core.xml revision 3770ed746d69c7a4111cba9966169bd5d7a509a6
530eba85dbd41b8a0fa5255d3648d1440199a661slive<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
e942c741056732f50da2074b36fe59805d370650slive<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
5f5d1b4cc970b7f06ff8ef6526128e9a27303d88nd<!-- $LastChangedRevision$ -->
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding Licensed to the Apache Software Foundation (ASF) under one or more
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding contributor license agreements. See the NOTICE file distributed with
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding this work for additional information regarding copyright ownership.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding The ASF licenses this file to You under the Apache License, Version 2.0
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding (the "License"); you may not use this file except in compliance with
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding the License. You may obtain a copy of the License at
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Unless required by applicable law or agreed to in writing, software
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd distributed under the License is distributed on an "AS IS" BASIS,
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd See the License for the specific language governing permissions and
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd limitations under the License.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Core Apache HTTP Server features that are always
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveavailable</description>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<directivesynopsis>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<description>Configures optimizations for a Protocol's Listener Sockets</description>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<syntax>AcceptFilter <var>protocol</var> <var>accept_filter</var></syntax>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<contextlist><context>server config</context></contextlist>
158222078a98fb13cddf2793b42f7eb8eafe51aerjung<compatibility>Available in Apache httpd 2.1.5 and later.
158222078a98fb13cddf2793b42f7eb8eafe51aerjungOn Windows from Apache httpd 2.3.3 and later.</compatibility>
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic <p>This directive enables operating system specific optimizations for a
31127de9133204b2f09f6226250592ed93b61023rbowen listening socket by the <directive>Protocol</directive>type.
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic The basic premise is for the kernel to not send a socket to the server
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic process until either data is received or an entire HTTP Request is buffered.
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic Only <a href="http://www.freebsd.org/cgi/man.cgi?query=accept_filter&sektion=9">
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor FreeBSD's Accept Filters</a>, Linux's more primitive
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe <code>TCP_DEFER_ACCEPT</code>, and Windows' optimized AcceptEx()
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe are currently supported.</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>Using <code>none</code> for an argument will disable any accept filters
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe for that protocol. This is useful for protocols that require a server
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe send data first, such as <code>ftp:</code> or <code>nntp</code>:</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>The default protocol names are <code>https</code> for port 443
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna and <code>http</code> for all other ports. To specify another protocol
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier is being used with a listening port, add the <var>protocol</var>
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier argument to the <directive module="mpm_common">Listen</directive>
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier directive.</p>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna AcceptFilter http httpready <br/>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic AcceptFilter https dataready
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>The <code>httpready</code> accept filter buffers entire HTTP requests at
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor the kernel level. Once an entire request is received, the kernel then
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna sends it to the server. See the
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_http&sektion=9">
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor accf_http(9)</a> man page for more details. Since HTTPS requests are
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna encrypted only the <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_data&sektion=9">
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna AcceptFilter http data <br/>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic AcceptFilter https data
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>Linux's <code>TCP_DEFER_ACCEPT</code> does not support buffering http
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna requests. Any value besides <code>none</code> will enable
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <code>TCP_DEFER_ACCEPT</code> on that listener. For more details
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor see the Linux
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <a href="http://homepages.cwi.nl/~aeb/linux/man2html/man7/tcp.7.html">
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe AcceptFilter http data <br/>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic AcceptFilter https data
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>Window's mpm_winnt interprets the AcceptFilter to toggle the AcceptEx()
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe API, and does not support http protocol buffering. There are two values
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe which utilize the Windows AcceptEx() API and will recycle network
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe sockets between connections. <code>data</code> waits until data has
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe been transmitted as documented above, and the initial data buffer and
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe network endpoint addresses are all retrieved from the single AcceptEx()
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe invocation. <code>connect</code> will use the AcceptEx() API, also
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe retrieve the network endpoint addresses, but like <code>none</code>
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe the <code>connect</code> option does not wait for the initial data
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe transmission.</p>
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe <p>On Windows, <code>none</code> uses accept() rather than AcceptEx()
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe and will not recycle sockets between connections. This is useful for
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic network adapters with broken driver support, as well as some virtual
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe network providers such as vpn drivers, or spam, virus or spyware
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe filters.</p>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna</directivesynopsis>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Resources accept trailing pathname information</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>virtual host</context><context>directory</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Available in Apache httpd 2.0.30 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive controls whether requests that contain trailing
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive pathname information that follows an actual filename (or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive non-existent file in an existing directory) will be accepted or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive rejected. The trailing pathname information can be made
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive available to scripts in the <code>PATH_INFO</code> environment
fb77c505254b6e9c925e23e734463e87574f8f40kess variable.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For example, assume the location <code>/test/</code> points to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a directory that contains only the single file
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The three possible arguments for the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>AcceptPathInfo</directive> directive are:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dt><code>Off</code></dt><dd>A request will only be accepted if it
fb77c505254b6e9c925e23e734463e87574f8f40kess maps to a literal path that exists. Therefore a request with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive trailing pathname information after the true filename such as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>/test/here.html/more</code> in the above example will return
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a 404 NOT FOUND error.</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dt><code>On</code></dt><dd>A request will be accepted if a
fb77c505254b6e9c925e23e734463e87574f8f40kess leading path component maps to a file that exists. The above
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive example <code>/test/here.html/more</code> will be accepted if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>/test/here.html</code> maps to a valid file.</dd>
fb77c505254b6e9c925e23e734463e87574f8f40kess <dt><code>Default</code></dt><dd>The treatment of requests with
fb77c505254b6e9c925e23e734463e87574f8f40kess trailing pathname information is determined by the <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/handler.html">handler</a> responsible for the request.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The core handler for normal files defaults to rejecting
fb77c505254b6e9c925e23e734463e87574f8f40kess <code>PATH_INFO</code> requests. Handlers that serve scripts, such as <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="mod_isapi.html">isapi-handler</a>, generally accept
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The primary purpose of the <code>AcceptPathInfo</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive is to allow you to override the handler's choice of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive accepting or rejecting <code>PATH_INFO</code>. This override is required,
fb77c505254b6e9c925e23e734463e87574f8f40kess for example, when you use a <a href="/filter.html">filter</a>, such
fb77c505254b6e9c925e23e734463e87574f8f40kess as <a href="mod_include.html">INCLUDES</a>, to generate content
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive based on <code>PATH_INFO</code>. The core handler would usually reject
fb77c505254b6e9c925e23e734463e87574f8f40kess the request, so you can use the following configuration to enable
fb77c505254b6e9c925e23e734463e87574f8f40kess such a script:</p>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh Options +Includes<br />
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh SetOutputFilter INCLUDES<br />
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh AcceptPathInfo On<br />
2aa51ed61adb484602e94de3d2214ec267aecedbigalic </Files>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>Name of the distributed configuration file</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>AccessFileName <var>filename</var> [<var>filename</var>] ...</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>While processing a request the server looks for
003f0c9fda6664daf5092a0e42f65ede20098153slive the first existing configuration file from this list of names in
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess every directory of the path to the document, if distributed
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess configuration files are <a href="#allowoverride">enabled for that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive AccessFileName .acl
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>before returning the document
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>/usr/local/web/index.html</code>, the server will read
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <code>/usr/local/.acl</code> and <code>/usr/local/web/.acl</code>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh for directives, unless they have been disabled with</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <Directory /><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive AllowOverride None<br />
1a3f62ca37273a15a06bb94a61d3c6fcf4bf38c9rbowen </Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">AllowOverride</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/configuring.html">Configuration Files</a></seealso>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding<seealso><a href="/howto/htaccess.html">.htaccess Files</a></seealso>
684f2a9a422185adda0692a1203c5ad6687fc5c5nd</directivesynopsis>
530eba85dbd41b8a0fa5255d3648d1440199a661slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Default charset parameter to be added when a response
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivecontent-type is <code>text/plain</code> or <code>text/html</code></description>
003f0c9fda6664daf5092a0e42f65ede20098153slive<syntax>AddDefaultCharset On|Off|<var>charset</var></syntax>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding<context>virtual host</context><context>directory</context>
684f2a9a422185adda0692a1203c5ad6687fc5c5nd <p>This directive specifies a default value for the media type
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding charset parameter (the name of a character encoding) to be added
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding to a response if and only if the response's content-type is either
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding <code>text/plain</code> or <code>text/html</code>. This should override
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding any charset specified in the body of the response via a <code>META</code>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding element, though the exact behavior is often dependent on the user's client
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding configuration. A setting of <code>AddDefaultCharset Off</code>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding disables this functionality. <code>AddDefaultCharset On</code> enables
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a default charset of <code>iso-8859-1</code>. Any other value is assumed
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh to be the <var>charset</var> to be used, which should be one of the
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding <a href="http://www.iana.org/assignments/character-sets">IANA registered
684f2a9a422185adda0692a1203c5ad6687fc5c5nd charset values</a> for use in Internet media types (MIME types).
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding For example:</p>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding AddDefaultCharset utf-8
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding <p><directive>AddDefaultCharset</directive> should only be used when all
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding of the text resources to which it applies are known to be in that
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding character encoding and it is too inconvenient to label their charset
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive individually. One such example is to add the charset parameter
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding to resources containing generated content, such as legacy CGI
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive scripts, that might be vulnerable to cross-site scripting attacks
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive due to user-provided data being included in the output. Note, however,
77ead9e0262e4f08ec336d1a65b2edef7705c839nd that a better solution is to just fix (or delete) those scripts, since
77ead9e0262e4f08ec336d1a65b2edef7705c839nd setting a default charset does not protect users that have enabled
9583adab6bc4b3758e41963c905d9dad9f067131nd the "auto-detect character encoding" feature on their browser.</p>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier<seealso><directive module="mod_mime">AddCharset</directive></seealso>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd</directivesynopsis>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd<directivesynopsis>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier<description>Determines whether encoded path separators in URLs are allowed to
77ead9e0262e4f08ec336d1a65b2edef7705c839ndbe passed through</description>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd<contextlist><context>server config</context><context>virtual host</context>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd</contextlist>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier<compatibility>Available in Apache httpd 2.0.46 and later.
3770ed746d69c7a4111cba9966169bd5d7a509a6poirierNoDecode option available in 2.3.12 and later.</compatibility>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier <p>The <directive>AllowEncodedSlashes</directive> directive allows URLs
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier which contain encoded path separators (<code>%2F</code> for <code>/</code>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier and additionally <code>%5C</code> for <code>\</code> on according systems)
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier to be used in the path info.</p>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier <p>With the default value, <code>Off</code>, such URLs are refused
77ead9e0262e4f08ec336d1a65b2edef7705c839nd with a 404 (Not found) error.</p>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd <p>With the value <code>On</code>, such URLs are accepted, and encoded
77ead9e0262e4f08ec336d1a65b2edef7705c839nd slashes are decoded like all other encoded characters.</p>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier <p>With the value <code>NoDecode</code>, such URLs are accepted, but
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier encoded slashes are not decoded but left in their encoded state.</p>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd <p>Turning <directive>AllowEncodedSlashes</directive> <code>On</code> is
77ead9e0262e4f08ec336d1a65b2edef7705c839nd mostly useful when used in conjunction with <code>PATH_INFO</code>.</p>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd <p>If encoded slashes are needed in path info, use of <code>NoDecode</code> is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive strongly recommended as a security measure. Allowing slashes
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to be decoded could potentially allow unsafe paths.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess<seealso><directive module="core">AcceptPathInfo</directive></seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Types of directives that are allowed in
fb77c505254b6e9c925e23e734463e87574f8f40kess<syntax>AllowOverride All|None|<var>directive-type</var>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<default>AllowOverride None (2.3.9 and later), AllowOverride All (2.3.8 and earlier)</default>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>directory</context></contextlist>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>When the server finds an <code>.htaccess</code> file (as
b12b918ae6baf9c5762ed61b7393d0e2198378c0nd specified by <directive module="core">AccessFileName</directive>)
b12b918ae6baf9c5762ed61b7393d0e2198378c0nd it needs to know which directives declared in that file can override
b12b918ae6baf9c5762ed61b7393d0e2198378c0nd earlier configuration directives.</p>
10673857794a4b3d9568ca2d983722a87ed352f1rbowen <note><title>Only available in <Directory> sections</title>
10673857794a4b3d9568ca2d983722a87ed352f1rbowen <directive>AllowOverride</directive> is valid only in
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <directive type="section" module="core">Directory</directive>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri sections specified without regular expressions, not in <directive
113961f0559eb026ea0d379cb7350f82bc09d710druggeri type="section" module="core">Location</directive>, <directive
113961f0559eb026ea0d379cb7350f82bc09d710druggeri module="core" type="section">DirectoryMatch</directive> or
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <directive type="section" module="core">Files</directive> sections.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When this directive is set to <code>None</code>, then
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <a href="#accessfilename">.htaccess</a> files are completely ignored.
fb77c505254b6e9c925e23e734463e87574f8f40kess In this case, the server will not even attempt to read
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When this directive is set to <code>All</code>, then any
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive which has the .htaccess <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="directive-dict.html#Context">Context</a> is allowed in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <var>directive-type</var> can be one of the following
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive groupings of directives.</p>
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz Allow use of the authorization directives (<directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_authn_dbm">AuthDBMUserFile</directive>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_authz_groupfile">AuthGroupFile</directive>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_authn_core">AuthName</directive>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_authn_core">AuthType</directive>, <directive
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding module="mod_authn_file">AuthUserFile</directive>, <directive
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding module="mod_authz_core">Require</directive>, <em>etc.</em>).</dd>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding Allow use of the directives controlling document types
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding (<directive module="core">ErrorDocument</directive>,
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem <directive module="mod_negotiation">LanguagePriority</directive>,
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem <directive module="core">SetOutputFilter</directive>, and
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem <module>mod_mime</module> Add* and Remove* directives),
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem document meta data (<directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="mod_headers">RequestHeader</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="mod_setenvif">SetEnvIf</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="mod_setenvif">SetEnvIfNoCase</directive>, <directive
c94e2389b3470486af5b341013b8def7e201db30humbedooh module="mod_setenvif">BrowserMatch</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="mod_usertrack">CookieExpires</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="mod_usertrack">CookieDomain</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="mod_usertrack">CookieStyle</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="mod_usertrack">CookieTracking</directive>, <directive
86554dc60e298c76fd567161f47abd687008d6cchumbedooh <module>mod_rewrite</module> directives <directive
86554dc60e298c76fd567161f47abd687008d6cchumbedooh module="mod_rewrite">RewriteEngine</directive>, <directive
86554dc60e298c76fd567161f47abd687008d6cchumbedooh module="mod_rewrite">RewriteOptions</directive>, <directive
86554dc60e298c76fd567161f47abd687008d6cchumbedooh module="mod_rewrite">RewriteBase</directive>, <directive
86554dc60e298c76fd567161f47abd687008d6cchumbedooh module="mod_rewrite">RewriteCond</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem <directive module="mod_actions">Action</directive> from
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Allow use of the directives controlling directory indexing
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (<directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_autoindex">AddIcon</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_autoindex">AddIconByType</directive>,
06cec0eb90affb7f85de964d1822fddc77553c32humbedooh <directive module="mod_autoindex">DefaultIcon</directive>, <directive
06cec0eb90affb7f85de964d1822fddc77553c32humbedooh module="mod_dir">DirectoryIndex</directive>, <directive
0834a50e694f91f4bf20ddf030fd0812e65cafc7rbowen module="mod_autoindex">FancyIndexing</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_autoindex">HeaderName</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_autoindex">IndexIgnore</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_autoindex">IndexOptions</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Allow use of the directives controlling host access (<directive
8cb1b3a3753304d51919865f588cbe19cbd0182arbowen module="mod_authz_host">Allow</directive>, <directive
8cb1b3a3753304d51919865f588cbe19cbd0182arbowen module="mod_authz_host">Deny</directive> and <directive
eb73941bd697cd7e8226ceaf04183ade6c66934dniq Allow use of the directives controlling specific directory
e67969aeb443b18bbb3837690c4010c3f1961842jim features (<directive module="core">Options</directive> and
eb73941bd697cd7e8226ceaf04183ade6c66934dniq An equal sign may be given followed by a comma (but no spaces)
eb73941bd697cd7e8226ceaf04183ade6c66934dniq separated lists of options that may be set using the <directive
eb73941bd697cd7e8226ceaf04183ade6c66934dniq AllowOverride AuthConfig Indexes
eb73941bd697cd7e8226ceaf04183ade6c66934dniq </example>
eb73941bd697cd7e8226ceaf04183ade6c66934dniq <p>In the example above all directives that are neither in the group
eb73941bd697cd7e8226ceaf04183ade6c66934dniq <code>AuthConfig</code> nor <code>Indexes</code> cause an internal
eb73941bd697cd7e8226ceaf04183ade6c66934dniq server error.</p>
eb73941bd697cd7e8226ceaf04183ade6c66934dniq <note><p>For security and performance reasons, do not set
eb73941bd697cd7e8226ceaf04183ade6c66934dniq <code>AllowOverride</code> to anything other than <code>None</code>
eb73941bd697cd7e8226ceaf04183ade6c66934dniq in your <code><Directory /></code> block. Instead, find (or
eb73941bd697cd7e8226ceaf04183ade6c66934dniq create) the <code><Directory></code> block that refers to the
eb73941bd697cd7e8226ceaf04183ade6c66934dniq directory where you're actually planning to place a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">AccessFileName</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/configuring.html">Configuration Files</a></seealso>
103a93c625bcde1a6a7a5155b64dcda36f612180pquerna<seealso><a href="/howto/htaccess.html">.htaccess Files</a></seealso>
103a93c625bcde1a6a7a5155b64dcda36f612180pquerna</directivesynopsis>
9970ad80054f477c708284a0d030a5bd26e412a9covener<directivesynopsis>
9970ad80054f477c708284a0d030a5bd26e412a9covener<description>Technique for locating the interpreter for CGI
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjimscripts</description>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim<syntax>CGIMapExtension <var>cgi-path</var> <var>.extension</var></syntax>
9970ad80054f477c708284a0d030a5bd26e412a9covener<contextlist><context>directory</context><context>.htaccess</context>
9970ad80054f477c708284a0d030a5bd26e412a9covener</contextlist>
d8655d95f4c9f281adc457de9ef702b46b003153rbowen <p>This directive is used to control how Apache httpd finds the
08a6627a8cb9a9c85392cd0d8680c112a7f857cetrawick interpreter used to run CGI scripts. For example, setting
9970ad80054f477c708284a0d030a5bd26e412a9covener cause all CGI script files with a <code>.foo</code> extension to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive be passed to the FOO interpreter.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh<directivesynopsis>
b12b918ae6baf9c5762ed61b7393d0e2198378c0nd<description>Enables the generation of <code>Content-MD5</code> HTTP Response
b12b918ae6baf9c5762ed61b7393d0e2198378c0ndheaders</description>
da637bcae7b6e150470e701af29da5604a34a17erbowen<contextlist><context>server config</context><context>virtual host</context>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<context>directory</context><context>.htaccess</context>
da637bcae7b6e150470e701af29da5604a34a17erbowen</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive enables the generation of
7802d43d20007fa575e43b6ae77d5177ceffdb71sf respectively RFC2616.</p>
7802d43d20007fa575e43b6ae77d5177ceffdb71sf <p>MD5 is an algorithm for computing a "message digest"
86120957a14f91da0a1a103eaf4d7710b1dd9e2asf (sometimes called "fingerprint") of arbitrary-length data, with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a high degree of confidence that any alterations in the data
113961f0559eb026ea0d379cb7350f82bc09d710druggeri will be reflected in alterations in the message digest.</p>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <p>The <code>Content-MD5</code> header provides an end-to-end
113961f0559eb026ea0d379cb7350f82bc09d710druggeri message integrity check (MIC) of the entity-body. A proxy or
113961f0559eb026ea0d379cb7350f82bc09d710druggeri client may check this header for detecting accidental
113961f0559eb026ea0d379cb7350f82bc09d710druggeri modification of the entity-body in transit. Example header:</p>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <p>Note that this can cause performance problems on your server
113961f0559eb026ea0d379cb7350f82bc09d710druggeri since the message digest is computed on every request (the
113961f0559eb026ea0d379cb7350f82bc09d710druggeri values are not cached).</p>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <p><code>Content-MD5</code> is only sent for documents served
113961f0559eb026ea0d379cb7350f82bc09d710druggeri by the <module>core</module>, and not by any module. For example,
113961f0559eb026ea0d379cb7350f82bc09d710druggeri SSI documents, output from CGI scripts, and byte range responses
113961f0559eb026ea0d379cb7350f82bc09d710druggeri do not have this header.</p>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri</directivesynopsis>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<directivesynopsis>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<description>This directive has no effect other than to emit warnings
113961f0559eb026ea0d379cb7350f82bc09d710druggeriif the value is not <code>none</code>. In prior versions, DefaultType
113961f0559eb026ea0d379cb7350f82bc09d710druggeriwould specify a default media type to assign to response content for
113961f0559eb026ea0d379cb7350f82bc09d710druggeriwhich no other media type configuration could be found.
