Location</
code> functionality is especially useful
when combined with the <
code><
a href= example, to enable status requests, but allow them only from
browsers at
foo.com, you might use:</
p>
<
p><
strong>Apache 1.3 and above note about / (slash)</
strong>:
The slash character has special meaning depending on where in a
URL it appears. People may be used to its behavior in the
filesystem where multiple adjacent slashes are frequently
collapsed to a single slash (<
em>
i.e.</
em>,
<
code>/home///foo</
code> is the same as
<
code>/
home/
foo</
code>). In URL-space this is not necessarily
true. The <
code><LocationMatch></
code> directive and the
regex version of <
code><Location></
code> require you to
explicitly specify multiple slashes if that is your intention.
For example, <
code><LocationMatch ^/abc></
code> would
match the request URL <
code>/abc</
code> but not the request URL
<
code>//abc</
code>. The (non-regex)
<
code><Location></
code> directive behaves similarly when
used for proxy requests. But when (non-regex)
<
code><Location></
code> is used for non-proxy requests it
will implicitly match multiple slashes with a single slash. For
example, if you specify <
code><Location /
abc/
def></
code>
and the request is to <
code>/abc//def</
code> then it will
Directory, Location and Files sections work</
a> for an
explanation of how these different sections are combined when a
<
h2><
a name="locationmatch"><LocationMatch></
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> <LocationMatch
<
em>regex</
em>> ... </LocationMatch><
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> LocationMatch is
only available in Apache 1.3 and later.
<
p>The <LocationMatch> directive provides for access
control by URL, in an identical manner to <
a href= "#location"><Location></
a>. However, it takes a regular
expression as an argument instead of a simple string. For
<LocationMatch "/(extra|special)/data">
<
p>would match URLs that contained the substring "/
extra/
data"
Directory, Location and Files sections work</
a> for an
explanation of how these different sections are combined when a
<
h2><
a name="loglevel">LogLevel directive</
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> LogLevel <
em>level</
em><
br>
"Help"><
strong>Default:</
strong></
a> <
code>LogLevel
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> LogLevel is only
available in 1.3 or later.
<
p>LogLevel adjusts the verbosity of the messages recorded in
the error logs (see <
a href="#errorlog">ErrorLog</
a>
directive). The following <
em>level</
em>s are available, in
order of decreasing significance:</
p>
<
th align="LEFT"><
strong>Level</
strong> </
th>
<
th align="LEFT"><
strong>Description</
strong> </
th>
<
th align="LEFT"><
strong>Example</
strong> </
th>
<
td><
code>emerg</
code> </
td>
<
td>Emergencies - system is unusable.</
td>
<
td>"Child cannot open lock file. Exiting"</
td>
<
td><
code>alert</
code> </
td>
<
td>Action must be taken immediately.</
td>
<
td>"getpwuid: couldn't determine user name from uid"</
td>
<
td><
code>crit</
code> </
td>
<
td>Critical Conditions.</
td>
<
td>"socket: Failed to get a socket, exiting child"</
td>
<
td><
code>error</
code> </
td>
<
td>Error conditions.</
td>
<
td>"Premature end of script headers"</
td>
<
td><
code>warn</
code> </
td>
<
td>Warning conditions.</
td>
<
td>"child process 1234 did not exit, sending another
<
td><
code>notice</
code> </
td>
<
td>Normal but significant condition.</
td>
<
td>"httpd: caught SIGBUS, attempting to dump core in
<
td><
code>info</
code> </
td>
<
td>"Server seems busy, (you may need to increase
<
td><
code>debug</
code> </
td>
<
td>Debug-level messages</
td>
<
td>"Opening config file ..."</
td>
<
p>When a particular level is specified, messages from all
other levels of higher significance will be reported as well.
