core.xml revision 5528d1a30ae8560e2d7a96d734ffe31500dc6113
530eba85dbd41b8a0fa5255d3648d1440199a661slive<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
e942c741056732f50da2074b36fe59805d370650slive<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
5f5d1b4cc970b7f06ff8ef6526128e9a27303d88nd<!-- $LastChangedRevision$ -->
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding Copyright 2002-2005 The Apache Software Foundation or its licensors, as
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding applicable.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding Licensed under the Apache License, Version 2.0 (the "License");
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding you may not use this file except in compliance with the License.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding You may obtain a copy of the License at
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Unless required by applicable law or agreed to in writing, software
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd distributed under the License is distributed on an "AS IS" BASIS,
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd See the License for the specific language governing permissions and
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd limitations under the License.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Core Apache HTTP Server features that are always
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveavailable</description>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<directivesynopsis>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<description>Configures optimizations for a Protocol's Listener Sockets</description>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<syntax>AcceptFilter <var>protocol</var> <var>accept_filter</var></syntax>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<contextlist><context>server config</context></contextlist>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<compatibility>Available in Apache 2.1.5 and later</compatibility>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <p>This directive enables operating system specific optimizations for a
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic listening socket by the Protocol type. The basic premise is for the
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic kernel to not send a socket to the server process until either data
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic is received or an entire HTTP Request is buffered. Only
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic <a href="http://www.freebsd.org/cgi/man.cgi?query=accept_filter&sektion=9">
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic FreeBSD's Accept Filters</a> and Linux's more primitive
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <code>TCP_DEFER_ACCEPT</code> are currently supported.</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor AcceptFilter http httpready <br/>
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe AcceptFilter https dataready
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <p>The <code>httpready</code> accept filter buffers entire HTTP requests at
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier the kernel level. Once an entire request is recieved, the kernel then
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier sends it to the server. See the
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_http&sektion=9">
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier accf_http(9)</a> man page for more details. Since HTTPS requests are
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier encrypted only the <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_data&sektion=9">
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna AcceptFilter http data <br/>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna AcceptFilter https data
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>Linux's <code>TCP_DEFER_ACCEPT</code> does not support buffering http
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor requests. Any value besides <code>none</code> will enable
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <code>TCP_DEFER_ACCEPT</code> on that listener. For more details
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor see the Linux
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <a href="http://homepages.cwi.nl/~aeb/linux/man2html/man7/tcp.7.html">
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <p>Using <code>none</code> for an argument will disable any accept filters
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna for that protocol. This is useful for protocols that require a server
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna</directivesynopsis>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<directivesynopsis>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna<description>Resources accept trailing pathname information</description>
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe<context>virtual host</context><context>directory</context>
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe<compatibility>Available in Apache 2.0.30 and later</compatibility>
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe <p>This directive controls whether requests that contain trailing
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe pathname information that follows an actual filename (or
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe non-existent file in an existing directory) will be accepted or
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe rejected. The trailing pathname information can be made
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe available to scripts in the <code>PATH_INFO</code> environment
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe variable.</p>
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe <p>For example, assume the location <code>/test/</code> points to
5ae609a8a09239d20f48a4a95c4f21b713995babwrowe a directory that contains only the single file
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <p>The three possible arguments for the
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <directive>AcceptPathInfo</directive> directive are:</p>
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna <dt><code>Off</code></dt><dd>A request will only be accepted if it
7e8f5c6496b3825b6b128e2aacc4b1b09d28553dpquerna maps to a literal path that exists. Therefore a request with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive trailing pathname information after the true filename such as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>/test/here.html/more</code> in the above example will return
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess a 404 NOT FOUND error.</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dt><code>On</code></dt><dd>A request will be accepted if a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive leading path component maps to a file that exists. The above
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive example <code>/test/here.html/more</code> will be accepted if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>/test/here.html</code> maps to a valid file.</dd>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <dt><code>Default</code></dt><dd>The treatment of requests with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive trailing pathname information is determined by the <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/handler.html">handler</a> responsible for the request.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The core handler for normal files defaults to rejecting
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>PATH_INFO</code> requests. Handlers that serve scripts, such as <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The primary purpose of the <code>AcceptPathInfo</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive is to allow you to override the handler's choice of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive accepting or rejecting <code>PATH_INFO</code>. This override is required,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive for example, when you use a <a href="/filter.html">filter</a>, such
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive as <a href="mod_include.html">INCLUDES</a>, to generate content
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive based on <code>PATH_INFO</code>. The core handler would usually reject
fb77c505254b6e9c925e23e734463e87574f8f40kess the request, so you can use the following configuration to enable
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive such a script:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Options +Includes<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive SetOutputFilter INCLUDES<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive AcceptPathInfo On<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Files>
fb77c505254b6e9c925e23e734463e87574f8f40kess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Name of the distributed configuration file</description>
fb77c505254b6e9c925e23e734463e87574f8f40kess<syntax>AccessFileName <var>filename</var> [<var>filename</var>] ...</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
bc4b55ec8f31569d606d5680d50189a355bcd7a6rbowen</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>While processing a request the server looks for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the first existing configuration file from this list of names in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive every directory of the path to the document, if distributed
fb77c505254b6e9c925e23e734463e87574f8f40kess configuration files are <a href="#allowoverride">enabled for that
fb77c505254b6e9c925e23e734463e87574f8f40kess AccessFileName .acl
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p>before returning the document
130d299c4b2b15be45532a176604c71fdc7bea5bnd <code>/usr/local/web/index.html</code>, the server will read
130d299c4b2b15be45532a176604c71fdc7bea5bnd <code>/usr/local/.acl</code> and <code>/usr/local/web/.acl</code>
130d299c4b2b15be45532a176604c71fdc7bea5bnd for directives, unless they have been disabled with</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <Directory /><br />
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd AllowOverride None<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">AllowOverride</directive></seealso>
003f0c9fda6664daf5092a0e42f65ede20098153slive<seealso><a href="/configuring.html">Configuration Files</a></seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<seealso><a href="/howto/htaccess.html">.htaccess Files</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Default charset parameter to be added when a response
313bb560bc5c323cfd40c9cad7335b4b8e060aedkesscontent-type is <code>text/plain</code> or <code>text/html</code></description>
003f0c9fda6664daf5092a0e42f65ede20098153slive<syntax>AddDefaultCharset On|Off|<var>charset</var></syntax>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<context>virtual host</context><context>directory</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive specifies a default value for the media type
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive charset parameter (the name of a character encoding) to be added
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to a response if and only if the response's content-type is either
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>text/plain</code> or <code>text/html</code>. This should override
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive any charset specified in the body of the response via a <code>META</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive element, though the exact behavior is often dependent on the user's client
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configuration. A setting of <code>AddDefaultCharset Off</code>
130d299c4b2b15be45532a176604c71fdc7bea5bnd disables this functionality. <code>AddDefaultCharset On</code> enables
130d299c4b2b15be45532a176604c71fdc7bea5bnd a default charset of <code>iso-8859-1</code>. Any other value is assumed
130d299c4b2b15be45532a176604c71fdc7bea5bnd to be the <var>charset</var> to be used, which should be one of the
130d299c4b2b15be45532a176604c71fdc7bea5bnd <a href="http://www.iana.org/assignments/character-sets">IANA registered
130d299c4b2b15be45532a176604c71fdc7bea5bnd charset values</a> for use in MIME media types.
130d299c4b2b15be45532a176604c71fdc7bea5bnd For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive AddDefaultCharset utf-8
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive>AddDefaultCharset</directive> should only be used when all
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of the text resources to which it applies are known to be in that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive character encoding and it is too inconvenient to label their charset
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive individually. One such example is to add the charset parameter
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding to resources containing generated content, such as legacy CGI
684f2a9a422185adda0692a1203c5ad6687fc5c5nd scripts, that might be vulnerable to cross-site scripting attacks
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd due to user-provided data being included in the output. Note, however,
530eba85dbd41b8a0fa5255d3648d1440199a661slive that a better solution is to just fix (or delete) those scripts, since
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive setting a default charset does not protect users that have enabled
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the "auto-detect character encoding" feature on their browser.</p>
003f0c9fda6664daf5092a0e42f65ede20098153slive<seealso><directive module="mod_mime">AddCharset</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding<directivesynopsis>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding<description>assigns an output filter to a particular MIME-type</description>
684f2a9a422185adda0692a1203c5ad6687fc5c5nd<syntax>AddOutputFilterByType <var>filter</var>[;<var>filter</var>...]
a8ce9095d102e43fecb81093a132b90b9a227f78kess<var>MIME-type</var> [<var>MIME-type</var>] ...</syntax>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding<context>virtual host</context><context>directory</context>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding<compatibility>Available in Apache 2.0.33 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/filter.html">filter</a> for a request depending on the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The following example uses the <code>DEFLATE</code> filter, which
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding is provided by <module>mod_deflate</module>. It will compress all
684f2a9a422185adda0692a1203c5ad6687fc5c5nd output (either static or dynamic) which is labeled as
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding <code>text/html</code> or <code>text/plain</code> before it is sent
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding to the client.</p>
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding <p>If you want the content to be processed by more than one filter, their
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding names have to be separated by semicolons. It's also possible to use one
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>AddOutputFilterByType</directive> directive for each of
843a03fe0b138a4c1f64cb90a014e9417ac30691fielding these filters.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The configuration below causes all script output labeled as
77ead9e0262e4f08ec336d1a65b2edef7705c839nd <code>INCLUDES</code> filter and then by the <code>DEFLATE</code>
9583adab6bc4b3758e41963c905d9dad9f067131nd filter.</p>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd <Location /cgi-bin/><br />
77ead9e0262e4f08ec336d1a65b2edef7705c839nd Options Includes<br />
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier AddOutputFilterByType INCLUDES;DEFLATE text/html<br />
77ead9e0262e4f08ec336d1a65b2edef7705c839nd </Location>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd </example>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd <p>Enabling filters with <directive>AddOutputFilterByType</directive>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier may fail partially or completely in some cases. For example, no
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier filters are applied if the <glossary>MIME-type</glossary> could not be determined and falls
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier back to the <directive module="core">DefaultType</directive> setting,
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier even if the <directive module="core">DefaultType</directive> is the
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier <p>However, if you want to make sure, that the filters will be
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier applied, assign the content type to a resource explicitly, for
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier example with <directive module="mod_mime">AddType</directive> or
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier <directive module="core">ForceType</directive>. Setting the
77ead9e0262e4f08ec336d1a65b2edef7705c839nd content type within a (non-nph) CGI script is also safe.</p>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd <p>The by-type output filters are never applied on proxy requests.</p>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier<seealso><directive module="mod_mime">AddOutputFilter</directive></seealso>
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier<seealso><directive module="core">SetOutputFilter</directive></seealso>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd</directivesynopsis>
77ead9e0262e4f08ec336d1a65b2edef7705c839nd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Determines whether encoded path separators in URLs are allowed to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivebe passed through</description>
fb77c505254b6e9c925e23e734463e87574f8f40kess<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
4ea161d94782fa56f4b36d496f35ff8577c43065covener<compatibility>Available in Apache 2.0.46 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>AllowEncodedSlashes</directive> directive allows URLs
fb77c505254b6e9c925e23e734463e87574f8f40kess which contain encoded path separators (<code>%2F</code> for <code>/</code>
fb77c505254b6e9c925e23e734463e87574f8f40kess and additionally <code>%5C</code> for <code>\</code> on according systems)
fb77c505254b6e9c925e23e734463e87574f8f40kess to be used. Normally such URLs are refused with a 404 (Not found) error.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Turning <directive>AllowEncodedSlashes</directive> <code>On</code> is
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess mostly useful when used in conjunction with <code>PATH_INFO</code>.</p>
b12b918ae6baf9c5762ed61b7393d0e2198378c0nd <p>Allowing encoded slashes does <em>not</em> imply <em>decoding</em>.
b12b918ae6baf9c5762ed61b7393d0e2198378c0nd Occurrences of <code>%2F</code> or <code>%5C</code> (<em>only</em> on
b12b918ae6baf9c5762ed61b7393d0e2198378c0nd according systems) will be left as such in the otherwise decoded URL
b12b918ae6baf9c5762ed61b7393d0e2198378c0nd string.</p>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<seealso><directive module="core">AcceptPathInfo</directive></seealso>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri</directivesynopsis>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Types of directives that are allowed in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>AllowOverride All|None|<var>directive-type</var>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>directory</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When the server finds an <code>.htaccess</code> file (as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive specified by <directive module="core">AccessFileName</directive>)
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive it needs to know which directives declared in that file can override
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive earlier configuration directives.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note><title>Only available in <Directory> sections</title>
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz <directive type="section" module="core">Directory</directive>
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz sections specified without regular expressions, not in <directive
9ed9eaf871c58d281af02e76125ceadb5060afa5nd type="section" module="core">Location</directive>, <directive
9cd3b05d7b70f07a742bbaf548fa4fa2bdbe5ce6noodl module="core" type="section">DirectoryMatch</directive> or
9cd3b05d7b70f07a742bbaf548fa4fa2bdbe5ce6noodl <directive type="section" module="core">Files</directive> sections.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When this directive is set to <code>None</code>, then
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <a href="#accessfilename">.htaccess</a> files are completely ignored.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive In this case, the server will not even attempt to read
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <p>When this directive is set to <code>All</code>, then any
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding directive which has the .htaccess <a
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding href="directive-dict.html#Context">Context</a> is allowed in
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <p>The <var>directive-type</var> can be one of the following
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding groupings of directives.</p>
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem Allow use of the authorization directives (<directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem <directive module="mod_authn_dbm">AuthDBMUserFile</directive>,
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem <directive module="mod_authz_groupfile">AuthGroupFile</directive>,
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem <directive module="core">AuthType</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="mod_authn_file">AuthUserFile</directive>, <directive
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem module="core">Require</directive>, <em>etc.</em>).</dd>
5528d1a30ae8560e2d7a96d734ffe31500dc6113rpluem Allow use of the directives controlling document types (<directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_negotiation">LanguagePriority</directive>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core">SetHandler</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives, <em>etc.</em>), document meta data (<directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_headers">RequestHeader</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_setenvif">SetEnvIf</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_setenvif">SetEnvIfNoCase</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_setenvif">BrowserMatch</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_usertrack">CookieExpires</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_usertrack">CookieDomain</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_usertrack">CookieStyle</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_usertrack">CookieTracking</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_rewrite">RewriteEngine</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_rewrite">RewriteOptions</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_rewrite">RewriteBase</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_rewrite">RewriteCond</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Allow use of the directives controlling directory indexing
103a93c625bcde1a6a7a5155b64dcda36f612180pquerna (<directive
f23fb63b05f89f47d7a3099491f2c68dcce432e9kess <directive module="mod_autoindex">AddIcon</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_autoindex">AddIconByType</directive>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_autoindex">DefaultIcon</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_dir">DirectoryIndex</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_autoindex">FancyIndexing</directive>, <directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd module="mod_autoindex">HeaderName</directive>, <directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd module="mod_autoindex">IndexIgnore</directive>, <directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd module="mod_autoindex">IndexOptions</directive>, <directive
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor Allow use of the directives controlling host access (<directive
da637bcae7b6e150470e701af29da5604a34a17erbowen module="mod_authz_host">Allow</directive>, <directive
da637bcae7b6e150470e701af29da5604a34a17erbowen module="mod_authz_host">Deny</directive> and <directive
113961f0559eb026ea0d379cb7350f82bc09d710druggeri Allow use of the directives controlling specific directory
113961f0559eb026ea0d379cb7350f82bc09d710druggeri features (<directive module="core">Options</directive> and
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <directive module="mod_include">XBitHack</directive>).