113961f0559eb026ea0d379cb7350f82bc09d710druggeri</description>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<syntax>DefaultType <var>media-type|none</var></syntax>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<contextlist><context>server config</context><context>virtual host</context>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<context>directory</context><context>.htaccess</context>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic</contextlist>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<compatibility>The argument <code>none</code> is available in Apache httpd 2.2.7 and later. All other choices are DISABLED for 2.3.x and later.</compatibility>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <p>This directive has been disabled. For backwards compatibility
113961f0559eb026ea0d379cb7350f82bc09d710druggeri of configuration files, it may be specified with the value
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <code>none</code>, meaning no default media type. For example:</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic DefaultType None
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p><code>DefaultType None</code> is only available in
113961f0559eb026ea0d379cb7350f82bc09d710druggeri httpd-2.2.7 and later.</p>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <directive module="mod_mime">AddType</directive> to configure media
44d199e4e31c535de0afd97844a2146529a03ed1rbowen type assignments via file extensions, or the
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <directive module="core">ForceType</directive> directive to configure
113961f0559eb026ea0d379cb7350f82bc09d710druggeri the media type for specific resources. Otherwise, the server will
113961f0559eb026ea0d379cb7350f82bc09d710druggeri send the response without a Content-Type header field and the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive recipient may attempt to guess the media type.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes<syntax>Define <var>parameter-name</var> [<var>parameter-value</var>]</syntax>
fb77c505254b6e9c925e23e734463e87574f8f40kess<contextlist><context>server config</context><context>virtual host</context>
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes <p>In its one parameter form, <directive>Define</directive> is equivalent
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes to passing the <code>-D</code> argument to <program>httpd</program>. It
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes can be used to toggle the use of
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes <directive module="core" type="section">IfDefine</directive> sections
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes without needing to alter <code>-D</code> arguments in any startup
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen scripts.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>In addition to that, if the second parameter is given, a config variable
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess is set to this value. The variable can be used in the configuration using
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess the <code>${VAR}</code> syntax. The variable is always globally defined
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes and not limited to the scope of the surrounding config section.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <IfDefine TEST><br/>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </IfDefine><br/>
fb77c505254b6e9c925e23e734463e87574f8f40kess <IfDefine !TEST><br/>
fb77c505254b6e9c925e23e734463e87574f8f40kess Define SSL<br/>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </IfDefine><br/>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Variable names may not contain colon ":" characters, to avoid clashes
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive with <directive module="mod_rewrite">RewriteMap</directive>'s syntax.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Enclose a group of directives that apply only to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivenamed file-system directory, sub-directories, and their contents.</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive... </Directory></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">Directory</directive> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code></Directory></code> are used to enclose a group of
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd directives that will apply only to the named directory,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd sub-directories of that directory, and the files within the respective
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd directories. Any directive that is allowed
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd in a directory context may be used. <var>Directory-path</var> is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive either the full path to a directory, or a wild-card string using
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Unix shell-style matching. In a wild-card string, <code>?</code> matches
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive any single character, and <code>*</code> matches any sequences of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive characters. You may also use <code>[]</code> character ranges. None
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of the wildcards match a `/' character, so <code><Directory
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive /*/public_html></code> will not match
fb77c505254b6e9c925e23e734463e87574f8f40kess <code>/home/user/public_html</code>, but <code><Directory
fb77c505254b6e9c925e23e734463e87574f8f40kess /home/*/public_html></code> will match. Example:</p>
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim Options Indexes FollowSymLinks<br />
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim </Directory>
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim </example>
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim <p>Be careful with the <var>directory-path</var> arguments:
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim They have to literally match the filesystem path which Apache httpd uses
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim to access the files. Directives applied to a particular
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim <code><Directory></code> will not apply to files accessed from
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim that same directory via a different path, such as via different symbolic
2aa51ed61adb484602e94de3d2214ec267aecedbigalic expressions</glossary> can also be used, with the addition of the
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim <Directory ~ "^/www/.*/[0-9]{3}">
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim </example>
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim <p>would match directories in <code>/www/</code> that consisted of
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim three numbers.</p>
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim match the directory (or one of its parents) containing a document,
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim then the directives are applied in the order of shortest match
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim first, interspersed with the directives from the <a
2dada762fb99649c2a57bb9e19fe1666f2c20c38jim href="#accessfilename">.htaccess</a> files. For example,
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <Directory /><br />
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding AllowOverride None<br />
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding </Directory><br />
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <Directory /home><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive AllowOverride FileInfo<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>for access to the document <code>/home/web/dir/doc.html</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the steps are:</p>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <li>Apply directive <code>AllowOverride None</code>
e4881891552e185a7408318dfc7f62ebabe73cf6niq <li>Apply directive <code>AllowOverride FileInfo</code> (for
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <code>/home/.htaccess</code>, <code>/home/web/.htaccess</code> and
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <code>/home/web/dir/.htaccess</code> in that order.</li>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <p>Regular expressions are not considered until after all of the
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding normal sections have been applied. Then all of the regular
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding expressions are tested in the order they appeared in the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configuration file. For example, with</p>
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl <Directory ~ abc$><br />
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf # ... directives here ...<br />
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf </Directory>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf </example>
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl <p>the regular expression section won't be considered until after
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf all normal <directive type="section">Directory</directive>s and
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf <code>.htaccess</code> files have been applied. Then the regular
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf expression will match on <code>/home/abc/public_html/abc</code> and
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf the corresponding <directive type="section">Directory</directive> will
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf be applied.</p>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf <code><Directory /></code> is to permit all access.
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf This means that Apache httpd will serve any file mapped from an URL. It is
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf recommended that you change this with a block such
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <Directory /><br />
2aa51ed61adb484602e94de3d2214ec267aecedbigalic Require all denied<br />
2aa51ed61adb484602e94de3d2214ec267aecedbigalic </Directory>
b69e5120af5b107504c74dbe0228946378ab80b2rbowen <p><strong>and then override this for directories you
2aa51ed61adb484602e94de3d2214ec267aecedbigalic href="/misc/security_tips.html">Security Tips</a> page for more
cba8c0896ba04d42cf9a9e50df5040fd6bae14a4sf <p>The directory sections occur in the <code>httpd.conf</code> file.
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl <directive type="section">Directory</directive> directives
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl cannot nest, and cannot appear in a <directive module="core"
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl type="section">Limit</directive> or <directive module="core"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/sections.html">How <Directory>,
898475b582dd849de5915df0f2089b72ed8b2e2bcovener <Location> and <Files> sections work</a> for an
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd explanation of how these different sections are combined when a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request is received</seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Enclose directives that apply to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivethe contents of file-system directories matching a regular expression.</description>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor... </DirectoryMatch></syntax>
898475b582dd849de5915df0f2089b72ed8b2e2bcovener<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p><directive type="section">DirectoryMatch</directive> and
fb77c505254b6e9c925e23e734463e87574f8f40kess <code></DirectoryMatch></code> are used to enclose a group
fb77c505254b6e9c925e23e734463e87574f8f40kess of directives which will apply only to the named directory (and the files within),
003f0c9fda6664daf5092a0e42f65ede20098153slive the same as <directive module="core" type="section">Directory</directive>.
003f0c9fda6664daf5092a0e42f65ede20098153slive However, it takes as an argument a
003f0c9fda6664daf5092a0e42f65ede20098153slive <glossary ref="regex">regular expression</glossary>. For example:</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <DirectoryMatch "^/www/(.+/)?[0-9]{3}">
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>would match directories in <code>/www/</code> that consisted of three
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd numbers.</p>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen Prior to 2.3.9, this directive implicitly applied to sub-directories
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd (like <directive module="core" type="section">Directory</directive>) and
fb77c505254b6e9c925e23e734463e87574f8f40kess could not match the end of line symbol ($). In 2.3.9 and later,
fb77c505254b6e9c925e23e734463e87574f8f40kess only directories that match the expression are affected by the enclosed
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd directives.
030108b1816bcda3d925df65357feabdce83bc94slive This directive applies to requests for directories that may or may
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive not end in a trailing slash, so expressions that are anchored to the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd end of line ($) must be written with care.
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh<seealso><directive type="section" module="core">Directory</directive> for
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooha description of how regular expressions are mixed in with normal
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh<directive type="section">Directory</directive>s</seealso>
fb77c505254b6e9c925e23e734463e87574f8f40kesshref="/sections.html">How <Directory>, <Location> and
fb77c505254b6e9c925e23e734463e87574f8f40kess<Files> sections work</a> for an explanation of how these different
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivesections are combined when a request is received</seealso>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess</directivesynopsis>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Directory that forms the main document tree visible
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivefrom the web</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>DocumentRoot <var>directory-path</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<default>DocumentRoot /usr/local/apache/htdocs</default>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<contextlist><context>server config</context><context>virtual host</context>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic</contextlist>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>This directive sets the directory from which <program>httpd</program>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic will serve files. Unless matched by a directive like <directive
2aa51ed61adb484602e94de3d2214ec267aecedbigalic module="mod_alias">Alias</directive>, the server appends the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic path from the requested URL to the document root to make the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic path to the document. Example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>then an access to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>http://my.example.com/index.html</code> refers to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>/usr/web/index.html</code>. If the <var>directory-path</var> is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive not absolute then it is assumed to be relative to the <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>The <directive>DocumentRoot</directive> should be specified without
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess a trailing slash.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/urlmapping.html#documentroot">Mapping URLs to Filesystem
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Use memory-mapping to read files during delivery</description>
c8b79d4b8796531f19dd54bd59d88c3b68338ceahumbedooh<contextlist><context>server config</context><context>virtual host</context>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<context>directory</context><context>.htaccess</context>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic</contextlist>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess <p>This directive controls whether the <program>httpd</program> may use
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess memory-mapping if it needs to read the contents of a file during
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess delivery. By default, when the handling of a request requires
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess access to the data within a file -- for example, when delivering a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive server-parsed file using <module>mod_include</module> -- Apache httpd
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen memory-maps the file if the OS supports it.</p>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <p>This memory-mapping sometimes yields a performance improvement.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive But in some environments, it is better to disable the memory-mapping
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to prevent operational problems:</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <li>On some multiprocessor systems, memory-mapping can reduce the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <li>Deleting or truncating a file while <program>httpd</program>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic has it memory-mapped can cause <program>httpd</program> to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive crash with a segmentation fault.
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>For server configurations that are vulnerable to these problems,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive you should disable memory-mapping of delivered files by specifying:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive EnableMMAP Off
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For NFS mounted files, this feature may be disabled explicitly for
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess the offending files by specifying:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <Directory "/path-to-nfs-files">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive EnableMMAP Off
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Directory>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </example>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Use the kernel sendfile support to deliver files to the client</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<context>directory</context><context>.htaccess</context>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor</contextlist>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener<compatibility>Available in version 2.0.44 and later. Default changed to Off in
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndversion 2.3.9.</compatibility>
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh <p>This directive controls whether <program>httpd</program> may use the
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh sendfile support from the kernel to transmit file contents to the client.
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh By default, when the handling of a request requires no access
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to the data within a file -- for example, when delivering a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive static file -- Apache httpd uses sendfile to deliver the file contents
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive without ever reading the file if the OS supports it.</p>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener <p>This sendfile mechanism avoids separate read and send operations,
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener and buffer allocations. But on some platforms or within some
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener filesystems, it is better to disable this feature to avoid
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener operational problems:</p>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener <li>Some platforms may have broken sendfile support that the build
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener system did not detect, especially if the binaries were built on
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener another box and moved to such a machine with broken sendfile
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor support.</li>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <li>On Linux the use of sendfile triggers TCP-checksum
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener offloading bugs on certain networking cards when using IPv6.</li>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener <li>On Linux on Itanium, <code>sendfile</code> may be unable to handle
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin files over 2GB in size.</li>
eab364dc817e6d2f9179d0ecbd269d02df6f383cminfrin module="core">DocumentRoot</directive> (e.g., NFS, SMB, CIFS, FUSE),
eab364dc817e6d2f9179d0ecbd269d02df6f383cminfrin the kernel may be unable to serve the network file through
ae382386f18506586972cdd63c09bb27a1685062nd its own cache.</li>
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin <p>For server configurations that are not vulnerable to these problems,
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin you may enable this feature by specifying:</p>
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin EnableSendfile On
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For network mounted files, this feature may be disabled explicitly
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive for the offending files by specifying:</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <Directory "/path-to-nfs-files">
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess EnableSendfile Off
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Please note that the per-directory and .htaccess configuration
003f0c9fda6664daf5092a0e42f65ede20098153slive of <directive>EnableSendfile</directive> is not supported by
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Only global definition of <directive>EnableSendfile</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is taken into account by the module.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd<directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<description>Abort configuration parsing with a custom error message</description>
fb77c505254b6e9c925e23e734463e87574f8f40kess<contextlist><context>server config</context><context>virtual host</context>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh</contextlist>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>If an error can be detected within the configuration, this
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor directive can be used to generate a custom error message, and halt
c68acc9d712af079afa2bd1a5a4aeef9a3ea573ckess configuration parsing. The typical use is for reporting required
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive modules which are missing from the configuration.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive # ensure that mod_include is loaded<br />
1b01d1ee11c612226cb3141eed4581dc179266c1rbowen <IfModule !include_module><br />
1b01d1ee11c612226cb3141eed4581dc179266c1rbowen Error mod_include is required by mod_foo. Load it with LoadModule.<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </IfModule><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf # ensure that exactly one of SSL,NOSSL is defined<br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf <IfDefine SSL><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf <IfDefine NOSSL><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf Error Both SSL and NOSSL are defined. Define only one of them.<br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf </IfDefine><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf </IfDefine><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf <IfDefine !SSL><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf <IfDefine !NOSSL><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf Error Either SSL or NOSSL must be defined.<br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf </IfDefine><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf </IfDefine><br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf </example>
6b15044d54a096e6323ff1540f1a491e8de7622dsf</directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<description>What the server will return to the client
6b15044d54a096e6323ff1540f1a491e8de7622dsfin case of an error</description>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<syntax>ErrorDocument <var>error-code</var> <var>document</var></syntax>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<contextlist><context>server config</context><context>virtual host</context>
c8b79d4b8796531f19dd54bd59d88c3b68338ceahumbedooh<context>directory</context><context>.htaccess</context>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic</contextlist>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>In the event of a problem or error, Apache httpd can be configured
6b15044d54a096e6323ff1540f1a491e8de7622dsf to do one of four things,</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <li>redirect to a local <var>URL-path</var> to handle the
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>The first option is the default, while options 2-4 are
6b15044d54a096e6323ff1540f1a491e8de7622dsf configured using the <directive>ErrorDocument</directive>
6b15044d54a096e6323ff1540f1a491e8de7622dsf directive, which is followed by the HTTP response code and a URL
6b15044d54a096e6323ff1540f1a491e8de7622dsf or a message. Apache httpd will sometimes offer additional information
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>URLs can begin with a slash (/) for local web-paths (relative
6b15044d54a096e6323ff1540f1a491e8de7622dsf to the <directive module="core">DocumentRoot</directive>), or be a
6b15044d54a096e6323ff1540f1a491e8de7622dsf full URL which the client can resolve. Alternatively, a message
6b15044d54a096e6323ff1540f1a491e8de7622dsf can be provided to be displayed by the browser. Examples:</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf ErrorDocument 500 http://foo.example.com/cgi-bin/tester<br />
6b15044d54a096e6323ff1540f1a491e8de7622dsf ErrorDocument 403 "Sorry can't allow you access today"
6b15044d54a096e6323ff1540f1a491e8de7622dsf </example>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>Additionally, the special value <code>default</code> can be used
6b15044d54a096e6323ff1540f1a491e8de7622dsf to specify Apache httpd's simple hardcoded message. While not required
6b15044d54a096e6323ff1540f1a491e8de7622dsf under normal circumstances, <code>default</code> will restore
6b15044d54a096e6323ff1540f1a491e8de7622dsf Apache httpd's simple hardcoded message for configurations that would
6b15044d54a096e6323ff1540f1a491e8de7622dsf otherwise inherit an existing <directive>ErrorDocument</directive>.</p>
e32a6a51d27e311db1e1d5920ac7bd0de33823cfhumbedooh ErrorDocument 404 /cgi-bin/bad_urls.pl<br /><br />
e32a6a51d27e311db1e1d5920ac7bd0de33823cfhumbedooh ErrorDocument 404 default<br />
2aa51ed61adb484602e94de3d2214ec267aecedbigalic </Directory>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>Note that when you specify an <directive>ErrorDocument</directive>
6b15044d54a096e6323ff1540f1a491e8de7622dsf that points to a remote URL (ie. anything with a method such as
6b15044d54a096e6323ff1540f1a491e8de7622dsf <code>http</code> in front of it), Apache HTTP Server will send a redirect to the
6b15044d54a096e6323ff1540f1a491e8de7622dsf client to tell it where to find the document, even if the
6b15044d54a096e6323ff1540f1a491e8de7622dsf document ends up being on the same server. This has several
6b15044d54a096e6323ff1540f1a491e8de7622dsf implications, the most important being that the client will not
6b15044d54a096e6323ff1540f1a491e8de7622dsf receive the original error status code, but instead will
6b15044d54a096e6323ff1540f1a491e8de7622dsf receive a redirect status code. This in turn can confuse web
6b15044d54a096e6323ff1540f1a491e8de7622dsf robots and other clients which try to determine if a URL is
6b15044d54a096e6323ff1540f1a491e8de7622dsf valid using the status code. In addition, if you use a remote
6b15044d54a096e6323ff1540f1a491e8de7622dsf URL in an <code>ErrorDocument 401</code>, the client will not
6b15044d54a096e6323ff1540f1a491e8de7622dsf know to prompt the user for a password since it will not
6b15044d54a096e6323ff1540f1a491e8de7622dsf receive the 401 status code. Therefore, <strong>if you use an
6b15044d54a096e6323ff1540f1a491e8de7622dsf <code>ErrorDocument 401</code> directive then it must refer to a local
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>Microsoft Internet Explorer (MSIE) will by default ignore
6b15044d54a096e6323ff1540f1a491e8de7622dsf server-generated error messages when they are "too small" and substitute
6b15044d54a096e6323ff1540f1a491e8de7622dsf its own "friendly" error messages. The size threshold varies depending on
6b15044d54a096e6323ff1540f1a491e8de7622dsf the type of error, but in general, if you make your error document
6b15044d54a096e6323ff1540f1a491e8de7622dsf greater than 512 bytes, then MSIE will show the server-generated
af18698b10b429b270551ca3a5d51a75e1c9db22brianp error rather than masking it. More information is available in
af18698b10b429b270551ca3a5d51a75e1c9db22brianp Microsoft Knowledge Base article <a
003f0c9fda6664daf5092a0e42f65ede20098153slive href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807"
af18698b10b429b270551ca3a5d51a75e1c9db22brianp <p>Although most error messages can be overriden, there are certain
af18698b10b429b270551ca3a5d51a75e1c9db22brianp circumstances where the internal messages are used regardless of the
af18698b10b429b270551ca3a5d51a75e1c9db22brianp setting of <directive module="core">ErrorDocument</directive>. In
003f0c9fda6664daf5092a0e42f65ede20098153slive particular, if a malformed request is detected, normal request processing
af18698b10b429b270551ca3a5d51a75e1c9db22brianp will be immediately halted and the internal error message returned.
