core.xml revision d8655d95f4c9f281adc457de9ef702b46b003153
530eba85dbd41b8a0fa5255d3648d1440199a661slive<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
e942c741056732f50da2074b36fe59805d370650slive<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<!-- $LastChangedRevision$ -->
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Licensed to the Apache Software Foundation (ASF) under one or more
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive contributor license agreements. See the NOTICE file distributed with
530eba85dbd41b8a0fa5255d3648d1440199a661slive this work for additional information regarding copyright ownership.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The ASF licenses this file to You under the Apache License, Version 2.0
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (the "License"); you may not use this file except in compliance with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the License. You may obtain a copy of the License at
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Unless required by applicable law or agreed to in writing, software
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive distributed under the License is distributed on an "AS IS" BASIS,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele See the License for the specific language governing permissions and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive limitations under the License.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Core Apache HTTP Server features that are always
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveavailable</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Configures optimizations for a Protocol's Listener Sockets</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>AcceptFilter <var>protocol</var> <var>accept_filter</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Available in Apache httpd 2.1.5 and later.
fb77c505254b6e9c925e23e734463e87574f8f40kessOn Windows from Apache httpd 2.3.3 and later.</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive enables operating system specific optimizations for a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive listening socket by the <directive>Protocol</directive> type.
fb77c505254b6e9c925e23e734463e87574f8f40kess The basic premise is for the kernel to not send a socket to the server
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive process until either data is received or an entire HTTP Request is buffered.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Only <a href="http://www.freebsd.org/cgi/man.cgi?query=accept_filter&sektion=9">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive FreeBSD's Accept Filters</a>, Linux's more primitive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>TCP_DEFER_ACCEPT</code>, and Windows' optimized AcceptEx()
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive are currently supported.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Using <code>none</code> for an argument will disable any accept filters
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive for that protocol. This is useful for protocols that require a server
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive send data first, such as <code>ftp:</code> or <code>nntp</code>:</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess AcceptFilter nntp none
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The default protocol names are <code>https</code> for port 443
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess and <code>http</code> for all other ports. To specify another protocol
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is being used with a listening port, add the <var>protocol</var>
fb77c505254b6e9c925e23e734463e87574f8f40kess argument to the <directive module="mpm_common">Listen</directive>
fb77c505254b6e9c925e23e734463e87574f8f40kess directive.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveAcceptFilter http httpready
fb77c505254b6e9c925e23e734463e87574f8f40kessAcceptFilter https dataready
fb77c505254b6e9c925e23e734463e87574f8f40kess </highlight>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The <code>httpready</code> accept filter buffers entire HTTP requests at
fb77c505254b6e9c925e23e734463e87574f8f40kess the kernel level. Once an entire request is received, the kernel then
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive sends it to the server. See the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_http&sektion=9">
130d299c4b2b15be45532a176604c71fdc7bea5bnd accf_http(9)</a> man page for more details. Since HTTPS requests are
130d299c4b2b15be45532a176604c71fdc7bea5bnd encrypted only the <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_data&sektion=9">
130d299c4b2b15be45532a176604c71fdc7bea5bndAcceptFilter http data
130d299c4b2b15be45532a176604c71fdc7bea5bndAcceptFilter https data
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Linux's <code>TCP_DEFER_ACCEPT</code> does not support buffering http
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive requests. Any value besides <code>none</code> will enable
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>TCP_DEFER_ACCEPT</code> on that listener. For more details
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive see the Linux
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <a href="http://homepages.cwi.nl/~aeb/linux/man2html/man7/tcp.7.html">
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveAcceptFilter http data
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveAcceptFilter https data
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>Window's mpm_winnt interprets the AcceptFilter to toggle the AcceptEx()
003f0c9fda6664daf5092a0e42f65ede20098153slive API, and does not support http protocol buffering. There are two values
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess which utilize the Windows AcceptEx() API and will recycle network
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess sockets between connections. <code>data</code> waits until data has
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive been transmitted as documented above, and the initial data buffer and
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd network endpoint addresses are all retrieved from the single AcceptEx()
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd invocation. <code>connect</code> will use the AcceptEx() API, also
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd retrieve the network endpoint addresses, but like <code>none</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the <code>connect</code> option does not wait for the initial data
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive transmission.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>On Windows, <code>none</code> uses accept() rather than AcceptEx()
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and will not recycle sockets between connections. This is useful for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive network adapters with broken driver support, as well as some virtual
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive network providers such as vpn drivers, or spam, virus or spyware
130d299c4b2b15be45532a176604c71fdc7bea5bnd filters.</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<seealso><directive module="core">Protocol</directive></seealso>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Resources accept trailing pathname information</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>virtual host</context><context>directory</context>
003f0c9fda6664daf5092a0e42f65ede20098153slive<compatibility>Available in Apache httpd 2.0.30 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive controls whether requests that contain trailing
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive pathname information that follows an actual filename (or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive non-existent file in an existing directory) will be accepted or
003f0c9fda6664daf5092a0e42f65ede20098153slive rejected. The trailing pathname information can be made
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive available to scripts in the <code>PATH_INFO</code> environment
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive variable.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For example, assume the location <code>/test/</code> points to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a directory that contains only the single file
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The three possible arguments for the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <dt><code>Off</code></dt><dd>A request will only be accepted if it
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd maps to a literal path that exists. Therefore a request with
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd trailing pathname information after the true filename such as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>/test/here.html/more</code> in the above example will return
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a 404 NOT FOUND error.</dd>
58699879a562774640b95e9eedfd891f336e38c2nd <dt><code>On</code></dt><dd>A request will be accepted if a
58699879a562774640b95e9eedfd891f336e38c2nd leading path component maps to a file that exists. The above
58699879a562774640b95e9eedfd891f336e38c2nd example <code>/test/here.html/more</code> will be accepted if
fb77c505254b6e9c925e23e734463e87574f8f40kess <code>/test/here.html</code> maps to a valid file.</dd>
58699879a562774640b95e9eedfd891f336e38c2nd <dt><code>Default</code></dt><dd>The treatment of requests with
58699879a562774640b95e9eedfd891f336e38c2nd trailing pathname information is determined by the <a
58699879a562774640b95e9eedfd891f336e38c2nd href="/handler.html">handler</a> responsible for the request.