<
em>
E.g.</
em>, when <
code>LogLevel info</
code> is specified,
then messages with log levels of <
code>notice</
code> and
<
code>warn</
code> will also be posted.</
p>
<
p>Using a level of at least <
code>crit</
code> is
<
h2><
a name="maxkeepaliverequests">MaxKeepAliveRequests
"Help"><
strong>Syntax:</
strong></
a> MaxKeepAliveRequests
"Help"><
strong>Default:</
strong></
a> <
code>MaxKeepAliveRequests
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> Only available in
<
p>The MaxKeepAliveRequests directive limits the number of
requests allowed per connection when <
a href= "#keepalive">KeepAlive</
a> is on. If it is set to
"<
code>0</
code>", unlimited requests will be allowed. We
recommend that this setting be kept to a high value for maximum
<
h2><
a name="namevirtualhost">NameVirtualHost
<!--%plaintext <?INDEX {\tt NameVirtualHost} directive> --> "Help"><
strong>Syntax:</
strong></
a> NameVirtualHost
<
em>addr</
em>[:<
em>port</
em>]<
br>
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> NameVirtualHost is
only available in Apache 1.3 and later
<
p>The NameVirtualHost directive is a required directive if you
want to configure <
a href="/vhosts/">name-based virtual
<
p>Although <
em>addr</
em> can be hostname it is recommended
that you always use an IP address, <
em>
e.g.</
em></
p>
<
code>NameVirtualHost 111.22.33.44</
code>
With the NameVirtualHost directive you specify the IP address
on which the server will receive requests for the name-based
virtual hosts. This will usually be the address to which your
name-based virtual host names resolve. In cases where a
firewall or other proxy receives the requests and forwards them
on a different IP address to the server, you must specify the
IP address of the physical interface on the machine which will
be servicing the requests. If you have multiple name-based
hosts on multiple addresses, repeat the directive for each
<
p>Note: the "main server" and any _default_ servers will
<
strong>never</
strong> be served for a request to a
NameVirtualHost IP Address (unless for some reason you specify
NameVirtualHost but then don't define any VirtualHosts for that
<
p>Optionally you can specify a port number on which the
name-based virtual hosts should be used, <
em>
e.g.</
em></
p>
<
code>NameVirtualHost 111.22.33.44:8080</
code>
<
strong>See also:</
strong> <
a href="/vhosts/">Apache Virtual
<
h2><
a name="options">Options directive</
a></
h2>
<!--%plaintext <?INDEX {\tt Options} directive> --> "Help"><
strong>Syntax:</
strong></
a> Options
[+|-]<
em>option</
em> [[+|-]<
em>option</
em>] ...<
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
host, directory, .htaccess<
br>
"Help"><
strong>Override:</
strong></
a> Options<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>The Options directive controls which server features are
available in a particular directory.</
p>
<
p><
em>option</
em> can be set to <
code>None</
code>, in which
case none of the extra features are enabled, or one or more of
<
dd>All options except for MultiViews. This is the default
<
dd>
<!--%plaintext <?INDEX {\tt ExecCGI} option> --> Execution of CGI scripts is permitted.</
dd>
<!--%plaintext <?INDEX {\tt FollowSymLinks} option> --> The server will follow symbolic links in this directory.<
br>
<
strong>Note</
strong>: even though the server follows the
symlink it does <
em>not</
em> change the pathname used to
match against <
code><Directory></
code> sections.<
br>
<
strong>Note</
strong>: this option gets ignored if set
inside a <Location> section.</
dd>
<
dd>
<!--%plaintext <?INDEX {\tt Includes} option> --> Server-side includes are permitted.</
dd>
<!--%plaintext <?INDEX {\tt IncludesNOEXEC} option> --> Server-side includes are permitted, but the #exec command and
#exec CGI are disabled. It is still possible to #include
virtual CGI scripts from ScriptAliase'd directories.</
dd>
<
dd>
<!--%plaintext <?INDEX {\tt Indexes} option> --> If a URL which maps to a directory is requested, and the
that directory, then the server will return a formatted
listing of the directory.</
dd>
<
dd>
<!--%plaintext <?INDEX {\tt MultiViews} option> --> MultiViews are allowed.</
dd>
<
dt>SymLinksIfOwnerMatch</
dt>
<!--%plaintext <?INDEX {\tt SymLinksIfOwnerMatch} option> --> The server will only follow symbolic links for which the
target file or directory is owned by the same user id as the
<
strong>Note</
strong>: this option gets ignored if set
inside a <Location> section.</
dd>
Normally, if multiple <
code>Options</
code> could apply to a
directory, then the most specific one is taken complete; the
options are not merged. However if <
em>all</
em> the options on
the <
code>Options</
code> directive are preceded by a + or -
symbol, the options are merged. Any options preceded by a + are
added to the options currently in force, and any options
preceded by a - are removed from the options currently in
<
p>For example, without any + and - symbols:</
p>
<
code><Directory /
web/
docs><
br>
Options Indexes FollowSymLinks<
br>
</Directory></
code>
then only <
code>Includes</
code> will be set for the
<
code>Options</
code> directive uses the + and - symbols:
<
code><Directory /
web/
docs><
br>
Options Indexes FollowSymLinks<
br>
Options +Includes -Indexes<
br>
</Directory></
code>
then the options <
code>FollowSymLinks</
code> and
<
code>Includes</
code> are set for the /
web/
docs/
spec directory.