af18698b10b429b270551ca3a5d51a75e1c9db22brianp This is necessary to guard against security problems caused by
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd bad requests.</p>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>If you are using mod_proxy, you may wish to enable
fb77c505254b6e9c925e23e734463e87574f8f40kess <directive module="mod_proxy">ProxyErrorOverride</directive> so that you can provide
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen custom error messages on behalf of your Origin servers. If you don't enable ProxyErrorOverride,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Apache httpd will not generate custom error documents for proxied content.</p>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp<seealso><a href="/custom-error.html">documentation of
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp<directivesynopsis>
13cbe1d8f52c8097cb581e7eb259693b64d41d10poirier<description>Location where the server will log errors</description>
13cbe1d8f52c8097cb581e7eb259693b64d41d10poirier<syntax> ErrorLog <var>file-path</var>|syslog[:<var>facility</var>]</syntax>
13cbe1d8f52c8097cb581e7eb259693b64d41d10poirier<default>ErrorLog logs/error_log (Unix) ErrorLog logs/error.log (Windows and OS/2)</default>
13cbe1d8f52c8097cb581e7eb259693b64d41d10poirier<contextlist><context>server config</context><context>virtual host</context>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The <directive>ErrorLog</directive> directive sets the name of
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd the file to which the server will log any errors it encounters. If
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh the <var>file-path</var> is not absolute then it is assumed to be
41ef8b3051855b802104193ee0a587515af60a37wrowe relative to the <directive module="core">ServerRoot</directive>.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic begins with a pipe character "<code>|</code>" then it is assumed to be a
2aa51ed61adb484602e94de3d2214ec267aecedbigalic command to spawn to handle the error log.</p>
41ef8b3051855b802104193ee0a587515af60a37wrowe <p>See the notes on <a href="/logs.html#piped">piped logs</a> for
fb77c505254b6e9c925e23e734463e87574f8f40kess more information.</p>
41ef8b3051855b802104193ee0a587515af60a37wrowe <p>Using <code>syslog</code> instead of a filename enables logging
41ef8b3051855b802104193ee0a587515af60a37wrowe via syslogd(8) if the system supports it. The default is to use
41ef8b3051855b802104193ee0a587515af60a37wrowe syslog facility <code>local7</code>, but you can override this by
41ef8b3051855b802104193ee0a587515af60a37wrowe using the <code>syslog:<var>facility</var></code> syntax where
158222078a98fb13cddf2793b42f7eb8eafe51aerjung <var>facility</var> can be one of the names usually documented in
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf syslog(1). The facility is effectively global, and if it is changed
41ef8b3051855b802104193ee0a587515af60a37wrowe in individual virtual hosts, the final facility specified affects the
41ef8b3051855b802104193ee0a587515af60a37wrowe entire server.</p>
41ef8b3051855b802104193ee0a587515af60a37wrowe ErrorLog syslog:user
41ef8b3051855b802104193ee0a587515af60a37wrowe href="/misc/security_tips.html#serverroot">security tips</a>
9b5e2c5e769dc678a1aca06df75c32022b2f1492trawick document for details on why your security could be compromised
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess if the directory where log files are stored is writable by
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess anyone other than the user that starts the server.</p>
41ef8b3051855b802104193ee0a587515af60a37wrowe <p>When entering a file path on non-Unix platforms, care should be taken
41ef8b3051855b802104193ee0a587515af60a37wrowe to make sure that only forward slashes are used even though the platform
41ef8b3051855b802104193ee0a587515af60a37wrowe may allow the use of back slashes. In general it is a good idea to always
41ef8b3051855b802104193ee0a587515af60a37wrowe use forward slashes throughout the configuration files.</p>
78f4d313fd5edf76dc5cfb8725e082a08cd29740jwoolley<seealso><directive module="core">LogLevel</directive></seealso>
78f4d313fd5edf76dc5cfb8725e082a08cd29740jwoolley<seealso><a href="/logs.html">Apache HTTP Server Log Files</a></seealso>
2025fe01de41805f6148851335693aa5ebe2faffnd</directivesynopsis>
9fb925624300c864fe3969a264e52aa83f3c2dd0slive<directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<description>Format specification for error log entries</description>
9fb925624300c864fe3969a264e52aa83f3c2dd0slive<syntax> ErrorLog [connection|request] <var>format</var></syntax>
41ef8b3051855b802104193ee0a587515af60a37wrowe<contextlist><context>server config</context><context>virtual host</context>
41ef8b3051855b802104193ee0a587515af60a37wrowe</contextlist>
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf<compatibility>Available in Apache httpd 2.3.9 and later</compatibility>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <p><directive>ErrorLogFormat</directive> allows to specify what
41ef8b3051855b802104193ee0a587515af60a37wrowe supplementary information is logged in the error log in addition to the
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf actual log message.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic ErrorLogFormat "[%t] [%l] [pid %P] %F: %E: [client %a] %M"
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>Specifying <code>connection</code> or <code>request</code> as first
2aa51ed61adb484602e94de3d2214ec267aecedbigalic parameter allows to specify additional formats, causing additional
832853bb93c1831daf24e4727c5ca0e1b1786e83lars information to be logged when the first message is logged for a specific
832853bb93c1831daf24e4727c5ca0e1b1786e83lars connection or request, respectivly. This additional information is only
78f97ce162b66a0dbfd7af4dcd9984f162569b04minfrin logged once per connection/request. If a connection or request is processed
832853bb93c1831daf24e4727c5ca0e1b1786e83lars without causing any log message, the additional information is not logged
832853bb93c1831daf24e4727c5ca0e1b1786e83lars either.</p>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp <p>It can happen that some format string items do not produce output. For
af18698b10b429b270551ca3a5d51a75e1c9db22brianp example, the Referer header is only present if the log message is
af18698b10b429b270551ca3a5d51a75e1c9db22brianp associated to a request and the log message happens at a time when the
79c754eb51681c3389cd966753e902c429f78939trawick Referer header has already been read from the client. If no output is
79c754eb51681c3389cd966753e902c429f78939trawick produced, the default behaviour is to delete everything from the preceeding
79c754eb51681c3389cd966753e902c429f78939trawick space character to the next space character. This means the log line is
79c754eb51681c3389cd966753e902c429f78939trawick implicitly divided into fields on non-whitespace to whitespace transitions.
79c754eb51681c3389cd966753e902c429f78939trawick If a format string item does not produce output, the whole field is
79c754eb51681c3389cd966753e902c429f78939trawick ommitted. For example, if the remote address <code>%a</code> in the log
79c754eb51681c3389cd966753e902c429f78939trawick format <code>[%t] [%l] [%a] %M </code> is not available, the surrounding
79c754eb51681c3389cd966753e902c429f78939trawick brackets are not logged either. Space characters can be escaped with a
79c754eb51681c3389cd966753e902c429f78939trawick backslash to prevent them from delimiting a field. The combination '% '
79c754eb51681c3389cd966753e902c429f78939trawick (percent space) is a zero-witdh field delimiter that does not produce any
79c754eb51681c3389cd966753e902c429f78939trawick output.</p>
79c754eb51681c3389cd966753e902c429f78939trawick <p>The above behaviour can be changed by adding modifiers to the format
79c754eb51681c3389cd966753e902c429f78939trawick string item. A <code>-</code> (minus) modifier causes a minus to be logged if the
79c754eb51681c3389cd966753e902c429f78939trawick respective item does not produce any output. In once-per-connection/request
2aa51ed61adb484602e94de3d2214ec267aecedbigalic formats, it is also possible to use the <code>+</code> (plus) modifier. If an
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh item with the plus modifier does not produce any output, the whole line is
2aa51ed61adb484602e94de3d2214ec267aecedbigalic ommitted.</p>
e2c56835b9788101b569d70661151ba7bb0ea2d6humbedooh <p>A number as modifier can be used to assign a log severity level to a
2aa51ed61adb484602e94de3d2214ec267aecedbigalic format item. The item will only be logged if the severity of the log
2aa51ed61adb484602e94de3d2214ec267aecedbigalic message is not higher than the specified log severity level. The number can
2aa51ed61adb484602e94de3d2214ec267aecedbigalic range from 1 (alert) over 4 (warn) and 7 (debug) to 15 (trace8).</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>Some format string items accept additional parameters in braces.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <columnspec><column width=".2"/><column width=".8"/></columnspec>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <tr><th>Format String</th> <th>Description</th></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Request environment variable <code>name</code></td></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Source file name and line number of the log call</td></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Number of keep-alive requests on this connection</td></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Log ID of the connection if used in connection scope, empty otherwise</td></tr>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <td>The current time including micro-seconds</td></tr>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <td>The current time in compact ISO 8601 format, including
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <td>The canonical <directive module="core">ServerName</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>The server name of the server serving the request according to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core" >UseCanonicalName</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The log ID format <code>%L</code> produces a unique id for a connection
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive or request. This can be used to correlate which log lines belong to the
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess same connection or request, which request happens on which connection.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <module>mod_log_config</module>, to allow to correlate access log entries
fb77c505254b6e9c925e23e734463e87574f8f40kess with error log lines. If <module>mod_unique_id</module> is loaded, its
fb77c505254b6e9c925e23e734463e87574f8f40kess unique id will be used as log ID for requests.</p>
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive <example><title>Example (somewhat similar to default format)</title>
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P] %7F: %E: [client\ %a]
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive %M% ,\ referer\ %{Referer}i"
fb77c505254b6e9c925e23e734463e87574f8f40kess <example><title>Example (similar to the 2.2.x format)</title>
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive ErrorLogFormat "[%t] [%l] %7F: %E: [client\ %a]
e32a6a51d27e311db1e1d5920ac7bd0de33823cfhumbedooh %M% ,\ referer\ %{Referer}i"
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive <example><title>Advanced example with request/connection log IDs</title>
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive ErrorLogFormat "[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M"<br/>
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive ErrorLogFormat request "[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T"<br/>
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive ErrorLogFormat request "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'"<br/>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor ErrorLogFormat request "[%{uc}t] [R:%L] Referer:'%+{Referer}i'"<br/>
b5d3d68a9f683722eac7a3ca507c3e571908dfc0rbowen ErrorLogFormat connection "[%{uc}t] [C:%{c}L] local\ %a remote\ %A"<br/>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">ErrorLog</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">LogLevel</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/logs.html">Apache HTTP Server Log Files</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Keep track of extended status information for each
313bb560bc5c323cfd40c9cad7335b4b8e060aedkessrequest</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This option tracks additional data per worker about the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive currently executing request, and a utilization summary; you
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can see these variables during runtime by configuring
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <module>mod_status</module>. Note that other modules may
c68acc9d712af079afa2bd1a5a4aeef9a3ea573ckess rely on this scoreboard.</p>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <p>This setting applies to the entire server, and cannot be
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess enabled or disabled on a virtualhost-by-virtualhost basis.
fb109b84906e3ee61680aa289953c2f9e859354erbowen The collection of extended status information can slow down
960188481b7025ac8ef7221b67af83dd27e46cd0rjung the server. Also note that this setting cannot be changed
960188481b7025ac8ef7221b67af83dd27e46cd0rjung during a graceful restart.</p>
fb109b84906e3ee61680aa289953c2f9e859354erbowen <p>Note that loading <module>mod_status</module> will change
960188481b7025ac8ef7221b67af83dd27e46cd0rjung the default behavior to ExtendedStatus On, while other
960188481b7025ac8ef7221b67af83dd27e46cd0rjung third party modules may do the same. Such modules rely on
960188481b7025ac8ef7221b67af83dd27e46cd0rjung collecting detailed information about the state of all workers.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The default is changed by <module>mod_status</module> beginning
56589be3d7a3e9343370df240010c6928cc78b39jkaluza with version 2.3.6; the previous default was always Off.</p>
5155e92c6100b47513159eee1b2b9914ab204a5acovener</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
fb109b84906e3ee61680aa289953c2f9e859354erbowen<description>File attributes used to create the ETag
56589be3d7a3e9343370df240010c6928cc78b39jkaluzaHTTP response header for static files</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
d950cf9262224a223e2ff5c51393708071e14b94covener The <directive>FileETag</directive> directive configures the file
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor attributes that are used to create the <code>ETag</code> (entity
2bac697634d965d9d9a921a99a68b2c454c8a95dbnicholes tag) response header field when the document is based on a static file.
2bac697634d965d9d9a921a99a68b2c454c8a95dbnicholes (The <code>ETag</code> value is used in cache management to save
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive network bandwidth.) The
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>FileETag</directive> directive allows you to choose
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen which of these -- if any -- should be used. The recognized keywords are:
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <dd>The file's i-node number will be included in the calculation</dd>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <dd>The date and time the file was last modified will be included</dd>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <dd>The number of bytes in the file will be included</dd>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <dd>All available fields will be used. This is equivalent to:
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <dd>If a document is file-based, no <code>ETag</code> field will be
e302f38fd646764ce1a1e1c578d794aef514a9e5sf included in the response</dd>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>The <code>INode</code>, <code>MTime</code>, and <code>Size</code>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic keywords may be prefixed with either <code>+</code> or <code>-</code>,
e302f38fd646764ce1a1e1c578d794aef514a9e5sf which allow changes to be made to the default setting inherited
e302f38fd646764ce1a1e1c578d794aef514a9e5sf from a broader scope. Any keyword appearing without such a prefix
18ee8bb3db5cc3b04291f89301bd5d14dc271066lgentis immediately and completely cancels the inherited setting.</p>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen <p>If a directory's configuration includes
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <code>FileETag INode MTime Size</code>, and a
e302f38fd646764ce1a1e1c578d794aef514a9e5sf subdirectory's includes <code>FileETag -INode</code>,
e302f38fd646764ce1a1e1c578d794aef514a9e5sf the setting for that subdirectory (which will be inherited by
e302f38fd646764ce1a1e1c578d794aef514a9e5sf any sub-subdirectories that don't override it) will be equivalent to
e302f38fd646764ce1a1e1c578d794aef514a9e5sf Do not change the default for directories or locations that have WebDAV
e302f38fd646764ce1a1e1c578d794aef514a9e5sf enabled and use <module>mod_dav_fs</module> as a storage provider.
e32a6a51d27e311db1e1d5920ac7bd0de33823cfhumbedooh <module>mod_dav_fs</module> uses <code>INode MTime Size</code>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf as a fixed format for <code>ETag</code> comparisons on conditional requests.
e302f38fd646764ce1a1e1c578d794aef514a9e5sf These conditional requests will break if the <code>ETag</code> format is
e302f38fd646764ce1a1e1c578d794aef514a9e5sf An ETag is not generated for responses parsed by <module>mod_include</module>,
e302f38fd646764ce1a1e1c578d794aef514a9e5sf since the response entity can change without a change of the INode, MTime, or Size
4c14866954f240e6e2c17c164900c4aa7900bbeehumbedooh of the static file with embedded SSI directives.
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf</directivesynopsis>
e32a6a51d27e311db1e1d5920ac7bd0de33823cfhumbedooh<description>Contains directives that apply to matched
e302f38fd646764ce1a1e1c578d794aef514a9e5sffilenames</description>
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf<syntax><Files <var>filename</var>> ... </Files></syntax>
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf<contextlist><context>server config</context><context>virtual host</context>
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf</contextlist>
221a06bb836af6024708190895834af79c90d1c8rbowen <p>The <directive type="section">Files</directive> directive
221a06bb836af6024708190895834af79c90d1c8rbowen limits the scope of the enclosed directives by filename. It is comparable
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen to the <directive module="core" type="section">Directory</directive>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen and <directive module="core" type="section">Location</directive>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen directives. It should be matched with a <code></Files></code>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen directive. The directives given within this section will be applied to
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen any object with a basename (last component of filename) matching the
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen specified filename. <directive type="section">Files</directive>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen sections are processed in the order they appear in the
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen configuration file, after the <directive module="core"
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen <code>.htaccess</code> files are read, but before <directive
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen type="section" module="core">Location</directive> sections. Note
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen that <directive type="section">Files</directive> can be nested
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen module="core">Directory</directive> sections to restrict the
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen portion of the filesystem they apply to.</p>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen <p>The <var>filename</var> argument should include a filename, or
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen a wild-card string, where <code>?</code> matches any single character,
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen and <code>*</code> matches any sequences of characters.