58699879a562774640b95e9eedfd891f336e38c2nd The core handler for normal files defaults to rejecting
58699879a562774640b95e9eedfd891f336e38c2nd <code>PATH_INFO</code> requests. Handlers that serve scripts, such as <a
58699879a562774640b95e9eedfd891f336e38c2nd href="mod_isapi.html">isapi-handler</a>, generally accept
58699879a562774640b95e9eedfd891f336e38c2nd <p>The primary purpose of the <code>AcceptPathInfo</code>
fb77c505254b6e9c925e23e734463e87574f8f40kess directive is to allow you to override the handler's choice of
fb77c505254b6e9c925e23e734463e87574f8f40kess accepting or rejecting <code>PATH_INFO</code>. This override is required,
fb77c505254b6e9c925e23e734463e87574f8f40kess for example, when you use a <a href="/filter.html">filter</a>, such
fb77c505254b6e9c925e23e734463e87574f8f40kess as <a href="mod_include.html">INCLUDES</a>, to generate content
fb77c505254b6e9c925e23e734463e87574f8f40kess based on <code>PATH_INFO</code>. The core handler would usually reject
58699879a562774640b95e9eedfd891f336e38c2nd the request, so you can use the following configuration to enable
58699879a562774640b95e9eedfd891f336e38c2nd such a script:</p>
58699879a562774640b95e9eedfd891f336e38c2nd<Files "mypaths.shtml">
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess Options +Includes
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess SetOutputFilter INCLUDES
58699879a562774640b95e9eedfd891f336e38c2nd AcceptPathInfo On
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess</Files>
58699879a562774640b95e9eedfd891f336e38c2nd </highlight>
fb77c505254b6e9c925e23e734463e87574f8f40kess</directivesynopsis>
58699879a562774640b95e9eedfd891f336e38c2nd<directivesynopsis>
58699879a562774640b95e9eedfd891f336e38c2nd<description>Name of the distributed configuration file</description>
58699879a562774640b95e9eedfd891f336e38c2nd<syntax>AccessFileName <var>filename</var> [<var>filename</var>] ...</syntax>
58699879a562774640b95e9eedfd891f336e38c2nd<contextlist><context>server config</context><context>virtual host</context>
58699879a562774640b95e9eedfd891f336e38c2nd</contextlist>
58699879a562774640b95e9eedfd891f336e38c2nd <p>While processing a request the server looks for
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess the first existing configuration file from this list of names in
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd every directory of the path to the document, if distributed
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd configuration files are <a href="#allowoverride">enabled for that
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess <highlight language="config">AccessFileName .acl</highlight>
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd <p>before returning the document
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd <code>/usr/local/web/index.html</code>, the server will read
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd <code>/usr/local/.acl</code> and <code>/usr/local/web/.acl</code>
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd for directives, unless they have been disabled with</p>
ec9b02c6869b75575ada34c800672162833a2c06nd<Directory />
58699879a562774640b95e9eedfd891f336e38c2nd AllowOverride None
58699879a562774640b95e9eedfd891f336e38c2nd</Directory>
58699879a562774640b95e9eedfd891f336e38c2nd </highlight>
58699879a562774640b95e9eedfd891f336e38c2nd<seealso><directive module="core">AllowOverride</directive></seealso>
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd<seealso><a href="/configuring.html">Configuration Files</a></seealso>
58699879a562774640b95e9eedfd891f336e38c2nd<seealso><a href="/howto/htaccess.html">.htaccess Files</a></seealso>
58699879a562774640b95e9eedfd891f336e38c2nd</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<description>Default charset parameter to be added when a response
fb77c505254b6e9c925e23e734463e87574f8f40kesscontent-type is <code>text/plain</code> or <code>text/html</code></description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<syntax>AddDefaultCharset On|Off|<var>charset</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>virtual host</context><context>directory</context>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess <p>This directive specifies a default value for the media type
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive charset parameter (the name of a character encoding) to be added
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess to a response if and only if the response's content-type is either
10673857794a4b3d9568ca2d983722a87ed352f1rbowen <code>text/plain</code> or <code>text/html</code>. This should override
fb77c505254b6e9c925e23e734463e87574f8f40kess any charset specified in the body of the response via a <code>META</code>
fb77c505254b6e9c925e23e734463e87574f8f40kess element, though the exact behavior is often dependent on the user's client
10673857794a4b3d9568ca2d983722a87ed352f1rbowen configuration. A setting of <code>AddDefaultCharset Off</code>
6af14face8dcdab3a5cd88fcdda91c268f7a3745slive disables this functionality. <code>AddDefaultCharset On</code> enables
10673857794a4b3d9568ca2d983722a87ed352f1rbowen a default charset of <code>iso-8859-1</code>. Any other value is assumed
10673857794a4b3d9568ca2d983722a87ed352f1rbowen to be the <var>charset</var> to be used, which should be one of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <a href="http://www.iana.org/assignments/character-sets">IANA registered
fb77c505254b6e9c925e23e734463e87574f8f40kess charset values</a> for use in Internet media types (MIME types).
fb77c505254b6e9c925e23e734463e87574f8f40kess For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">AddDefaultCharset utf-8</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive>AddDefaultCharset</directive> should only be used when all
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of the text resources to which it applies are known to be in that
fb77c505254b6e9c925e23e734463e87574f8f40kess character encoding and it is too inconvenient to label their charset
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive individually. One such example is to add the charset parameter
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd to resources containing generated content, such as legacy CGI
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive scripts, that might be vulnerable to cross-site scripting attacks
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive due to user-provided data being included in the output. Note, however,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that a better solution is to just fix (or delete) those scripts, since
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive setting a default charset does not protect users that have enabled
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the "auto-detect character encoding" feature on their browser.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="mod_mime">AddCharset</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz<directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<description>Determines whether encoded path separators in URLs are allowed to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivebe passed through</description>
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz<syntax>AllowEncodedSlashes On|Off|NoDecode</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Available in Apache httpd 2.0.46 and later.
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveNoDecode option available in 2.3.12 and later.</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>AllowEncodedSlashes</directive> directive allows URLs
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive which contain encoded path separators (<code>%2F</code> for <code>/</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and additionally <code>%5C</code> for <code>\</code> on according systems)
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to be used in the path info.</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>With the default value, <code>Off</code>, such URLs are refused
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive with a 404 (Not found) error.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>With the value <code>On</code>, such URLs are accepted, and encoded
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive slashes are decoded like all other encoded characters.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>With the value <code>NoDecode</code>, such URLs are accepted, but
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive encoded slashes are not decoded but left in their encoded state.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Turning <directive>AllowEncodedSlashes</directive> <code>On</code> is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive mostly useful when used in conjunction with <code>PATH_INFO</code>.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>If encoded slashes are needed in path info, use of <code>NoDecode</code> is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive strongly recommended as a security measure. Allowing slashes
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to be decoded could potentially allow unsafe paths.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">AcceptPathInfo</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Types of directives that are allowed in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>AllowOverride All|None|<var>directive-type</var>
9ed9eaf871c58d281af02e76125ceadb5060afa5nd<default>AllowOverride None (2.3.9 and later), AllowOverride All (2.3.8 and earlier)</default>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When the server finds an <code>.htaccess</code> file (as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive specified by <directive module="core">AccessFileName</directive>)
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive it needs to know which directives declared in that file can override
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive earlier configuration directives.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note><title>Only available in <Directory> sections</title>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Directory</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive sections specified without regular expressions, not in <directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd type="section" module="core">Location</directive>, <directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd module="core" type="section">DirectoryMatch</directive> or