<
p><
strong>Note:</
strong> Using <
code>-IncludesNOEXEC</
code> or
<
code>-Includes</
code> disables server-side includes completely
regardless of the previous setting.</
p>
<
p>The default in the absence of any other settings is
<
h2><
a name="port">Port directive</
a></
h2>
<!--%plaintext <?INDEX {\tt Port} directive> --> "Help"><
strong>Syntax:</
strong></
a> Port <
em>number</
em><
br>
"Help"><
strong>Default:</
strong></
a> <
code>Port 80</
code><
br>
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p><
em>Number</
em> is a number from 0 to 65535; some port
numbers (especially below 1024) are reserved for particular
protocols. See <
code>/
etc/
services</
code> for a list of some
defined ports; the standard port for the http protocol is
<
p>The Port directive has two behaviors, the first of which is
necessary for NCSA backwards compatibility (and which is
confusing in the context of Apache).</
p>
<
li>In the absence of any <
a href= port number, a Port directive given in the "main server"
(<
em>
i.e.</
em>, outside any <
a href= "#virtualhost"><VirtualHost></
a> section) sets the
network port on which the server listens. If there are any
Listen directives specifying <
code>:number</
code> then Port
has no effect on what address the server listens at.</
li>
<
li>The Port directive sets the <
code>SERVER_PORT</
code>
environment variable (for <
a href="mod_cgi.html">CGI</
a> and
server must generate a URL that refers to itself (for example
when creating an external redirect to itself). This behaviour
"#usecanonicalname">UseCanonicalName</
a>.</
li>
The primary behavior of Port should be considered to be
similar to that of the <
a href="#servername">ServerName</
a>
directive. The ServerName and Port together specify what you
consider to be the <
em>canonical</
em> address of the server.
(See also <
a href="#usecanonicalname">UseCanonicalName</
a>.)
<
p>Port 80 is one of Unix's special ports. All ports numbered
below 1024 are reserved for system use, <
em>
i.e.</
em>, regular
(non-root) users cannot make use of them; instead they can only
use higher port numbers. To use port 80, you must start the
server from the root account. After binding to the port and
before accepting requests, Apache will change to a low
privileged user as set by the <
a href= <
p>If you cannot use port 80, choose any other unused port.
Non-root users will have to choose a port number higher than
<
p>SECURITY: if you do start the server as root, be sure not to
the server as root whilst handling connections, your site may
be open to a major security attack.</
p>
<
h2><
a name="require">Require directive</
a></
h2>
<!--%plaintext <?INDEX {\tt Require} directive> --> "Help"><
strong>Syntax:</
strong></
a> Require
<
em>entity-name</
em> [<
em>entity-name</
em>] ...<
br>
"Help"><
strong>Context:</
strong></
a> directory, .htaccess<
br>
"Help"><
strong>Override:</
strong></
a> AuthConfig<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>This directive selects which authenticated users can access
a directory. The allowed syntaxes are:</
p>
Require user <
em>userid</
em> [<
em>userid</
em>] ...
<
p>Only the named users can access the directory.</
p>
Require group <
em>group-name</
em> [<
em>group-name</
em>] ...