113961f0559eb026ea0d379cb7350f82bc09d710druggeri An equal sign may be given followed by a comma (but no spaces)
113961f0559eb026ea0d379cb7350f82bc09d710druggeri separated lists of options that may be set using the <directive
113961f0559eb026ea0d379cb7350f82bc09d710druggeri AllowOverride AuthConfig Indexes
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <p>In the example above all directives that are neither in the group
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <code>AuthConfig</code> nor <code>Indexes</code> cause an internal
113961f0559eb026ea0d379cb7350f82bc09d710druggeri server error.</p>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<seealso><directive module="core">AccessFileName</directive></seealso>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<seealso><a href="/configuring.html">Configuration Files</a></seealso>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<seealso><a href="/howto/htaccess.html">.htaccess Files</a></seealso>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri</directivesynopsis>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<directivesynopsis>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<description>Authorization realm for use in HTTP
113961f0559eb026ea0d379cb7350f82bc09d710druggeriauthentication</description>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri<contextlist><context>directory</context><context>.htaccess</context>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri</contextlist>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <p>This directive sets the name of the authorization realm for a
113961f0559eb026ea0d379cb7350f82bc09d710druggeri directory. This realm is given to the client so that the user
113961f0559eb026ea0d379cb7350f82bc09d710druggeri knows which username and password to send.
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <directive>AuthName</directive> takes a single argument; if the
113961f0559eb026ea0d379cb7350f82bc09d710druggeri realm name contains spaces, it must be enclosed in quotation
113961f0559eb026ea0d379cb7350f82bc09d710druggeri marks. It must be accompanied by <directive
113961f0559eb026ea0d379cb7350f82bc09d710druggeri module="core">Require</directive> directives, and directives such
113961f0559eb026ea0d379cb7350f82bc09d710druggeri as <directive module="mod_authn_file">AuthUserFile</directive> and
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <directive module="mod_authz_groupfile">AuthGroupFile</directive> to
113961f0559eb026ea0d379cb7350f82bc09d710druggeri AuthName "Top Secret"
113961f0559eb026ea0d379cb7350f82bc09d710druggeri <p>The string provided for the <code>AuthName</code> is what will
113961f0559eb026ea0d379cb7350f82bc09d710druggeri appear in the password dialog provided by most browsers.</p>
113961f0559eb026ea0d379cb7350f82bc09d710druggeri href="/howto/auth.html">Authentication, Authorization, and
54bcd0e21a5c79158afd3b78bf707a493a5fb33crbowen</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes<description>Type of user authentication</description>
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes<contextlist><context>directory</context><context>.htaccess</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess</contextlist>
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes <p>This directive selects the type of user authentication for a
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes directory. Only <code>Basic</code> and <code>Digest</code> are
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes currently implemented.
fb77c505254b6e9c925e23e734463e87574f8f40kess It must be accompanied by <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess module="core">Require</directive> directives, and directives such
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess as <directive module="mod_authn_file">AuthUserFile</directive> and
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes <directive module="mod_authz_groupfile">AuthGroupFile</directive> to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/howto/auth.html">Authentication, Authorization,
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Technique for locating the interpreter for CGI
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivescripts</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>CGIMapExtension <var>cgi-path</var> <var>.extension</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
5bb5fba250bf526bc51d13b25378d54acb93c1cbnoodl <p>This directive is used to control how Apache finds the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive interpreter used to run CGI scripts. For example, setting
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive cause all CGI script files with a <code>.foo</code> extension to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive be passed to the FOO interpreter.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Enables the generation of <code>Content-MD5</code> HTTP Response
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndheaders</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>This directive enables the generation of
fb77c505254b6e9c925e23e734463e87574f8f40kess respectively RFC2068.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>MD5 is an algorithm for computing a "message digest"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (sometimes called "fingerprint") of arbitrary-length data, with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a high degree of confidence that any alterations in the data
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive will be reflected in alterations in the message digest.</p>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <p>The <code>Content-MD5</code> header provides an end-to-end
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding message integrity check (MIC) of the entity-body. A proxy or
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding client may check this header for detecting accidental
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding modification of the entity-body in transit. Example header:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Note that this can cause performance problems on your server
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen since the message digest is computed on every request (the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive values are not cached).</p>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <p><code>Content-MD5</code> is only sent for documents served
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding by the <module>core</module>, and not by any module. For example,
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding SSI documents, output from CGI scripts, and byte range responses
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive do not have this header.</p>
e4881891552e185a7408318dfc7f62ebabe73cf6niq</directivesynopsis>
e4881891552e185a7408318dfc7f62ebabe73cf6niq<directivesynopsis>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding<description>MIME content-type that will be sent if the
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fieldingserver cannot determine a type in any other way</description>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding<contextlist><context>server config</context><context>virtual host</context>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding<context>directory</context><context>.htaccess</context>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>There will be times when the server is asked to provide a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive document whose type cannot be determined by its <glossary
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf <p>The server must inform the client of the content-type of the
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf document, so in the event of an unknown type it uses the
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf </example>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf <p>would be appropriate for a directory which contained many GIF
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf images with filenames missing the <code>.gif</code> extension.</p>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf provides the default mime-type. All other mime-type definitions,
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf including filename extensions, that might identify the media type
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf will override this default.</p>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf</directivesynopsis>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf<description>Enclose a group of directives that apply only to the
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsfnamed file-system directory and sub-directories</description>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf... </Directory></syntax>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf<contextlist><context>server config</context><context>virtual host</context>
141fd59714368d3bbe3a3d8f5b8dc8a516c48f9fsf</contextlist>
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl <code></Directory></code> are used to enclose a group of
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl directives that will apply only to the named directory and
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl sub-directories of that directory. Any directive that is allowed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive in a directory context may be used. <var>Directory-path</var> is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive either the full path to a directory, or a wild-card string using
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Unix shell-style matching. In a wild-card string, <code>?</code> matches
898475b582dd849de5915df0f2089b72ed8b2e2bcovener any single character, and <code>*</code> matches any sequences of
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd characters. You may also use <code>[]</code> character ranges. None
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of the wildcards match a `/' character, so <code><Directory
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive /*/public_html></code> will not match
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>/home/user/public_html</code>, but <code><Directory
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive /home/*/public_html></code> will match. Example:</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor Options Indexes FollowSymLinks<br />
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </Directory>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>Be careful with the <var>directory-path</var> arguments:
fb77c505254b6e9c925e23e734463e87574f8f40kess They have to literally match the filesystem path which Apache uses
003f0c9fda6664daf5092a0e42f65ede20098153slive to access the files. Directives applied to a particular
003f0c9fda6664daf5092a0e42f65ede20098153slive <code><Directory></code> will not apply to files accessed from
003f0c9fda6664daf5092a0e42f65ede20098153slive that same directory via a different path, such as via different symbolic
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd links.</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd expressions</glossary> can also be used, with the addition of the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <Directory ~ "^/www/.*/[0-9]{3}">
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </example>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <p>would match directories in <code>/www/</code> that consisted of
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd three numbers.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd match the directory (or one of its parents) containing a document,
b06660a3ed3d885e15d99c0209a46c4657df33fbrbowen then the directives are applied in the order of shortest match
030108b1816bcda3d925df65357feabdce83bc94slive first, interspersed with the directives from the <a
030108b1816bcda3d925df65357feabdce83bc94slive href="#accessfilename">.htaccess</a> files. For example,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <Directory /><br />
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd AllowOverride None<br />
fb77c505254b6e9c925e23e734463e87574f8f40kess </Directory><br />
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess <Directory /home/><br />
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess AllowOverride FileInfo<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>for access to the document <code>/home/web/dir/doc.html</code>
130d299c4b2b15be45532a176604c71fdc7bea5bnd the steps are:</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <li>Apply directive <code>AllowOverride FileInfo</code> (for
130d299c4b2b15be45532a176604c71fdc7bea5bnd <code>/home/.htaccess</code>, <code>/home/web/.htaccess</code> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Regular expressions are not considered until after all of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive normal sections have been applied. Then all of the regular
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive expressions are tested in the order they appeared in the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configuration file. For example, with</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <Directory ~ abc$><br />
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess # ... directives here ...<br />
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </Directory>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>the regular expression section won't be considered until after
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive all normal <directive type="section">Directory</directive>s and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>.htaccess</code> files have been applied. Then the regular
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive expression will match on <code>/home/abc/public_html/abc</code> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the corresponding <directive type="section">Directory</directive> will
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive be applied.</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <code><Directory /></code> is <code>Allow from All</code>.
130d299c4b2b15be45532a176604c71fdc7bea5bnd This means that Apache will serve any file mapped from an URL. It is
130d299c4b2b15be45532a176604c71fdc7bea5bnd recommended that you change this with a block such
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <Directory /><br />
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess Order Deny,Allow<br />
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess Deny from All<br />
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess </Directory>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess </example>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen <p><strong>and then override this for directories you
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen href="/misc/security_tips.html">Security Tips</a> page for more
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The directory sections occur in the <code>httpd.conf</code> file.
130d299c4b2b15be45532a176604c71fdc7bea5bnd <directive type="section">Directory</directive> directives
130d299c4b2b15be45532a176604c71fdc7bea5bnd cannot nest, and cannot appear in a <directive module="core"
130d299c4b2b15be45532a176604c71fdc7bea5bnd type="section">Limit</directive> or <directive module="core"
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <Location> and <Files> sections work</a> for an
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive explanation of how these different sections are combined when a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request is received</seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<description>Enclose directives that apply to
fb77c505254b6e9c925e23e734463e87574f8f40kessfile-system directories matching a regular expression and their
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivesubdirectories</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive... </DirectoryMatch></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">DirectoryMatch</directive> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code></DirectoryMatch></code> are used to enclose a group
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of directives which will apply only to the named directory and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive sub-directories of that directory, the same as <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core" type="section">Directory</directive>. However, it
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <DirectoryMatch "^/www/(.+/)?[0-9]{3}">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>would match directories in <code>/www/</code> that consisted of three
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive numbers.</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<seealso><directive type="section" module="core">Directory</directive> for
031bbbc0d1189b07330e38d0c126820a9ab7795egryzora description of how regular expressions are mixed in with normal
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<directive type="section">Directory</directive>s</seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndhref="/sections.html">How <Directory>, <Location> and
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<Files> sections work</a> for an explanation of how these different
6954edc623ca2c179eb5b33e97e4304d06fd649frbowensections are combined when a request is received</seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener<description>Directory that forms the main document tree visible
fa1c7ce09927decc1eecd1e9a35cc5331078a052covenerfrom the web</description>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener<syntax>DocumentRoot <var>directory-path</var></syntax>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener<default>DocumentRoot /usr/local/apache/htdocs</default>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener<contextlist><context>server config</context><context>virtual host</context>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener</contextlist>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener <p>This directive sets the directory from which <program>httpd</program>
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener will serve files. Unless matched by a directive like <directive
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor module="mod_alias">Alias</directive>, the server appends the
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor path from the requested URL to the document root to make the
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener path to the document. Example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>then an access to
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <code>http://www.my.host.com/index.html</code> refers to
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <code>/usr/web/index.html</code>. If the <var>directory-path</var> is
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess not absolute then it is assumed to be relative to the <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>DocumentRoot</directive> should be specified without
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a trailing slash.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/urlmapping.html">Mapping URLs to Filesystem
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Use memory-mapping to read files during delivery</description>
fb77c505254b6e9c925e23e734463e87574f8f40kess<contextlist><context>server config</context><context>virtual host</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess<context>directory</context><context>.htaccess</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This directive controls whether the <program>httpd</program> may use
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd memory-mapping if it needs to read the contents of a file during
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive delivery. By default, when the handling of a request requires
ffe8ed2cd88be2c415ddef11f50394c52df9190ctrawick access to the data within a file -- for example, when delivering a
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor server-parsed file using <module>mod_include</module> -- Apache
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor memory-maps the file if the OS supports it.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This memory-mapping sometimes yields a performance improvement.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive But in some environments, it is better to disable the memory-mapping
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to prevent operational problems:</p>
1b01d1ee11c612226cb3141eed4581dc179266c1rbowen <li>On some multiprocessor systems, memory-mapping can reduce the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>With an NFS-mounted <directive module="core">DocumentRoot</directive>,
6b15044d54a096e6323ff1540f1a491e8de7622dsf the <program>httpd</program> may crash due to a segmentation fault if a file
6b15044d54a096e6323ff1540f1a491e8de7622dsf is deleted or truncated while the <program>httpd</program> has it
6b15044d54a096e6323ff1540f1a491e8de7622dsf memory-mapped.</li>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>For server configurations that are vulnerable to these problems,
6b15044d54a096e6323ff1540f1a491e8de7622dsf you should disable memory-mapping of delivered files by specifying:</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf EnableMMAP Off
6b15044d54a096e6323ff1540f1a491e8de7622dsf </example>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>For NFS mounted files, this feature may be disabled explicitly for
6b15044d54a096e6323ff1540f1a491e8de7622dsf the offending files by specifying:</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <Directory "/path-to-nfs-files">
6b15044d54a096e6323ff1540f1a491e8de7622dsf EnableMMAP Off
6b15044d54a096e6323ff1540f1a491e8de7622dsf </Directory>
6b15044d54a096e6323ff1540f1a491e8de7622dsf </example>
6b15044d54a096e6323ff1540f1a491e8de7622dsf</directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<description>Use the kernel sendfile support to deliver files to the client</description>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<contextlist><context>server config</context><context>virtual host</context>
6b15044d54a096e6323ff1540f1a491e8de7622dsf</contextlist>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<compatibility>Available in version 2.0.44 and later</compatibility>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>This directive controls whether <program>httpd</program> may use the
6b15044d54a096e6323ff1540f1a491e8de7622dsf sendfile support from the kernel to transmit file contents to the client.