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <directive type="section" module="core">Files</directive> sections.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When this directive is set to <code>None</code> and <directive
54bcd0e21a5c79158afd3b78bf707a493a5fb33crbowen <code>None</code> <a href="#accessfilename">.htaccess</a> files are
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive completely ignored. In this case, the server will not even attempt
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to read <code>.htaccess</code> files in the filesystem.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When this directive is set to <code>All</code>, then any
003f0c9fda6664daf5092a0e42f65ede20098153slive directive which has the .htaccess <a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="directive-dict.html#Context">Context</a> is allowed in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <var>directive-type</var> can be one of the following
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive groupings of directives.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Allow use of the authorization directives (<directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_authn_dbm">AuthDBMUserFile</directive>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_authz_groupfile">AuthGroupFile</directive>,
9ed9eaf871c58d281af02e76125ceadb5060afa5nd <directive module="mod_authn_core">AuthType</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_authn_file">AuthUserFile</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_authz_core">Require</directive>, <em>etc.</em>).</dd>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Allow use of the directives controlling document types
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_negotiation">LanguagePriority</directive>,
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <directive module="core">SetOutputFilter</directive>, and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <module>mod_mime</module> Add* and Remove* directives),
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive document meta data (<directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_headers">RequestHeader</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_setenvif">SetEnvIf</directive>, <directive
003f0c9fda6664daf5092a0e42f65ede20098153slive module="mod_setenvif">SetEnvIfNoCase</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_setenvif">BrowserMatch</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_usertrack">CookieExpires</directive>, <directive
530eba85dbd41b8a0fa5255d3648d1440199a661slive module="mod_usertrack">CookieDomain</directive>, <directive
530eba85dbd41b8a0fa5255d3648d1440199a661slive module="mod_usertrack">CookieStyle</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_usertrack">CookieTracking</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_rewrite">RewriteEngine</directive>, <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess module="mod_rewrite">RewriteOptions</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_rewrite">RewriteBase</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_rewrite">RewriteCond</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_alias">RedirectPermanent</directive>, <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_actions">Action</directive> from
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes Allow use of the directives controlling directory indexing
fb77c505254b6e9c925e23e734463e87574f8f40kess (<directive
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes module="mod_autoindex">AddDescription</directive>,
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes <directive module="mod_autoindex">AddIcon</directive>, <directive
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes module="mod_autoindex">AddIconByEncoding</directive>,
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes <directive module="mod_autoindex">AddIconByType</directive>,
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes <directive module="mod_autoindex">DefaultIcon</directive>, <directive
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes module="mod_dir">DirectoryIndex</directive>, , <directive
4c7bdb15764021d39e486adb7bc2166d3f683773bnicholes module="mod_dir">FallbackResource</directive>,<a href="mod_autoindex.html#indexoptions.fancyindexing"
fb77c505254b6e9c925e23e734463e87574f8f40kess module="mod_autoindex">HeaderName</directive>, <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess module="mod_autoindex">IndexIgnore</directive>, <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess module="mod_autoindex">IndexOptions</directive>, <directive
fb77c505254b6e9c925e23e734463e87574f8f40kess Allow use of the directives controlling host access (<directive
fb77c505254b6e9c925e23e734463e87574f8f40kess module="mod_access_compat">Allow</directive>, <directive
fb77c505254b6e9c925e23e734463e87574f8f40kess module="mod_access_compat">Deny</directive> and <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Allow use of AllowOverride option to treat syntax errors in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive .htaccess as non-fatal: instead of causing an Internal Server
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Error, disallowed or unrecognised directives will be ignored
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and a warning logged:
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li><strong>Nonfatal=Override</strong> treats directives
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive forbidden by AllowOverride as non-fatal.</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li><strong>Nonfatal=Unknown</strong> treats unknown directives
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive as non-fatal. This covers typos and directives implemented
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive by a module that's not present.</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li><strong>Nonfatal=All</strong> treats both the above as non-fatal.</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Note that a syntax error in a valid directive will still cause
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive an internal server error.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Nonfatal errors may have security implications for .htaccess users.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd For example, if AllowOverride disallows AuthConfig, users'
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd configuration designed to restrict access to a site will be disabled.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Allow use of the directives controlling specific directory
fb77c505254b6e9c925e23e734463e87574f8f40kess features (<directive module="core">Options</directive> and
fb77c505254b6e9c925e23e734463e87574f8f40kess An equal sign may be given followed by a comma (but no spaces)
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive separated lists of options that may be set using the <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Even though the list of options that may be used in .htaccess files
003f0c9fda6664daf5092a0e42f65ede20098153slive can be limited with this directive, as long as any <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">Options</directive> directive is allowed any
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd other inherited option can be disabled by using the non-relative
76f2a3125fb6aca59d43b02220dabac91175a281slive syntax. In other words, this mechanism cannot force a specific option
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to remain <em>set</em> while allowing any others to be set.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive AllowOverride Options=Idexes,MultiViews
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">AllowOverride AuthConfig Indexes</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In the example above all directives that are neither in the group
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>AuthConfig</code> nor <code>Indexes</code> cause an internal
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd server error.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <note><p>For security and performance reasons, do not set
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess <code>AllowOverride</code> to anything other than <code>None</code>
fb77c505254b6e9c925e23e734463e87574f8f40kess in your <code><Directory /></code> block. Instead, find (or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive create) the <code><Directory></code> block that refers to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directory where you're actually planning to place a
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<seealso><directive module="core">AccessFileName</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">AllowOverrideList</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/configuring.html">Configuration Files</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/howto/htaccess.html">.htaccess Files</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>Individual directives that are allowed in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>directory</context></contextlist>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p>When the server finds an <code>.htaccess</code> file (as
003f0c9fda6664daf5092a0e42f65ede20098153slive specified by <directive module="core">AccessFileName</directive>)
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd it needs to know which directives declared in that file can override
003f0c9fda6664daf5092a0e42f65ede20098153slive earlier configuration directives.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <note><title>Only available in <Directory> sections</title>
fb77c505254b6e9c925e23e734463e87574f8f40kess <directive>AllowOverrideList</directive> is valid only in
fb77c505254b6e9c925e23e734463e87574f8f40kess <directive type="section" module="core">Directory</directive>
003f0c9fda6664daf5092a0e42f65ede20098153slive sections specified without regular expressions, not in <directive
003f0c9fda6664daf5092a0e42f65ede20098153slive type="section" module="core">Location</directive>, <directive
003f0c9fda6664daf5092a0e42f65ede20098153slive module="core" type="section">DirectoryMatch</directive> or
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <directive type="section" module="core">Files</directive> sections.