<
p>Only users in the named groups can access the
<
p>All valid users can access the directory.</
p>
<
p>Require must be accompanied by <
a href= "#authname">AuthName</
a> and <
a href="#authtype">AuthType</
a>
directives, and directives such as <
a href= users and groups) in order to work correctly. Example:</
p>
AuthName "Restricted Directory"<
br>
Access controls which are applied in this way are effective for
<
strong>all</
strong> methods. <
strong>This is what is normally
desired.</
strong> If you wish to apply access controls only to
specific methods, while leaving other methods unprotected, then
place the <
code>Require</
code> statement into a <
a href= "#limit"><Limit></
a> section
<
p>See also <
a href="#satisfy">Satisfy</
a> and <
a href= <
h2><
a name="rlimit">RLimitCPU</
a> <
a name= "rlimitcpu">directive</
a></
h2>
<!--%plaintext <?INDEX {\tt RLimitCPU} directive> --> "Help"><
strong>Syntax:</
strong></
a> RLimitCPU
<
em>number</
em>|max [<
em>number</
em>|max] <
br>
"Help"><
strong>Default:</
strong></
a> <
em>Unset; uses operating
system defaults</
em> <
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> RLimitCPU is only
available in Apache 1.2 and later. Moved in version 2.0 to the
<
p>Takes 1 or 2 parameters. The first parameter sets the soft
resource limit for all processes and the second parameter sets
the maximum resource limit. Either parameter can be a number,
or <
em>max</
em> to indicate to the server that the limit should
be set to the maximum allowed by the operating system
configuration. Raising the maximum resource limit requires that
the server is running as root, or in the initial startup
<
p>This applies to processes forked off from Apache children
servicing requests, not the Apache children themselves. This
includes CGI scripts and SSI exec commands, but not any
processes forked off from the Apache parent such as piped
<
p>CPU resource limits are expressed in seconds per
<
p>See also <
a href="#rlimitmem">RLimitMEM</
a> or <
a href= "#rlimitnproc">RLimitNPROC</
a>.</
p>
<
h2><
a name="rlimitmem">RLimitMEM directive</
a></
h2>
<!--%plaintext <?INDEX {\tt RLimitMEM} directive> --> "Help"><
strong>Syntax:</
strong></
a> RLimitMEM
<
em>number</
em>|max [<
em>number</
em>|max]<
br>
"Help"><
strong>Default:</
strong></
a> <
em>Unset; uses operating
system defaults</
em> <
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> RLimitMEM is only
available in Apache 1.2 and later. Moved in version 2.0 to the
<
p>Takes 1 or 2 parameters. The first parameter sets the soft
resource limit for all processes and the second parameter sets
the maximum resource limit. Either parameter can be a number,
or <
em>max</
em> to indicate to the server that the limit should
be set to the maximum allowed by the operating system
configuration. Raising the maximum resource limit requires that
the server is running as root, or in the initial startup
<
p>This applies to processes forked off from Apache children
servicing requests, not the Apache children themselves. This
includes CGI scripts and SSI exec commands, but not any
processes forked off from the Apache parent such as piped
<
p>Memory resource limits are expressed in bytes per
<
p>See also <
a href="#rlimitcpu">RLimitCPU</
a> or <
a href= "#rlimitnproc">RLimitNPROC</
a>.</
p>
<
h2><
a name="rlimitnproc">RLimitNPROC directive</
a></
h2>
<!--%plaintext <?INDEX {\tt RLimitNPROC} directive> --> "Help"><
strong>Syntax:</
strong></
a> RLimitNPROC
<
em>number</
em>|max [<
em>number</
em>|max]<
br>
"Help"><
strong>Default:</
strong></
a> <
em>Unset; uses operating
system defaults</
em> <
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> RLimitNPROC is only
available in Apache 1.2 and later. Moved in version 2.0 to the
<
p>Takes 1 or 2 parameters. The first parameter sets the soft
resource limit for all processes and the second parameter sets
the maximum resource limit. Either parameter can be a number,
or <
code>max</
code> to indicate to the server that the limit
should be set to the maximum allowed by the operating system
configuration. Raising the maximum resource limit requires that
the server is running as root, or in the initial startup
<
p>This applies to processes forked off from Apache children
servicing requests, not the Apache children themselves. This
includes CGI scripts and SSI exec commands, but not any
processes forked off from the Apache parent such as piped
<
p>Process limits control the number of processes per user.</
p>
<
p>Note: If CGI processes are <
strong>not</
strong> running
under userids other than the web server userid, this directive