6b15044d54a096e6323ff1540f1a491e8de7622dsf By default, when the handling of a request requires no access
6b15044d54a096e6323ff1540f1a491e8de7622dsf to the data within a file -- for example, when delivering a
6b15044d54a096e6323ff1540f1a491e8de7622dsf static file -- Apache uses sendfile to deliver the file contents
6b15044d54a096e6323ff1540f1a491e8de7622dsf without ever reading the file if the OS supports it.</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>This sendfile mechanism avoids separate read and send operations,
6b15044d54a096e6323ff1540f1a491e8de7622dsf and buffer allocations. But on some platforms or within some
6b15044d54a096e6323ff1540f1a491e8de7622dsf filesystems, it is better to disable this feature to avoid
6b15044d54a096e6323ff1540f1a491e8de7622dsf operational problems:</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <li>Some platforms may have broken sendfile support that the build
6b15044d54a096e6323ff1540f1a491e8de7622dsf system did not detect, especially if the binaries were built on
6b15044d54a096e6323ff1540f1a491e8de7622dsf another box and moved to such a machine with broken sendfile
6b15044d54a096e6323ff1540f1a491e8de7622dsf support.</li>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <li>On Linux the use of sendfile triggers TCP-checksum
6b15044d54a096e6323ff1540f1a491e8de7622dsf offloading bugs on certain networking cards when using IPv6.</li>
6b15044d54a096e6323ff1540f1a491e8de7622dsf module="core">DocumentRoot</directive> (e.g., NFS or SMB),
6b15044d54a096e6323ff1540f1a491e8de7622dsf the kernel may be unable to serve the network file through
6b15044d54a096e6323ff1540f1a491e8de7622dsf its own cache.</li>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>For server configurations that are vulnerable to these problems,
6b15044d54a096e6323ff1540f1a491e8de7622dsf you should disable this feature by specifying:</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf EnableSendfile Off
6b15044d54a096e6323ff1540f1a491e8de7622dsf </example>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>For NFS or SMB mounted files, this feature may be disabled explicitly
6b15044d54a096e6323ff1540f1a491e8de7622dsf for the offending files by specifying:</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <Directory "/path-to-nfs-files">
6b15044d54a096e6323ff1540f1a491e8de7622dsf EnableSendfile Off
6b15044d54a096e6323ff1540f1a491e8de7622dsf </Directory>
6b15044d54a096e6323ff1540f1a491e8de7622dsf </example>
6b15044d54a096e6323ff1540f1a491e8de7622dsf</directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<description>What the server will return to the client
6b15044d54a096e6323ff1540f1a491e8de7622dsfin case of an error</description>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<syntax>ErrorDocument <var>error-code</var> <var>document</var></syntax>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<contextlist><context>server config</context><context>virtual host</context>
6b15044d54a096e6323ff1540f1a491e8de7622dsf</contextlist>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<compatibility>Quoting syntax for text messages is different in Apache
6b15044d54a096e6323ff1540f1a491e8de7622dsf2.0</compatibility>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>In the event of a problem or error, Apache can be configured
af18698b10b429b270551ca3a5d51a75e1c9db22brianp to do one of four things,</p>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp <li>redirect to a local <var>URL-path</var> to handle the
af18698b10b429b270551ca3a5d51a75e1c9db22brianp <li>redirect to an external <var>URL</var> to handle the
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The first option is the default, while options 2-4 are
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen configured using the <directive>ErrorDocument</directive>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd directive, which is followed by the HTTP response code and a URL
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd or a message. Apache will sometimes offer additional information
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>URLs can begin with a slash (/) for local web-paths (relative
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd to the <directive module="core">DocumentRoot</directive>), or be a
af18698b10b429b270551ca3a5d51a75e1c9db22brianp full URL which the client can resolve. Alternatively, a message
af18698b10b429b270551ca3a5d51a75e1c9db22brianp can be provided to be displayed by the browser. Examples:</p>
13cbe1d8f52c8097cb581e7eb259693b64d41d10poirier ErrorDocument 500 http://foo.example.com/cgi-bin/tester<br />
af18698b10b429b270551ca3a5d51a75e1c9db22brianp ErrorDocument 403 "Sorry can't allow you access today"
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </example>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>Additionally, the special value <code>default</code> can be used
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd to specify Apache's simple hardcoded message. While not required
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd under normal circumstances, <code>default</code> will restore
fb77c505254b6e9c925e23e734463e87574f8f40kess Apache's simple hardcoded message for configurations that would
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd otherwise inherit an existing <directive>ErrorDocument</directive>.</p>
41ef8b3051855b802104193ee0a587515af60a37wrowe ErrorDocument 404 default<br />
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </Directory>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </example>
41ef8b3051855b802104193ee0a587515af60a37wrowe <p>Note that when you specify an <directive>ErrorDocument</directive>
41ef8b3051855b802104193ee0a587515af60a37wrowe that points to a remote URL (ie. anything with a method such as
41ef8b3051855b802104193ee0a587515af60a37wrowe <code>http</code> in front of it), Apache will send a redirect to the
41ef8b3051855b802104193ee0a587515af60a37wrowe client to tell it where to find the document, even if the
41ef8b3051855b802104193ee0a587515af60a37wrowe document ends up being on the same server. This has several
41ef8b3051855b802104193ee0a587515af60a37wrowe implications, the most important being that the client will not
41ef8b3051855b802104193ee0a587515af60a37wrowe receive the original error status code, but instead will
fb77c505254b6e9c925e23e734463e87574f8f40kess receive a redirect status code. This in turn can confuse web
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf robots and other clients which try to determine if a URL is
41ef8b3051855b802104193ee0a587515af60a37wrowe valid using the status code. In addition, if you use a remote
41ef8b3051855b802104193ee0a587515af60a37wrowe URL in an <code>ErrorDocument 401</code>, the client will not
41ef8b3051855b802104193ee0a587515af60a37wrowe know to prompt the user for a password since it will not
41ef8b3051855b802104193ee0a587515af60a37wrowe receive the 401 status code. Therefore, <strong>if you use an
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf <code>ErrorDocument 401</code> directive then it must refer to a local
41ef8b3051855b802104193ee0a587515af60a37wrowe <p>Microsoft Internet Explorer (MSIE) will by default ignore
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd server-generated error messages when they are "too small" and substitute
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd its own "friendly" error messages. The size threshold varies depending on
41ef8b3051855b802104193ee0a587515af60a37wrowe the type of error, but in general, if you make your error document
41ef8b3051855b802104193ee0a587515af60a37wrowe greater than 512 bytes, then MSIE will show the server-generated
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen error rather than masking it. More information is available in
41ef8b3051855b802104193ee0a587515af60a37wrowe Microsoft Knowledge Base article <a
41ef8b3051855b802104193ee0a587515af60a37wrowe href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807"
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>Although most error messages can be overriden, there are certain
41ef8b3051855b802104193ee0a587515af60a37wrowe circumstances where the internal messages are used regardless of the
41ef8b3051855b802104193ee0a587515af60a37wrowe setting of <directive module="core">ErrorDocument</directive>. In
41ef8b3051855b802104193ee0a587515af60a37wrowe particular, if a malformed request is detected, normal request processing
41ef8b3051855b802104193ee0a587515af60a37wrowe will be immediately halted and the internal error message returned.
41ef8b3051855b802104193ee0a587515af60a37wrowe This is necessary to guard against security problems caused by
9fb925624300c864fe3969a264e52aa83f3c2dd0slive bad requests.</p>
78f4d313fd5edf76dc5cfb8725e082a08cd29740jwoolley <p>Prior to version 2.0, messages were indicated by prefixing
78f4d313fd5edf76dc5cfb8725e082a08cd29740jwoolley them with a single unmatched double quote character.</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</directivesynopsis>
41ef8b3051855b802104193ee0a587515af60a37wrowe<directivesynopsis>
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf<description>Location where the server will log errors</description>
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf<syntax> ErrorLog <var>file-path</var>|syslog[:<var>facility</var>]</syntax>
41ef8b3051855b802104193ee0a587515af60a37wrowe<default>ErrorLog logs/error_log (Unix) ErrorLog logs/error.log (Windows and OS/2)</default>
41ef8b3051855b802104193ee0a587515af60a37wrowe<contextlist><context>server config</context><context>virtual host</context>
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf</contextlist>
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf <p>The <directive>ErrorLog</directive> directive sets the name of
9fb925624300c864fe3969a264e52aa83f3c2dd0slive the file to which the server will log any errors it encounters. If
41ef8b3051855b802104193ee0a587515af60a37wrowe the <var>file-path</var> is not absolute then it is assumed to be
41ef8b3051855b802104193ee0a587515af60a37wrowe relative to the <directive module="core">ServerRoot</directive>.</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </example>
832853bb93c1831daf24e4727c5ca0e1b1786e83lars begins with a pipe (|) then it is assumed to be a command to spawn
832853bb93c1831daf24e4727c5ca0e1b1786e83lars to handle the error log.</p>
832853bb93c1831daf24e4727c5ca0e1b1786e83lars </example>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp <p>Using <code>syslog</code> instead of a filename enables logging
af18698b10b429b270551ca3a5d51a75e1c9db22brianp via syslogd(8) if the system supports it. The default is to use
79c754eb51681c3389cd966753e902c429f78939trawick syslog facility <code>local7</code>, but you can override this by
79c754eb51681c3389cd966753e902c429f78939trawick using the <code>syslog:<var>facility</var></code> syntax where
79c754eb51681c3389cd966753e902c429f78939trawick <var>facility</var> can be one of the names usually documented in
79c754eb51681c3389cd966753e902c429f78939trawick syslog(1).</p>
79c754eb51681c3389cd966753e902c429f78939trawick ErrorLog syslog:user
79c754eb51681c3389cd966753e902c429f78939trawick href="/misc/security_tips.html#serverroot">security tips</a>
79c754eb51681c3389cd966753e902c429f78939trawick document for details on why your security could be compromised
79c754eb51681c3389cd966753e902c429f78939trawick if the directory where log files are stored is writable by
79c754eb51681c3389cd966753e902c429f78939trawick anyone other than the user that starts the server.</p>
79c754eb51681c3389cd966753e902c429f78939trawick <p>When entering a file path on non-Unix platforms, care should be taken
79c754eb51681c3389cd966753e902c429f78939trawick to make sure that only forward slashed are used even though the platform
79c754eb51681c3389cd966753e902c429f78939trawick may allow the use of back slashes. In general it is a good idea to always
79c754eb51681c3389cd966753e902c429f78939trawick use forward slashes throughout the configuration files.</p>
79c754eb51681c3389cd966753e902c429f78939trawick<seealso><directive module="core">LogLevel</directive></seealso>
79c754eb51681c3389cd966753e902c429f78939trawick<seealso><a href="/logs.html">Apache Log Files</a></seealso>
79c754eb51681c3389cd966753e902c429f78939trawick</directivesynopsis>
79c754eb51681c3389cd966753e902c429f78939trawick<directivesynopsis>
79c754eb51681c3389cd966753e902c429f78939trawick<description>File attributes used to create the ETag
79c754eb51681c3389cd966753e902c429f78939trawickHTTP response header</description>
79c754eb51681c3389cd966753e902c429f78939trawick<contextlist><context>server config</context><context>virtual host</context>
79c754eb51681c3389cd966753e902c429f78939trawick<context>directory</context><context>.htaccess</context>
79c754eb51681c3389cd966753e902c429f78939trawick</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The <directive>FileETag</directive> directive configures the file
003f0c9fda6664daf5092a0e42f65ede20098153slive attributes that are used to create the <code>ETag</code> (entity
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive tag) response header field when the document is based on a file.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd (The <code>ETag</code> value is used in cache management to save
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive network bandwidth.) In Apache 1.3.22 and earlier, the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive from the file's inode, size, and last-modified time (mtime). The
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>FileETag</directive> directive allows you to choose
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive which of these -- if any -- should be used. The recognized keywords are:
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>The file's i-node number will be included in the calculation</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>The date and time the file was last modified will be included</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>The number of bytes in the file will be included</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>All available fields will be used. This is equivalent to:
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>If a document is file-based, no <code>ETag</code> field will be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive included in the response</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <code>INode</code>, <code>MTime</code>, and <code>Size</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive keywords may be prefixed with either <code>+</code> or <code>-</code>,
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen which allow changes to be made to the default setting inherited
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive from a broader scope. Any keyword appearing without such a prefix
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive immediately and completely cancels the inherited setting.</p>
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive <p>If a directory's configuration includes
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive <code>FileETag INode MTime Size</code>, and a
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive subdirectory's includes <code>FileETag -INode</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the setting for that subdirectory (which will be inherited by
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd any sub-subdirectories that don't override it) will be equivalent to
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
f7fe99050600166042c04b8e595fb75499eed7f0geoff<description>Contains directives that apply to matched
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowenfilenames</description>
f7fe99050600166042c04b8e595fb75499eed7f0geoff<syntax><Files <var>filename</var>> ... </Files></syntax>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen<contextlist><context>server config</context><context>virtual host</context>
f7fe99050600166042c04b8e595fb75499eed7f0geoff<context>directory</context><context>.htaccess</context>
f7fe99050600166042c04b8e595fb75499eed7f0geoff</contextlist>
f7fe99050600166042c04b8e595fb75499eed7f0geoff <p>The <directive type="section">Files</directive> directive
f7fe99050600166042c04b8e595fb75499eed7f0geoff limits the scope of the enclosed directives by filename. It is comparable
f7fe99050600166042c04b8e595fb75499eed7f0geoff to the <directive module="core" type="section">Directory</directive>
f7fe99050600166042c04b8e595fb75499eed7f0geoff and <directive module="core" type="section">Location</directive>
f7fe99050600166042c04b8e595fb75499eed7f0geoff directives. It should be matched with a <code></Files></code>
f7fe99050600166042c04b8e595fb75499eed7f0geoff directive. The directives given within this section will be applied to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive any object with a basename (last component of filename) matching the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive specified filename. <directive type="section">Files</directive>
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen sections are processed in the order they appear in the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configuration file, after the <directive module="core"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>.htaccess</code> files are read, but before <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">Location</directive> sections. Note
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that <directive type="section">Files</directive> can be nested
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">Directory</directive> sections to restrict the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive portion of the filesystem they apply to.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <var>filename</var> argument should include a filename, or
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess a wild-card string, where <code>?</code> matches any single character,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <code>*</code> matches any sequences of characters.