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p>When this directive is set to <code>None</code> and <directive
130d299c4b2b15be45532a176604c71fdc7bea5bnd module="core">AllowOverride</directive> is set to <code>None</code>,
130d299c4b2b15be45532a176604c71fdc7bea5bnd then <a href="#accessfilename">.htaccess</a> files are completely
130d299c4b2b15be45532a176604c71fdc7bea5bnd ignored. In this case, the server will not even attempt to read
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndAllowOverride None
fb77c505254b6e9c925e23e734463e87574f8f40kessAllowOverrideList Redirect RedirectMatch
fb77c505254b6e9c925e23e734463e87574f8f40kess </highlight>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>In the example above only the <code>Redirect</code> and
b06660a3ed3d885e15d99c0209a46c4657df33fbrbowen <code>RedirectMatch</code> directives are allowed. All others will
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive cause an internal server error.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndAllowOverride AuthConfig
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndAllowOverrideList CookieTracking CookieName
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </highlight>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>In the example above <directive module="core">AllowOverride
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </directive> grants permission to the <code>AuthConfig</code>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess directive grouping and <directive>AllowOverrideList</directive> grants
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess permission to only two directves from the <code>FileInfo</code> directive
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess grouping. All others will cause an internal server error.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">AccessFileName</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">AllowOverride</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/configuring.html">Configuration Files</a></seealso>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<seealso><a href="/howto/htaccess.html">.htaccess Files</a></seealso>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<description>Technique for locating the interpreter for CGI
130d299c4b2b15be45532a176604c71fdc7bea5bndscripts</description>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<syntax>CGIMapExtension <var>cgi-path</var> <var>.extension</var></syntax>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<contextlist><context>directory</context><context>.htaccess</context>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive is used to control how Apache httpd finds the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive interpreter used to run CGI scripts. For example, setting
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive cause all CGI script files with a <code>.foo</code> extension to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive be passed to the FOO interpreter.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<description>Enables the generation of <code>Content-MD5</code> HTTP Response
6b64034fa2a644ba291c484c0c01c7df5b8d982ckessheaders</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p>This directive enables the generation of
130d299c4b2b15be45532a176604c71fdc7bea5bnd respectively RFC2616.</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p>MD5 is an algorithm for computing a "message digest"
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd (sometimes called "fingerprint") of arbitrary-length data, with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a high degree of confidence that any alterations in the data
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess will be reflected in alterations in the message digest.</p>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess <p>The <code>Content-MD5</code> header provides an end-to-end
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess message integrity check (MIC) of the entity-body. A proxy or
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess client may check this header for detecting accidental
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess modification of the entity-body in transit. Example header:</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
fb77c505254b6e9c925e23e734463e87574f8f40kess </example>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Note that this can cause performance problems on your server
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive since the message digest is computed on every request (the
130d299c4b2b15be45532a176604c71fdc7bea5bnd values are not cached).</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p><code>Content-MD5</code> is only sent for documents served
130d299c4b2b15be45532a176604c71fdc7bea5bnd by the <module>core</module>, and not by any module. For example,
130d299c4b2b15be45532a176604c71fdc7bea5bnd SSI documents, output from CGI scripts, and byte range responses
130d299c4b2b15be45532a176604c71fdc7bea5bnd do not have this header.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Base directory for the server run-time files</description>
fb77c505254b6e9c925e23e734463e87574f8f40kess<syntax>DefaultRuntimeDir <var>directory-path</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<default>DefaultRuntimeDir DEFAULT_REL_RUNTIMEDIR (logs/)</default>
fb77c505254b6e9c925e23e734463e87574f8f40kess<contextlist><context>server config</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>DefaultRuntimeDir</directive> directive sets the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directory in which the server will create various run-time files
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (shared memory, locks, etc.). If set as a relative path, the full path
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess will be relative to <directive>ServerRoot</directive>.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveDefaultRuntimeDir scratch/
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The default location of <directive>DefaultRuntimeDir</directive> may be
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess modified by changing the <code>DEFAULT_REL_RUNTIMEDIR</code> #define
15ba1801088da1aad6d20609cf3f7b0b1eefce8aslive at build time.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>Note: <directive>ServerRoot</directive> should be specified before this
7b5535ed88e0f561b3bfb3330137bd804846afd4slive directive is used, otherwise the default value of <directive>ServerRoot</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive would be used to set the base directory.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/misc/security_tips.html#serverroot">the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive security tips</a> for information on how to properly set
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive permissions on the <directive>ServerRoot</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>This directive has no effect other than to emit warnings
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndif the value is not <code>none</code>. In prior versions, DefaultType
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndwould specify a default media type to assign to response content for
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndwhich no other media type configuration could be found.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>DefaultType <var>media-type|none</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>The argument <code>none</code> is available in Apache httpd 2.2.7 and later. All other choices are DISABLED for 2.3.x and later.</compatibility>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>This directive has been disabled. For backwards compatibility
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of configuration files, it may be specified with the value
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>none</code>, meaning no default media type. For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">DefaultType None</highlight>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd httpd-2.2.7 and later.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_mime">AddType</directive> to configure media
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type assignments via file extensions, or the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core">ForceType</directive> directive to configure
fb77c505254b6e9c925e23e734463e87574f8f40kess the media type for specific resources. Otherwise, the server will
fb77c505254b6e9c925e23e734463e87574f8f40kess send the response without a Content-Type header field and the
fb77c505254b6e9c925e23e734463e87574f8f40kess recipient may attempt to guess the media type.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<syntax>Define <var>parameter-name</var> [<var>parameter-value</var>]</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In its one parameter form, <directive>Define</directive> is equivalent
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to passing the <code>-D</code> argument to <program>httpd</program>. It
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can be used to toggle the use of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core" type="section">IfDefine</directive> sections
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive without needing to alter <code>-D</code> arguments in any startup
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive scripts.</p>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp <p>In addition to that, if the second parameter is given, a config variable
af18698b10b429b270551ca3a5d51a75e1c9db22brianp is set to this value. The variable can be used in the configuration using
003f0c9fda6664daf5092a0e42f65ede20098153slive the <code>${VAR}</code> syntax. The variable is always globally defined
fb77c505254b6e9c925e23e734463e87574f8f40kess and not limited to the scope of the surrounding config section.</p>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp<IfDefine TEST>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp Define servername test.example.com
003f0c9fda6664daf5092a0e42f65ede20098153slive</IfDefine>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp<IfDefine !TEST>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp Define servername www.example.com
fb77c505254b6e9c925e23e734463e87574f8f40kess Define SSL
003f0c9fda6664daf5092a0e42f65ede20098153slive</IfDefine>
003f0c9fda6664daf5092a0e42f65ede20098153slive </highlight>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>Variable names may not contain colon ":" characters, to avoid clashes
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd with <directive module="mod_rewrite">RewriteMap</directive>'s syntax.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp<description>Enclose a group of directives that apply only to the
af18698b10b429b270551ca3a5d51a75e1c9db22brianpnamed file-system directory, sub-directories, and their contents.</description>
af18698b10b429b270551ca3a5d51a75e1c9db22brianp... </Directory></syntax>
fb77c505254b6e9c925e23e734463e87574f8f40kess<contextlist><context>server config</context><context>virtual host</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code></Directory></code> are used to enclose a group of
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd directives that will apply only to the named directory,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd sub-directories of that directory, and the files within the respective