will limit the number of processes that the server itself can
create. Evidence of this situation will be indicated by
<
strong><
em>cannot fork</
em></
strong> messages in the
<
p>See also <
a href="#rlimitmem">RLimitMEM</
a> or <
a href= "#rlimitcpu">RLimitCPU</
a>.</
p>
<
h2><
a name="satisfy">Satisfy directive</
a></
h2>
<!--%plaintext <?INDEX {\tt Satisfy} directive> --> "Help"><
strong>Syntax:</
strong></
a> Satisfy any|all<
br>
"Help"><
strong>Default:</
strong></
a> Satisfy all<
br>
"Help"><
strong>Context:</
strong></
a> directory, .htaccess<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> Satisfy is only
available in Apache 1.2 and later
<
p>Access policy if both <
code>Allow</
code> and
<
code>Require</
code> used. The parameter can be either
<
em>'all'</
em> or <
em>'any'</
em>. This directive is only useful
if access to a particular area is being restricted by both
case the default behavior ("all") is to require that the client
passes the address access restriction <
em>and</
em> enters a
valid username and password. With the "any" option the client
will be granted access if they either pass the host restriction
or enter a valid username and password. This can be used to
password restrict an area, but to let clients from particular
addresses in without prompting for a password.</
p>
<
p>See also <
a href="#require">Require</
a> and <
a href= <
h2><
a name="scriptinterpretersource">ScriptInterpreterSource
<!--%plaintext <?INDEX {\tt ScriptInterpreterSource} directive> --> "Help"><
strong>Syntax:</
strong></
a> ScriptInterpreterSource
"Help"><
strong>Default:</
strong></
a>
<
code>ScriptInterpreterSource script</
code> <
br>
"Help"><
strong>Context:</
strong></
a> directory, .htaccess<
br>
"Help"><
strong>Status:</
strong></
a> core (Windows only)
<
p>This directive is used to control how Apache 1.3.5 and later
finds the interpreter used to run CGI scripts. The default
technique is to use the interpreter pointed to by the #! line
in the script. Setting ScriptInterpreterSource registry will
cause the Windows Registry to be searched using the script file
extension (
e.g., .pl) as a search key.</
p>
<
h2><
a name="serveradmin">ServerAdmin directive</
a></
h2>
<!--%plaintext <?INDEX {\tt ServerAdmin} directive> --> "Help"><
strong>Syntax:</
strong></
a> ServerAdmin
<
em>email-address</
em><
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core
<
p>The ServerAdmin sets the e-mail address that the server
includes in any error messages it returns to the client.</
p>
<
p>It may be worth setting up a dedicated address for this,
<
code>ServerAdmin www-admin@foo.bar.com</
code>
as users do not always mention that they are talking about the
<
h2><
a name="serveralias">ServerAlias directive</
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> ServerAlias
<
em>hostname</
em> [<
em>hostname</
em>] ...<
br>
"Help"><
strong>Context:</
strong></
a> virtual host<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> ServerAlias is only
available in Apache 1.1 and later.
<
p>The ServerAlias directive sets the alternate names for a
host, for use with <
a href= <
p><
strong>See also:</
strong> <
a href="/vhosts/">Apache
Virtual Host documentation</
a></
p>
<
h2><
a name="servername">ServerName directive</
a></
h2>
<!--%plaintext <?INDEX {\tt ServerName} directive> --> "Help"><
strong>Syntax:</
strong></
a> ServerName
<
em>fully-qualified-domain-name</
em> <
br>
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Status:</
strong></
a> core
<
p>The ServerName directive sets the hostname of the server;
this is used when creating redirection URLs. If it is not
specified, then the server attempts to deduce it from its own
IP address; however this may not work reliably, or may not
return the preferred hostname. For example:</
p>
would be used if the canonical (main) name of the actual
<
p>If you are using <
a href= <
code>ServerName</
code> inside a <
a href= "#virtualhost"><
code><VirtualHost></
code></
a> section
specifies what hostname must appear in the request's
<
code>Host:</
code> header to match this virtual host.</
p>
<
p><
strong>See Also</
strong>:<
br>
<
a href="/vhosts/">Apache virtual host documentation</
a><
br>
<
a href="#usecanonicalname">UseCanonicalName</
a><
br>
<
a href="#namevirtualhost">NameVirtualHost</
a><
br>
<
a href="#serveralias">ServerAlias</
a><
br>
<
h2><
a name="serverpath">ServerPath directive</
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> ServerPath
<
em>directory-path</
em><
br>
"Help"><
strong>Context:</
strong></
a> virtual host<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> ServerPath is only
available in Apache 1.1 and later.