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen can also be used, with the addition of the
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <Files ~ "\.(gif|jpe?g|png)$">
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </example>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>would match most common Internet graphics formats. <directive
e302f38fd646764ce1a1e1c578d794aef514a9e5sf module="core" type="section">FilesMatch</directive> is preferred,
e302f38fd646764ce1a1e1c578d794aef514a9e5sf however.</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf module="core">Directory</directive> and <directive type="section"
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen module="core">Location</directive> sections, <directive
2d391792b33e3c27e070739f74d74989c77fea8eminfrin type="section">Files</directive> sections can be used inside
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <code>.htaccess</code> files. This allows users to control access to
2a781ea98a32c069ae57a89566ee9628e19a2ec2minfrin their own files, at a file-by-file level.</p>
2a781ea98a32c069ae57a89566ee9628e19a2ec2minfrin<seealso><a href="/sections.html">How <Directory>, <Location>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen and <Files> sections work</a> for an explanation of how these
e302f38fd646764ce1a1e1c578d794aef514a9e5sf different sections are combined when a request is received</seealso>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf</directivesynopsis>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen<description>Contains directives that apply to regular-expression matched
e302f38fd646764ce1a1e1c578d794aef514a9e5sffilenames</description>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<syntax><FilesMatch <var>regex</var>> ... </FilesMatch></syntax>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen<contextlist><context>server config</context><context>virtual host</context>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf</contextlist>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen <p>The <directive type="section">FilesMatch</directive> directive
e302f38fd646764ce1a1e1c578d794aef514a9e5sf limits the scope of the enclosed directives by filename, just as the
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <directive module="core" type="section">Files</directive> directive
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen does. However, it accepts a <glossary ref="regex">regular
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <FilesMatch "\.(gif|jpe?g|png)$">
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </example>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>would match most common Internet graphics formats.</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<seealso><a href="/sections.html">How <Directory>, <Location>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf and <Files> sections work</a> for an explanation of how these
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen different sections are combined when a request is received</seealso>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf</directivesynopsis>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<directivesynopsis>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<description>Forces all matching files to be served with the specified
b89fea36d9c12cec3344576824f4e6798da90ad4rbowenmedia type in the HTTP Content-Type header field</description>
4497075b5e08b0c8ee89425a1758258ae80550fcsf<contextlist><context>directory</context><context>.htaccess</context>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen</contextlist>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<compatibility>Moved to the core in Apache httpd 2.0</compatibility>
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen <directive type="section" module="core">Directory</directive>, or
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf <directive type="section" module="core">Location</directive> or
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf <directive type="section" module="core">Files</directive>
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf section, this directive forces all matching files to be served
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen with the content type identification given by
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <var>media-type</var>. For example, if you had a directory full of
e302f38fd646764ce1a1e1c578d794aef514a9e5sf GIF files, but did not want to label them all with <code>.gif</code>,
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen you might want to use:</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </example>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>Note that this directive overrides other indirect media type
b89fea36d9c12cec3344576824f4e6798da90ad4rbowen associations defined in mime.types or via the
9228509ac5da8374df4a5d50b7da139e7b31f8a3sf <p>You can also override more general
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <Location /images><br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </Location><br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf # but normal mime-type associations here:<br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf ForceType None<br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </Location>
ce4dc40a4e87991087488f70d96d3447d7557294sf </example>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>This directive primarily overrides the content types generated for
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh static files served out of the filesystem. For resources other than
10573a2de70ec898ec188946921fed2cb98622e5rbowen static files, where the generator of the response typically specifies
2aa51ed61adb484602e94de3d2214ec267aecedbigalic a Content-Type, this directive has no effect.</p>
abdaaa23d72ef7e7ff91eab9c5581d40130680c1rbowen</directivesynopsis>
abdaaa23d72ef7e7ff91eab9c5581d40130680c1rbowen<directivesynopsis>
abdaaa23d72ef7e7ff91eab9c5581d40130680c1rbowen<description>Directory to write gmon.out profiling data to. </description>
abdaaa23d72ef7e7ff91eab9c5581d40130680c1rbowen<syntax>GprofDir <var>/tmp/gprof/</var>|<var>/tmp/gprof/</var>%</syntax>
abdaaa23d72ef7e7ff91eab9c5581d40130680c1rbowen<contextlist><context>server config</context><context>virtual host</context>
e32a6a51d27e311db1e1d5920ac7bd0de33823cfhumbedooh</contextlist>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <p>When the server has been compiled with gprof profiling suppport,
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <directive>GprofDir</directive> causes <code>gmon.out</code> files to
2aa51ed61adb484602e94de3d2214ec267aecedbigalic be written to the specified directory when the process exits. If the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic argument ends with a percent symbol ('%'), subdirectories are created
e302f38fd646764ce1a1e1c578d794aef514a9e5sf for each process id.</p>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <p>This directive currently only works with the <module>prefork</module>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic</directivesynopsis>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<directivesynopsis>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<description>Enables DNS lookups on client IP addresses</description>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<contextlist><context>server config</context><context>virtual host</context>
a8ee031b2224ce5473826c9d4f603681589245fawrowe <p>This directive enables DNS lookups so that host names can be
a8ee031b2224ce5473826c9d4f603681589245fawrowe logged (and passed to CGIs/SSIs in <code>REMOTE_HOST</code>).
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor The value <code>Double</code> refers to doing double-reverse
a8ee031b2224ce5473826c9d4f603681589245fawrowe DNS lookup. That is, after a reverse lookup is performed, a forward
a8ee031b2224ce5473826c9d4f603681589245fawrowe lookup is then performed on that result. At least one of the IP
a8ee031b2224ce5473826c9d4f603681589245fawrowe addresses in the forward lookup must match the original
a8ee031b2224ce5473826c9d4f603681589245fawrowe address. (In "tcpwrappers" terminology this is called
a8ee031b2224ce5473826c9d4f603681589245fawrowe <p>Regardless of the setting, when <module>mod_authz_host</module> is
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor used for controlling access by hostname, a double reverse lookup
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor will be performed. This is necessary for security. Note that the
a8ee031b2224ce5473826c9d4f603681589245fawrowe result of this double-reverse isn't generally available unless you
a8ee031b2224ce5473826c9d4f603681589245fawrowe set <code>HostnameLookups Double</code>. For example, if only
a8ee031b2224ce5473826c9d4f603681589245fawrowe <code>HostnameLookups On</code> and a request is made to an object
a8ee031b2224ce5473826c9d4f603681589245fawrowe that is protected by hostname restrictions, regardless of whether
a8ee031b2224ce5473826c9d4f603681589245fawrowe the double-reverse fails or not, CGIs will still be passed the
a8ee031b2224ce5473826c9d4f603681589245fawrowe single-reverse result in <code>REMOTE_HOST</code>.</p>
a8ee031b2224ce5473826c9d4f603681589245fawrowe <p>The default is <code>Off</code> in order to save the network
a8ee031b2224ce5473826c9d4f603681589245fawrowe traffic for those sites that don't truly need the reverse
34b157732214cedcd129cd9fe7c4290757505d60minfrin lookups done. It is also better for the end users because they
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor don't have to suffer the extra latency that a lookup entails.
a8ee031b2224ce5473826c9d4f603681589245fawrowe Heavily loaded sites should leave this directive
a8ee031b2224ce5473826c9d4f603681589245fawrowe <code>Off</code>, since DNS lookups can take considerable
a8ee031b2224ce5473826c9d4f603681589245fawrowe amounts of time. The utility <program>logresolve</program>, compiled by
a8ee031b2224ce5473826c9d4f603681589245fawrowe default to the <code>bin</code> subdirectory of your installation
02c86afa991026c4146423dc84bc126e57d28df6wrowe directory, can be used to look up host names from logged IP addresses
34b157732214cedcd129cd9fe7c4290757505d60minfrin offline.</p>
34b157732214cedcd129cd9fe7c4290757505d60minfrin</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Contains directives that apply only if a condition is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivesatisfied by a request at runtime</description>
003f0c9fda6664daf5092a0e42f65ede20098153slive<syntax><If <var>expression</var>> ... </If></syntax>
a5f060e0c74a44cb8896ae794c08f94f7c9a46a7covener<contextlist><context>server config</context><context>virtual host</context>
fec106c7688e279dfde4403bc3c935fec97c1d62sf</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">If</directive> directive
fec106c7688e279dfde4403bc3c935fec97c1d62sf evaluates an expression at runtime, and applies the enclosed
fec106c7688e279dfde4403bc3c935fec97c1d62sf directives if and only if the expression evaluates to true.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <If "$req{Host} = ''">
fb77c505254b6e9c925e23e734463e87574f8f40kess </example>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>would match HTTP/1.0 requests without a <var>Host:</var> header.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>You may compare the value of any variable in the request headers
fb77c505254b6e9c925e23e734463e87574f8f40kess ($req), response headers ($resp) or environment ($env) in your
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive expression.</p>
530eba85dbd41b8a0fa5255d3648d1440199a661slive <p>Apart from <code>=</code>, <code>If</code> can use the <code>IN</code>
530eba85dbd41b8a0fa5255d3648d1440199a661slive operator to compare if the expression is in a given range:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <If %{REQUEST_METHOD} IN GET,HEAD,OPTIONS>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<seealso><a href="/expr.html">Expressions in Apache HTTP Server</a>,
530eba85dbd41b8a0fa5255d3648d1440199a661slivefor a complete reference and more examples.</seealso>
fb77c505254b6e9c925e23e734463e87574f8f40kess<seealso><a href="/sections.html">How <Directory>, <Location>,
fb77c505254b6e9c925e23e734463e87574f8f40kess <Files> sections work</a> for an explanation of how these
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different sections are combined when a request is received.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <directive type="section">If</directive> has the same precedence
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd and usage as <directive type="section">Files</directive></seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>Encloses directives that will be processed only
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndif a test is true at startup</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </IfDefine></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
fec106c7688e279dfde4403bc3c935fec97c1d62sf <p>The <code><IfDefine <var>test</var>>...</IfDefine>
0db981f8fdfb62c5149efa079f0369b73d472d04rpluem </code> section is used to mark directives that are conditional. The
0db981f8fdfb62c5149efa079f0369b73d472d04rpluem directives within an <directive type="section">IfDefine</directive>
0db981f8fdfb62c5149efa079f0369b73d472d04rpluem section are only processed if the <var>test</var> is true. If <var>
0db981f8fdfb62c5149efa079f0369b73d472d04rpluem test</var> is false, everything between the start and end markers is
a5f060e0c74a44cb8896ae794c08f94f7c9a46a7covener ignored.</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>The <var>test</var> in the <directive type="section"
a5f060e0c74a44cb8896ae794c08f94f7c9a46a7covener >IfDefine</directive> section directive can be one of two forms:</p>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>In the former case, the directives between the start and end
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive markers are only processed if the parameter named
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <var>parameter-name</var> is defined. The second format reverses
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the test, and only processes the directives if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>parameter-name</var> is <strong>not</strong> defined.</p>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>The <var>parameter-name</var> argument is a define as given on the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <program>httpd</program> command line via <code>-D<var>parameter</var>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </code> at the time the server was started or by the <directive
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess <p><directive type="section">IfDefine</directive> sections are
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess nest-able, which can be used to implement simple
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess multiple-parameter tests. Example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive httpd -DReverseProxy -DUseCache -DMemCache ...<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <IfDefine ReverseProxy><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive LoadModule proxy_http_module modules/mod_proxy_http.so<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <IfDefine UseCache><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <IfDefine MemCache><br />
fb77c505254b6e9c925e23e734463e87574f8f40kess LoadModule mem_cache_module modules/mod_mem_cache.so<br />
1532c34f7521c6d2457ea0c40d159b4998ea2334humbedooh </IfDefine><br />
1532c34f7521c6d2457ea0c40d159b4998ea2334humbedooh <IfDefine !MemCache><br />
1532c34f7521c6d2457ea0c40d159b4998ea2334humbedooh LoadModule cache_disk_module modules/mod_cache_disk.so<br />
1532c34f7521c6d2457ea0c40d159b4998ea2334humbedooh </IfDefine>
1532c34f7521c6d2457ea0c40d159b4998ea2334humbedooh </IfDefine>
062fa302e571fe5fcb2af6470f173fe71d3d041bhumbedooh </IfDefine>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh<description>Encloses directives that are processed conditional on the
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedoohpresence or absence of a specific module</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<syntax><IfModule [!]<var>module-file</var>|<var>module-identifier</var>> ...
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </IfModule></syntax>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<contextlist><context>server config</context><context>virtual host</context>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Module identifiers are available in version 2.1 and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivelater.</compatibility>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The <code><IfModule <var>test</var>>...</IfModule></code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive section is used to mark directives that are conditional on the presence of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a specific module. The directives within an <directive type="section"
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess >IfModule</directive> section are only processed if the <var>test</var>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess is true. If <var>test</var> is false, everything between the start and
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess end markers is ignored.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <var>test</var> in the <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >IfModule</directive> section directive can be one of two forms:</p>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>In the former case, the directives between the start and end
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive markers are only processed if the module named <var>module</var>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is included in Apache httpd -- either compiled in or
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess >LoadModule</directive>. The second format reverses the test,
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess and only processes the directives if <var>module</var> is
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The <var>module</var> argument can be either the module identifier or
8f5222d1bb4ace11af7add6932362e4c3822e548humbedooh the file name of the module, at the time it was compiled. For example,
8f5222d1bb4ace11af7add6932362e4c3822e548humbedooh <code>mod_rewrite.c</code> is the file name. If a module consists of
8f5222d1bb4ace11af7add6932362e4c3822e548humbedooh several source files, use the name of the file containing the string
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">IfModule</directive> sections are
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin nest-able, which can be used to implement simple multiple-module
4dc1bd46d9e8353c0d312f7bfd53080ad2b86ed2sf tests.</p>
eab364dc817e6d2f9179d0ecbd269d02df6f383cminfrin <note>This section should only be used if you need to have one
ae382386f18506586972cdd63c09bb27a1685062nd configuration file that works whether or not a specific module
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin is available. In normal operation, directives need not be
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin placed in <directive type="section">IfModule</directive>
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin sections.</note>
ae382386f18506586972cdd63c09bb27a1685062nd</directivesynopsis>
ae382386f18506586972cdd63c09bb27a1685062nd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Includes other configuration files from within
6b64034fa2a644ba291c484c0c01c7df5b8d982ckessthe server configuration files</description>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<syntax>Include [<var>optional</var>|<var>strict</var>] <var>file-path</var>|<var>directory-path</var>|<var>wildcard</var></syntax>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Wildcard matching available in 2.0.41 and later, directory
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivewildcard matching available in 2.3.6 and later</compatibility>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <p>This directive allows inclusion of other configuration files
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding from within the server configuration files.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Shell-style (<code>fnmatch()</code>) wildcard characters can be used
003f0c9fda6664daf5092a0e42f65ede20098153slive in the filename or directory parts of the path to include several files
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive at once, in alphabetical order. In addition, if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>Include</directive> points to a directory, rather than a file,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Apache httpd will read all files in that directory and any subdirectory.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive However, including entire directories is not recommended, because it is
fb77c505254b6e9c925e23e734463e87574f8f40kess easy to accidentally leave temporary files in a directory that can cause
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <program>httpd</program> to fail. Instead, we encourage you to use the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive wildcard syntax shown below, to include files that match a particular
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive pattern, such as *.conf, for example.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>When a wildcard is specified for a <strong>file</strong> component of
fb77c505254b6e9c925e23e734463e87574f8f40kess the path, and no file matches the wildcard, the
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh directive will be <strong>silently ignored</strong>. When a wildcard is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive specified for a <strong>directory</strong> component of the path, and
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding no directory matches the wildcard, the
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <directive module="core">Include</directive> directive will
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <strong>fail with an error</strong> saying the directory cannot be found.
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <p>For further control over the behaviour of the server when no files or
c97e8972ab1f4dd167e3dc4db87daf91114009fbnd directories match, prefix the path with the modifiers <var>optional</var>
7654193c1faf603feec999850322ad79e6c551bcnd or <var>strict</var>. If <var>optional</var> is specified, any wildcard
2aa51ed61adb484602e94de3d2214ec267aecedbigalic file or directory that does not match will be silently ignored. If
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <var>strict</var> is specified, any wildcard file or directory that does
2aa51ed61adb484602e94de3d2214ec267aecedbigalic not match at least one file will cause server startup to fail.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>When a directory or file component of the path is
2aa51ed61adb484602e94de3d2214ec267aecedbigalic specified exactly, and that directory or file does not exist,
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <directive module="core">Include</directive> directive will fail with an
2aa51ed61adb484602e94de3d2214ec267aecedbigalic error saying the file or directory cannot be found.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>The file path specified may be an absolute path, or may be relative
2aa51ed61adb484602e94de3d2214ec267aecedbigalic to the <directive module="core">ServerRoot</directive> directory.</p>
e32a6a51d27e311db1e1d5920ac7bd0de33823cfhumbedooh <p>Wildcards may be included in the directory or file portion of the
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener path. In the following example, the server will fail to load if no
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener directories match conf/vhosts/*, but will load successfully if no
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener files match *.conf.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In this example, the server will fail to load if either
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive conf/vhosts/* matches no directories, or if *.conf matches no files:</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In this example, the server load successfully if either conf/vhosts/*
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive matches no directories, or if *.conf matches no files:</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
9ed9eaf871c58d281af02e76125ceadb5060afa5nd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Enables HTTP persistent connections</description>
fb77c505254b6e9c925e23e734463e87574f8f40kess<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The Keep-Alive extension to HTTP/1.0 and the persistent
fb77c505254b6e9c925e23e734463e87574f8f40kess connection feature of HTTP/1.1 provide long-lived HTTP sessions
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive which allow multiple requests to be sent over the same TCP
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive connection. In some cases this has been shown to result in an
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive almost 50% speedup in latency times for HTML documents with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive many images. To enable Keep-Alive connections, set
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd <p>For HTTP/1.0 clients, Keep-Alive connections will only be
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd used if they are specifically requested by a client. In
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd addition, a Keep-Alive connection with an HTTP/1.0 client can
e40b2d66f8592e45981ea1cbdac42db076ea1da6rbowen only be used when the length of the content is known in
e40b2d66f8592e45981ea1cbdac42db076ea1da6rbowen advance. This implies that dynamic content such as CGI output,
e40b2d66f8592e45981ea1cbdac42db076ea1da6rbowen SSI pages, and server-generated directory listings will
e40b2d66f8592e45981ea1cbdac42db076ea1da6rbowen generally not use Keep-Alive connections to HTTP/1.0 clients.
e40b2d66f8592e45981ea1cbdac42db076ea1da6rbowen For HTTP/1.1 clients, persistent connections are the default
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive unless otherwise specified. If the client requests it, chunked
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive encoding will be used in order to send content of unknown
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive length over persistent connections.</p>
750d12c59545dbbac70390988de94f7e901b08f2niq <p>When a client uses a Keep-Alive connection it will be counted
750d12c59545dbbac70390988de94f7e901b08f2niq as a single "request" for the <directive module="mpm_common"
750d12c59545dbbac70390988de94f7e901b08f2niq >MaxConnectionsPerChild</directive> directive, regardless
750d12c59545dbbac70390988de94f7e901b08f2niq of how many requests are sent using the connection.</p>
750d12c59545dbbac70390988de94f7e901b08f2niq<seealso><directive module="core">MaxKeepAliveRequests</directive></seealso>
750d12c59545dbbac70390988de94f7e901b08f2niq</directivesynopsis>
750d12c59545dbbac70390988de94f7e901b08f2niq<directivesynopsis>
750d12c59545dbbac70390988de94f7e901b08f2niq<description>Amount of time the server will wait for subsequent
750d12c59545dbbac70390988de94f7e901b08f2niqrequests on a persistent connection</description>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh<contextlist><context>server config</context><context>virtual host</context>
750d12c59545dbbac70390988de94f7e901b08f2niq</contextlist>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<compatibility>Specifying a value in milliseconds is available in
6b15044d54a096e6323ff1540f1a491e8de7622dsfApache httpd 2.3.2 and later</compatibility>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>The number of seconds Apache httpd will wait for a subsequent
6b15044d54a096e6323ff1540f1a491e8de7622dsf request before closing the connection. By adding a postfix of ms the
1a0ca5f6b566a5eb77d63f466fcf78fb388a4182igalic timeout can be also set in milliseconds. Once a request has been
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh received, the timeout value specified by the
1a0ca5f6b566a5eb77d63f466fcf78fb388a4182igalic <directive module="core">Timeout</directive> directive applies.</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>Setting <directive>KeepAliveTimeout</directive> to a high value
6b15044d54a096e6323ff1540f1a491e8de7622dsf may cause performance problems in heavily loaded servers. The
6b15044d54a096e6323ff1540f1a491e8de7622dsf higher the timeout, the more server processes will be kept
6b15044d54a096e6323ff1540f1a491e8de7622dsf occupied waiting on connections with idle clients.</p>
ae382386f18506586972cdd63c09bb27a1685062nd <p>In a name-based virtual host context, the value of the first
5d3e6446caba86f432b74a4427da122c3222332bcovener defined virtual host best matching the local IP and port will be used.</p>
750d12c59545dbbac70390988de94f7e901b08f2niq</directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<description>Restrict enclosed access controls to only certain HTTP
6b15044d54a096e6323ff1540f1a491e8de7622dsfmethods</description>
750d12c59545dbbac70390988de94f7e901b08f2niq<syntax><Limit <var>method</var> [<var>method</var>] ... > ...