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd directories. Any directive that is allowed
fb77c505254b6e9c925e23e734463e87574f8f40kess in a directory context may be used. <var>Directory-path</var> is
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd either the full path to a directory, or a wild-card string using
41ef8b3051855b802104193ee0a587515af60a37wrowe Unix shell-style matching. In a wild-card string, <code>?</code> matches
41ef8b3051855b802104193ee0a587515af60a37wrowe any single character, and <code>*</code> matches any sequences of
41ef8b3051855b802104193ee0a587515af60a37wrowe characters. You may also use <code>[]</code> character ranges. None
41ef8b3051855b802104193ee0a587515af60a37wrowe of the wildcards match a `/' character, so <code><Directory
41ef8b3051855b802104193ee0a587515af60a37wrowe /*/public_html></code> will not match
41ef8b3051855b802104193ee0a587515af60a37wrowe <code>/home/user/public_html</code>, but <code><Directory
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess /home/*/public_html></code> will match. Example:</p>
41ef8b3051855b802104193ee0a587515af60a37wrowe Options Indexes FollowSymLinks
41ef8b3051855b802104193ee0a587515af60a37wrowe</Directory>
41ef8b3051855b802104193ee0a587515af60a37wrowe </highlight>
41ef8b3051855b802104193ee0a587515af60a37wrowe <p>Be careful with the <var>directory-path</var> arguments:
41ef8b3051855b802104193ee0a587515af60a37wrowe They have to literally match the filesystem path which Apache httpd uses
fb77c505254b6e9c925e23e734463e87574f8f40kess to access the files. Directives applied to a particular
fb77c505254b6e9c925e23e734463e87574f8f40kess <code><Directory></code> will not apply to files accessed from
41ef8b3051855b802104193ee0a587515af60a37wrowe that same directory via a different path, such as via different symbolic
41ef8b3051855b802104193ee0a587515af60a37wrowe expressions</glossary> can also be used, with the addition of the
41ef8b3051855b802104193ee0a587515af60a37wrowe<Directory ~ "^/www/[0-9]{3}">
41ef8b3051855b802104193ee0a587515af60a37wrowe</Directory>
41ef8b3051855b802104193ee0a587515af60a37wrowe</highlight>
41ef8b3051855b802104193ee0a587515af60a37wrowe <p>would match directories in <code>/www/</code> that consisted of
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess three numbers.</p>
41ef8b3051855b802104193ee0a587515af60a37wrowe match the directory (or one of its parents) containing a document,
41ef8b3051855b802104193ee0a587515af60a37wrowe then the directives are applied in the order of shortest match
41ef8b3051855b802104193ee0a587515af60a37wrowe first, interspersed with the directives from the <a
9fb925624300c864fe3969a264e52aa83f3c2dd0slive href="#accessfilename">.htaccess</a> files. For example,
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<Directory />
9fb925624300c864fe3969a264e52aa83f3c2dd0slive AllowOverride None
41ef8b3051855b802104193ee0a587515af60a37wrowe</Directory>
41ef8b3051855b802104193ee0a587515af60a37wrowe<Directory "/home">
05201775eaa6b363b8a119c8aea5db246b967591yoshiki AllowOverride FileInfo
41ef8b3051855b802104193ee0a587515af60a37wrowe</Directory>
41ef8b3051855b802104193ee0a587515af60a37wrowe </highlight>
41ef8b3051855b802104193ee0a587515af60a37wrowe <p>for access to the document <code>/home/web/dir/doc.html</code>
41ef8b3051855b802104193ee0a587515af60a37wrowe the steps are:</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <li>Apply directive <code>AllowOverride FileInfo</code> (for
41ef8b3051855b802104193ee0a587515af60a37wrowe <code>/home/.htaccess</code>, <code>/home/web/.htaccess</code> and
af18698b10b429b270551ca3a5d51a75e1c9db22brianp <code>/home/web/dir/.htaccess</code> in that order.</li>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Regular expressions are not considered until after all of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive normal sections have been applied. Then all of the regular
003f0c9fda6664daf5092a0e42f65ede20098153slive expressions are tested in the order they appeared in the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configuration file. For example, with</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<Directory ~ "abc$">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive # ... directives here ...
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>the regular expression section won't be considered until after
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive all normal <directive type="section">Directory</directive>s and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>.htaccess</code> files have been applied. Then the regular
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive expression will match on <code>/home/abc/public_html/abc</code> and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the corresponding <directive type="section">Directory</directive> will
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive be applied.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code><Directory /></code> is to permit all access.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive This means that Apache httpd will serve any file mapped from an URL. It is
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd recommended that you change this with a block such
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<Directory />
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Require all denied
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="/misc/security_tips.html">Security Tips</a> page for more
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The directory sections occur in the <code>httpd.conf</code> file.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section">Directory</directive> directives
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive cannot nest, and cannot appear in a <directive module="core"
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd type="section">Limit</directive> or <directive module="core"
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <Location> and <Files> sections work</a> for an
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd explanation of how these different sections are combined when a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request is received</seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Enclose directives that apply to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivethe contents of file-system directories matching a regular expression.</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive... </DirectoryMatch></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">DirectoryMatch</directive> and
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <code></DirectoryMatch></code> are used to enclose a group
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of directives which will apply only to the named directory (and the files within),
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the same as <directive module="core" type="section">Directory</directive>.
fb77c505254b6e9c925e23e734463e87574f8f40kess However, it takes as an argument a
fb77c505254b6e9c925e23e734463e87574f8f40kess <glossary ref="regex">regular expression</glossary>. For example:</p>
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive<DirectoryMatch "^/www/(.+/)?[0-9]{3}">
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive</DirectoryMatch>
fb77c505254b6e9c925e23e734463e87574f8f40kess</highlight>
4f854c24127e28f7ad72ce9a39d4448aaf910fc1slive <p>would match directories in <code>/www/</code> that consisted of three
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive numbers.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Prior to 2.3.9, this directive implicitly applied to sub-directories
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (like <directive module="core" type="section">Directory</directive>) and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive could not match the end of line symbol ($). In 2.3.9 and later,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive only directories that match the expression are affected by the enclosed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd This directive applies to requests for directories that may or may
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess not end in a trailing slash, so expressions that are anchored to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive end of line ($) must be written with care.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive type="section" module="core">Directory</directive> for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivea description of how regular expressions are mixed in with normal
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directive type="section">Directory</directive>s</seealso>
ef8e89e090461194ecadd31e8796a2c51e0531a2kesshref="/sections.html">How <Directory>, <Location> and
ef8e89e090461194ecadd31e8796a2c51e0531a2kess<Files> sections work</a> for an explanation of how these different
fb109b84906e3ee61680aa289953c2f9e859354erbowensections are combined when a request is received</seealso>
fb109b84906e3ee61680aa289953c2f9e859354erbowen</directivesynopsis>
fb109b84906e3ee61680aa289953c2f9e859354erbowen<directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<description>Directory that forms the main document tree visible
fb109b84906e3ee61680aa289953c2f9e859354erbowenfrom the web</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>DocumentRoot <var>directory-path</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<default>DocumentRoot /usr/local/apache/htdocs</default>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
fb109b84906e3ee61680aa289953c2f9e859354erbowen</contextlist>
fb109b84906e3ee61680aa289953c2f9e859354erbowen <p>This directive sets the directory from which <program>httpd</program>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive will serve files. Unless matched by a directive like <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_alias">Alias</directive>, the server appends the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive path from the requested URL to the document root to make the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd path to the document. Example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">DocumentRoot "/usr/web"</highlight>
fb109b84906e3ee61680aa289953c2f9e859354erbowen <p>then an access to
fb109b84906e3ee61680aa289953c2f9e859354erbowen <code>http://my.example.com/index.html</code> refers to
fb109b84906e3ee61680aa289953c2f9e859354erbowen <code>/usr/web/index.html</code>. If the <var>directory-path</var> is
fb109b84906e3ee61680aa289953c2f9e859354erbowen not absolute then it is assumed to be relative to the <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>DocumentRoot</directive> should be specified without
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a trailing slash.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/urlmapping.html#documentroot">Mapping URLs to Filesystem
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Contains directives that apply only if the condition of a
003f0c9fda6664daf5092a0e42f65ede20098153sliveprevious <directive type="section" module="core">If</directive> or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directive type="section" module="core">ElseIf</directive> section is not
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndsatisfied by a request at runtime</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">Else</directive> applies the enclosed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives if and only if the most recent
fb77c505254b6e9c925e23e734463e87574f8f40kess in the same scope has not been applied.