fb77c505254b6e9c925e23e734463e87574f8f40kess can also be used, with the addition of the
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive <Files ~ "\.(gif|jpe?g|png)$">
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>would match most common Internet graphics formats. <directive
fb77c505254b6e9c925e23e734463e87574f8f40kess module="core" type="section">FilesMatch</directive> is preferred,
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive however.</p>
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive module="core">Directory</directive> and <directive type="section"
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive module="core">Location</directive> sections, <directive
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive type="section">Files</directive> sections can be used inside
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive <code>.htaccess</code> files. This allows users to control access to
69fba5b8aa0b0dc408f649cfdaab064ce120b05bslive their own files, at a file-by-file level.</p>
b5d3d68a9f683722eac7a3ca507c3e571908dfc0rbowen<seealso><a href="/sections.html">How <Directory>, <Location>
b5d3d68a9f683722eac7a3ca507c3e571908dfc0rbowen and <Files> sections work</a> for an explanation of how these
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen different sections are combined when a request is received</seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Contains directives that apply to regular-expression matched
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivefilenames</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax><FilesMatch <var>regex</var>> ... </FilesMatch></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<context>directory</context><context>.htaccess</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">FilesMatch</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive limits the scope of the enclosed directives by filename, just as the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core" type="section">Files</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive does. However, it accepts a <glossary ref="regex">regular
fb109b84906e3ee61680aa289953c2f9e859354erbowen <FilesMatch "\.(gif|jpe?g|png)$">
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>would match most common Internet graphics formats.</p>
960188481b7025ac8ef7221b67af83dd27e46cd0rjung<seealso><a href="/sections.html">How <Directory>, <Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <Files> sections work</a> for an explanation of how these
fb109b84906e3ee61680aa289953c2f9e859354erbowen different sections are combined when a request is received</seealso>
fb109b84906e3ee61680aa289953c2f9e859354erbowen</directivesynopsis>
fb109b84906e3ee61680aa289953c2f9e859354erbowen<directivesynopsis>
960188481b7025ac8ef7221b67af83dd27e46cd0rjung<description>Forces all matching files to be served with the specified
960188481b7025ac8ef7221b67af83dd27e46cd0rjungMIME content-type</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<compatibility>Moved to the core in Apache 2.0</compatibility>
5155e92c6100b47513159eee1b2b9914ab204a5acovener <p>When placed into an <code>.htaccess</code> file or a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Directory</directive>, or
fb109b84906e3ee61680aa289953c2f9e859354erbowen <directive type="section" module="core">Location</directive> or
fb109b84906e3ee61680aa289953c2f9e859354erbowen <directive type="section" module="core">Files</directive>
fb109b84906e3ee61680aa289953c2f9e859354erbowen section, this directive forces all matching files to be served
fb109b84906e3ee61680aa289953c2f9e859354erbowen with the content type identification given by
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>MIME-type</var>. For example, if you had a directory full of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive GIF files, but did not want to label them all with <code>.gif</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive you might want to use:</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>Note that unlike <directive module="core">DefaultType</directive>,
2bac697634d965d9d9a921a99a68b2c454c8a95dbnicholes this directive overrides all mime-type associations, including
2bac697634d965d9d9a921a99a68b2c454c8a95dbnicholes filename extensions, that might identify the media type.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>You can override any <directive>ForceType</directive> setting
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <Location /images><br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </Location><br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf # but normal mime-type associations here:<br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf ForceType None<br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </Location>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </example>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf</directivesynopsis>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<directivesynopsis>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<description>Enables DNS lookups on client IP addresses</description>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<contextlist><context>server config</context><context>virtual host</context>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>This directive enables DNS lookups so that host names can be
e302f38fd646764ce1a1e1c578d794aef514a9e5sf logged (and passed to CGIs/SSIs in <code>REMOTE_HOST</code>).
e302f38fd646764ce1a1e1c578d794aef514a9e5sf The value <code>Double</code> refers to doing double-reverse
e302f38fd646764ce1a1e1c578d794aef514a9e5sf DNS lookup. That is, after a reverse lookup is performed, a forward
e302f38fd646764ce1a1e1c578d794aef514a9e5sf lookup is then performed on that result. At least one of the IP
e302f38fd646764ce1a1e1c578d794aef514a9e5sf addresses in the forward lookup must match the original
e302f38fd646764ce1a1e1c578d794aef514a9e5sf address. (In "tcpwrappers" terminology this is called
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>Regardless of the setting, when <module>mod_authz_host</module> is
e302f38fd646764ce1a1e1c578d794aef514a9e5sf used for controlling access by hostname, a double reverse lookup
e302f38fd646764ce1a1e1c578d794aef514a9e5sf will be performed. This is necessary for security. Note that the
e302f38fd646764ce1a1e1c578d794aef514a9e5sf result of this double-reverse isn't generally available unless you
e302f38fd646764ce1a1e1c578d794aef514a9e5sf set <code>HostnameLookups Double</code>. For example, if only
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf <code>HostnameLookups On</code> and a request is made to an object
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf that is protected by hostname restrictions, regardless of whether
e302f38fd646764ce1a1e1c578d794aef514a9e5sf the double-reverse fails or not, CGIs will still be passed the
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>The default is <code>Off</code> in order to save the network
e302f38fd646764ce1a1e1c578d794aef514a9e5sf traffic for those sites that don't truly need the reverse
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf lookups done. It is also better for the end users because they
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf don't have to suffer the extra latency that a lookup entails.
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf Heavily loaded sites should leave this directive
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf <code>Off</code>, since DNS lookups can take considerable
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf amounts of time. The utility <program>logresolve</program>, compiled by
e302f38fd646764ce1a1e1c578d794aef514a9e5sf default to the <code>bin</code> subdirectory of your installation
e302f38fd646764ce1a1e1c578d794aef514a9e5sf directory, can be used to look up host names from logged IP addresses
e302f38fd646764ce1a1e1c578d794aef514a9e5sf offline.</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf</directivesynopsis>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<description>Encloses directives that will be processed only
e302f38fd646764ce1a1e1c578d794aef514a9e5sfif a test is true at startup</description>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </IfDefine></syntax>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<contextlist><context>server config</context><context>virtual host</context>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf</contextlist>
4497075b5e08b0c8ee89425a1758258ae80550fcsf <p>The <code><IfDefine <var>test</var>>...</IfDefine>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </code> section is used to mark directives that are conditional. The
e302f38fd646764ce1a1e1c578d794aef514a9e5sf directives within an <directive type="section">IfDefine</directive>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf section are only processed if the <var>test</var> is true. If <var>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf test</var> is false, everything between the start and end markers is
e302f38fd646764ce1a1e1c578d794aef514a9e5sf ignored.</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf >IfDefine</directive> section directive can be one of two forms:</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>In the former case, the directives between the start and end
e302f38fd646764ce1a1e1c578d794aef514a9e5sf markers are only processed if the parameter named
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <var>parameter-name</var> is defined. The second format reverses
e302f38fd646764ce1a1e1c578d794aef514a9e5sf the test, and only processes the directives if
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <var>parameter-name</var> is <strong>not</strong> defined.</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>The <var>parameter-name</var> argument is a define as given on
e302f38fd646764ce1a1e1c578d794aef514a9e5sf the <program>httpd</program> command line via <code>-D<var>parameter-</var>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p><directive type="section">IfDefine</directive> sections are
e302f38fd646764ce1a1e1c578d794aef514a9e5sf nest-able, which can be used to implement simple
e302f38fd646764ce1a1e1c578d794aef514a9e5sf multiple-parameter tests. Example:</p>
4497075b5e08b0c8ee89425a1758258ae80550fcsf httpd -DReverseProxy ...<br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <IfDefine ReverseProxy><br />
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </IfDefine>
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf </example>
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf</directivesynopsis>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<description>Encloses directives that are processed conditional on the
e302f38fd646764ce1a1e1c578d794aef514a9e5sfpresence or absence of a specific module</description>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<syntax><IfModule [!]<var>module-file</var>|<var>module-identifier</var>> ...
e302f38fd646764ce1a1e1c578d794aef514a9e5sf </IfModule></syntax>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<contextlist><context>server config</context><context>virtual host</context>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf</contextlist>
9228509ac5da8374df4a5d50b7da139e7b31f8a3sf<compatibility>Module identifiers are available in version 2.1 and
9228509ac5da8374df4a5d50b7da139e7b31f8a3sflater.</compatibility>
9228509ac5da8374df4a5d50b7da139e7b31f8a3sf <p>The <code><IfModule <var>test</var>>...</IfModule></code>
9228509ac5da8374df4a5d50b7da139e7b31f8a3sf section is used to mark directives that are conditional on the presence of
9228509ac5da8374df4a5d50b7da139e7b31f8a3sf a specific module. The directives within an <directive type="section"
9228509ac5da8374df4a5d50b7da139e7b31f8a3sf >IfModule</directive> section are only processed if the <var>test</var>
9228509ac5da8374df4a5d50b7da139e7b31f8a3sf is true. If <var>test</var> is false, everything between the start and
e302f38fd646764ce1a1e1c578d794aef514a9e5sf end markers is ignored.</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf >IfModule</directive> section directive can be one of two forms:</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>In the former case, the directives between the start and end
ce4dc40a4e87991087488f70d96d3447d7557294sf markers are only processed if the module named <var>module</var>
ce4dc40a4e87991087488f70d96d3447d7557294sf is included in Apache -- either compiled in or
e302f38fd646764ce1a1e1c578d794aef514a9e5sf >LoadModule</directive>. The second format reverses the test,
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf and only processes the directives if <var>module</var> is
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <p>The <var>module</var> argument can be either the module identifier or
e302f38fd646764ce1a1e1c578d794aef514a9e5sf the file name of the module, at the time it was compiled. For example,
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <code>mod_rewrite.c</code> is the file name. If a module consists of
e302f38fd646764ce1a1e1c578d794aef514a9e5sf several source files, use the name of the file containing the string
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfbsf <p><directive type="section">IfModule</directive> sections are
e302f38fd646764ce1a1e1c578d794aef514a9e5sf nest-able, which can be used to implement simple multiple-module
e302f38fd646764ce1a1e1c578d794aef514a9e5sf tests.</p>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf <note>This section should only be used if you need to have one
e302f38fd646764ce1a1e1c578d794aef514a9e5sf configuration file that works whether or not a specific module
e302f38fd646764ce1a1e1c578d794aef514a9e5sf is available. In normal operation, directives need not be
e302f38fd646764ce1a1e1c578d794aef514a9e5sf sections.</note>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf</directivesynopsis>
e302f38fd646764ce1a1e1c578d794aef514a9e5sf<directivesynopsis>
a8ee031b2224ce5473826c9d4f603681589245fawrowe<description>Includes other configuration files from within
031bbbc0d1189b07330e38d0c126820a9ab7795egryzorthe server configuration files</description>
a8ee031b2224ce5473826c9d4f603681589245fawrowe<syntax>Include <var>file-path</var>|<var>directory-path</var></syntax>
a8ee031b2224ce5473826c9d4f603681589245fawrowe<contextlist><context>server config</context><context>virtual host</context>
a8ee031b2224ce5473826c9d4f603681589245fawrowe</contextlist>
a8ee031b2224ce5473826c9d4f603681589245fawrowe<compatibility>Wildcard matching available in 2.0.41 and later</compatibility>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>This directive allows inclusion of other configuration files
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor from within the server configuration files.</p>
a8ee031b2224ce5473826c9d4f603681589245fawrowe <p>Shell-style (<code>fnmatch()</code>) wildcard characters can be used to
a8ee031b2224ce5473826c9d4f603681589245fawrowe include several files at once, in alphabetical order. In
a8ee031b2224ce5473826c9d4f603681589245fawrowe addition, if <directive>Include</directive> points to a directory,
a8ee031b2224ce5473826c9d4f603681589245fawrowe rather than a file, Apache will read all files in that directory
a8ee031b2224ce5473826c9d4f603681589245fawrowe and any subdirectory. But including entire directories is not
a8ee031b2224ce5473826c9d4f603681589245fawrowe recommended, because it is easy to accidentally leave temporary
a8ee031b2224ce5473826c9d4f603681589245fawrowe files in a directory that can cause <program>httpd</program> to
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>The file path specified may be an absolute path, or may be relative
a8ee031b2224ce5473826c9d4f603681589245fawrowe to the <directive module="core">ServerRoot</directive> directory.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Running <code>apachectl configtest</code> will give you a list
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of the files that are being processed during the configuration
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive root@host# apachectl configtest<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Processing config file: /usr/local/apache2/conf/ssl.conf<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Processing config file: /usr/local/apache2/conf/vhosts/vhost1.conf<br />
fb77c505254b6e9c925e23e734463e87574f8f40kess Processing config file: /usr/local/apache2/conf/vhosts/vhost2.conf<br />
fb77c505254b6e9c925e23e734463e87574f8f40kess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
530eba85dbd41b8a0fa5255d3648d1440199a661slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Enables HTTP persistent connections</description>
530eba85dbd41b8a0fa5255d3648d1440199a661slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The Keep-Alive extension to HTTP/1.0 and the persistent
530eba85dbd41b8a0fa5255d3648d1440199a661slive connection feature of HTTP/1.1 provide long-lived HTTP sessions
fb77c505254b6e9c925e23e734463e87574f8f40kess which allow multiple requests to be sent over the same TCP
fb77c505254b6e9c925e23e734463e87574f8f40kess connection. In some cases this has been shown to result in an
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive almost 50% speedup in latency times for HTML documents with
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd many images. To enable Keep-Alive connections, set
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>For HTTP/1.0 clients, Keep-Alive connections will only be
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd used if they are specifically requested by a client. In
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd addition, a Keep-Alive connection with an HTTP/1.0 client can
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd only be used when the length of the content is known in
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd advance. This implies that dynamic content such as CGI output,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd SSI pages, and server-generated directory listings will
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd generally not use Keep-Alive connections to HTTP/1.0 clients.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive For HTTP/1.1 clients, persistent connections are the default
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive unless otherwise specified. If the client requests it, chunked
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd encoding will be used in order to send content of unknown
0db981f8fdfb62c5149efa079f0369b73d472d04rpluem length over persistent connections.</p>
0db981f8fdfb62c5149efa079f0369b73d472d04rpluem<seealso><directive module="core">MaxKeepAliveRequests</directive></seealso>
0db981f8fdfb62c5149efa079f0369b73d472d04rpluem</directivesynopsis>
0db981f8fdfb62c5149efa079f0369b73d472d04rpluem<directivesynopsis>
a5f060e0c74a44cb8896ae794c08f94f7c9a46a7covener<description>Amount of time the server will wait for subsequent
031bbbc0d1189b07330e38d0c126820a9ab7795egryzorrequests on a persistent connection</description>
a5f060e0c74a44cb8896ae794c08f94f7c9a46a7covener<contextlist><context>server config</context><context>virtual host</context>
a5f060e0c74a44cb8896ae794c08f94f7c9a46a7covener</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The number of seconds Apache will wait for a subsequent
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request before closing the connection. Once a request has been
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive received, the timeout value specified by the
003f0c9fda6664daf5092a0e42f65ede20098153slive <directive module="core">Timeout</directive> directive applies.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>Setting <directive>KeepAliveTimeout</directive> to a high value
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive may cause performance problems in heavily loaded servers. The
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive higher the timeout, the more server processes will be kept
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive occupied waiting on connections with idle clients.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<description>Restrict enclosed access controls to only certain HTTP
6b64034fa2a644ba291c484c0c01c7df5b8d982ckessmethods</description>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<syntax><Limit <var>method</var> [<var>method</var>] ... > ...