<
p>The ServerPath directive sets the legacy URL pathname for a
host, for use with <
a href="/vhosts/">name-based virtual
<
p><
strong>See also:</
strong> <
a href="/vhosts/">Apache
Virtual Host documentation</
a></
p>
<
h2><
a name="serverroot">ServerRoot directive</
a></
h2>
<!--%plaintext <?INDEX {\tt ServerRoot} directive> --> "Help"><
strong>Syntax:</
strong></
a> ServerRoot
<
em>directory-path</
em><
br>
"Help"><
strong>Default:</
strong></
a> <
code>ServerRoot
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>The ServerRoot directive sets the directory in which the
server lives. Typically it will contain the subdirectories
<
code>conf/</
code> and <
code>logs/</
code>. Relative paths for
other configuration files are taken as relative to this
security tips</
a> for information on how to properly set
permissions on the ServerRoot.</
p>
<
h2><
a name="serversignature">ServerSignature
<!--%plaintext <?INDEX {\tt ServerSignature} directive> --> "Help"><
strong>Syntax:</
strong></
a> ServerSignature
"Help"><
strong>Default:</
strong></
a> <
code>ServerSignature
"Help"><
strong>Context:</
strong></
a> server config, virtual
host, directory, .htaccess<
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> ServerSignature is
only available in Apache 1.3 and later.
<
p>The ServerSignature directive allows the configuration of a
trailing footer line under server-generated documents (error
messages, mod_proxy ftp directory listings, mod_info output,
...). The reason why you would want to enable such a footer
line is that in a chain of proxies, the user often has no
possibility to tell which of the chained servers actually
produced a returned error message.<
br>
The <
samp>Off</
samp> setting, which is the default, suppresses
the error line (and is therefore compatible with the behavior
of Apache-1.2 and below). The <
samp>On</
samp> setting simply
adds a line with the server version number and <
a href= "#servername">ServerName</
a> of the serving virtual host, and
the <
samp>EMail</
samp> setting additionally creates a "mailto:"
reference to the <
a href="#serveradmin">ServerAdmin</
a> of the
<
h2><
a name="servertokens">ServerTokens directive</
a></
h2>
<!--%plaintext <?INDEX {\tt ServerTokens} directive> --> "Help"><
strong>Syntax:</
strong></
a> ServerTokens
Minimal|ProductOnly|OS|Full<
br>
"Help"><
strong>Default:</
strong></
a> <
code>ServerTokens
"Help"><
strong>Context:</
strong></
a> server config <
br>
"Help"><
strong>Status:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> ServerTokens is only
available in Apache 1.3 and later; the <
code>ProductOnly</
code>
keyword is only available in versions later than 1.3.12
<
p>This directive controls whether <
samp>Server</
samp> response
header field which is sent back to clients includes a
description of the generic OS-type of the server as well as
information about compiled-in modules.</
p>
<
dt><
code>ServerTokens Prod[uctOnly]</
code></
dt>
<
dd>Server sends (<
em>
e.g.</
em>): <
samp>Server:
<
dt><
code>ServerTokens Min[imal]</
code></
dt>
<
dd>Server sends (<
em>
e.g.</
em>): <
samp>Server:
<
dt><
code>ServerTokens OS</
code></
dt>
<
dt><
code>ServerTokens Full</
code> (or not specified)</
dt>
<
p>This setting applies to the entire server, and cannot be
enabled or disabled on a virtualhost-by-virtualhost basis.</
p>
<
h2><
a name="sethandler">SetHandler</
a> directive</
h2>
"Help"><
strong>Syntax:</
strong></
a> SetHandler
<
em>handler-name</
em><
br>
"Help"><
strong>Context:</
strong></
a> directory, files,
"Help"><
strong>Status:</
strong></
a> Base<
br>
"Help"><
strong>Module:</
strong></
a> core<
br>
"Help"><
strong>Compatibility:</
strong></
a> SetHandler was
introduced in mod_mime with Apache 1.1, and moved into the core
<
p>When placed into an <
code>.htaccess</
code> file or a
<
code><Directory></
code> or <
code><Location></
code>
section, this directive forces all matching files to be parsed
<
em>handler-name</
em>. For example, if you had a directory you
wanted to be parsed entirely as imagemap rule files, regardless
of extension, you might put the following into an
<
code>.htaccess</
code> file in that directory:</
p>
<