fb77c505254b6e9c925e23e734463e87574f8f40kess For example: In </p>
fb77c505254b6e9c925e23e734463e87574f8f40kess<If "-z req('Host')">
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<Else>
530eba85dbd41b8a0fa5255d3648d1440199a661slive</Else>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p> The <directive type="section">If</directive> would match HTTP/1.0
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section">Else</directive> would match requests
530eba85dbd41b8a0fa5255d3648d1440199a661slive<seealso><directive type="section" module="core">If</directive></seealso>
fb77c505254b6e9c925e23e734463e87574f8f40kess<seealso><directive type="section" module="core">ElseIf</directive></seealso>
fb77c505254b6e9c925e23e734463e87574f8f40kess<seealso><a href="/sections.html">How <Directory>, <Location>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <Files> sections work</a> for an explanation of how these
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd different sections are combined when a request is received.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <directive type="section">Else</directive> are applied last.</seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>Contains directives that apply only if a condition is satisfied
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndby a request at runtime while the condition of a previous
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directive type="section" module="core">If</directive> or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directive type="section">ElseIf</directive> section is not
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndsatisfied</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax><ElseIf <var>expression</var>> ... </ElseIf></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The <directive type="section">ElseIf</directive> applies the enclosed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives if and only if both the given condition evaluates to true and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the most recent <directive type="section">If</directive> or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section">ElseIf</directive> section in the same scope has
003f0c9fda6664daf5092a0e42f65ede20098153slive not been applied. For example: In </p>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess</If>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<ElseIf "-R '10.0.0.0/8'">
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess</ElseIf>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<Else>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Else>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">ElseIf</directive> would match if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the remote address of a request belongs to the subnet 10.0.0.0/8 but
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/expr.html">Expressions in Apache HTTP Server</a>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivefor a complete reference and more examples.</seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<seealso><directive type="section" module="core">If</directive></seealso>
fb77c505254b6e9c925e23e734463e87574f8f40kess<seealso><directive type="section" module="core">Else</directive></seealso>
fb77c505254b6e9c925e23e734463e87574f8f40kess<seealso><a href="/sections.html">How <Directory>, <Location>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <Files> sections work</a> for an explanation of how these
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different sections are combined when a request is received.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <directive type="section">Else</directive> are applied last.</seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Use memory-mapping to read files during delivery</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess<context>directory</context><context>.htaccess</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess</contextlist>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>This directive controls whether the <program>httpd</program> may use
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess memory-mapping if it needs to read the contents of a file during
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive delivery. By default, when the handling of a request requires
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive access to the data within a file -- for example, when delivering a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive server-parsed file using <module>mod_include</module> -- Apache httpd
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive memory-maps the file if the OS supports it.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This memory-mapping sometimes yields a performance improvement.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd But in some environments, it is better to disable the memory-mapping
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to prevent operational problems:</p>
003f0c9fda6664daf5092a0e42f65ede20098153slive <li>On some multiprocessor systems, memory-mapping can reduce the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>Deleting or truncating a file while <program>httpd</program>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive has it memory-mapped can cause <program>httpd</program> to
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess crash with a segmentation fault.
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>For server configurations that are vulnerable to these problems,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd you should disable memory-mapping of delivered files by specifying:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">EnableMMAP Off</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For NFS mounted files, this feature may be disabled explicitly for
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess the offending files by specifying:</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<Directory "/path-to-nfs-files">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive EnableMMAP Off
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
7654193c1faf603feec999850322ad79e6c551bcnd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Use the kernel sendfile support to deliver files to the client</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
fb77c505254b6e9c925e23e734463e87574f8f40kess<compatibility>Available in version 2.0.44 and later. Default changed to Off in
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveversion 2.3.9.</compatibility>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This directive controls whether <program>httpd</program> may use the
fb77c505254b6e9c925e23e734463e87574f8f40kess sendfile support from the kernel to transmit file contents to the client.
fb77c505254b6e9c925e23e734463e87574f8f40kess By default, when the handling of a request requires no access
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd to the data within a file -- for example, when delivering a
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd static file -- Apache httpd uses sendfile to deliver the file contents
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd without ever reading the file if the OS supports it.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This sendfile mechanism avoids separate read and send operations,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and buffer allocations. But on some platforms or within some
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive filesystems, it is better to disable this feature to avoid
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive operational problems:</p>
7654193c1faf603feec999850322ad79e6c551bcnd <li>Some platforms may have broken sendfile support that the build
7654193c1faf603feec999850322ad79e6c551bcnd system did not detect, especially if the binaries were built on
7654193c1faf603feec999850322ad79e6c551bcnd another box and moved to such a machine with broken sendfile
7654193c1faf603feec999850322ad79e6c551bcnd support.</li>
7654193c1faf603feec999850322ad79e6c551bcnd <li>On Linux the use of sendfile triggers TCP-checksum
7654193c1faf603feec999850322ad79e6c551bcnd offloading bugs on certain networking cards when using IPv6.</li>
7654193c1faf603feec999850322ad79e6c551bcnd <li>On Linux on Itanium, <code>sendfile</code> may be unable to handle
7654193c1faf603feec999850322ad79e6c551bcnd files over 2GB in size.</li>
7654193c1faf603feec999850322ad79e6c551bcnd module="core">DocumentRoot</directive> (e.g., NFS, SMB, CIFS, FUSE),
7654193c1faf603feec999850322ad79e6c551bcnd the kernel may be unable to serve the network file through
7654193c1faf603feec999850322ad79e6c551bcnd its own cache.</li>
7654193c1faf603feec999850322ad79e6c551bcnd <p>For server configurations that are not vulnerable to these problems,
7654193c1faf603feec999850322ad79e6c551bcnd you may enable this feature by specifying:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">EnableSendfile On</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For network mounted files, this feature may be disabled explicitly
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive for the offending files by specifying:</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess<Directory "/path-to-nfs-files">
fb77c505254b6e9c925e23e734463e87574f8f40kess EnableSendfile Off
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Please note that the per-directory and .htaccess configuration
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of <directive>EnableSendfile</directive> is not supported by
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Only global definition of <directive>EnableSendfile</directive>
fb77c505254b6e9c925e23e734463e87574f8f40kess is taken into account by the module.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
9ed9eaf871c58d281af02e76125ceadb5060afa5nd<description>Abort configuration parsing with a custom error message</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>If an error can be detected within the configuration, this
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive can be used to generate a custom error message, and halt
fb77c505254b6e9c925e23e734463e87574f8f40kess configuration parsing. The typical use is for reporting required
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive modules which are missing from the configuration.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess# ensure that mod_include is loaded
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<IfModule !include_module>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess Error "mod_include is required by mod_foo. Load it with LoadModule."
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</IfModule>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive# ensure that exactly one of SSL,NOSSL is defined
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<IfDefine SSL>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<IfDefine NOSSL>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Error "Both SSL and NOSSL are defined. Define only one of them."
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</IfDefine>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</IfDefine>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<IfDefine !SSL>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<IfDefine !NOSSL>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Error "Either SSL or NOSSL must be defined."
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</IfDefine>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</IfDefine>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>What the server will return to the client
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndin case of an error</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<syntax>ErrorDocument <var>error-code</var> <var>document</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In the event of a problem or error, Apache httpd can be configured
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd to do one of four things,</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <li>redirect to a local <var>URL-path</var> to handle the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The first option is the default, while options 2-4 are
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configured using the <directive>ErrorDocument</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive, which is followed by the HTTP response code and a URL
130d299c4b2b15be45532a176604c71fdc7bea5bnd or a message. Apache httpd will sometimes offer additional information
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p>URLs can begin with a slash (/) for local web-paths (relative
130d299c4b2b15be45532a176604c71fdc7bea5bnd to the <directive module="core">DocumentRoot</directive>), or be a
130d299c4b2b15be45532a176604c71fdc7bea5bnd full URL which the client can resolve. Alternatively, a message
130d299c4b2b15be45532a176604c71fdc7bea5bnd can be provided to be displayed by the browser. Examples:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorDocument 401 /subscription_info.html
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorDocument 403 "Sorry can't allow you access today"
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorDocument 403 Forbidden!