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess </Limit></syntax>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Access controls are normally effective for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <strong>all</strong> access methods, and this is the usual
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive desired behavior. <strong>In the general case, access control
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives should not be placed within a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section">Limit</directive> section.</strong></p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The purpose of the <directive type="section">Limit</directive>
fb77c505254b6e9c925e23e734463e87574f8f40kess directive is to restrict the effect of the access controls to the
030108b1816bcda3d925df65357feabdce83bc94slive nominated HTTP methods. For all other methods, the access
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor restrictions that are enclosed in the <directive
030108b1816bcda3d925df65357feabdce83bc94slive type="section">Limit</directive> bracket <strong>will have no
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive effect</strong>. The following example applies the access control
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd only to the methods <code>POST</code>, <code>PUT</code>, and
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>DELETE</code>, leaving all other methods unprotected:</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <Limit POST PUT DELETE><br />
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess Require valid-user<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Limit>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The method names listed can be one or more of: <code>GET</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>POST</code>, <code>PUT</code>, <code>DELETE</code>,
fb77c505254b6e9c925e23e734463e87574f8f40kess <code>PATCH</code>, <code>PROPFIND</code>, <code>PROPPATCH</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>MKCOL</code>, <code>COPY</code>, <code>MOVE</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>LOCK</code>, and <code>UNLOCK</code>. <strong>The method name is
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess case-sensitive.</strong> If <code>GET</code> is used it will also
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess restrict <code>HEAD</code> requests. The <code>TRACE</code> method
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess cannot be limited.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">LimitExcept</directive> section should always be
003f0c9fda6664daf5092a0e42f65ede20098153slive module="core">Limit</directive> section when restricting access,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd module="core">LimitExcept</directive> section provides protection
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive against arbitrary methods.</note>
003f0c9fda6664daf5092a0e42f65ede20098153slive</directivesynopsis>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<description>Restrict access controls to all HTTP methods
6b64034fa2a644ba291c484c0c01c7df5b8d982ckessexcept the named ones</description>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<syntax><LimitExcept <var>method</var> [<var>method</var>] ... > ...
030108b1816bcda3d925df65357feabdce83bc94slive </LimitExcept></syntax>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">LimitExcept</directive> and
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess a group of access control directives which will then apply to any
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess HTTP access method <strong>not</strong> listed in the arguments;
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess i.e., it is the opposite of a <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">Limit</directive> section and can be used to control
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive both standard and nonstandard/unrecognized methods. See the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section">Limit</directive> for more details.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <LimitExcept POST GET><br />
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen Require valid-user<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </LimitExcept>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<description>Determine maximum number of internal redirects and nested
fb77c505254b6e9c925e23e734463e87574f8f40kesssubrequests</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<syntax>LimitInternalRecursion <var>number</var> [<var>number</var>]</syntax>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Available in Apache 2.0.47 and later</compatibility>
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding <p>An internal redirect happens, for example, when using the <directive
7654193c1faf603feec999850322ad79e6c551bcnd module="mod_actions">Action</directive> directive, which internally
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding redirects the original request to a CGI script. A subrequest is Apache's
b24c77ceb4cea5ffa92536e19f0aa83608960dc4fielding mechanism to find out what would happen for some URI if it were requested.
c97e8972ab1f4dd167e3dc4db87daf91114009fbnd For example, <module>mod_dir</module> uses subrequests to look for the
7654193c1faf603feec999850322ad79e6c551bcnd files listed in the <directive module="mod_dir">DirectoryIndex</directive>
7654193c1faf603feec999850322ad79e6c551bcnd directive.</p>
7654193c1faf603feec999850322ad79e6c551bcnd <p><directive>LimitInternalRecursion</directive> prevents the server
7654193c1faf603feec999850322ad79e6c551bcnd from crashing when entering an infinite loop of internal redirects or
7654193c1faf603feec999850322ad79e6c551bcnd subrequests. Such loops are usually caused by misconfigurations.</p>
7654193c1faf603feec999850322ad79e6c551bcnd <p>The directive stores two different limits, which are evaluated on
7654193c1faf603feec999850322ad79e6c551bcnd per-request basis. The first <var>number</var> is the maximum number of
7654193c1faf603feec999850322ad79e6c551bcnd internal redirects, that may follow each other. The second <var>number</var>
7654193c1faf603feec999850322ad79e6c551bcnd determines, how deep subrequests may be nested. If you specify only one
7654193c1faf603feec999850322ad79e6c551bcnd <var>number</var>, it will be assigned to both limits.</p>
7654193c1faf603feec999850322ad79e6c551bcnd LimitInternalRecursion 5
7654193c1faf603feec999850322ad79e6c551bcnd </example>
439acee10571861c670c438038a62f90a08bf137covener</directivesynopsis>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<directivesynopsis>
439acee10571861c670c438038a62f90a08bf137covener<description>Restricts the total size of the HTTP request body sent
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivefrom the client</description>
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener<contextlist><context>server config</context><context>virtual host</context>
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener<context>directory</context><context>.htaccess</context>
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener</contextlist>
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener <p>This directive specifies the number of <var>bytes</var> from 0
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener (meaning unlimited) to 2147483647 (2GB) that are allowed in a
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener request body.</p>
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener <p>The <directive>LimitRequestBody</directive> directive allows
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener the user to set a limit on the allowed size of an HTTP request
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener message body within the context in which the directive is given
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor (server, per-directory, per-file or per-location). If the client
df5042f69eea159c73cd7b16542d4ca7d879b0b5trawick request exceeds that limit, the server will return an error
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener response instead of servicing the request. The size of a normal
c3e2e664a67b1adb9b6a6b91ff161f4f562cecf6covener request message body will vary greatly depending on the nature of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the resource and the methods allowed on that resource. CGI scripts
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive typically use the message body for retrieving form information.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Implementations of the <code>PUT</code> method will require
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a value at least as large as any representation that the server
fb77c505254b6e9c925e23e734463e87574f8f40kess wishes to accept for that resource.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive gives the server administrator greater
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive control over abnormal client request behavior, which may be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive useful for avoiding some forms of denial-of-service
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive attacks.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>If, for example, you are permitting file upload to a particular
fb77c505254b6e9c925e23e734463e87574f8f40kess location, and wish to limit the size of the uploaded file to 100K,
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess you might use the following directive:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive LimitRequestBody 102400
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<description>Limits the number of HTTP request header fields that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivewill be accepted from the client</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><var>Number</var> is an integer from 0 (meaning unlimited) to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive 32767. The default value is defined by the compile-time
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive constant <code>DEFAULT_LIMIT_REQUEST_FIELDS</code> (100 as
fb77c505254b6e9c925e23e734463e87574f8f40kess distributed).</p>
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd <p>The <directive>LimitRequestFields</directive> directive allows
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd the server administrator to modify the limit on the number of
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd request header fields allowed in an HTTP request. A server needs
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive this value to be larger than the number of fields that a normal
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive client request might include. The number of request header fields
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive used by a client rarely exceeds 20, but this may vary among
750d12c59545dbbac70390988de94f7e901b08f2niq different client implementations, often depending upon the extent
750d12c59545dbbac70390988de94f7e901b08f2niq to which a user has configured their browser to support detailed
750d12c59545dbbac70390988de94f7e901b08f2niq content negotiation. Optional HTTP extensions are often expressed
750d12c59545dbbac70390988de94f7e901b08f2niq using request header fields.</p>
750d12c59545dbbac70390988de94f7e901b08f2niq <p>This directive gives the server administrator greater
750d12c59545dbbac70390988de94f7e901b08f2niq control over abnormal client request behavior, which may be
750d12c59545dbbac70390988de94f7e901b08f2niq useful for avoiding some forms of denial-of-service attacks.
750d12c59545dbbac70390988de94f7e901b08f2niq The value should be increased if normal clients see an error
750d12c59545dbbac70390988de94f7e901b08f2niq response from the server that indicates too many fields were
750d12c59545dbbac70390988de94f7e901b08f2niq sent in the request.</p>
750d12c59545dbbac70390988de94f7e901b08f2niq LimitRequestFields 50
750d12c59545dbbac70390988de94f7e901b08f2niq </example>
750d12c59545dbbac70390988de94f7e901b08f2niq</directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<directivesynopsis>
6b15044d54a096e6323ff1540f1a491e8de7622dsf<description>Limits the size of the HTTP request header allowed from the
6b15044d54a096e6323ff1540f1a491e8de7622dsfclient</description>
1a0ca5f6b566a5eb77d63f466fcf78fb388a4182igalic<contextlist><context>server config</context></contextlist>
1a0ca5f6b566a5eb77d63f466fcf78fb388a4182igalic <p>This directive specifies the number of <var>bytes</var>
6b15044d54a096e6323ff1540f1a491e8de7622dsf that will be allowed in an HTTP request header.</p>
6b15044d54a096e6323ff1540f1a491e8de7622dsf <p>The <directive>LimitRequestFieldSize</directive> directive
6b15044d54a096e6323ff1540f1a491e8de7622dsf allows the server administrator to reduce or increase the limit
6b15044d54a096e6323ff1540f1a491e8de7622dsf on the allowed size of an HTTP request header field. A server
6b15044d54a096e6323ff1540f1a491e8de7622dsf needs this value to be large enough to hold any one header field
750d12c59545dbbac70390988de94f7e901b08f2niq from a normal client request. The size of a normal request header
750d12c59545dbbac70390988de94f7e901b08f2niq field will vary greatly among different client implementations,
94aba9caa9b2f7a0e95a55f51264c908b69470e2igalic often depending upon the extent to which a user has configured
94aba9caa9b2f7a0e95a55f51264c908b69470e2igalic their browser to support detailed content negotiation. SPNEGO
6b15044d54a096e6323ff1540f1a491e8de7622dsf authentication headers can be up to 12392 bytes.</p>
750d12c59545dbbac70390988de94f7e901b08f2niq <p>This directive gives the server administrator greater
750d12c59545dbbac70390988de94f7e901b08f2niq control over abnormal client request behavior, which may be
750d12c59545dbbac70390988de94f7e901b08f2niq useful for avoiding some forms of denial-of-service attacks.</p>
750d12c59545dbbac70390988de94f7e901b08f2niq LimitRequestFieldSize 4094
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note>Under normal conditions, the value should not be changed from
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the default.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Limit the size of the HTTP request line that will be accepted
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivefrom the client</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context></contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This directive sets the number of <var>bytes</var> that will be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive allowed on the HTTP request-line.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The <directive>LimitRequestLine</directive> directive allows
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the server administrator to reduce or increase the limit on the allowed size
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of a client's HTTP request-line. Since the request-line consists of the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd HTTP method, URI, and protocol version, the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>LimitRequestLine</directive> directive places a
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd restriction on the length of a request-URI allowed for a request
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive on the server. A server needs this value to be large enough to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive hold any of its resource names, including any information that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive might be passed in the query part of a <code>GET</code> request.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This directive gives the server administrator greater
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive control over abnormal client request behavior, which may be
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd useful for avoiding some forms of denial-of-service attacks.</p>
6e483e0b8aa3fa574288a7452221392a03e2b9a3noodl LimitRequestLine 4094
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note>Under normal conditions, the value should not be changed from
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the default.</note>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<description>Limits the size of an XML-based request body</description>
a00429a6b3b4dbb113b6dc67cfc0507f610276e9takashi<contextlist><context>server config</context><context>virtual host</context>
955d7fc3e7adb6463b7243e15c04e858718e799etakashi<context>directory</context><context>.htaccess</context></contextlist>
955d7fc3e7adb6463b7243e15c04e858718e799etakashi <p>Limit (in bytes) on maximum size of an XML-based request
955d7fc3e7adb6463b7243e15c04e858718e799etakashi body. A value of <code>0</code> will disable any checking.</p>
78f97ce162b66a0dbfd7af4dcd9984f162569b04minfrin LimitXMLRequestBody 0
955d7fc3e7adb6463b7243e15c04e858718e799etakashi</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Applies the enclosed directives only to matching
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveURLs</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax><Location
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>URL-path</var>|<var>URL</var>> ... </Location></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>The <directive type="section">Location</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive limits the scope of the enclosed directives by URL. It is similar to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Directory</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive, and starts a subsection which is terminated with a
55d36f9b61520c2374ab463e77e8a62daa416398nd type="section">Location</directive> sections are processed in the
55d36f9b61520c2374ab463e77e8a62daa416398nd order they appear in the configuration file, after the <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">Directory</directive> sections and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>.htaccess</code> files are read, and after the <directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd type="section" module="core">Files</directive> sections.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p><directive type="section">Location</directive> sections operate
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd completely outside the filesystem. This has several consequences.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Most importantly, <directive type="section">Location</directive>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd directives should not be used to control access to filesystem
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd locations. Since several different URLs may map to the same
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd filesystem location, such access controls may by circumvented.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Use <directive type="section">Location</directive> to apply
55d36f9b61520c2374ab463e77e8a62daa416398nd directives to content that lives outside the filesystem. For
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive content that lives in the filesystem, use <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">Directory</directive> and <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">Files</directive>. An exception is
88d86cfadffe2275a3dfb67a4d7bdc018630b661rbowen apply a configuration to the entire server.</p>
55d36f9b61520c2374ab463e77e8a62daa416398nd <p>For all origin (non-proxy) requests, the URL to be matched is a
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd URL-path of the form <code>/path/</code>. No scheme, hostname,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive port, or query string may be included. For proxy requests, the
55d36f9b61520c2374ab463e77e8a62daa416398nd URL to be matched is of the form
55d36f9b61520c2374ab463e77e8a62daa416398nd <code>scheme://servername/path</code>, and you must include the
55d36f9b61520c2374ab463e77e8a62daa416398nd prefix.</p>
55d36f9b61520c2374ab463e77e8a62daa416398nd <p>The URL may use wildcards. In a wild-card string, <code>?</code> matches
bea526116133aa3d7dabd1924bfc580b37fbf22aslive any single character, and <code>*</code> matches any sequences of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive characters.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><glossary ref="regex">Regular expressions</glossary>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can also be used, with the addition of the
fb77c505254b6e9c925e23e734463e87574f8f40kess <Location ~ "/(extra|special)/data">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>would match URLs that contained the substring <code>/extra/data</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive or <code>/special/data</code>. The directive <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">LocationMatch</directive> behaves
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive identical to the regex version of <directive
3621f3acee323a877639a96d84891095eb07933aminfrin functionality is especially useful when combined with the
003f0c9fda6664daf5092a0e42f65ede20098153slive directive. For example, to enable status requests, but allow them
003f0c9fda6664daf5092a0e42f65ede20098153slive only from browsers at <code>foo.com</code>, you might use:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <Location /status><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive SetHandler server-status<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Order Deny,Allow<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Deny from all<br />
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin </Location>
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin <p>The slash character has special meaning depending on where in a
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin URL it appears. People may be used to its behavior in the filesystem
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin where multiple adjacent slashes are frequently collapsed to a single
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin slash (<em>i.e.</em>, <code>/home///foo</code> is the same as
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin <code>/home/foo</code>). In URL-space this is not necessarily true.