750d12c59545dbbac70390988de94f7e901b08f2niq </Limit></syntax>
750d12c59545dbbac70390988de94f7e901b08f2niq<contextlist><context>directory</context><context>.htaccess</context>
6b15044d54a096e6323ff1540f1a491e8de7622dsf</contextlist>
750d12c59545dbbac70390988de94f7e901b08f2niq <p>Access controls are normally effective for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <strong>all</strong> access methods, and this is the usual
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive desired behavior. <strong>In the general case, access control
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives should not be placed within a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section">Limit</directive> section.</strong></p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The purpose of the <directive type="section">Limit</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive is to restrict the effect of the access controls to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive nominated HTTP methods. For all other methods, the access
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive restrictions that are enclosed in the <directive
003f0c9fda6664daf5092a0e42f65ede20098153slive type="section">Limit</directive> bracket <strong>will have no
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive effect</strong>. The following example applies the access control
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive only to the methods <code>POST</code>, <code>PUT</code>, and
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>DELETE</code>, leaving all other methods unprotected:</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <Limit POST PUT DELETE><br />
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Require valid-user<br />
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </Limit>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The method names listed can be one or more of: <code>GET</code>,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>POST</code>, <code>PUT</code>, <code>DELETE</code>,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>PATCH</code>, <code>PROPFIND</code>, <code>PROPPATCH</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>MKCOL</code>, <code>COPY</code>, <code>MOVE</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>LOCK</code>, and <code>UNLOCK</code>. <strong>The method name is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive case-sensitive.</strong> If <code>GET</code> is used it will also
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive restrict <code>HEAD</code> requests. The <code>TRACE</code> method
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl module="core">LimitExcept</directive> section should always be
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl used in preference to a <directive type="section">Limit</directive>
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl section when restricting access, since a <directive type="section"
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl module="core">LimitExcept</directive> section provides protection
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive against arbitrary methods.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">Limit</directive> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">LimitExcept</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives may be nested. In this case, each successive level of
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <directive type="section">Limit</directive> or <directive
2aa51ed61adb484602e94de3d2214ec267aecedbigalic type="section" module="core">LimitExcept</directive> directives must
2aa51ed61adb484602e94de3d2214ec267aecedbigalic further restrict the set of methods to which access controls apply.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <directive type="section">LimitExcept</directive> directives with
2aa51ed61adb484602e94de3d2214ec267aecedbigalic the <directive module="mod_authz_core">Require</directive> directive,
2aa51ed61adb484602e94de3d2214ec267aecedbigalic note that the first <directive module="mod_authz_core">Require</directive>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic to succeed authorizes the request, regardless of the presence of other
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <directive module="mod_authz_core">Require</directive> directives.</note>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>For example, given the following configuration, all users will
2aa51ed61adb484602e94de3d2214ec267aecedbigalic be authorized for <code>POST</code> requests, and the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <code>Require group editors</code> directive will be ignored
2aa51ed61adb484602e94de3d2214ec267aecedbigalic in all cases:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <LimitExcept GET>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Require valid-user
a04a96aae08a62f2d9d5833b3313a9751fa3f680yoshiki </LimitExcept><br />
55d36f9b61520c2374ab463e77e8a62daa416398nd <Limit POST>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Require group editors
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Limit>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>Restrict access controls to all HTTP methods
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndexcept the named ones</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<syntax><LimitExcept <var>method</var> [<var>method</var>] ... > ...
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </LimitExcept></syntax>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>directory</context><context>.htaccess</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">LimitExcept</directive> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a group of access control directives which will then apply to any
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive HTTP access method <strong>not</strong> listed in the arguments;
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive i.e., it is the opposite of a <directive type="section"
55d36f9b61520c2374ab463e77e8a62daa416398nd module="core">Limit</directive> section and can be used to control
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen both standard and nonstandard/unrecognized methods. See the
55d36f9b61520c2374ab463e77e8a62daa416398nd <LimitExcept POST GET><br />
55d36f9b61520c2374ab463e77e8a62daa416398nd Require valid-user<br />
bea526116133aa3d7dabd1924bfc580b37fbf22aslive </LimitExcept>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
bea526116133aa3d7dabd1924bfc580b37fbf22aslive<directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<description>Determine maximum number of internal redirects and nested
bea526116133aa3d7dabd1924bfc580b37fbf22aslivesubrequests</description>
bea526116133aa3d7dabd1924bfc580b37fbf22aslive<syntax>LimitInternalRecursion <var>number</var> [<var>number</var>]</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Available in Apache httpd 2.0.47 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>An internal redirect happens, for example, when using the <directive
69d4a64874fd7161f80bb0484341c60857b6fd6esf module="mod_actions">Action</directive> directive, which internally
003f0c9fda6664daf5092a0e42f65ede20098153slive redirects the original request to a CGI script. A subrequest is Apache httpd's
003f0c9fda6664daf5092a0e42f65ede20098153slive mechanism to find out what would happen for some URI if it were requested.
003f0c9fda6664daf5092a0e42f65ede20098153slive For example, <module>mod_dir</module> uses subrequests to look for the
158222078a98fb13cddf2793b42f7eb8eafe51aerjung files listed in the <directive module="mod_dir">DirectoryIndex</directive>
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin directive.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive>LimitInternalRecursion</directive> prevents the server
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive from crashing when entering an infinite loop of internal redirects or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive subrequests. Such loops are usually caused by misconfigurations.</p>
5b258a8d58679c6587757189339bb3c2d0488f93poirier <p>The directive stores two different limits, which are evaluated on
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin per-request basis. The first <var>number</var> is the maximum number of
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin internal redirects, that may follow each other. The second <var>number</var>
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin determines, how deep subrequests may be nested. If you specify only one
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <var>number</var>, it will be assigned to both limits.</p>
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin LimitInternalRecursion 5
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin</directivesynopsis>
cb43dee5b65f707dfd575fc681ef863d6f6b0385sf<directivesynopsis>
cb43dee5b65f707dfd575fc681ef863d6f6b0385sf<description>Restricts the total size of the HTTP request body sent
03aa31ad82759363ba1a55589e517b16308ef635minfrinfrom the client</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>This directive specifies the number of <var>bytes</var> from 0
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd (meaning unlimited) to 2147483647 (2GB) that are allowed in a
7b5535ed88e0f561b3bfb3330137bd804846afd4slive request body. See the note below for the limited applicability
7b5535ed88e0f561b3bfb3330137bd804846afd4slive to proxy requests.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>The <directive>LimitRequestBody</directive> directive allows
2aa51ed61adb484602e94de3d2214ec267aecedbigalic the user to set a limit on the allowed size of an HTTP request
2aa51ed61adb484602e94de3d2214ec267aecedbigalic message body within the context in which the directive is given
2aa51ed61adb484602e94de3d2214ec267aecedbigalic (server, per-directory, per-file or per-location). If the client
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin request exceeds that limit, the server will return an error
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin response instead of servicing the request. The size of a normal
69d4a64874fd7161f80bb0484341c60857b6fd6esf request message body will vary greatly depending on the nature of
cb43dee5b65f707dfd575fc681ef863d6f6b0385sf the resource and the methods allowed on that resource. CGI scripts
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor typically use the message body for retrieving form information.
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh Implementations of the <code>PUT</code> method will require
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin a value at least as large as any representation that the server
69d4a64874fd7161f80bb0484341c60857b6fd6esf wishes to accept for that resource.</p>
03aa31ad82759363ba1a55589e517b16308ef635minfrin <p>This directive gives the server administrator greater
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh control over abnormal client request behavior, which may be
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor useful for avoiding some forms of denial-of-service
69d4a64874fd7161f80bb0484341c60857b6fd6esf attacks.</p>
69d4a64874fd7161f80bb0484341c60857b6fd6esf <p>If, for example, you are permitting file upload to a particular
69d4a64874fd7161f80bb0484341c60857b6fd6esf location, and wish to limit the size of the uploaded file to 100K,
69d4a64874fd7161f80bb0484341c60857b6fd6esf you might use the following directive:</p>
69d4a64874fd7161f80bb0484341c60857b6fd6esf LimitRequestBody 102400
69d4a64874fd7161f80bb0484341c60857b6fd6esf </example>
69d4a64874fd7161f80bb0484341c60857b6fd6esf <note><p>For a full description of how this directive is interpreted by
69d4a64874fd7161f80bb0484341c60857b6fd6esf proxy requests, see the <module>mod_proxy</module> documentation.</p>
69d4a64874fd7161f80bb0484341c60857b6fd6esf</directivesynopsis>
69d4a64874fd7161f80bb0484341c60857b6fd6esf<directivesynopsis>
69d4a64874fd7161f80bb0484341c60857b6fd6esf<description>Limits the number of HTTP request header fields that
69d4a64874fd7161f80bb0484341c60857b6fd6esfwill be accepted from the client</description>
03aa31ad82759363ba1a55589e517b16308ef635minfrin<contextlist><context>server config</context><context>virtual host</context></contextlist>
03aa31ad82759363ba1a55589e517b16308ef635minfrin <p><var>Number</var> is an integer from 0 (meaning unlimited) to
03aa31ad82759363ba1a55589e517b16308ef635minfrin 32767. The default value is defined by the compile-time
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor constant <code>DEFAULT_LIMIT_REQUEST_FIELDS</code> (100 as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive distributed).</p>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>The <directive>LimitRequestFields</directive> directive allows
fb77c505254b6e9c925e23e734463e87574f8f40kess the server administrator to modify the limit on the number of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request header fields allowed in an HTTP request. A server needs
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele this value to be larger than the number of fields that a normal
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele client request might include. The number of request header fields
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive used by a client rarely exceeds 20, but this may vary among
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different client implementations, often depending upon the extent
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to which a user has configured their browser to support detailed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive content negotiation. Optional HTTP extensions are often expressed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive using request header fields.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive gives the server administrator greater
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess control over abnormal client request behavior, which may be
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess useful for avoiding some forms of denial-of-service attacks.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The value should be increased if normal clients see an error
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive response from the server that indicates too many fields were
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive sent in the request.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive LimitRequestFields 50
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p> When name-based virtual hosting is used, the value for this
891df99fdfa41fc8a486568f4d31ddf4a571258adreid directive is taken from the default (first-listed) virtual host for the
891df99fdfa41fc8a486568f4d31ddf4a571258adreid local IP and port combination</p>.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Limits the size of the HTTP request header allowed from the
98f5034c8cbf2ef025b317b3e01acae82e143b11trawickclient</description>
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick<syntax>LimitRequestFieldSize <var>bytes</var></syntax>
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick<contextlist><context>server config</context><context>virtual host</context></contextlist>
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick <p>This directive specifies the number of <var>bytes</var>
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick that will be allowed in an HTTP request header.</p>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <p>The <directive>LimitRequestFieldSize</directive> directive
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick allows the server administrator to reduce or increase the limit
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick on the allowed size of an HTTP request header field. A server
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen needs this value to be large enough to hold any one header field
9f38f3ec3e8087985d108a24ae796962fef83644takashi from a normal client request. The size of a normal request header
9f38f3ec3e8087985d108a24ae796962fef83644takashi field will vary greatly among different client implementations,
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick often depending upon the extent to which a user has configured
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick their browser to support detailed content negotiation. SPNEGO
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick authentication headers can be up to 12392 bytes.</p>
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick <p>This directive gives the server administrator greater
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick control over abnormal client request behavior, which may be
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick useful for avoiding some forms of denial-of-service attacks.</p>
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick LimitRequestFieldSize 4094
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note>Under normal conditions, the value should not be changed from
003f0c9fda6664daf5092a0e42f65ede20098153slive the default.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p> When name-based virtual hosting is used, the value for this
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd directive is taken from the default (first-listed) virtual host best
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive matching the current IP address and port combination.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Limit the size of the HTTP request line that will be accepted
130d299c4b2b15be45532a176604c71fdc7bea5bndfrom the client</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context></contextlist>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>This directive sets the number of <var>bytes</var> that will be
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess allowed on the HTTP request-line.</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>The <directive>LimitRequestLine</directive> directive allows
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the server administrator to reduce or increase the limit on the allowed size
2aa51ed61adb484602e94de3d2214ec267aecedbigalic of a client's HTTP request-line. Since the request-line consists of the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic HTTP method, URI, and protocol version, the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <directive>LimitRequestLine</directive> directive places a
2aa51ed61adb484602e94de3d2214ec267aecedbigalic restriction on the length of a request-URI allowed for a request
2aa51ed61adb484602e94de3d2214ec267aecedbigalic on the server. A server needs this value to be large enough to
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd hold any of its resource names, including any information that
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd might be passed in the query part of a <code>GET</code> request.</p>
6c5c651b0b97607b8c8b4965c1385c67699f217fnd <p>This directive gives the server administrator greater
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd control over abnormal client request behavior, which may be
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd useful for avoiding some forms of denial-of-service attacks.</p>
750d12c59545dbbac70390988de94f7e901b08f2niq LimitRequestLine 4094
4bb78e7cdd53f50240cff4ad7a97c7ed36483797slive <note>Under normal conditions, the value should not be changed from
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd the default.</note>
4bb78e7cdd53f50240cff4ad7a97c7ed36483797slive <p> When name-based virtual hosting is used, the value for this
4bb78e7cdd53f50240cff4ad7a97c7ed36483797slive directive is taken from the default (first-listed) virtual host best
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd matching the current IP address and port combination.</p>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd</directivesynopsis>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd<directivesynopsis>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd<description>Limits the size of an XML-based request body</description>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd<contextlist><context>server config</context><context>virtual host</context>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd<context>directory</context><context>.htaccess</context></contextlist>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd <p>Limit (in bytes) on maximum size of an XML-based request
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd body. A value of <code>0</code> will disable any checking.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic LimitXMLRequestBody 0
2aa51ed61adb484602e94de3d2214ec267aecedbigalic</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Applies the enclosed directives only to matching
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveURLs</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax><Location
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>URL-path</var>|<var>URL</var>> ... </Location></syntax>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">Location</directive> directive
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd limits the scope of the enclosed directives by URL. It is similar to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Directory</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive, and starts a subsection which is terminated with a
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen type="section">Location</directive> sections are processed in the
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen order they appear in the configuration file, after the <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess type="section" module="core">Directory</directive> sections and
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <code>.htaccess</code> files are read, and after the <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">Files</directive> sections.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">Location</directive> sections operate
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive completely outside the filesystem. This has several consequences.
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen Most importantly, <directive type="section">Location</directive>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen directives should not be used to control access to filesystem
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen locations. Since several different URLs may map to the same
2aa51ed61adb484602e94de3d2214ec267aecedbigalic filesystem location, such access controls may by circumvented.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>The enclosed directives will be applied to the request if the path component
2aa51ed61adb484602e94de3d2214ec267aecedbigalic of the URL meets <em>any</em> of the following criteria:
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>The specified location matches exactly the path component of the URL.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>The specified location, which ends in a forward slash, is a prefix
03e0a375c2435102fb2b51e34cccff52acbfddcdnd of the path component of the URL (treated as a context root).
03e0a375c2435102fb2b51e34cccff52acbfddcdnd <li>The specified location, with the addition of a trailing slash, is a
03e0a375c2435102fb2b51e34cccff52acbfddcdnd prefix of the path component of the URL (also treated as a context root).
03e0a375c2435102fb2b51e34cccff52acbfddcdnd In the example below, where no trailing slash is used, requests to
03e0a375c2435102fb2b51e34cccff52acbfddcdnd /private1, /private1/ and /private1/file.txt will have the enclosed
03e0a375c2435102fb2b51e34cccff52acbfddcdnd directives applied, but /private1other would not.
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <Location /private1>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd </example>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd In the example below, where a trailing slash is used, requests to
03e0a375c2435102fb2b51e34cccff52acbfddcdnd directives applied, but /private2 and /private2other would not.
03e0a375c2435102fb2b51e34cccff52acbfddcdnd </example>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <p>Use <directive type="section">Location</directive> to apply
03e0a375c2435102fb2b51e34cccff52acbfddcdnd directives to content that lives outside the filesystem. For
03e0a375c2435102fb2b51e34cccff52acbfddcdnd content that lives in the filesystem, use <directive
03e0a375c2435102fb2b51e34cccff52acbfddcdnd type="section" module="core">Directory</directive> and <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">Files</directive>. An exception is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code><Location /></code>, which is an easy way to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive apply a configuration to the entire server.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For all origin (non-proxy) requests, the URL to be matched is a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive URL-path of the form <code>/path/</code>. <em>No scheme, hostname,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive port, or query string may be included.</em> For proxy requests, the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive URL to be matched is of the form
003f0c9fda6664daf5092a0e42f65ede20098153slive <code>scheme://servername/path</code>, and you must include the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive prefix.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The URL may use wildcards. In a wild-card string, <code>?</code> matches
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive any single character, and <code>*</code> matches any sequences of
6fad623c3cc52b4a84d4d36538f6eed886f49f98covener characters. Neither wildcard character matches a / in the URL-path.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><glossary ref="regex">Regular expressions</glossary>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can also be used, with the addition of the <code>~</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive character. For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <Location ~ "/(extra|special)/data">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>would match URLs that contained the substring <code>/extra/data</code>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess or <code>/special/data</code>. The directive <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess type="section" module="core">LocationMatch</directive> behaves
fb77c505254b6e9c925e23e734463e87574f8f40kess identical to the regex version of <directive
fb77c505254b6e9c925e23e734463e87574f8f40kess type="section">Location</directive>, and is preferred, for the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive simple reason that <code>~</code> is hard to distinguish from
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive functionality is especially useful when combined with the
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen directive. For example, to enable status requests, but allow them
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess only from browsers at <code>example.com</code>, you might use:</p>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <Location /status><br />
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor SetHandler server-status<br />
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen </Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The slash character has special meaning depending on where in a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive URL it appears. People may be used to its behavior in the filesystem
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess where multiple adjacent slashes are frequently collapsed to a single
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive slash (<em>i.e.</em>, <code>/home///foo</code> is the same as
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>/home/foo</code>). In URL-space this is not necessarily true.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The <directive type="section" module="core">LocationMatch</directive>
e0ef044feba0082771091af42798cada5bb1f4fcrbowen directive and the regex version of <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >Location</directive> require you to explicitly specify multiple
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive slashes if that is your intention.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For example, <code><LocationMatch ^/abc></code> would match
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the request URL <code>/abc</code> but not the request URL <code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive //abc</code>. The (non-regex) <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >Location</directive> directive behaves similarly when used for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive proxy requests. But when (non-regex) <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >Location</directive> is used for non-proxy requests it will
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive implicitly match multiple slashes with a single slash. For example,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive if you specify <code><Location /abc/def></code> and the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request is to <code>/abc//def</code> then it will match.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/sections.html">How <Directory>, <Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <Files> sections work</a> for an explanation of how these
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different sections are combined when a request is received.</seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">LocationMatch</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Applies the enclosed directives only to regular-expression
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivematching URLs</description>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<syntax><LocationMatch
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <var>regex</var>> ... </LocationMatch></syntax>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<contextlist><context>server config</context><context>virtual host</context>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh</contextlist>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>The <directive type="section">LocationMatch</directive> directive
611f7fd8a0a5ee4a29eeed79dfd8bf6faaa3c613covener limits the scope of the enclosed directives by URL, in an identical manner
f23a27021f46cd18a69e0715d7280a735582163bhumbedooh to <directive module="core" type="section">Location</directive>. However,
611f7fd8a0a5ee4a29eeed79dfd8bf6faaa3c613covener it takes a <glossary ref="regex">regular expression</glossary>
611f7fd8a0a5ee4a29eeed79dfd8bf6faaa3c613covener as an argument instead of a simple string. For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <LocationMatch "/(extra|special)/data">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>would match URLs that contained the substring <code>/extra/data</code>
e0ef044feba0082771091af42798cada5bb1f4fcrbowen<seealso><a href="/sections.html">How <Directory>, <Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <Files> sections work</a> for an explanation of how these
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different sections are combined when a request is received</seealso>
72580dbc2a55511f13f377063725b9f143b20826stoddard</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
4cc747f0aeda5b90c72e7e3ad22d5e58d6c48bc9rbowen<description>Controls the verbosity of the ErrorLog</description>
72580dbc2a55511f13f377063725b9f143b20826stoddard<syntax>LogLevel [<var>module</var>:]<var>level</var>
72580dbc2a55511f13f377063725b9f143b20826stoddard<contextlist><context>server config</context><context>virtual host</context>
72580dbc2a55511f13f377063725b9f143b20826stoddard</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Per-module and per-directory configuration is available in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Apache HTTP Server 2.3.6 and later</compatibility>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <p><directive>LogLevel</directive> adjusts the verbosity of the
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen messages recorded in the error logs (see <directive
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen module="core">ErrorLog</directive> directive). The following
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <var>level</var>s are available, in order of decreasing
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen significance:</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <columnspec><column width=".2"/><column width=".3"/><column width=".5"/>
2f505ba07f89ba6a175d6ceae67fb273c4eb0993covener </columnspec>
72580dbc2a55511f13f377063725b9f143b20826stoddard <td>"getpwuid: couldn't determine user name from uid"</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>"socket: Failed to get a socket, exiting child"</td>
611f7fd8a0a5ee4a29eeed79dfd8bf6faaa3c613covener <td>"child process 1234 did not exit, sending another
611f7fd8a0a5ee4a29eeed79dfd8bf6faaa3c613covener SIGHUP"</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>"httpd: caught SIGBUS, attempting to dump core in
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <td>"Server seems busy, (you may need to increase
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>"proxy: CONNECT: sending the CONNECT request to the remote proxy"</td>
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic <td>"read from buffered SSL brigade, mode 0, 17 bytes"</td>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <td>"map lookup FAILED: map=rewritemap key=keyname"</td>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <td>"cache lookup FAILED, forcing new map lookup"</td>
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh <td>Trace messages, dumping large amounts of data</td>
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic <td>"| 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 |"</td>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <td>Trace messages, dumping large amounts of data</td>
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh <td>"| 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 |"</td>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>When a particular level is specified, messages from all
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive other levels of higher significance will be reported as well.