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Additionally, the special value <code>default</code> can be used
a04a96aae08a62f2d9d5833b3313a9751fa3f680yoshiki to specify Apache httpd's simple hardcoded message. While not required
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd under normal circumstances, <code>default</code> will restore
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess Apache httpd's simple hardcoded message for configurations that would
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive otherwise inherit an existing <directive>ErrorDocument</directive>.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd ErrorDocument 404 default
fb77c505254b6e9c925e23e734463e87574f8f40kess</Directory>
fb77c505254b6e9c925e23e734463e87574f8f40kess </highlight>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>Note that when you specify an <directive>ErrorDocument</directive>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd that points to a remote URL (ie. anything with a method such as
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>http</code> in front of it), Apache HTTP Server will send a redirect to the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd client to tell it where to find the document, even if the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd document ends up being on the same server. This has several
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive implications, the most important being that the client will not
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive receive the original error status code, but instead will
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd receive a redirect status code. This in turn can confuse web
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive robots and other clients which try to determine if a URL is
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd valid using the status code. In addition, if you use a remote
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive URL in an <code>ErrorDocument 401</code>, the client will not
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive know to prompt the user for a password since it will not
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive receive the 401 status code. Therefore, <strong>if you use an
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <code>ErrorDocument 401</code> directive then it must refer to a local
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>Microsoft Internet Explorer (MSIE) will by default ignore
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd server-generated error messages when they are "too small" and substitute
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd its own "friendly" error messages. The size threshold varies depending on
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the type of error, but in general, if you make your error document
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd greater than 512 bytes, then MSIE will show the server-generated
bea526116133aa3d7dabd1924bfc580b37fbf22aslive error rather than masking it. More information is available in
bea526116133aa3d7dabd1924bfc580b37fbf22aslive Microsoft Knowledge Base article <a
bea526116133aa3d7dabd1924bfc580b37fbf22aslive href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Although most error messages can be overridden, there are certain
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive circumstances where the internal messages are used regardless of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive setting of <directive module="core">ErrorDocument</directive>. In
bea526116133aa3d7dabd1924bfc580b37fbf22aslive particular, if a malformed request is detected, normal request processing
bea526116133aa3d7dabd1924bfc580b37fbf22aslive will be immediately halted and the internal error message returned.
bea526116133aa3d7dabd1924bfc580b37fbf22aslive This is necessary to guard against security problems caused by
fb77c505254b6e9c925e23e734463e87574f8f40kess bad requests.</p>
bea526116133aa3d7dabd1924bfc580b37fbf22aslive <p>If you are using mod_proxy, you may wish to enable
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_proxy">ProxyErrorOverride</directive> so that you can provide
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive custom error messages on behalf of your Origin servers. If you don't enable ProxyErrorOverride,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Apache httpd will not generate custom error documents for proxied content.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
003f0c9fda6664daf5092a0e42f65ede20098153slive<directivesynopsis>
7b5535ed88e0f561b3bfb3330137bd804846afd4slive<description>Location where the server will log errors</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax> ErrorLog <var>file-path</var>|syslog[:<var>facility</var>]</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<default>ErrorLog logs/error_log (Unix) ErrorLog logs/error.log (Windows and OS/2)</default>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The <directive>ErrorLog</directive> directive sets the name of
7b5535ed88e0f561b3bfb3330137bd804846afd4slive the file to which the server will log any errors it encounters. If
7b5535ed88e0f561b3bfb3330137bd804846afd4slive the <var>file-path</var> is not absolute then it is assumed to be
7b5535ed88e0f561b3bfb3330137bd804846afd4slive relative to the <directive module="core">ServerRoot</directive>.</p>
7b5535ed88e0f561b3bfb3330137bd804846afd4slive <highlight language="config">ErrorLog "/var/log/httpd/error_log"</highlight>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess begins with a pipe character "<code>|</code>" then it is assumed to be a
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess command to spawn to handle the error log.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">ErrorLog "|/usr/local/bin/httpd_errors"</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>See the notes on <a href="/logs.html#piped">piped logs</a> for
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd more information.</p>
7b5535ed88e0f561b3bfb3330137bd804846afd4slive <p>Using <code>syslog</code> instead of a filename enables logging
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd via syslogd(8) if the system supports it. The default is to use
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd syslog facility <code>local7</code>, but you can override this by
7b5535ed88e0f561b3bfb3330137bd804846afd4slive using the <code>syslog:<var>facility</var></code> syntax where
7b5535ed88e0f561b3bfb3330137bd804846afd4slive <var>facility</var> can be one of the names usually documented in
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd syslog(1). The facility is effectively global, and if it is changed
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd in individual virtual hosts, the final facility specified affects the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd entire server.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <highlight language="config">ErrorLog syslog:user</highlight>
7b5535ed88e0f561b3bfb3330137bd804846afd4slive href="/misc/security_tips.html#serverroot">security tips</a>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd document for details on why your security could be compromised
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd if the directory where log files are stored is writable by
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd anyone other than the user that starts the server.</p>
7b5535ed88e0f561b3bfb3330137bd804846afd4slive <p>When entering a file path on non-Unix platforms, care should be taken
7b5535ed88e0f561b3bfb3330137bd804846afd4slive to make sure that only forward slashes are used even though the platform
7b5535ed88e0f561b3bfb3330137bd804846afd4slive may allow the use of back slashes. In general it is a good idea to always
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd use forward slashes throughout the configuration files.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">LogLevel</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/logs.html">Apache HTTP Server Log Files</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
003f0c9fda6664daf5092a0e42f65ede20098153slive<description>Format specification for error log entries</description>
fb77c505254b6e9c925e23e734463e87574f8f40kess<syntax> ErrorLogFormat [connection|request] <var>format</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele</contextlist>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele<compatibility>Available in Apache httpd 2.3.9 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive>ErrorLogFormat</directive> allows to specify what
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive supplementary information is logged in the error log in addition to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive actual log message.</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess#Simple example
313bb560bc5c323cfd40c9cad7335b4b8e060aedkessErrorLogFormat "[%t] [%l] [pid %P] %F: %E: [client %a] %M"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Specifying <code>connection</code> or <code>request</code> as first
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive parameter allows to specify additional formats, causing additional
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive information to be logged when the first message is logged for a specific
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive connection or request, respectively. This additional information is only
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive logged once per connection/request. If a connection or request is processed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive without causing any log message, the additional information is not logged
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive either.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>It can happen that some format string items do not produce output. For
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive example, the Referer header is only present if the log message is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive associated to a request and the log message happens at a time when the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Referer header has already been read from the client. If no output is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive produced, the default behavior is to delete everything from the preceding
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive space character to the next space character. This means the log line is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive implicitly divided into fields on non-whitespace to whitespace transitions.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive If a format string item does not produce output, the whole field is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive omitted. For example, if the remote address <code>%a</code> in the log
003f0c9fda6664daf5092a0e42f65ede20098153slive format <code>[%t] [%l] [%a] %M </code> is not available, the surrounding
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive brackets are not logged either. Space characters can be escaped with a
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd backslash to prevent them from delimiting a field. The combination '% '
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (percent space) is a zero-width field delimiter that does not produce any
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The above behavior can be changed by adding modifiers to the format
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive string item. A <code>-</code> (minus) modifier causes a minus to be logged if the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive respective item does not produce any output. In once-per-connection/request
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive formats, it is also possible to use the <code>+</code> (plus) modifier. If an
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive item with the plus modifier does not produce any output, the whole line is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive omitted.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>A number as modifier can be used to assign a log severity level to a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive format item. The item will only be logged if the severity of the log
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive message is not higher than the specified log severity level. The number can
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive range from 1 (alert) over 4 (warn) and 7 (debug) to 15 (trace8).</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For example, here's what would happen if you added modifiers to
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <columnspec><column width=".3"/><column width=".7"/></columnspec>
003f0c9fda6664daf5092a0e42f65ede20098153slive <td>Logs a <code>-</code> if <code>Referer</code> is not set.</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Omits the entire line if <code>Referer</code> is not set.</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Logs the <code>Referer</code> only if the log message severity
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is higher than 4.</td>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>Some format string items accept additional parameters in braces.</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <columnspec><column width=".2"/><column width=".8"/></columnspec>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <tr><th>Format String</th> <th>Description</th></tr>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <td>Underlying peer IP address and port of the connection (see the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Request environment variable <em>name</em></td></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Source file name and line number of the log call</td></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Number of keep-alive requests on this connection</td></tr>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <td>Log ID of the connection if used in connection scope, empty otherwise</td></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>System unique thread ID of current thread (the same ID as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive displayed by e.g. <code>top</code>; currently Linux only)</td></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>The current time including micro-seconds</td></tr>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>The current time in compact ISO 8601 format, including
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>The canonical <directive module="core">ServerName</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>The server name of the server serving the request according to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core" >UseCanonicalName</directive>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <p>The log ID format <code>%L</code> produces a unique id for a connection
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen or request. This can be used to correlate which log lines belong to the
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess same connection or request, which request happens on which connection.