3621f3acee323a877639a96d84891095eb07933aminfrin The <directive type="section" module="core">LocationMatch</directive>
3621f3acee323a877639a96d84891095eb07933aminfrin directive and the regex version of <directive type="section"
3621f3acee323a877639a96d84891095eb07933aminfrin >Location</directive> require you to explicitly specify multiple
3621f3acee323a877639a96d84891095eb07933aminfrin slashes if that is your intention.</p>
3621f3acee323a877639a96d84891095eb07933aminfrin <p>For example, <code><LocationMatch ^/abc></code> would match
3621f3acee323a877639a96d84891095eb07933aminfrin the request URL <code>/abc</code> but not the request URL <code>
3621f3acee323a877639a96d84891095eb07933aminfrin //abc</code>. The (non-regex) <directive type="section"
3621f3acee323a877639a96d84891095eb07933aminfrin >Location</directive> directive behaves similarly when used for
3621f3acee323a877639a96d84891095eb07933aminfrin proxy requests. But when (non-regex) <directive type="section"
3621f3acee323a877639a96d84891095eb07933aminfrin >Location</directive> is used for non-proxy requests it will
3621f3acee323a877639a96d84891095eb07933aminfrin implicitly match multiple slashes with a single slash. For example,
3621f3acee323a877639a96d84891095eb07933aminfrin if you specify <code><Location /abc/def></code> and the
3621f3acee323a877639a96d84891095eb07933aminfrin request is to <code>/abc//def</code> then it will match.</p>
3621f3acee323a877639a96d84891095eb07933aminfrin<seealso><a href="/sections.html">How <Directory>, <Location>
3621f3acee323a877639a96d84891095eb07933aminfrin and <Files> sections work</a> for an explanation of how these
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin different sections are combined when a request is received</seealso>
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin</directivesynopsis>
c68acc9d712af079afa2bd1a5a4aeef9a3ea573ckess<description>Applies the enclosed directives only to regular-expression
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivematching URLs</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax><LocationMatch
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>regex</var>> ... </LocationMatch></syntax>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context><context>virtual host</context>
7b5535ed88e0f561b3bfb3330137bd804846afd4slive</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The <directive type="section">LocationMatch</directive> directive
7b5535ed88e0f561b3bfb3330137bd804846afd4slive limits the scope of the enclosed directives by URL, in an identical manner
7b5535ed88e0f561b3bfb3330137bd804846afd4slive to <directive module="core" type="section">Location</directive>. However,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd it takes a <glossary ref="regex">regular expression</glossary>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd as an argument instead of a simple string. For example:</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <LocationMatch "/(extra|special)/data">
3621f3acee323a877639a96d84891095eb07933aminfrin <p>would match URLs that contained the substring <code>/extra/data</code>
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin<seealso><a href="/sections.html">How <Directory>, <Location>
3621f3acee323a877639a96d84891095eb07933aminfrin and <Files> sections work</a> for an explanation of how these
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin different sections are combined when a request is received</seealso>
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin</directivesynopsis>
3621f3acee323a877639a96d84891095eb07933aminfrin<directivesynopsis>
03aa31ad82759363ba1a55589e517b16308ef635minfrin<description>Controls the verbosity of the ErrorLog</description>
3621f3acee323a877639a96d84891095eb07933aminfrin<contextlist><context>server config</context><context>virtual host</context>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor</contextlist>
03aa31ad82759363ba1a55589e517b16308ef635minfrin <p><directive>LogLevel</directive> adjusts the verbosity of the
3621f3acee323a877639a96d84891095eb07933aminfrin messages recorded in the error logs (see <directive
3621f3acee323a877639a96d84891095eb07933aminfrin module="core">ErrorLog</directive> directive). The following
3621f3acee323a877639a96d84891095eb07933aminfrin <var>level</var>s are available, in order of decreasing
03aa31ad82759363ba1a55589e517b16308ef635minfrin significance:</p>
03aa31ad82759363ba1a55589e517b16308ef635minfrin <columnspec><column width=".2"/><column width=".3"/><column width=".5"/>
03aa31ad82759363ba1a55589e517b16308ef635minfrin </columnspec>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>"getpwuid: couldn't determine user name from uid"</td>
891df99fdfa41fc8a486568f4d31ddf4a571258adreid <td>"socket: Failed to get a socket, exiting child"</td>
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick <td>"child process 1234 did not exit, sending another
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick SIGHUP"</td>
98f5034c8cbf2ef025b317b3e01acae82e143b11trawick <td>"httpd: caught SIGBUS, attempting to dump core in
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener <td>"Server seems busy, (you may need to increase
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When a particular level is specified, messages from all
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive other levels of higher significance will be reported as well.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <em>E.g.</em>, when <code>LogLevel info</code> is specified,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive then messages with log levels of <code>notice</code> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive recommended.</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess LogLevel notice
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When logging to a regular file messages of the level
130d299c4b2b15be45532a176604c71fdc7bea5bnd <code>notice</code> cannot be suppressed and thus are always
130d299c4b2b15be45532a176604c71fdc7bea5bnd logged. However, this doesn't apply when logging is done
130d299c4b2b15be45532a176604c71fdc7bea5bnd</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>Number of requests allowed on a persistent
6c5c651b0b97607b8c8b4965c1385c67699f217fndconnection</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
750d12c59545dbbac70390988de94f7e901b08f2niq <p>The <directive>MaxKeepAliveRequests</directive> directive
4bb78e7cdd53f50240cff4ad7a97c7ed36483797slive limits the number of requests allowed per connection when
4bb78e7cdd53f50240cff4ad7a97c7ed36483797slive <directive module="core" >KeepAlive</directive> is on. If it is
4bb78e7cdd53f50240cff4ad7a97c7ed36483797slive set to <code>0</code>, unlimited requests will be allowed. We
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd recommend that this setting be kept to a high value for maximum
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd server performance.</p>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd MaxKeepAliveRequests 500
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd</directivesynopsis>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd<directivesynopsis>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd<description>Designates an IP address for name-virtual
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisdhosting</description>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd<syntax>NameVirtualHost <var>addr</var>[:<var>port</var>]</syntax>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd<contextlist><context>server config</context></contextlist>
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd <p>The <directive>NameVirtualHost</directive> directive is a
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd required directive if you want to configure <a
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd <p>Although <var>addr</var> can be hostname it is recommended
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd NameVirtualHost 111.22.33.44
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd <p>With the <directive>NameVirtualHost</directive> directive you
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd specify the IP address on which the server will receive requests
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd for the name-based virtual hosts. This will usually be the address
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd to which your name-based virtual host names resolve. In cases
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor where a firewall or other proxy receives the requests and forwards
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd them on a different IP address to the server, you must specify the
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd IP address of the physical interface on the machine which will be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive servicing the requests. If you have multiple name-based hosts on
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive multiple addresses, repeat the directive for each address.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Note, that the "main server" and any <code>_default_</code> servers
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive will <strong>never</strong> be served for a request to a
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <directive>NameVirtualHost</directive> IP address (unless for some
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd reason you specify <directive>NameVirtualHost</directive> but then
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive don't define any <directive>VirtualHost</directive>s for that
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd address).</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Optionally you can specify a port number on which the
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen NameVirtualHost 111.22.33.44:8080
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>IPv6 addresses must be enclosed in square brackets, as shown
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive in the following example:</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen NameVirtualHost [fe80::a00:20ff:fea7:ccea]:8080
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p>To receive requests on all interfaces, you can use an argument of
130d299c4b2b15be45532a176604c71fdc7bea5bnd NameVirtualHost *
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <note><title>Argument to <directive type="section">VirtualHost</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive</title>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd exactly match the argument to the <directive
03e0a375c2435102fb2b51e34cccff52acbfddcdnd NameVirtualHost 1.2.3.4<br />
03e0a375c2435102fb2b51e34cccff52acbfddcdnd <VirtualHost 1.2.3.4><br />
03e0a375c2435102fb2b51e34cccff52acbfddcdnd # ...<br />
03e0a375c2435102fb2b51e34cccff52acbfddcdnd </VirtualHost><br />
03e0a375c2435102fb2b51e34cccff52acbfddcdnd</directivesynopsis>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd<directivesynopsis>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd<description>Configures what features are available in a particular
03e0a375c2435102fb2b51e34cccff52acbfddcdnddirectory</description>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd<syntax>Options
03e0a375c2435102fb2b51e34cccff52acbfddcdnd [+|-]<var>option</var> [[+|-]<var>option</var>] ...</syntax>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd<contextlist><context>server config</context><context>virtual host</context>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd</contextlist>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd <p>The <directive>Options</directive> directive controls which
03e0a375c2435102fb2b51e34cccff52acbfddcdnd server features are available in a particular directory.</p>
03e0a375c2435102fb2b51e34cccff52acbfddcdnd <p><var>option</var> can be set to <code>None</code>, in which
03e0a375c2435102fb2b51e34cccff52acbfddcdnd case none of the extra features are enabled, or one or more of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the following:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>All options except for <code>MultiViews</code>. This is the default
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive setting.</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Execution of CGI scripts using <module>mod_cgi</module>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd is permitted.</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The server will follow symbolic links in this directory.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Even though the server follows the symlink it does <em>not</em>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive change the pathname used to match against <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Note also, that this option <strong>gets ignored</strong> if set
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive inside a <directive type="section" module="core">Location</directive>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess section.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Server-side includes provided by <module>mod_include</module>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive are permitted.</dd>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen Server-side includes are permitted, but the <code>#exec
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen cmd</code> and <code>#exec cgi</code> are disabled. It is still
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd possible to <code>#include virtual</code> CGI scripts from
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <directive module="mod_alias">ScriptAlias</directive>ed
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor directories.</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive If a URL which maps to a directory is requested, and there
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is no <directive module="mod_dir">DirectoryIndex</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (<em>e.g.</em>, <code>index.html</code>) in that directory, then
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <module>mod_autoindex</module> will return a formatted listing
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of the directory.</dd>
e0ef044feba0082771091af42798cada5bb1f4fcrbowen <a href="/content-negotiation.html">Content negotiated</a>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive "MultiViews" are allowed using
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>The server will only follow symbolic links for which the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive target file or directory is owned by the same user id as the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Normally, if multiple <directive>Options</directive> could
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive apply to a directory, then the most specific one is used and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive others are ignored; the options are not merged. (See <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/sections.html#mergin">how sections are merged</a>.)
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>Options</directive> directive are preceded by a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>+</code> or <code>-</code> symbol, the options are
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive merged. Any options preceded by a <code>+</code> are added to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive options currently in force, and any options preceded by a
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <code>-</code> are removed from the options currently in
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen force. </p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <p>For example, without any <code>+</code> and <code>-</code> symbols:</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor Options Indexes FollowSymLinks<br />
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener </Directory><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Options Includes<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>then only <code>Includes</code> will be set for the
ae134ecc8faf4e6a8eb68e1c3724506771442a46rbowen <code>/web/docs/spec</code> directory. However if the second
ae134ecc8faf4e6a8eb68e1c3724506771442a46rbowen <directive>Options</directive> directive uses the <code>+</code> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Options Indexes FollowSymLinks<br />
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor </Directory><br />
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor Options +Includes -Indexes<br />
56d7eed7205462540aec7202cd82d9f5516fc537kess </Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>Includes</code> are set for the <code>/web/docs/spec</code>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen directory.</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <code>-Includes</code> disables server-side includes completely
ef8e89e090461194ecadd31e8796a2c51e0531a2kess regardless of the previous setting.</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <p>The default in the absence of any other settings is
2f505ba07f89ba6a175d6ceae67fb273c4eb0993covener</directivesynopsis>
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener<directivesynopsis>
611f7fd8a0a5ee4a29eeed79dfd8bf6faaa3c613covener<description>Selects which authenticated users can access
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivea resource</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>Require <var>entity-name</var> [<var>entity-name</var>] ...</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This directive selects which authenticated users can access
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a resource. The allowed syntaxes are:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dt><code>Require user <var>userid</var> [<var>userid</var>]
72580dbc2a55511f13f377063725b9f143b20826stoddard <dd>Only the named users can access the resource.</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dt><code>Require group <var>group-name</var> [<var>group-name</var>]
72580dbc2a55511f13f377063725b9f143b20826stoddard <dd>Only users in the named groups can access the resource.</dd>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p><directive>Require</directive> must be accompanied by
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core">AuthName</directive> and <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">AuthType</directive> directives, and directives such
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive as <directive module="mod_authn_file">AuthUserFile</directive>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen and <directive module="mod_authz_groupfile">AuthGroupFile</directive> (to
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen define users and groups) in order to work correctly. Example:</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen AuthType Basic<br />
ef8e89e090461194ecadd31e8796a2c51e0531a2kess AuthName "Restricted Resource"<br />
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen Require group admin
2f505ba07f89ba6a175d6ceae67fb273c4eb0993covener <p>Access controls which are applied in this way are effective for
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <strong>all</strong> methods. <strong>This is what is normally
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener desired.</strong> If you wish to apply access controls only to
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener specific methods, while leaving other methods unprotected, then
611f7fd8a0a5ee4a29eeed79dfd8bf6faaa3c613covener place the <directive>Require</directive> statement into a
611f7fd8a0a5ee4a29eeed79dfd8bf6faaa3c613covener <directive module="core" type="section">Limit</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive section.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">Satisfy</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<directivesynopsis>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele<description>Limits the CPU consumption of processes launched
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabeleby Apache children</description>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele<syntax>RLimitCPU <var>seconds</var>|max [<var>seconds</var>|max]</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<default>Unset; uses operating system defaults</default>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context></contextlist>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <p>Takes 1 or 2 parameters. The first parameter sets the soft
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen resource limit for all processes and the second parameter sets
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd the maximum resource limit. Either parameter can be a number,
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen or <code>max</code> to indicate to the server that the limit should
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen be set to the maximum allowed by the operating system
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configuration. Raising the maximum resource limit requires that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the server is running as <code>root</code>, or in the initial startup
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This applies to processes forked off from Apache children
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive servicing requests, not the Apache children themselves. This
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive includes CGI scripts and SSI exec commands, but not any
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive processes forked off from the Apache parent such as piped
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>CPU resource limits are expressed in seconds per
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive process.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">RLimitMEM</directive></seealso>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<seealso><directive module="core">RLimitNPROC</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
7852e17fb37b2a02ccdcab107f2c7f5fd41fd201nd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Limits the memory consumption of processes launched
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveby Apache children</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>RLimitMEM <var>bytes</var>|max [<var>bytes</var>|max]</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<default>Unset; uses operating system defaults</default>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive<context>directory</context><context>.htaccess</context></contextlist>
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive <p>Takes 1 or 2 parameters. The first parameter sets the soft