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive <em>E.g.</em>, when <code>LogLevel info</code> is specified,
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive then messages with log levels of <code>notice</code> and
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive recommended.</p>
dc223428958ad9ff05011545bcdda000887b93e5slive LogLevel notice
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When logging to a regular file messages of the level
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>notice</code> cannot be suppressed and thus are always
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive logged. However, this doesn't apply when logging is done
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Specifying a level without a module name will reset the level
030108b1816bcda3d925df65357feabdce83bc94slive for all modules to that level. Specifying a level with a module
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor name will set the level for that module only. It is possible to
37742b630743e470b94618ecb3560fbd82e50b59rbowen use the module source file name, the module identifier, or the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd module identifier with the trailing <code>_module</code> omitted
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh as module specification. This means the following three specifications
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh are equivalent:</p>
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh LogLevel info ssl:warn<br />
fb77c505254b6e9c925e23e734463e87574f8f40kess LogLevel info ssl_module:warn<br />
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </example>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>It is also possible to change the level per directory:</p>
37742b630743e470b94618ecb3560fbd82e50b59rbowen LogLevel info<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive LogLevel debug<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Files>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Per directory loglevel configuration only affects messages that are
2aa51ed61adb484602e94de3d2214ec267aecedbigalic logged after the request has been parsed and that are associated with
2aa51ed61adb484602e94de3d2214ec267aecedbigalic the request. Log messages which are associated with the connection or
2aa51ed61adb484602e94de3d2214ec267aecedbigalic the server are not affected.
2aa51ed61adb484602e94de3d2214ec267aecedbigalic</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>Number of requests allowed on a persistent
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndconnection</description>
05201775eaa6b363b8a119c8aea5db246b967591yoshiki<syntax>MaxKeepAliveRequests <var>number</var></syntax>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>The <directive>MaxKeepAliveRequests</directive> directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd limits the number of requests allowed per connection when
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <directive module="core" >KeepAlive</directive> is on. If it is
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd set to <code>0</code>, unlimited requests will be allowed. We
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd recommend that this setting be kept to a high value for maximum
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd server performance.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd MaxKeepAliveRequests 500
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</directivesynopsis>
37742b630743e470b94618ecb3560fbd82e50b59rbowen<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Configures mutex mechanism and lock file directory for all
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveor specified mutexes</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>Mutex <var>mechanism</var> [default|<var>mutex-name</var>] ... [OmitPID]</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Available in Apache HTTP Server 2.3.4 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>Mutex</directive> directive sets the mechanism,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and optionally the lock file location, that httpd and modules use
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to serialize access to resources. Specify <code>default</code> as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the first argument to change the settings for all mutexes; specify
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess a mutex name (see table below) as the first argument to override
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess defaults only for that mutex.</p>
030108b1816bcda3d925df65357feabdce83bc94slive <p>The <directive>Mutex</directive> directive is typically used in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the following exceptional situations:</p>
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh <li>change the mutex mechanism when the default mechanism selected
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh by <glossary>APR</glossary> has a functional or performance
f03f2609a2fc7a0d920842390738080bc0e1304bhumbedooh problem</li>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <li>change the directory used by file-based mutexes when the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd default directory does not support locking</li>
eab364dc817e6d2f9179d0ecbd269d02df6f383cminfrin <p>This directive only configures mutexes which have been registered
ae382386f18506586972cdd63c09bb27a1685062nd with the core server using the <code>ap_mutex_register()</code> API.
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin All modules bundled with httpd support the <directive>Mutex</directive>
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin directive, but third-party modules may not. Consult the documentation
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin of the third-party module, which must indicate the mutex name(s) which
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin can be configured if this directive is supported.</p>
4dee1345ce2dd104902dc895dc99b7b81ac3b43fminfrin <p>The following mutex <em>mechanisms</em> are available:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This selects the default locking implementation, as determined by
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <glossary>APR</glossary>. The default locking implementation can
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess be displayed by running <program>httpd</program> with the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This effectively disables the mutex, and is only allowed for a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive mutex if the module indicates that it is a valid choice. Consult the
7fbd7281d06cec1918aa370214df77c572f871a9sf <p>This is a mutex variant based on a Posix semaphore.</p>
7fbd7281d06cec1918aa370214df77c572f871a9sf <p>The semaphore ownership is not recovered if a thread in the process
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive holding the mutex segfaults, resulting in a hang of the web server.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This is a mutex variant based on a SystemV IPC semaphore.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>It is possible to "leak" SysV semaphores if processes crash
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive before the semaphore is removed.</p>
1597043cec6ad37fa4154bf09b0fccdabed1a239slive <p>The semaphore API allows for a denial of service attack by any
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive CGIs running under the same uid as the webserver (<em>i.e.</em>,
530eba85dbd41b8a0fa5255d3648d1440199a661slive all CGIs, unless you use something like <program>suexec</program>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This selects the "best" available semaphore implementation, choosing
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive between Posix and SystemV IPC semaphores, in that order.</p></li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This is a mutex variant based on cross-process Posix thread
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive mutexes.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>On most systems, if a child process terminates abnormally while
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive holding a mutex that uses this implementation, the server will deadlock
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and stop responding to requests. When this occurs, the server will
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive require a manual restart to recover.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Solaris is a notable exception as it provides a mechanism which
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive usually allows the mutex to be recovered after a child process
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive terminates abnormally while holding a mutex.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>If your system implements the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>pthread_mutexattr_setrobust_np()</code> function, you may be able
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This is a mutex variant where a physical (lock-)file and the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>fcntl()</code> function are used as the mutex.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When multiple mutexes based on this mechanism are used within
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive multi-threaded, multi-process environments, deadlock errors (EDEADLK)
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can be reported for valid mutex operations if <code>fcntl()</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is not thread-aware, such as on Solaris.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This is similar to the <code>fcntl:/path/to/mutex</code> method
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive with the exception that the <code>flock()</code> function is used to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This selects the "best" available file locking implementation,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive choosing between <code>fcntl</code> and <code>flock</code>, in that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Most mechanisms are only available on selected platforms, where the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive underlying platform and <glossary>APR</glossary> support it. Mechanisms
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive which aren't available on all platforms are <em>posixsem</em>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <em>sysvsem</em>, <em>sem</em>, <em>pthread</em>, <em>fcntl</em>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>With the file-based mechanisms <em>fcntl</em> and <em>flock</em>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the path, if provided, is a directory where the lock file will be created.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The default directory is httpd's run-time file directory relative to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core">ServerRoot</directive>. Always use a local disk
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive filesystem for <code>/path/to/mutex</code> and never a directory residing
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive on a NFS- or AFS-filesystem. The basename of the file will be the mutex
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type, an optional instance string provided by the module, and unless the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>OmitPID</code> keyword is specified, the process id of the httpd
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive parent process will be appended to to make the file name unique, avoiding
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive conflicts when multiple httpd instances share a lock file directory. For
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive example, if the mutex name is <code>mpm-accept</code> and the lock file
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directory is <code>/var/httpd/locks</code>, the lock file name for the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive httpd instance with parent process id 12345 would be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>It is best to <em>avoid</em> putting mutex files in a world-writable
7fbd7281d06cec1918aa370214df77c572f871a9sf directory such as <code>/var/tmp</code> because someone could create
7fbd7281d06cec1918aa370214df77c572f871a9sf a denial of service attack and prevent the server from starting by
7fbd7281d06cec1918aa370214df77c572f871a9sf creating a lockfile with the same name as the one the server will try
7fbd7281d06cec1918aa370214df77c572f871a9sf to create.</p>
7fbd7281d06cec1918aa370214df77c572f871a9sf <p>The following table documents the names of mutexes used by httpd
7fbd7281d06cec1918aa370214df77c572f871a9sf and bundled modules.</p>
7fbd7281d06cec1918aa370214df77c572f871a9sf <td><module>prefork</module> and <module>worker</module> MPMs</td>
7fbd7281d06cec1918aa370214df77c572f871a9sf <td>incoming connections, to avoid the thundering herd problem;
7fbd7281d06cec1918aa370214df77c572f871a9sf for more information, refer to the
7fbd7281d06cec1918aa370214df77c572f871a9sf documentation</td>
7fbd7281d06cec1918aa370214df77c572f871a9sf <td>communication with external mapping programs, to avoid
7fbd7281d06cec1918aa370214df77c572f871a9sf intermixed I/O from multiple requests</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>callback function of a particular client module</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <code>OmitPID</code> keyword suppresses the addition of the httpd
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive parent process id from the lock file name.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In the following example, the mutex mechanism for the MPM accept
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive mutex will be changed from the compiled-in default to <code>fcntl</code>,
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen with the associated lock file created in directory
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <code>/var/httpd/locks</code>. The mutex mechanism for all other mutexes
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen will be changed from the compiled-in default to <code>sysvsem</code>.</p>
8b052d682204371decc64f942aede5ef1da98955erikabele Mutex default sysvsem<br />
8b052d682204371decc64f942aede5ef1da98955erikabele</directivesynopsis>
7fbd7281d06cec1918aa370214df77c572f871a9sf<directivesynopsis>
7fbd7281d06cec1918aa370214df77c572f871a9sf<description>Designates an IP address for name-virtual
7fbd7281d06cec1918aa370214df77c572f871a9sfhosting</description>
7fbd7281d06cec1918aa370214df77c572f871a9sf<syntax>NameVirtualHost <var>addr</var>[:<var>port</var>]</syntax>
fd410ae1fa431e734e6d0cd3c006002d4904466apoirier<contextlist><context>server config</context></contextlist>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<p>Prior to 2.3.11, <directive>NameVirtualHost</directive> was required
2aa51ed61adb484602e94de3d2214ec267aecedbigalicto instruct the server that a particular IP address and port combination
2aa51ed61adb484602e94de3d2214ec267aecedbigalicwas usable as a name-based virtual host. In 2.3.11 and later,
2aa51ed61adb484602e94de3d2214ec267aecedbigalicany time an IP address and port combination is used in multiple virtual
2aa51ed61adb484602e94de3d2214ec267aecedbigalichosts, name-based virtual hosting is automatically enabled for that address.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic</directivesynopsis>
7fbd7281d06cec1918aa370214df77c572f871a9sf<directivesynopsis>
7fbd7281d06cec1918aa370214df77c572f871a9sf<description>Configures what features are available in a particular
bd3f5647b96d378d9c75c954e3f13582af32c643sfdirectory</description>
bd3f5647b96d378d9c75c954e3f13582af32c643sf<syntax>Options
bd3f5647b96d378d9c75c954e3f13582af32c643sf [+|-]<var>option</var> [[+|-]<var>option</var>] ...</syntax>
bd3f5647b96d378d9c75c954e3f13582af32c643sf<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
bd3f5647b96d378d9c75c954e3f13582af32c643sf<compatibility>The default was changed from All to FollowSymlinks in 2.3.11</compatibility>
bd3f5647b96d378d9c75c954e3f13582af32c643sf <p>The <directive>Options</directive> directive controls which
bd3f5647b96d378d9c75c954e3f13582af32c643sf server features are available in a particular directory.</p>
bd3f5647b96d378d9c75c954e3f13582af32c643sf <p><var>option</var> can be set to <code>None</code>, in which
bd3f5647b96d378d9c75c954e3f13582af32c643sf case none of the extra features are enabled, or one or more of
bd3f5647b96d378d9c75c954e3f13582af32c643sf the following:</p>
bd3f5647b96d378d9c75c954e3f13582af32c643sf is permitted.</dd>
bd3f5647b96d378d9c75c954e3f13582af32c643sf The server will follow symbolic links in this directory. This is
bd3f5647b96d378d9c75c954e3f13582af32c643sf the default setting.
bd3f5647b96d378d9c75c954e3f13582af32c643sf <p>Even though the server follows the symlink it does <em>not</em>
bd3f5647b96d378d9c75c954e3f13582af32c643sf change the pathname used to match against <directive type="section"
bd3f5647b96d378d9c75c954e3f13582af32c643sf <p>Note also, that this option <strong>gets ignored</strong> if set
bd3f5647b96d378d9c75c954e3f13582af32c643sf inside a <directive type="section" module="core">Location</directive>
bd3f5647b96d378d9c75c954e3f13582af32c643sf section.</p>
bd3f5647b96d378d9c75c954e3f13582af32c643sf <p>Omitting this option should not be considered a security restriction,
bd3f5647b96d378d9c75c954e3f13582af32c643sf since symlink testing is subject to race conditions that make it
bd3f5647b96d378d9c75c954e3f13582af32c643sf circumventable.</p>
bd3f5647b96d378d9c75c954e3f13582af32c643sf Server-side includes provided by <module>mod_include</module>
bd3f5647b96d378d9c75c954e3f13582af32c643sf are permitted.</dd>
bd3f5647b96d378d9c75c954e3f13582af32c643sf Server-side includes are permitted, but the <code>#exec
bd3f5647b96d378d9c75c954e3f13582af32c643sf cmd</code> and <code>#exec cgi</code> are disabled. It is still
bd3f5647b96d378d9c75c954e3f13582af32c643sf possible to <code>#include virtual</code> CGI scripts from
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directories.</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive If a URL which maps to a directory is requested, and there
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd is no <directive module="mod_dir">DirectoryIndex</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (<em>e.g.</em>, <code>index.html</code>) in that directory, then
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele <module>mod_autoindex</module> will return a formatted listing
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele of the directory.</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <a href="/content-negotiation.html">Content negotiated</a>
fb77c505254b6e9c925e23e734463e87574f8f40kess "MultiViews" are allowed using
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note><title>Note</title> <p>This option gets ignored if set
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen anywhere other than <directive module="core" type="section"
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen >Directory</directive>, as <module>mod_negotiation</module>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen needs real resources to compare against and evaluate from.</p></note>
6beba165aeced2ca77a6f1593ee08c47a32099efcovener <dd>The server will only follow symbolic links for which the
6beba165aeced2ca77a6f1593ee08c47a32099efcovener target file or directory is owned by the same user id as the
7a975d0413ba303546b7619e4785cb641f7f09fdcovener <note><title>Note</title> <p>This option gets ignored if
6beba165aeced2ca77a6f1593ee08c47a32099efcovener <p>This option should not be considered a security restriction,
6beba165aeced2ca77a6f1593ee08c47a32099efcovener since symlink testing is subject to race conditions that make it
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <p>Normally, if multiple <directive>Options</directive> could
58b9535e3bb43a83241a338b099671f8b69a4406igalic apply to a directory, then the most specific one is used and
6beba165aeced2ca77a6f1593ee08c47a32099efcovener others are ignored; the options are not merged. (See <a
7a975d0413ba303546b7619e4785cb641f7f09fdcovener href="/sections.html#mergin">how sections are merged</a>.)