p>Another example: if you wanted to have the server display a
status report whenever a URL of
<
h2><
a name="setinputfilter">SetInputFilter directive</
a></
h2>
"Help"><
strong>Syntax:</
strong></
a> SetInputFilter
<
em>filter</
em>[<
em>;filter</
em>...]<
br>
"Help"><
strong>Default:</
strong></
a> none<
br>
"Help"><
strong>Context:</
strong></
a> directory, files,
"Help"><
strong>Status:</
strong></
a> core</
p>
<
p>The <
code>SetInputFilter</
code> directive sets the filter or
filters which will process client requests and POST input when
they are received by the server. This is in addition to any
filters defined elsewhere, including the <
a href= <
p>If more than one filter is specified, they must be seperated
by semicolons in the order in which they should process the
<
h2><
a name="setoutputfilter">SetOutputFilter
"Help"><
strong>Syntax:</
strong></
a> SetOutputFilter
<
em>filter</
em> [<
em>filter</
em>] ...<
br>
"Help"><
strong>Default:</
strong></
a> none<
br>
"Help"><
strong>Context:</
strong></
a> directory, files,
"Help"><
strong>Status:</
strong></
a> core</
p>
<
p>The <
code>SetOutputFilter</
code> directive sets the filters
which will process responses from the server before they are
sent to the client. This is in addition to any filters defined
elsewhere, including the <
a href= For example, the following configuration will process all files
in the <
code>/
www/
data/</
code> directory for server-side
<
code><Directory /
www/
data/><
br>
SetOutputFilter INCLUDES<
br>
</Directory></
code>
<
p>If more than one filter is specified, they must be seperated
by semicolons in the order in which they should process the
<
h2><
a name="timeout">TimeOut directive</
a></
h2>
<!--%plaintext <?INDEX {\tt TimeOut} directive> --> "Help"><
strong>Syntax:</
strong></
a> TimeOut <
em>number</
em><
br>
"Help"><
strong>Default:</
strong></
a> <
code>TimeOut
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> core
<
p>The TimeOut directive currently defines the amount of time
Apache will wait for three things:</
p>
<
li>The total amount of time it takes to receive a GET
<
li>The amount of time between receipt of TCP packets on a
POST or PUT request.</
li>
<
li>The amount of time between ACKs on transmissions of TCP
packets in responses.</
li>
We plan on making these separately configurable at some point
down the road. The timer used to default to 1200 before 1.2,
but has been lowered to 300 which is still far more than
necessary in most situations. It is not set any lower by
default because there may still be odd places in the code where
the timer is not reset when a packet is sent.
<
h2><
a name="usecanonicalname">UseCanonicalName
<!--%plaintext <?INDEX {\tt UseCanonicalName} directive> --> "Help"><
strong>Syntax:</
strong></
a> UseCanonicalName
"Help"><
strong>Default:</
strong></
a> <
code>UseCanonicalName
"Help"><
strong>Context:</
strong></
a> server config, virtual
"Help"><
strong>Override:</
strong></
a> Options<
br>
"Help"><
strong>Compatibility:</
strong></
a> UseCanonicalName is
only available in Apache 1.3 and later
<
p>In many situations Apache has to construct a
<
em>self-referential</
em> URL. That is, a URL which refers back
to the same server. With <
code>UseCanonicalName on</
code> (and
in all versions prior to 1.3) Apache will use the <
a href= "#servername">ServerName</
a> and <
a href="#port">Port</
a>
directives to construct a canonical name for the server. This
name is used in all self-referential URLs, and for the values
of <
code>SERVER_NAME</
code> and <
code>SERVER_PORT</
code> in
<
p>With <
code>UseCanonicalName off</
code> Apache will form
self-referential URLs using the hostname and port supplied by
the client if any are supplied (otherwise it will use the
canonical name). These values are the same that are used to
virtual hosts</
a>, and are available with the same clients. The
CGI variables <
code>SERVER_NAME</
code> and
<
code>SERVER_PORT</
code> will be constructed from the client
supplied values as well.</
p>
<
p>An example where this may be useful is on an intranet server
where you have users connecting to the machine using short
names such as <
code>www</
code>. You'll notice that if the users