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive resource limit for all processes and the second parameter sets
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive the maximum resource limit. Either parameter can be a number,
d950cf9262224a223e2ff5c51393708071e14b94covener or <code>max</code> to indicate to the server that the limit should
d950cf9262224a223e2ff5c51393708071e14b94covener be set to the maximum allowed by the operating system
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic configuration. Raising the maximum resource limit requires that
d950cf9262224a223e2ff5c51393708071e14b94covener the server is running as <code>root</code>, or in the initial startup
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>This applies to processes forked off from Apache children
d950cf9262224a223e2ff5c51393708071e14b94covener servicing requests, not the Apache children themselves. This
d950cf9262224a223e2ff5c51393708071e14b94covener includes CGI scripts and SSI exec commands, but not any
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor processes forked off from the Apache parent such as piped
d950cf9262224a223e2ff5c51393708071e14b94covener <p>Memory resource limits are expressed in bytes per
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic process.</p>
d950cf9262224a223e2ff5c51393708071e14b94covener<seealso><directive module="core">RLimitCPU</directive></seealso>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<seealso><directive module="core">RLimitNPROC</directive></seealso>
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic</directivesynopsis>
d950cf9262224a223e2ff5c51393708071e14b94covener<directivesynopsis>
d950cf9262224a223e2ff5c51393708071e14b94covener<description>Limits the number of processes that can be launched by
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalicprocesses launched by Apache children</description>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<syntax>RLimitNPROC <var>number</var>|max [<var>number</var>|max]</syntax>
d950cf9262224a223e2ff5c51393708071e14b94covener<default>Unset; uses operating system defaults</default>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<contextlist><context>server config</context><context>virtual host</context>
e4e60c2f7ba8f12b687f588b89e413842e9f2d76igalic<context>directory</context><context>.htaccess</context></contextlist>
d950cf9262224a223e2ff5c51393708071e14b94covener <p>Takes 1 or 2 parameters. The first parameter sets the soft
d950cf9262224a223e2ff5c51393708071e14b94covener resource limit for all processes and the second parameter sets
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor the maximum resource limit. Either parameter can be a number,
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive or <code>max</code> to indicate to the server that the limit
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive should be set to the maximum allowed by the operating system
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive configuration. Raising the maximum resource limit requires that
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive the server is running as <code>root</code>, or in the initial startup
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive <p>This applies to processes forked off from Apache children
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor servicing requests, not the Apache children themselves. This
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive includes CGI scripts and SSI exec commands, but not any
234c8b28171d7e12b3c1f85b60fabd7c908a9c37slive processes forked off from the Apache parent such as piped
beb923bec9bff2b49ce5027df2fe944e2b74e28brederpj <p>Process limits control the number of processes per user.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive under user ids other than the web server user id, this directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive will limit the number of processes that the server itself can
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess create. Evidence of this situation will be indicated by
fb77c505254b6e9c925e23e734463e87574f8f40kess <strong><code>cannot fork</code></strong> messages in the
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<seealso><directive module="core">RLimitMEM</directive></seealso>
37742b630743e470b94618ecb3560fbd82e50b59rbowen<seealso><directive module="core">RLimitCPU</directive></seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Interaction between host-level access control and
fb77c505254b6e9c925e23e734463e87574f8f40kessuser authentication</description>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<contextlist><context>directory</context><context>.htaccess</context>
37742b630743e470b94618ecb3560fbd82e50b59rbowen</contextlist>
37742b630743e470b94618ecb3560fbd82e50b59rbowen<compatibility>Influenced by <directive module="core" type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivetype="section">LimitExcept</directive> in version 2.0.51 and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivelater</compatibility>
130d299c4b2b15be45532a176604c71fdc7bea5bnd module="core">Require</directive> used. The parameter can be
130d299c4b2b15be45532a176604c71fdc7bea5bnd either <code>All</code> or <code>Any</code>. This directive is only
130d299c4b2b15be45532a176604c71fdc7bea5bnd useful if access to a particular area is being restricted by both
130d299c4b2b15be45532a176604c71fdc7bea5bnd username/password <em>and</em> client host address. In this case
ca908c21f63a71c5efa7d32bd2cfafe9a42ba1fbrbowen the default behavior (<code>All</code>) is to require that the client
130d299c4b2b15be45532a176604c71fdc7bea5bnd passes the address access restriction <em>and</em> enters a valid
130d299c4b2b15be45532a176604c71fdc7bea5bnd username and password. With the <code>Any</code> option the client will be
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd granted access if they either pass the host restriction or enter a
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd valid username and password. This can be used to password restrict
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd an area, but to let clients from particular addresses in without
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd prompting for a password.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>For example, if you wanted to let people on your network have
05201775eaa6b363b8a119c8aea5db246b967591yoshiki unrestricted access to a portion of your website, but require that
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd people outside of your network provide a password, you could use a
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd configuration similar to the following:</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Require valid-user<br />
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess Allow from 192.168.1<br />
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Satisfy Any
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </example>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>Since version 2.0.51 <directive>Satisfy</directive> directives can
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd be restricted to particular methods by <directive module="core"
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd type="section">Limit</directive> and <directive module="core" type="section"
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <seealso><directive module="mod_authz_host">Allow</directive></seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <seealso><directive module="core">Require</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<directivesynopsis>
37742b630743e470b94618ecb3560fbd82e50b59rbowen<description>Technique for locating the interpreter for CGI
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivescripts</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>ScriptInterpreterSource Registry|Registry-Strict|Script</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<context>directory</context><context>.htaccess</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Win32 only;
8490b2f9f6469d5089163f6dd303d9a81f8e908ctrawickoption <code>Registry-Strict</code> is available in Apache 2.0 and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivelater</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive is used to control how Apache finds the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive interpreter used to run CGI scripts. The default setting is
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess <code>Script</code>. This causes Apache to use the interpreter pointed to
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess by the shebang line (first line, starting with <code>#!</code>) in the
030108b1816bcda3d925df65357feabdce83bc94slive script. On Win32 systems this line usually looks like:</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </example>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>or, if <code>perl</code> is in the <code>PATH</code>, simply:</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>Setting <code>ScriptInterpreterSource Registry</code> will
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive searched using the script file extension (e.g., <code>.pl</code>) as a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive search key. The command defined by the registry subkey
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>Shell\ExecCGI\Command</code> or, if it does not exist, by the subkey
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>Shell\Open\Command</code> is used to open the script file. If the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive registry keys cannot be found, Apache falls back to the behavior of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Be careful when using <code>ScriptInterpreterSource
7fbd7281d06cec1918aa370214df77c572f871a9sf module="mod_alias">ScriptAlias</directive>'ed directories, because
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Apache will try to execute <strong>every</strong> file within this
7fbd7281d06cec1918aa370214df77c572f871a9sf directory. The <code>Registry</code> setting may cause undesired
7fbd7281d06cec1918aa370214df77c572f871a9sf program calls on files which are typically not executed. For
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive example, the default open command on <code>.htm</code> files on
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive most Windows systems will execute Microsoft Internet Explorer, so
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive any HTTP request for an <code>.htm</code> file existing within the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive script directory would start the browser in the background on the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive server. This is a good way to crash your system within a minute or
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <p>The option <code>Registry-Strict</code> which is new in Apache
1597043cec6ad37fa4154bf09b0fccdabed1a239slive 2.0 does the same thing as <code>Registry</code> but uses only the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>ExecCGI</code> key is not a common one. It must be
530eba85dbd41b8a0fa5255d3648d1440199a661slive configured manually in the windows registry and hence prevents
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive accidental program calls on your system.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Email address that the server includes in error
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivemessages sent to the client</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>ServerAdmin <var>email-address</var>|<var>URL</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>ServerAdmin</directive> sets the contact address
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that the server includes in any error messages it returns to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive client. If the <code>httpd</code> doesn't recognize the supplied argument
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive as an URL, it
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive assumes, that it's an <var>email-address</var> and prepends it with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>mailto:</code> in hyperlink targets. However, it's recommended to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive actually use an email address, since there are a lot of CGI scripts that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive make that assumption. If you want to use an URL, it should point to another
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive server under your control. Otherwise users may not be able to contact you in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive case of errors.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>It may be worth setting up a dedicated address for this, e.g.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive ServerAdmin www-admin@foo.example.com
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>as users do not always mention that they are talking about the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive server!</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Alternate names for a host used when matching requests
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveto name-virtual hosts</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>ServerAlias <var>hostname</var> [<var>hostname</var>] ...</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>virtual host</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>ServerAlias</directive> directive sets the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive alternate names for a host, for use with <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/vhosts/name-based.html">name-based virtual hosts</a>.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <VirtualHost *><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive # ...<br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </VirtualHost>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/vhosts/">Apache Virtual Host documentation</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Hostname and port that the server uses to identify
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveitself</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>ServerName <var>fully-qualified-domain-name</var>[:<var>port</var>]</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>In version 2.0, this
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive supersedes the functionality of the <directive>Port</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive from version 1.3.</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>ServerName</directive> directive sets the hostname and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive port that the server uses to identify itself. This is used when
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive creating redirection URLs. For example, if the name of the
7fbd7281d06cec1918aa370214df77c572f871a9sf machine hosting the web server is <code>simple.example.com</code>,
7fbd7281d06cec1918aa370214df77c572f871a9sf but the machine also has the DNS alias <code>www.example.com</code>
7fbd7281d06cec1918aa370214df77c572f871a9sf and you wish the web server to be so identified, the following
7fbd7281d06cec1918aa370214df77c572f871a9sf directive should be used:</p>
7fbd7281d06cec1918aa370214df77c572f871a9sf ServerName www.example.com:80
7fbd7281d06cec1918aa370214df77c572f871a9sf </example>
7fbd7281d06cec1918aa370214df77c572f871a9sf <p>If no <directive>ServerName</directive> is specified, then the
7fbd7281d06cec1918aa370214df77c572f871a9sf server attempts to deduce the hostname by performing a reverse
7fbd7281d06cec1918aa370214df77c572f871a9sf lookup on the IP address. If no port is specified in the
7fbd7281d06cec1918aa370214df77c572f871a9sf <directive>ServerName</directive>, then the server will use the port
7fbd7281d06cec1918aa370214df77c572f871a9sf from the incoming
7fbd7281d06cec1918aa370214df77c572f871a9sf request. For optimal reliability and predictability, you should
7fbd7281d06cec1918aa370214df77c572f871a9sf specify an explicit hostname and port using the
7fbd7281d06cec1918aa370214df77c572f871a9sf href="/vhosts/name-based.html">name-based virtual hosts</a>,
7fbd7281d06cec1918aa370214df77c572f871a9sf <directive type="section" module="core">VirtualHost</directive>
7fbd7281d06cec1918aa370214df77c572f871a9sf section specifies what hostname must appear in the request's
7fbd7281d06cec1918aa370214df77c572f871a9sf <code>Host:</code> header to match this virtual host.</p>
7fbd7281d06cec1918aa370214df77c572f871a9sf <p>See the description of the
7fbd7281d06cec1918aa370214df77c572f871a9sf <directive module="core">UseCanonicalName</directive> directive for
7fbd7281d06cec1918aa370214df77c572f871a9sf settings which determine whether self-referential URL's (e.g., by the
7fbd7281d06cec1918aa370214df77c572f871a9sf specified port, or to the port number given in the client's request.
7fbd7281d06cec1918aa370214df77c572f871a9sf<seealso><a href="/dns-caveats.html">Issues Regarding DNS and
7fbd7281d06cec1918aa370214df77c572f871a9sf<seealso><directive module="core">UseCanonicalName</directive></seealso>
7fbd7281d06cec1918aa370214df77c572f871a9sf<seealso><directive module="core">NameVirtualHost</directive></seealso>
7fbd7281d06cec1918aa370214df77c572f871a9sf<seealso><directive module="core">ServerAlias</directive></seealso>
7fbd7281d06cec1918aa370214df77c572f871a9sf</directivesynopsis>
7fbd7281d06cec1918aa370214df77c572f871a9sf<directivesynopsis>
7fbd7281d06cec1918aa370214df77c572f871a9sf<description>Legacy URL pathname for a name-based virtual host that
7fbd7281d06cec1918aa370214df77c572f871a9sfis accessed by an incompatible browser</description>
7fbd7281d06cec1918aa370214df77c572f871a9sf<contextlist><context>virtual host</context></contextlist>
7fbd7281d06cec1918aa370214df77c572f871a9sf <p>The <directive>ServerPath</directive> directive sets the legacy
7fbd7281d06cec1918aa370214df77c572f871a9sf URL pathname for a host, for use with <a
7fbd7281d06cec1918aa370214df77c572f871a9sf<seealso><a href="/vhosts/">Apache Virtual Host documentation</a></seealso>
7fbd7281d06cec1918aa370214df77c572f871a9sf</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Base directory for the server installation</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>ServerRoot</directive> directive sets the
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen directory in which the server lives. Typically it will contain the
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen subdirectories <code>conf/</code> and <code>logs/</code>. Relative
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen paths in other configuration directives (such as <directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd module="mod_so">LoadModule</directive>, for example) are taken as
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd relative to this directory.</p>
8b052d682204371decc64f942aede5ef1da98955erikabele<seealso><a href="/invoking.html">the <code>-d</code>
7fbd7281d06cec1918aa370214df77c572f871a9sf<seealso><a href="/misc/security_tips.html#serverroot">the
7fbd7281d06cec1918aa370214df77c572f871a9sf security tips</a> for information on how to properly set
7fbd7281d06cec1918aa370214df77c572f871a9sf permissions on the <directive>ServerRoot</directive></seealso>
7fbd7281d06cec1918aa370214df77c572f871a9sf</directivesynopsis>
7fbd7281d06cec1918aa370214df77c572f871a9sf<directivesynopsis>
7fbd7281d06cec1918aa370214df77c572f871a9sf<description>Configures the footer on server-generated documents</description>
7fbd7281d06cec1918aa370214df77c572f871a9sf<contextlist><context>server config</context><context>virtual host</context>
7fbd7281d06cec1918aa370214df77c572f871a9sf</contextlist>
7fbd7281d06cec1918aa370214df77c572f871a9sf <p>The <directive>ServerSignature</directive> directive allows the
7fbd7281d06cec1918aa370214df77c572f871a9sf configuration of a trailing footer line under server-generated
7fbd7281d06cec1918aa370214df77c572f871a9sf documents (error messages, <module>mod_proxy</module> ftp directory
7fbd7281d06cec1918aa370214df77c572f871a9sf listings, <module>mod_info</module> output, ...). The reason why you
7fbd7281d06cec1918aa370214df77c572f871a9sf would want to enable such a footer line is that in a chain of proxies,
7fbd7281d06cec1918aa370214df77c572f871a9sf the user often has no possibility to tell which of the chained servers
7fbd7281d06cec1918aa370214df77c572f871a9sf actually produced a returned error message.</p>
7fbd7281d06cec1918aa370214df77c572f871a9sf setting, which is the default, suppresses the footer line (and is
7fbd7281d06cec1918aa370214df77c572f871a9sf therefore compatible with the behavior of Apache-1.2 and
7fbd7281d06cec1918aa370214df77c572f871a9sf below). The <code>On</code> setting simply adds a line with the
7fbd7281d06cec1918aa370214df77c572f871a9sf server version number and <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">ServerName</directive> of the serving virtual host,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and the <code>EMail</code> setting additionally creates a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive "mailto:" reference to the <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">ServerAdmin</directive> of the referenced
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive document.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>After version 2.0.44, the details of the server version number
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd presented are controlled by the <directive
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele<seealso><directive module="core">ServerTokens</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Configures the <code>Server</code> HTTP response
fb77c505254b6e9c925e23e734463e87574f8f40kessheader</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</syntax>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<contextlist><context>server config</context></contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This directive controls whether <code>Server</code> response
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd header field which is sent back to clients includes a
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd description of the generic OS-type of the server as well as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive information about compiled-in modules.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.0.41
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <dt><code>ServerTokens Full</code> (or not specified)</dt>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.0.41
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>This setting applies to the entire server, and cannot be