7a975d0413ba303546b7619e4785cb641f7f09fdcovener <directive>Options</directive> directive are preceded by a
7a975d0413ba303546b7619e4785cb641f7f09fdcovener <code>+</code> or <code>-</code> symbol, the options are
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim merged. Any options preceded by a <code>+</code> are added to the
7a975d0413ba303546b7619e4785cb641f7f09fdcovener options currently in force, and any options preceded by a
7a975d0413ba303546b7619e4785cb641f7f09fdcovener <code>-</code> are removed from the options currently in
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim force. </p>
7a975d0413ba303546b7619e4785cb641f7f09fdcovener <p>Mixing <directive>Options</directive> with a <code>+</code> or
7a975d0413ba303546b7619e4785cb641f7f09fdcovener <code>-</code> with those without is not valid syntax, and will be
7a975d0413ba303546b7619e4785cb641f7f09fdcovener rejected during server startup by the syntax check with an abort.</p>
7a975d0413ba303546b7619e4785cb641f7f09fdcovener <p>For example, without any <code>+</code> and <code>-</code> symbols:</p>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim Options Indexes FollowSymLinks<br />
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim </Directory><br />
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim Options Includes<br />
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim </Directory>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim </example>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <code>/web/docs/spec</code> directory. However if the second
af74ace3ea142acfa02d445cf72efc629e080f66igalic <directive>Options</directive> directive uses the <code>+</code> and
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim Options Indexes FollowSymLinks<br />
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim </Directory><br />
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim Options +Includes -Indexes<br />
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim </Directory>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim </example>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <code>Includes</code> are set for the <code>/web/docs/spec</code>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim directory.</p>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <code>-Includes</code> disables server-side includes completely
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim regardless of the previous setting.</p>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <p>The default in the absence of any other settings is
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim</directivesynopsis>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim<directivesynopsis>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim<description>Protocol for a listening socket</description>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim<contextlist><context>server config</context><context>virtual host</context></contextlist>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim<compatibility>Available in Apache 2.1.5 and later.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjimOn Windows from Apache 2.3.3 and later.</compatibility>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <p>This directive specifies the protocol used for a specific listening socket.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim The protocol is used to determine which module should handle a request, and
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim to apply protocol specific optimizations with the <directive>AcceptFilter</directive>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim directive.</p>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <p>You only need to set the protocol if you are running on non-standard ports, otherwise <code>http</code> is assumed for port 80 and <code>https</code> for port 443.</p>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <p>For example, if you are running <code>https</code> on a non-standard port, specify the protocol explicitly:</p>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim Protocol https
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim </example>
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim <p>You can also specify the protocol using the <directive module="mpm_common">Listen</directive> directive.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><directive>AcceptFilter</directive></seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><directive module="mpm_common">Listen</directive></seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</directivesynopsis>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<directivesynopsis>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<description>Limits the CPU consumption of processes launched
a0fed3e26656887c8458aa1081d516d08ced3c84trawickby Apache httpd children</description>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<syntax>RLimitCPU <var>seconds</var>|max [<var>seconds</var>|max]</syntax>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<default>Unset; uses operating system defaults</default>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<contextlist><context>server config</context><context>virtual host</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<context>directory</context><context>.htaccess</context></contextlist>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>Takes 1 or 2 parameters. The first parameter sets the soft
a0fed3e26656887c8458aa1081d516d08ced3c84trawick resource limit for all processes and the second parameter sets
a0fed3e26656887c8458aa1081d516d08ced3c84trawick the maximum resource limit. Either parameter can be a number,
a0fed3e26656887c8458aa1081d516d08ced3c84trawick or <code>max</code> to indicate to the server that the limit should
a0fed3e26656887c8458aa1081d516d08ced3c84trawick be set to the maximum allowed by the operating system
a0fed3e26656887c8458aa1081d516d08ced3c84trawick configuration. Raising the maximum resource limit requires that
a0fed3e26656887c8458aa1081d516d08ced3c84trawick the server is running as <code>root</code>, or in the initial startup
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>This applies to processes forked off from Apache httpd children
a0fed3e26656887c8458aa1081d516d08ced3c84trawick servicing requests, not the Apache httpd children themselves. This
a0fed3e26656887c8458aa1081d516d08ced3c84trawick includes CGI scripts and SSI exec commands, but not any
a0fed3e26656887c8458aa1081d516d08ced3c84trawick processes forked off from the Apache httpd parent such as piped
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>CPU resource limits are expressed in seconds per
a0fed3e26656887c8458aa1081d516d08ced3c84trawick process.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><directive module="core">RLimitMEM</directive></seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><directive module="core">RLimitNPROC</directive></seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<description>Limits the memory consumption of processes launched
a0fed3e26656887c8458aa1081d516d08ced3c84trawickby Apache httpd children</description>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<syntax>RLimitMEM <var>bytes</var>|max [<var>bytes</var>|max]</syntax>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<default>Unset; uses operating system defaults</default>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<contextlist><context>server config</context><context>virtual host</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<context>directory</context><context>.htaccess</context></contextlist>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>Takes 1 or 2 parameters. The first parameter sets the soft
a0fed3e26656887c8458aa1081d516d08ced3c84trawick resource limit for all processes and the second parameter sets
a0fed3e26656887c8458aa1081d516d08ced3c84trawick the maximum resource limit. Either parameter can be a number,
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick or <code>max</code> to indicate to the server that the limit should
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick be set to the maximum allowed by the operating system
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick configuration. Raising the maximum resource limit requires that
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick the server is running as <code>root</code>, or in the initial startup
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick <p>This applies to processes forked off from Apache httpd children
a0fed3e26656887c8458aa1081d516d08ced3c84trawick servicing requests, not the Apache httpd children themselves. This
a0fed3e26656887c8458aa1081d516d08ced3c84trawick includes CGI scripts and SSI exec commands, but not any
a0fed3e26656887c8458aa1081d516d08ced3c84trawick processes forked off from the Apache httpd parent such as piped
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>Memory resource limits are expressed in bytes per
a0fed3e26656887c8458aa1081d516d08ced3c84trawick process.</p>
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick<seealso><directive module="core">RLimitCPU</directive></seealso>
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick<seealso><directive module="core">RLimitNPROC</directive></seealso>
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick</directivesynopsis>
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick<directivesynopsis>
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick<description>Limits the number of processes that can be launched by
a0fed3e26656887c8458aa1081d516d08ced3c84trawickprocesses launched by Apache httpd children</description>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<syntax>RLimitNPROC <var>number</var>|max [<var>number</var>|max]</syntax>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<default>Unset; uses operating system defaults</default>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<contextlist><context>server config</context><context>virtual host</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<context>directory</context><context>.htaccess</context></contextlist>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>Takes 1 or 2 parameters. The first parameter sets the soft
a0fed3e26656887c8458aa1081d516d08ced3c84trawick resource limit for all processes and the second parameter sets
a0fed3e26656887c8458aa1081d516d08ced3c84trawick the maximum resource limit. Either parameter can be a number,
a0fed3e26656887c8458aa1081d516d08ced3c84trawick or <code>max</code> to indicate to the server that the limit
a0fed3e26656887c8458aa1081d516d08ced3c84trawick should be set to the maximum allowed by the operating system
a0fed3e26656887c8458aa1081d516d08ced3c84trawick configuration. Raising the maximum resource limit requires that
a0fed3e26656887c8458aa1081d516d08ced3c84trawick the server is running as <code>root</code>, or in the initial startup
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>This applies to processes forked off from Apache httpd children
a0fed3e26656887c8458aa1081d516d08ced3c84trawick servicing requests, not the Apache httpd children themselves. This
a0fed3e26656887c8458aa1081d516d08ced3c84trawick includes CGI scripts and SSI exec commands, but not any
a0fed3e26656887c8458aa1081d516d08ced3c84trawick processes forked off from the Apache httpd parent such as piped
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>Process limits control the number of processes per user.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>If CGI processes are <strong>not</strong> running
a0fed3e26656887c8458aa1081d516d08ced3c84trawick under user ids other than the web server user id, this directive
a0fed3e26656887c8458aa1081d516d08ced3c84trawick will limit the number of processes that the server itself can
a0fed3e26656887c8458aa1081d516d08ced3c84trawick create. Evidence of this situation will be indicated by
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <strong><code>cannot fork</code></strong> messages in the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><directive module="core">RLimitMEM</directive></seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><directive module="core">RLimitCPU</directive></seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<description>Technique for locating the interpreter for CGI
a0fed3e26656887c8458aa1081d516d08ced3c84trawickscripts</description>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<syntax>ScriptInterpreterSource Registry|Registry-Strict|Script</syntax>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<contextlist><context>server config</context><context>virtual host</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<context>directory</context><context>.htaccess</context></contextlist>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<compatibility>Win32 only;
a0fed3e26656887c8458aa1081d516d08ced3c84trawickoption <code>Registry-Strict</code> is available in Apache HTTP Server 2.0 and
215694531f7d868b906df96e22a80e6a1d2326a6lgentislater</compatibility>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>This directive is used to control how Apache httpd finds the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick interpreter used to run CGI scripts. The default setting is
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <code>Script</code>. This causes Apache httpd to use the interpreter pointed to
0fdcfd7a51bf3028b0be879c43c009c16c6d3f58trawick by the shebang line (first line, starting with <code>#!</code>) in the
0fdcfd7a51bf3028b0be879c43c009c16c6d3f58trawick script. On Win32 systems this line usually looks like:</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>or, if <code>perl</code> is in the <code>PATH</code>, simply:</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>Setting <code>ScriptInterpreterSource Registry</code> will
a0fed3e26656887c8458aa1081d516d08ced3c84trawick cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
a0fed3e26656887c8458aa1081d516d08ced3c84trawick searched using the script file extension (e.g., <code>.pl</code>) as a
a0fed3e26656887c8458aa1081d516d08ced3c84trawick search key. The command defined by the registry subkey
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <code>Shell\ExecCGI\Command</code> or, if it does not exist, by the subkey
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <code>Shell\Open\Command</code> is used to open the script file. If the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick registry keys cannot be found, Apache httpd falls back to the behavior of the
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <p>Be careful when using <code>ScriptInterpreterSource
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick module="mod_alias">ScriptAlias</directive>'ed directories, because
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick Apache httpd will try to execute <strong>every</strong> file within this
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick directory. The <code>Registry</code> setting may cause undesired
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick program calls on files which are typically not executed. For
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick example, the default open command on <code>.htm</code> files on
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick most Windows systems will execute Microsoft Internet Explorer, so
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick any HTTP request for an <code>.htm</code> file existing within the
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick script directory would start the browser in the background on the
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick server. This is a good way to crash your system within a minute or
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <p>The option <code>Registry-Strict</code> which is new in Apache HTTP Server
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick 2.0 does the same thing as <code>Registry</code> but uses only the
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <code>ExecCGI</code> key is not a common one. It must be
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick configured manually in the windows registry and hence prevents
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick accidental program calls on your system.</p>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick</directivesynopsis>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<directivesynopsis>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<description>Determine if mod_status displays the first 63 characters
2b6c7b8eb5fbc43564898aedac730df7e91da475trawickof a request or the last 63, assuming the request itself is greater than
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick63 chars.</description>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<contextlist><context>server config</context></contextlist>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<compatibility>Available in Apache httpd 2.2.7 and later.</compatibility>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick displays the actual request being handled.
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick For historical purposes, only 63 characters of the request
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick are actually stored for display purposes. This directive
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick controls whether the 1st 63 characters are stored (the previous
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick behavior and the default) or if the last 63 characters are. This
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick is only applicable, of course, if the length of the request is
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick 64 characters or greater.</p>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick >GET /disk1/storage/apache/htdocs/images/imagestore1/food/apples.jpg HTTP/1.1</code
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick > mod_status displays as follows:
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <td>GET /disk1/storage/apache/htdocs/images/imagestore1/food/apples</td>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <td>orage/apache/htdocs/images/imagestore1/food/apples.jpg HTTP/1.1</td>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<directivesynopsis>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<description>Email address that the server includes in error
2aa51ed61adb484602e94de3d2214ec267aecedbigalicmessages sent to the client</description>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<syntax>ServerAdmin <var>email-address</var>|<var>URL</var></syntax>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<contextlist><context>server config</context><context>virtual host</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>ServerAdmin</directive> sets the contact address
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that the server includes in any error messages it returns to the
4f127f38c6400931b17c1ce235aa84a046ab7310jim client. If the <code>httpd</code> doesn't recognize the supplied argument
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive as an URL, it
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd assumes, that it's an <var>email-address</var> and prepends it with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>mailto:</code> in hyperlink targets. However, it's recommended to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive actually use an email address, since there are a lot of CGI scripts that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive make that assumption. If you want to use an URL, it should point to another
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive server under your control. Otherwise users may not be able to contact you in
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener case of errors.</p>
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener <p>It may be worth setting up a dedicated address for this, e.g.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess ServerAdmin www-admin@foo.example.com
3386d67e54f92fdf6a3ffc5f7f8081eed6c44badslive <p>as users do not always mention that they are talking about the
3386d67e54f92fdf6a3ffc5f7f8081eed6c44badslive server!</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Alternate names for a host used when matching requests
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveto name-virtual hosts</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>ServerAlias <var>hostname</var> [<var>hostname</var>] ...</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>virtual host</context></contextlist>
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic <p>The <directive>ServerAlias</directive> directive sets the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive alternate names for a host, for use with <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/vhosts/name-based.html">name-based virtual hosts</a>. The
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>ServerAlias</directive> may include wildcards, if appropriate.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <VirtualHost *:80><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive UseCanonicalName Off<br />
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd # ...<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </VirtualHost>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">UseCanonicalName</directive></seealso>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<seealso><a href="/vhosts/">Apache HTTP Server Virtual Host documentation</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Hostname and port that the server uses to identify
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveitself</description>
13e5182a0c199ecc7a73db97b6448a544e940868slive<syntax>ServerName [<var>scheme</var>://]<var>fully-qualified-domain-name</var>[:<var>port</var>]</syntax>
13e5182a0c199ecc7a73db97b6448a544e940868slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>ServerName</directive> directive sets the
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic request scheme, hostname and
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic port that the server uses to identify itself. This is used when
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd creating redirection URLs.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>Additionally, <directive>ServerName</directive> is used (possibly
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd in conjunction with <directive>ServerAlias</directive>) to uniquely
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener identify a virtual host, when using <a
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener href="/vhosts/name-based.html">name-based virtual hosts</a>.</p>
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener <p>For example, if the name of the
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener machine hosting the web server is <code>simple.example.com</code>,
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener but the machine also has the DNS alias <code>www.example.com</code>
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener and you wish the web server to be so identified, the following
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive directive should be used:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive may appear anywhere within the definition of a server. However,
13e5182a0c199ecc7a73db97b6448a544e940868slive each appearance overrides the previous appearance (within that
13e5182a0c199ecc7a73db97b6448a544e940868slive server).</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>If no <directive>ServerName</directive> is specified, then the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive server attempts to deduce the hostname by performing a reverse
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive lookup on the IP address. If no port is specified in the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>ServerName</directive>, then the server will use the
13e5182a0c199ecc7a73db97b6448a544e940868slive port from the incoming request. For optimal reliability and
13e5182a0c199ecc7a73db97b6448a544e940868slive predictability, you should specify an explicit hostname and port
13e5182a0c199ecc7a73db97b6448a544e940868slive using the <directive>ServerName</directive> directive.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/vhosts/name-based.html">name-based virtual hosts</a>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">VirtualHost</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive section specifies what hostname must appear in the request's
0d5b778ac63bc803c0dd1a4fdef371fe7a0f4b57kess <code>Host:</code> header to match this virtual host.</p>
13e5182a0c199ecc7a73db97b6448a544e940868slive <p>Sometimes, the server runs behind a device that processes SSL,
13e5182a0c199ecc7a73db97b6448a544e940868slive such as a reverse proxy, load balancer or SSL offload
13e5182a0c199ecc7a73db97b6448a544e940868slive appliance. When this is the case, specify the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>https://</code> scheme and the port number to which the
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess clients connect in the <directive>ServerName</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to make sure that the server generates the correct
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive self-referential URLs.
96969ed53a757bd9e0a4d7f2f499c9db5ef7899eigalic <p>See the description of the
96969ed53a757bd9e0a4d7f2f499c9db5ef7899eigalic <directive module="core">UseCanonicalName</directive> and
96969ed53a757bd9e0a4d7f2f499c9db5ef7899eigalic <directive module="core">UseCanonicalPhysicalPort</directive> directives for
96969ed53a757bd9e0a4d7f2f499c9db5ef7899eigalic settings which determine whether self-referential URLs (e.g., by the
96969ed53a757bd9e0a4d7f2f499c9db5ef7899eigalic specified port, or to the port number given in the client's request.