type a shortname, and a URL which is a directory, such as
slash</
em> then Apache will redirect them to
authentication enabled, this will cause the user to have to
reauthenticate twice (once for <
code>www</
code> and once again
<
code>UseCanonicalName</
code> is set off, then Apache will
<
p>There is a third option, <
code>UseCanonicalName DNS</
code>,
which is intended for use with mass IP-based virtual hosting to
support ancient clients that do not provide a
<
code>Host:</
code> header. With this option Apache does a
reverse DNS lookup on the server IP address that the client
connected to in order to work out self-referential URLs.</
p>
<
p><
strong>Warning:</
strong> if CGIs make assumptions about the
values of <
code>SERVER_NAME</
code> they may be broken by this
option. The client is essentially free to give whatever value
they want as a hostname. But if the CGI is only using
<
code>SERVER_NAME</
code> to construct self-referential URLs
then it should be just fine.</
p>
<
p><
strong>See also:</
strong> <
a href= "#servername">ServerName</
a>, <
a href="#port">Port</
a></
p>
<
h2><
a name="virtualhost"><VirtualHost>
<!--%plaintext <?INDEX {\tt VirtualHost} section directive> --> "Help"><
strong>Syntax:</
strong></
a> <VirtualHost
<
em>addr</
em>[:<
em>port</
em>] [<
em>addr</
em>[:<
em>port</
em>]]
...> ... </VirtualHost> <
br>
"Help"><
strong>Context:</
strong></
a> server config<
br>
"Help"><
strong>Status:</
strong></
a> Core.<
br>
"Help"><
strong>Compatibility:</
strong></
a> Non-IP address-based
Virtual Hosting only available in Apache 1.1 and later.<
br>
"Help"><
strong>Compatibility:</
strong></
a> Multiple address
support only available in Apache 1.2 and later.
<
p><VirtualHost> and </VirtualHost> are used to
enclose a group of directives which will apply only to a
particular virtual host. Any directive which is allowed in a
virtual host context may be used. When the server receives a
request for a document on a particular virtual host, it uses
the configuration directives enclosed in the
<VirtualHost> section. <
em>Addr</
em> can be</
p>
<
li>The IP address of the virtual host</
li>
<
li>A fully qualified domain name for the IP address of the
<
code><VirtualHost 10.1.2.3><
br>
ServerAdmin webmaster@host.foo.com<
br>
</VirtualHost></
code>
Each VirtualHost must correspond to a different IP address,
different port number or a different host name for the server,
in the former case the server machine must be configured to
accept IP packets for multiple addresses. (If the machine does
not have multiple network interfaces, then this can be
accomplished with the <
code>ifconfig alias</
code> command (if
your OS supports it), or with kernel patches like <
a href= <
p>The special name <
code>_default_</
code> can be specified in
which case this virtual host will match any IP address that is
not explicitly listed in another virtual host. In the absence
of any _default_ virtual host the "main" server config,
consisting of all those definitions outside any VirtualHost
section, is used when no match occurs.</
p>
<
p>You can specify a <
code>:port</
code> to change the port that
is matched. If unspecified then it defaults to the same port as
the most recent <
code><
a href="#port">Port</
a></
code> statement
of the main server. You may also specify <
code>:*</
code> to
match all ports on that address. (This is recommended when used
with <
code>_default_</
code>.)</
p>
<
p><
strong>SECURITY</
strong>: See the <
a href= details on why your security could be compromised if the
directory where logfiles are stored is writable by anyone other
than the user that starts the server.</
p>
<
p><
strong>NOTE</
strong>: The use of <VirtualHost> does
<
strong>not</
strong> affect what addresses Apache listens on.
You may need to ensure that Apache is listening on the correct
<
p><
strong>See also:</
strong> <
a href="/vhosts/">Apache
Virtual Host documentation</
a><
br>
<
strong>See also:</
strong> <
a href= <
strong>See also:</
strong> <
a href="/bind.html">Setting
which addresses and ports Apache uses</
a><
br>
Directory, Location and Files sections work</
a> for an
explanation of how these different sections are combined when a