a0fed3e26656887c8458aa1081d516d08ced3c84trawick enabled or disabled on a virtualhost-by-virtualhost basis.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>After version 2.0.44, this directive also controls the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick information presented by the <directive
a0fed3e26656887c8458aa1081d516d08ced3c84trawick module="core">ServerSignature</directive> directive.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><directive module="core">ServerSignature</directive></seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<directivesynopsis>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<description>Forces all matching files to be processed by a
a0fed3e26656887c8458aa1081d516d08ced3c84trawickhandler</description>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<syntax>SetHandler <var>handler-name</var>|None</syntax>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<contextlist><context>server config</context><context>virtual host</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<context>directory</context><context>.htaccess</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</contextlist>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<compatibility>Moved into the core in Apache 2.0</compatibility>
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick <p>When placed into an <code>.htaccess</code> file or a
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick <directive type="section" module="core">Directory</directive> or
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick <directive type="section" module="core">Location</directive>
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick section, this directive forces all matching files to be parsed
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick through the <a href="/handler.html">handler</a> given by
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick <var>handler-name</var>. For example, if you had a directory you
a0fed3e26656887c8458aa1081d516d08ced3c84trawick wanted to be parsed entirely as imagemap rule files, regardless
a0fed3e26656887c8458aa1081d516d08ced3c84trawick of extension, you might put the following into an
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor SetHandler imap-file
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick <p>Another example: if you wanted to have the server display a
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick status report whenever a URL of
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick <code>http://servername/status</code> was called, you might put
bf0e7f6393e91c0a7c15cb0d889a4238c973dc2etrawick <Location /status><br />
a0fed3e26656887c8458aa1081d516d08ced3c84trawick SetHandler server-status<br />
a0fed3e26656887c8458aa1081d516d08ced3c84trawick </Location>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>You can override an earlier defined <directive>SetHandler</directive>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p><strong>Note:</strong> because SetHandler overrides default handlers,
a0fed3e26656887c8458aa1081d516d08ced3c84trawick normal behaviour such as handling of URLs ending in a slash (/) as
a0fed3e26656887c8458aa1081d516d08ced3c84trawick directories or index files is suppressed.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><directive module="mod_mime">AddHandler</directive></seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<description>Sets the filters that will process client requests and POST
a0fed3e26656887c8458aa1081d516d08ced3c84trawickinput</description>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<syntax>SetInputFilter <var>filter</var>[;<var>filter</var>...]</syntax>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<contextlist><context>server config</context><context>virtual host</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<context>directory</context><context>.htaccess</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</contextlist>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>The <directive>SetInputFilter</directive> directive sets the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick filter or filters which will process client requests and POST
a0fed3e26656887c8458aa1081d516d08ced3c84trawick input when they are received by the server. This is in addition to
a0fed3e26656887c8458aa1081d516d08ced3c84trawick any filters defined elsewhere, including the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <directive module="mod_mime">AddInputFilter</directive>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick directive.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>If more than one filter is specified, they must be separated
a0fed3e26656887c8458aa1081d516d08ced3c84trawick by semicolons in the order in which they should process the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick content.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<seealso><a href="/filter.html">Filters</a> documentation</seealso>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<description>Sets the filters that will process responses from the
a0fed3e26656887c8458aa1081d516d08ced3c84trawickserver</description>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<syntax>SetOutputFilter <var>filter</var>[;<var>filter</var>...]</syntax>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor<contextlist><context>server config</context><context>virtual host</context>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<context>directory</context><context>.htaccess</context>
215694531f7d868b906df96e22a80e6a1d2326a6lgentis</contextlist>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>The <directive>SetOutputFilter</directive> directive sets the filters
a0fed3e26656887c8458aa1081d516d08ced3c84trawick which will process responses from the server before they are
a0fed3e26656887c8458aa1081d516d08ced3c84trawick sent to the client. This is in addition to any filters defined
a0fed3e26656887c8458aa1081d516d08ced3c84trawick elsewhere, including the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <directive module="mod_mime">AddOutputFilter</directive>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick directive.</p>
031bbbc0d1189b07330e38d0c126820a9ab7795egryzor <p>For example, the following configuration will process all files
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick in the <code>/www/data/</code> directory for server-side
a0fed3e26656887c8458aa1081d516d08ced3c84trawick includes.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick SetOutputFilter INCLUDES<br />
a0fed3e26656887c8458aa1081d516d08ced3c84trawick </Directory>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick <p>If more than one filter is specified, they must be separated
a0fed3e26656887c8458aa1081d516d08ced3c84trawick by semicolons in the order in which they should process the
a0fed3e26656887c8458aa1081d516d08ced3c84trawick content.</p>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<seealso><a href="/filter.html">Filters</a> documentation</seealso>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick</directivesynopsis>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<directivesynopsis>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<description>Amount of time the server will wait for
2b6c7b8eb5fbc43564898aedac730df7e91da475trawickcertain events before failing a request</description>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<contextlist><context>server config</context></contextlist>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <p>The <directive>TimeOut</directive> directive currently defines
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick the amount of time Apache will wait for three things:</p>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <li>The total amount of time it takes to receive a GET
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick request.</li>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <li>The amount of time between receipt of TCP packets on a
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick POST or PUT request.</li>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <li>The amount of time between ACKs on transmissions of TCP
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick packets in responses.</li>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <p>We plan on making these separately configurable at some point
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick down the road. The timer used to default to 1200 before 1.2,
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick but has been lowered to 300 which is still far more than
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick necessary in most situations. It is not set any lower by
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick default because there may still be odd places in the code where
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick the timer is not reset when a packet is sent. </p>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick</directivesynopsis>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<directivesynopsis>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<description>Determines the behaviour on <code>TRACE</code>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawickrequests</description>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<syntax>TraceEnable <var>[on|off|extended]</var></syntax>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<contextlist><context>server config</context></contextlist>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick<compatibility>Available in Apache 1.3.34, 2.0.55 and later</compatibility>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <p>This directive overrides the behavior of <code>TRACE</code> for both
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick the core server and <module>mod_proxy</module>. The default
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <code>TraceEnable on</code> permits <code>TRACE</code> requests per
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick RFC 2616, which disallows any request body to accompany the request.
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <code>TraceEnable off</code> causes the core server and
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <module>mod_proxy</module> to return a <code>405</code> (Method not
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick allowed) error to the client.</p>
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <p>Finally, for testing and diagnostic purposes only, request
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick bodies may be allowed using the non-compliant <code>TraceEnable
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick extended</code> directive. The core (as an origin server) will
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick restrict the request body to 64k (plus 8k for chunk headers if
2b6c7b8eb5fbc43564898aedac730df7e91da475trawick <code>Transfer-Encoding: chunked</code> is used). The core will
a0fed3e26656887c8458aa1081d516d08ced3c84trawick reflect the full headers and all chunk headers with the response
a0fed3e26656887c8458aa1081d516d08ced3c84trawick body. As a proxy server, the request body is not restricted to 64k.</p>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick</directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<directivesynopsis>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<description>Configures how the server determines its own name and
a0fed3e26656887c8458aa1081d516d08ced3c84trawickport</description>
a0fed3e26656887c8458aa1081d516d08ced3c84trawick<contextlist><context>server config</context><context>virtual host</context>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>In many situations Apache must construct a <em>self-referential</em>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive URL -- that is, a URL that refers back to the same server. With
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>UseCanonicalName On</code> Apache will use the hostname and port
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive specified in the <directive module="core">ServerName</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive to construct the canonical name for the server. This name
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is used in all self-referential URLs, and for the values of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>SERVER_NAME</code> and <code>SERVER_PORT</code> in CGIs.</p>
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener <p>With <code>UseCanonicalName Off</code> Apache will form
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener self-referential URLs using the hostname and port supplied by
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener the client if any are supplied (otherwise it will use the
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener canonical name, as defined above). These values are the same
fb77c505254b6e9c925e23e734463e87574f8f40kess that are used to implement <a
ffec3e56ff5331a2d732ec07e9d107303fed43f4covener href="/vhosts/name-based.html">name based virtual hosts</a>,
3386d67e54f92fdf6a3ffc5f7f8081eed6c44badslive and are available with the same clients. The CGI variables
3386d67e54f92fdf6a3ffc5f7f8081eed6c44badslive <code>SERVER_NAME</code> and <code>SERVER_PORT</code> will be
05201775eaa6b363b8a119c8aea5db246b967591yoshiki constructed from the client supplied values as well.</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <p>An example where this may be useful is on an intranet server
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive where you have users connecting to the machine using short
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive names such as <code>www</code>. You'll notice that if the users
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type a shortname, and a URL which is a directory, such as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>http://www/splat</code>, <em>without the trailing
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive slash</em> then Apache will redirect them to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>http://www.domain.com/splat/</code>. If you have
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive authentication enabled, this will cause the user to have to
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd authenticate twice (once for <code>www</code> and once again
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="http://httpd.apache.org/docs/misc/FAQ.html#prompted-twice">the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive FAQ on this subject for more information</a>). But if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>UseCanonicalName</directive> is set <code>Off</code>, then
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Apache will redirect to <code>http://www/splat/</code>.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>There is a third option, <code>UseCanonicalName DNS</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive which is intended for use with mass IP-based virtual hosting to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive support ancient clients that do not provide a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>Host:</code> header. With this option Apache does a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive reverse DNS lookup on the server IP address that the client
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd connected to in order to work out self-referential URLs.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>If CGIs make assumptions about the values of <code>SERVER_NAME</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive they may be broken by this option. The client is essentially free
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess to give whatever value they want as a hostname. But if the CGI is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive only using <code>SERVER_NAME</code> to construct self-referential URLs
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic then it should be just fine.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">ServerName</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="mpm_common">Listen</directive></seealso>
13e5182a0c199ecc7a73db97b6448a544e940868slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Contains directives that apply only to a specific
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivehostname or IP address</description>
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic<syntax><VirtualHost
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic <var>addr</var>[:<var>port</var>] [<var>addr</var>[:<var>port</var>]]
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd ...> ... </VirtualHost></syntax>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context></contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code></VirtualHost></code> are used to enclose a group of
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd directives that will apply only to a particular virtual host. Any
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive directive that is allowed in a virtual host context may be
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive used. When the server receives a request for a document on a
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive particular virtual host, it uses the configuration directives
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd enclosed in the <directive type="section">VirtualHost</directive>
13e5182a0c199ecc7a73db97b6448a544e940868slive <li>A fully qualified domain name for the IP address of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive virtual host;</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>The character <code>*</code>, which is used only in combination with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>NameVirtualHost *</code> to match all IP addresses; or</li>
13e5182a0c199ecc7a73db97b6448a544e940868slive <li>The string <code>_default_</code>, which is used only
13e5182a0c199ecc7a73db97b6448a544e940868slive with IP virtual hosting to catch unmatched IP addresses.</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <VirtualHost 10.1.2.3><br />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive ServerAdmin webmaster@host.foo.com<br />
13e5182a0c199ecc7a73db97b6448a544e940868slive </VirtualHost>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>IPv6 addresses must be specified in square brackets because
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the optional port number could not be determined otherwise. An
13e5182a0c199ecc7a73db97b6448a544e940868slive IPv6 example is shown below:</p>
96969ed53a757bd9e0a4d7f2f499c9db5ef7899eigalic <VirtualHost [fe80::a00:20ff:fea7:ccea]><br />
96969ed53a757bd9e0a4d7f2f499c9db5ef7899eigalic ServerAdmin webmaster@host.example.com<br />
13e5182a0c199ecc7a73db97b6448a544e940868slive </VirtualHost>
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive <p>Each Virtual Host must correspond to a different IP address,
13e5182a0c199ecc7a73db97b6448a544e940868slive different port number or a different host name for the server,
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive in the former case the server machine must be configured to
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive accept IP packets for multiple addresses. (If the machine does
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive not have multiple network interfaces, then this can be
1c5fe3e61f0f3202ae0f853740d53f3aff4c4afbslive accomplished with the <code>ifconfig alias</code> command -- if
13e5182a0c199ecc7a73db97b6448a544e940868slive your OS supports it).</p>
13e5182a0c199ecc7a73db97b6448a544e940868slive <p>The use of <directive type="section">VirtualHost</directive> does
13e5182a0c199ecc7a73db97b6448a544e940868slive <strong>not</strong> affect what addresses Apache listens on. You
13e5182a0c199ecc7a73db97b6448a544e940868slive may need to ensure that Apache is listening on the correct addresses
13e5182a0c199ecc7a73db97b6448a544e940868slive using <directive module="mpm_common">Listen</directive>.</p>
13e5182a0c199ecc7a73db97b6448a544e940868slive <p>When using IP-based virtual hosting, the special name
13e5182a0c199ecc7a73db97b6448a544e940868slive which case this virtual host will match any IP address that is
13e5182a0c199ecc7a73db97b6448a544e940868slive not explicitly listed in another virtual host. In the absence
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of any <code>_default_</code> virtual host the "main" server config,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive consisting of all those definitions outside any VirtualHost
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic section, is used when no IP-match occurs. (But note that any IP
3b9c7ec844aa240622a33735d1b9cbac4232e268rbowen address that matches a <directive
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic module="core">NameVirtualHost</directive> directive will use neither
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic the "main" server config nor the <code>_default_</code> virtual host.
3b9c7ec844aa240622a33735d1b9cbac4232e268rbowen See the <a href="/vhosts/name-based.html">name-based virtual hosting</a>
3b9c7ec844aa240622a33735d1b9cbac4232e268rbowen documentation for further details.)</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>You can specify a <code>:port</code> to change the port that is
130d299c4b2b15be45532a176604c71fdc7bea5bnd matched. If unspecified then it defaults to the same port as the
130d299c4b2b15be45532a176604c71fdc7bea5bnd most recent <directive module="mpm_common">Listen</directive>
130d299c4b2b15be45532a176604c71fdc7bea5bnd statement of the main server. You may also specify <code>:*</code>
130d299c4b2b15be45532a176604c71fdc7bea5bnd to match all ports on that address. (This is recommended when used
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p>See the <a href="/misc/security_tips.html">security tips</a>
130d299c4b2b15be45532a176604c71fdc7bea5bnd document for details on why your security could be compromised if the
130d299c4b2b15be45532a176604c71fdc7bea5bnd directory where log files are stored is writable by anyone other
130d299c4b2b15be45532a176604c71fdc7bea5bnd than the user that starts the server.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/vhosts/">Apache Virtual Host documentation</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/dns-caveats.html">Issues Regarding DNS and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/sections.html">How <Directory>, <Location>
130d299c4b2b15be45532a176604c71fdc7bea5bnd and <Files> sections work</a> for an explanation of how these
130d299c4b2b15be45532a176604c71fdc7bea5bnd different sections are combined when a request is received</seealso>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</modulesynopsis>