13e5182a0c199ecc7a73db97b6448a544e940868slive <p>Failure to set <directive>ServerName</directive> to a name that
13e5182a0c199ecc7a73db97b6448a544e940868slive your server can resolve to an IP address will result in a startup
13e5182a0c199ecc7a73db97b6448a544e940868slive warning. <code>httpd</code> will then use whatever hostname it can
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive determine, using the system's <code>hostname</code> command. This
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener will almost never be the hostname you actually want.</p>
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener httpd: Could not reliably determine the server's fully qualified domain name, using rocinante.local for ServerName
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive<seealso><a href="/dns-caveats.html">Issues Regarding DNS and
b75f4826fd52736bd987ba3f2c48163c73ac1edccovener<seealso><a href="/vhosts/">Apache HTTP Server virtual host
13e5182a0c199ecc7a73db97b6448a544e940868slive<seealso><directive module="core">UseCanonicalName</directive></seealso>
13e5182a0c199ecc7a73db97b6448a544e940868slive<seealso><directive module="core">UseCanonicalPhysicalPort</directive></seealso>
13e5182a0c199ecc7a73db97b6448a544e940868slive<seealso><directive module="core">ServerAlias</directive></seealso>
13e5182a0c199ecc7a73db97b6448a544e940868slive</directivesynopsis>
13e5182a0c199ecc7a73db97b6448a544e940868slive<directivesynopsis>
13e5182a0c199ecc7a73db97b6448a544e940868slive<description>Legacy URL pathname for a name-based virtual host that
13e5182a0c199ecc7a73db97b6448a544e940868sliveis accessed by an incompatible browser</description>
13e5182a0c199ecc7a73db97b6448a544e940868slive<contextlist><context>virtual host</context></contextlist>
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic <p>The <directive>ServerPath</directive> directive sets the legacy
3b9c7ec844aa240622a33735d1b9cbac4232e268rbowen URL pathname for a host, for use with <a
3b9c7ec844aa240622a33735d1b9cbac4232e268rbowen<seealso><a href="/vhosts/">Apache HTTP Server Virtual Host documentation</a></seealso>
3b9c7ec844aa240622a33735d1b9cbac4232e268rbowen</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh<description>Base directory for the server installation</description>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh<syntax>ServerRoot <var>directory-path</var></syntax>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<contextlist><context>server config</context></contextlist>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <p>The <directive>ServerRoot</directive> directive sets the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic directory in which the server lives. Typically it will contain the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive subdirectories <code>conf/</code> and <code>logs/</code>. Relative
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive paths in other configuration directives (such as <directive
fb77c505254b6e9c925e23e734463e87574f8f40kess module="mod_so">LoadModule</directive>, for example) are taken as
fb77c505254b6e9c925e23e734463e87574f8f40kess relative to this directory.</p>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<seealso><a href="/misc/security_tips.html#serverroot">the
2aa51ed61adb484602e94de3d2214ec267aecedbigalic security tips</a> for information on how to properly set
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd permissions on the <directive>ServerRoot</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<description>Configures the footer on server-generated documents</description>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<contextlist><context>server config</context><context>virtual host</context>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>ServerSignature</directive> directive allows the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configuration of a trailing footer line under server-generated
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen documents (error messages, <module>mod_proxy</module> ftp directory
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen listings, <module>mod_info</module> output, ...). The reason why you
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen would want to enable such a footer line is that in a chain of proxies,
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen the user often has no possibility to tell which of the chained servers
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen actually produced a returned error message.</p>
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen setting, which is the default, suppresses the footer line (and is
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen therefore compatible with the behavior of Apache-1.2 and
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen below). The <code>On</code> setting simply adds a line with the
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen server version number and <directive
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen module="core">ServerName</directive> of the serving virtual host,
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen and the <code>EMail</code> setting additionally creates a
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen "mailto:" reference to the <directive
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen module="core">ServerAdmin</directive> of the referenced
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen document.</p>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <p>After version 2.0.44, the details of the server version number
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen presented are controlled by the <directive
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen module="core">ServerTokens</directive> directive.</p>
abad96c7b1becfc55c29a2933d909aa0b37b0fe0humbedooh<seealso><directive module="core">ServerTokens</directive></seealso>
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen</directivesynopsis>
9f19223e8fb7b99f5f1cc02c8c3c2c6567793262rbowen<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Configures the <code>Server</code> HTTP response
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveheader</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</syntax>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess<contextlist><context>server config</context></contextlist>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele <p>This directive controls whether <code>Server</code> response
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele header field which is sent back to clients includes a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive description of the generic OS-type of the server as well as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive information about compiled-in modules.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dt><code>ServerTokens Full</code> (or not specified)</dt>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.4.1
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.4.1
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This setting applies to the entire server, and cannot be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive enabled or disabled on a virtualhost-by-virtualhost basis.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>After version 2.0.44, this directive also controls the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive information presented by the <directive
ef8e89e090461194ecadd31e8796a2c51e0531a2kess module="core">ServerSignature</directive> directive.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note>Setting <directive>ServerTokens</directive> to less than
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <code>minimal</code> is not recommended because it makes it more
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen difficult to debug interoperational problems. Also note that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive disabling the Server: header does nothing at all to make your
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen server more secure; the idea of "security through obscurity"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is a myth and leads to a false sense of safety.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">ServerSignature</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Forces all matching files to be processed by a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivehandler</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>SetHandler <var>handler-name</var>|None</syntax>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<contextlist><context>server config</context><context>virtual host</context>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<context>directory</context><context>.htaccess</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Moved into the core in Apache httpd 2.0</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When placed into an <code>.htaccess</code> file or a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Directory</directive> or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Location</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive section, this directive forces all matching files to be parsed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive through the <a href="/handler.html">handler</a> given by
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>handler-name</var>. For example, if you had a directory you
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive wanted to be parsed entirely as imagemap rule files, regardless
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of extension, you might put the following into an
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen SetHandler imap-file
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <p>Another example: if you wanted to have the server display a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive status report whenever a URL of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>http://servername/status</code> was called, you might put
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <Location /status><br />
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess SetHandler server-status<br />
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </Location>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>You can override an earlier defined <directive>SetHandler</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Because <directive>SetHandler</directive> overrides default handlers,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive normal behaviour such as handling of URLs ending in a slash (/) as
fb77c505254b6e9c925e23e734463e87574f8f40kess<seealso><directive module="mod_mime">AddHandler</directive></seealso>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele</directivesynopsis>
003f0c9fda6664daf5092a0e42f65ede20098153slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Sets the filters that will process client requests and POST
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveinput</description>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<syntax>SetInputFilter <var>filter</var>[;<var>filter</var>...]</syntax>
4cafc94e99922f00654e1779d30c2cccf5278c4fkess<contextlist><context>server config</context><context>virtual host</context>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<context>directory</context><context>.htaccess</context>
4cafc94e99922f00654e1779d30c2cccf5278c4fkess</contextlist>
4cafc94e99922f00654e1779d30c2cccf5278c4fkess <p>The <directive>SetInputFilter</directive> directive sets the
27303c8bb552a8a5fc859feb735d686fc59f59a1yoshiki filter or filters which will process client requests and POST
4cafc94e99922f00654e1779d30c2cccf5278c4fkess input when they are received by the server. This is in addition to
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh any filters defined elsewhere, including the
fb77c505254b6e9c925e23e734463e87574f8f40kess <directive module="mod_mime">AddInputFilter</directive>
fb77c505254b6e9c925e23e734463e87574f8f40kess directive.</p>
4cafc94e99922f00654e1779d30c2cccf5278c4fkess <p>If more than one filter is specified, they must be separated
4cafc94e99922f00654e1779d30c2cccf5278c4fkess by semicolons in the order in which they should process the
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive content.</p>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<seealso><a href="/filter.html">Filters</a> documentation</seealso>
6452eaa76913f6ba732f88cfce6d4f8bf142482bkess</directivesynopsis>
27303c8bb552a8a5fc859feb735d686fc59f59a1yoshiki<directivesynopsis>
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive<description>Sets the filters that will process responses from the
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3sliveserver</description>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<syntax>SetOutputFilter <var>filter</var>[;<var>filter</var>...]</syntax>
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive<contextlist><context>server config</context><context>virtual host</context>
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive<context>directory</context><context>.htaccess</context>
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive</contextlist>
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive <p>The <directive>SetOutputFilter</directive> directive sets the filters
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive which will process responses from the server before they are
4cafc94e99922f00654e1779d30c2cccf5278c4fkess sent to the client. This is in addition to any filters defined
fb77c505254b6e9c925e23e734463e87574f8f40kess elsewhere, including the
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <directive module="mod_mime">AddOutputFilter</directive>
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive directive.</p>
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive <p>For example, the following configuration will process all files
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive in the <code>/www/data/</code> directory for server-side
96a8ac87abbb04c2a925f7fde5eb12bf1d1f4bc3slive includes.</p>
a8ee031b2224ce5473826c9d4f603681589245fawrowe SetOutputFilter INCLUDES<br />
a8ee031b2224ce5473826c9d4f603681589245fawrowe </Directory>
a8ee031b2224ce5473826c9d4f603681589245fawrowe <p>If more than one filter is specified, they must be separated
a8ee031b2224ce5473826c9d4f603681589245fawrowe by semicolons in the order in which they should process the
a8ee031b2224ce5473826c9d4f603681589245fawrowe content.</p>
a8ee031b2224ce5473826c9d4f603681589245fawrowe<seealso><a href="/filter.html">Filters</a> documentation</seealso>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor</directivesynopsis>
a8ee031b2224ce5473826c9d4f603681589245fawrowe<directivesynopsis>
a8ee031b2224ce5473826c9d4f603681589245fawrowe<description>Amount of time the server will wait for
a8ee031b2224ce5473826c9d4f603681589245fawrowecertain events before failing a request</description>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<contextlist><context>server config</context><context>virtual host</context></contextlist>
a8ee031b2224ce5473826c9d4f603681589245fawrowe <p>The <directive>TimeOut</directive> directive defines the length
a8ee031b2224ce5473826c9d4f603681589245fawrowe of time Apache httpd will wait for I/O in various circumstances:</p>
a8ee031b2224ce5473826c9d4f603681589245fawrowe <li>When reading data from the client, the length of time to
a8ee031b2224ce5473826c9d4f603681589245fawrowe wait for a TCP packet to arrive if the read buffer is
a8ee031b2224ce5473826c9d4f603681589245fawrowe empty.</li>
a8ee031b2224ce5473826c9d4f603681589245fawrowe <li>When writing data to the client, the length of time to wait
a8ee031b2224ce5473826c9d4f603681589245fawrowe for an acknowledgement of a packet if the send buffer is
a8ee031b2224ce5473826c9d4f603681589245fawrowe <li>In <module>mod_cgi</module>, the length of time to wait for
a8ee031b2224ce5473826c9d4f603681589245fawrowe output from a CGI script.</li>
a8ee031b2224ce5473826c9d4f603681589245fawrowe <li>In <module>mod_ext_filter</module>, the length of time to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive wait for output from a filtering process.</li>
003f0c9fda6664daf5092a0e42f65ede20098153slive <li>In <module>mod_proxy</module>, the default timeout value if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_proxy">ProxyTimeout</directive> is not
2e5e2673cb64d3e4d445d911c6f61ac171020725nd configured.</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
733738e83a9b0113476e3f67992c2278d61ee4dakess<description>Determines the behaviour on <code>TRACE</code> requests</description>
2e5e2673cb64d3e4d445d911c6f61ac171020725nd<contextlist><context>server config</context></contextlist>
2e5e2673cb64d3e4d445d911c6f61ac171020725nd<compatibility>Available in Apache HTTP Server 1.3.34, 2.0.55 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive overrides the behavior of <code>TRACE</code> for both
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd the core server and <module>mod_proxy</module>. The default
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>TraceEnable on</code> permits <code>TRACE</code> requests per
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh RFC 2616, which disallows any request body to accompany the request.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>TraceEnable off</code> causes the core server and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <module>mod_proxy</module> to return a <code>405</code> (Method not
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive allowed) error to the client.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Finally, for testing and diagnostic purposes only, request
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive bodies may be allowed using the non-compliant <code>TraceEnable
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive extended</code> directive. The core (as an origin server) will
003f0c9fda6664daf5092a0e42f65ede20098153slive restrict the request body to 64k (plus 8k for chunk headers if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>Transfer-Encoding: chunked</code> is used). The core will
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd reflect the full headers and all chunk headers with the response
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive body. As a proxy server, the request body is not restricted to 64k.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
0e4c8b384f21029c01f06824ec522bb2cbec1d0enoirin<description>Undefine the existence of a variable</description>
2aa51ed61adb484602e94de3d2214ec267aecedbigalic<contextlist><context>server config</context></contextlist>
c8b79d4b8796531f19dd54bd59d88c3b68338ceahumbedooh <p>Undoes the effect of a <directive module="core">Define</directive> or
c8b79d4b8796531f19dd54bd59d88c3b68338ceahumbedooh of passing a <code>-D</code> argument to <program>httpd</program>.</p>
c8b79d4b8796531f19dd54bd59d88c3b68338ceahumbedooh <p>This directive can be used to toggle the use of <directive module="core"
c8b79d4b8796531f19dd54bd59d88c3b68338ceahumbedooh type="section">IfDefine</directive> sections without needing to alter
2aa51ed61adb484602e94de3d2214ec267aecedbigalic <code>-D</code> arguments in any startup scripts.</p>
4fdfee72da9a4a290d2fb41a548e343801a2635dcovener</directivesynopsis>
e32a6a51d27e311db1e1d5920ac7bd0de33823cfhumbedooh<directivesynopsis>
4fdfee72da9a4a290d2fb41a548e343801a2635dcovener<description>Configures how the server determines its own name and
4fdfee72da9a4a290d2fb41a548e343801a2635dcovenerport</description>
4bce6d8a597a3e1da9a2c6d24d62c1937d438bbccovener<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In many situations Apache httpd must construct a <em>self-referential</em>
fff1d314f760fc17a49215e8818b3e57691efa43niq URL -- that is, a URL that refers back to the same server. With
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <code>UseCanonicalName On</code> Apache httpd will use the hostname and port
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive specified in the <directive module="core">ServerName</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive to construct the canonical name for the server. This name
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is used in all self-referential URLs, and for the values of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>SERVER_NAME</code> and <code>SERVER_PORT</code> in CGIs.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>With <code>UseCanonicalName Off</code> Apache httpd will form
e08ad1a326852610a7930269638a43657fc50d06sctemme self-referential URLs using the hostname and port supplied by
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the client if any are supplied (otherwise it will use the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive canonical name, as defined above). These values are the same
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that are used to implement <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/vhosts/name-based.html">name-based virtual hosts</a>,
e08ad1a326852610a7930269638a43657fc50d06sctemme and are available with the same clients. The CGI variables
e08ad1a326852610a7930269638a43657fc50d06sctemme <code>SERVER_NAME</code> and <code>SERVER_PORT</code> will be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive constructed from the client supplied values as well.</p>
06fcf16883e133e49db046945cbcf728d4cc6e37rbowen <p>An example where this may be useful is on an intranet server
06fcf16883e133e49db046945cbcf728d4cc6e37rbowen where you have users connecting to the machine using short
06fcf16883e133e49db046945cbcf728d4cc6e37rbowen names such as <code>www</code>. You'll notice that if the users
06fcf16883e133e49db046945cbcf728d4cc6e37rbowen type a shortname, and a URL which is a directory, such as
06fcf16883e133e49db046945cbcf728d4cc6e37rbowen <code>http://www/splat</code>, <em>without the trailing
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor slash</em> then Apache httpd will redirect them to
06fcf16883e133e49db046945cbcf728d4cc6e37rbowen <code>http://www.example.com/splat/</code>. If you have
9b5e2c5e769dc678a1aca06df75c32022b2f1492trawick authentication enabled, this will cause the user to have to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive authenticate twice (once for <code>www</code> and once again
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="http://httpd.apache.org/docs/misc/FAQ.html#prompted-twice">the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive FAQ on this subject for more information</a>). But if
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh <directive>UseCanonicalName</directive> is set <code>Off</code>, then
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Apache httpd will redirect to <code>http://www/splat/</code>.</p>
e6ab342447cf6b4c22bbe66169718d0e9b78819apoirier <p>There is a third option, <code>UseCanonicalName DNS</code>,
e6ab342447cf6b4c22bbe66169718d0e9b78819apoirier which is intended for use with mass IP-based virtual hosting to
e6ab342447cf6b4c22bbe66169718d0e9b78819apoirier support ancient clients that do not provide a
e6ab342447cf6b4c22bbe66169718d0e9b78819apoirier <code>Host:</code> header. With this option Apache httpd does a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive reverse DNS lookup on the server IP address that the client
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive connected to in order to work out self-referential URLs.</p>
e08ad1a326852610a7930269638a43657fc50d06sctemme <p>If CGIs make assumptions about the values of <code>SERVER_NAME</code>
e08ad1a326852610a7930269638a43657fc50d06sctemme they may be broken by this option. The client is essentially free
e08ad1a326852610a7930269638a43657fc50d06sctemme to give whatever value they want as a hostname. But if the CGI is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive only using <code>SERVER_NAME</code> to construct self-referential URLs
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive then it should be just fine.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">UseCanonicalPhysicalPort</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">ServerName</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="mpm_common">Listen</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
e08ad1a326852610a7930269638a43657fc50d06sctemme<directivesynopsis>
e08ad1a326852610a7930269638a43657fc50d06sctemme<description>Configures how the server determines its own port</description>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<contextlist><context>server config</context><context>virtual host</context>
a38b5f73e7f0f3b8726fb47d27b145f37036ead0jim <p>In many situations Apache httpd must construct a <em>self-referential</em>
29edaaeea24c41820e486944635348cd7fae1d11rbowen URL -- that is, a URL that refers back to the same server. With
e08ad1a326852610a7930269638a43657fc50d06sctemme <code>UseCanonicalPhysicalPort On</code> Apache httpd will, when
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive constructing the canonical port for the server to honor
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the <directive module="core">UseCanonicalName</directive> directive,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive provide the actual physical port number being used by this request
e08ad1a326852610a7930269638a43657fc50d06sctemme as a potential port. With <code>UseCanonicalPhysicalPort Off</code>
226aaa3e29f938600cd1b9dfb6774588d831d036rbowen Apache httpd will not ever use the actual physical port number, instead
226aaa3e29f938600cd1b9dfb6774588d831d036rbowen relying on all configured information to construct a valid port number.</p>
226aaa3e29f938600cd1b9dfb6774588d831d036rbowen <p>The ordering of the lookup when the physical port is used is as
226aaa3e29f938600cd1b9dfb6774588d831d036rbowen follows:</p>
226aaa3e29f938600cd1b9dfb6774588d831d036rbowen <li>Port provided in <directive module="core">Servername</directive></li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>Port provided in <directive module="core">Servername</directive></li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive physical ports are removed from the ordering.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">UseCanonicalName</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">ServerName</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="mpm_common">Listen</directive></seealso>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Contains directives that apply only to a specific
003f0c9fda6664daf5092a0e42f65ede20098153slivehostname or IP address</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<syntax><VirtualHost
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>addr</var>[:<var>port</var>] [<var>addr</var>[:<var>port</var>]]
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive ...> ... </VirtualHost></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">VirtualHost</directive> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code></VirtualHost></code> are used to enclose a group of
7228d3b2eebddc214348190bcc62d80b5e7087e2rbowen directives that will apply only to a particular virtual host. Any
7228d3b2eebddc214348190bcc62d80b5e7087e2rbowen directive that is allowed in a virtual host context may be
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor used. When the server receives a request for a document on a
7228d3b2eebddc214348190bcc62d80b5e7087e2rbowen particular virtual host, it uses the configuration directives
58e56a1d61ae176cc5ecb7c4863881736947d8b8rbowen enclosed in the <directive type="section">VirtualHost</directive>
2e4a251ce928e74ed84fd089cdceaf5f6b5c53f2humbedooh section. <var>Addr</var> can be any of the following, optionally followed by
58e56a1d61ae176cc5ecb7c4863881736947d8b8rbowen a colon and a port number (or *):</p>
fe9f851e55506793276ffaac89106433572868a8rbowen <li>A fully qualified domain name for the IP address of the
fe9f851e55506793276ffaac89106433572868a8rbowen virtual host (not recommended);</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>The character <code>*</code>, which acts as a wildcard and matches
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive any IP address.</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>The string <code>_default_</code>, which is an alias for <code>*</code></li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <VirtualHost 10.1.2.3:80><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive ServerAdmin webmaster@host.example.com<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </VirtualHost>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>IPv6 addresses must be specified in square brackets because
fb77c505254b6e9c925e23e734463e87574f8f40kess the optional port number could not be determined otherwise. An
fb77c505254b6e9c925e23e734463e87574f8f40kess IPv6 example is shown below:</p>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess <VirtualHost [2001:db8::a00:20ff:fea7:ccea]:80><br />
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess ServerAdmin webmaster@host.example.com<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </VirtualHost>
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz <p>Each Virtual Host must correspond to a different IP address,
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz different port number or a different host name for the server,
7b5535ed88e0f561b3bfb3330137bd804846afd4slive in the former case the server machine must be configured to
7b5535ed88e0f561b3bfb3330137bd804846afd4slive accept IP packets for multiple addresses. (If the machine does
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive not have multiple network interfaces, then this can be
f35c904c3b359610a46e94fbb4ba8495b2338521slive accomplished with the <code>ifconfig alias</code> command -- if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive your OS supports it).</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The use of <directive type="section">VirtualHost</directive> does
ef8e89e090461194ecadd31e8796a2c51e0531a2kess <strong>not</strong> affect what addresses Apache httpd listens on. You
ef8e89e090461194ecadd31e8796a2c51e0531a2kess may need to ensure that Apache httpd is listening on the correct addresses
dc111bcea580da3da174c25be0fd7a8f22c86fe1jim using <directive module="mpm_common">Listen</directive>.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>A <directive module="core">ServerName</directive> should be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive specified inside each <directive
530eba85dbd41b8a0fa5255d3648d1440199a661slive type="section">VirtualHost</directive> block. If it is absent, the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core">ServerName</directive> from the "main"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive server configuration will be inherited.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When a request is received, the server first maps it to the best matching
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section">VirtualHost</directive> based on the local
a21fb2799923b1c25a351f09e690bd46806f2fa2jim IP address and port combination only. Non-wildcards have a higher
2eb5346b17b3b69767cfe87d0f632efd6d15500djim precedence. If no match based on IP and port occurs at all, the
abad96c7b1becfc55c29a2933d909aa0b37b0fe0humbedooh "main" server configuration is used.</p>
2eb5346b17b3b69767cfe87d0f632efd6d15500djim <p>If multiple virtual hosts contain the best matching IP address and port,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the server selects from these virtual hosts the best match based on the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive requested hostname. If no matching name-based virtual host is found,
530eba85dbd41b8a0fa5255d3648d1440199a661slive then the first listed virtual host that matched the IP address will be
530eba85dbd41b8a0fa5255d3648d1440199a661slive used. As a consequence, the first listed virtual host for a given IP address
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and port combination is default virtual host for that IP and port
cf1595220a90759be0a39ab8b11c8cb834b698a9ianh combination.</p>
cf1595220a90759be0a39ab8b11c8cb834b698a9ianh <p>See the <a href="/misc/security_tips.html">security tips</a>
cf1595220a90759be0a39ab8b11c8cb834b698a9ianh document for details on why your security could be compromised if the
cf1595220a90759be0a39ab8b11c8cb834b698a9ianh directory where log files are stored is writable by anyone other
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh than the user that starts the server.</p>
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh<seealso><a href="/vhosts/">Apache HTTP Server Virtual Host documentation</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/dns-caveats.html">Issues Regarding DNS and
abad96c7b1becfc55c29a2933d909aa0b37b0fe0humbedooh which addresses and ports Apache HTTP Server uses</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/sections.html">How <Directory>, <Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <Files> sections work</a> for an explanation of how these
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different sections are combined when a request is received</seealso>
abad96c7b1becfc55c29a2933d909aa0b37b0fe0humbedooh</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</modulesynopsis>