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <module>mod_log_config</module>, to allow to correlate access log entries
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen with error log lines. If <module>mod_unique_id</module> is loaded, its
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd unique id will be used as log ID for requests.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive#Example (default format)
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd [Thu May 12 08:28:57.652118 2011] [core:error] [pid 8777:tid 4326490112] [client ::1:58619] File does not exist: /usr/local/apache2/htdocs/favicon.ico
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Notice that, as discussed above, some fields are omitted
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive entirely because they are not defined.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive#Example (similar to the 2.2.x format)
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorLogFormat "[%t] [%l] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorLogFormat "[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M"
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorLogFormat request "[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T"
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorLogFormat request "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'"
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorLogFormat request "[%{uc}t] [R:%L] Referer:'%+{Referer}i'"
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveErrorLogFormat connection "[%{uc}t] [C:%{c}L] local\ %a remote\ %A"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">ErrorLog</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">LogLevel</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/logs.html">Apache HTTP Server Log Files</a></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<description>Keep track of extended status information for each
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowenrequest</description>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<contextlist><context>server config</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This option tracks additional data per worker about the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive currently executing request, and a utilization summary; you
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can see these variables during runtime by configuring
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <module>mod_status</module>. Note that other modules may
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive rely on this scoreboard.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This setting applies to the entire server, and cannot be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive enabled or disabled on a virtualhost-by-virtualhost basis.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The collection of extended status information can slow down
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the server. Also note that this setting cannot be changed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive during a graceful restart.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Note that loading <module>mod_status</module> will change
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the default behavior to ExtendedStatus On, while other
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive third party modules may do the same. Such modules rely on
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive collecting detailed information about the state of all workers.
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess The default is changed by <module>mod_status</module> beginning
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive with version 2.3.6; the previous default was always Off.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>File attributes used to create the ETag
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveHTTP response header for static files</description>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<contextlist><context>server config</context><context>virtual host</context>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<context>directory</context><context>.htaccess</context>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen</contextlist>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<compatibility>The default used to be "INode MTime Size" in 2.3.14 and
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowenearlier.</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The <directive>FileETag</directive> directive configures the file
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive attributes that are used to create the <code>ETag</code> (entity
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive tag) response header field when the document is based on a static file.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (The <code>ETag</code> value is used in cache management to save
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive network bandwidth.) The
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>FileETag</directive> directive allows you to choose
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive which of these -- if any -- should be used. The recognized keywords are:
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>The file's i-node number will be included in the calculation</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>The date and time the file was last modified will be included</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>The number of bytes in the file will be included</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>All available fields will be used. This is equivalent to:
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">FileETag INode MTime Size</highlight></dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <dd>If a document is file-based, no <code>ETag</code> field will be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive included in the response</dd>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <code>INode</code>, <code>MTime</code>, and <code>Size</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive keywords may be prefixed with either <code>+</code> or <code>-</code>,
fb77c505254b6e9c925e23e734463e87574f8f40kess which allow changes to be made to the default setting inherited
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive from a broader scope. Any keyword appearing without such a prefix
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive immediately and completely cancels the inherited setting.</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <p>If a directory's configuration includes
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <code>FileETag INode MTime Size</code>, and a
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen subdirectory's includes <code>FileETag -INode</code>,
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen the setting for that subdirectory (which will be inherited by
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen any sub-subdirectories that don't override it) will be equivalent to
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen Do not change the default for directories or locations that have WebDAV
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen enabled and use <module>mod_dav_fs</module> as a storage provider.
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <module>mod_dav_fs</module> uses <code>MTime Size</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive as a fixed format for <code>ETag</code> comparisons on conditional requests.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive These conditional requests will break if the <code>ETag</code> format is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive An ETag is not generated for responses parsed by <module>mod_include</module>,
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess since the response entity can change without a change of the INode, MTime, or Size
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of the static file with embedded SSI directives.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<description>Contains directives that apply to matched
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowenfilenames</description>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<syntax><Files <var>filename</var>> ... </Files></syntax>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<contextlist><context>server config</context><context>virtual host</context>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">Files</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive limits the scope of the enclosed directives by filename. It is comparable
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to the <directive module="core" type="section">Directory</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <directive module="core" type="section">Location</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives. It should be matched with a <code></Files></code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive. The directives given within this section will be applied to
fb77c505254b6e9c925e23e734463e87574f8f40kess any object with a basename (last component of filename) matching the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive specified filename. <directive type="section">Files</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive sections are processed in the order they appear in the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive configuration file, after the <directive module="core"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>.htaccess</code> files are read, but before <directive
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess type="section" module="core">Location</directive> sections. Note
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that <directive type="section">Files</directive> can be nested
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">Directory</directive> sections to restrict the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive portion of the filesystem they apply to.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <var>filename</var> argument should include a filename, or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a wild-card string, where <code>?</code> matches any single character,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <code>*</code> matches any sequences of characters.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<Files "cat.html">
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess # Insert stuff that applies to cat.html here
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</Files>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<Files "?at.*">
dc223428958ad9ff05011545bcdda000887b93e5slive # This would apply to cat.html, bat.html, hat.php and so on.
dc223428958ad9ff05011545bcdda000887b93e5slive</Files>
dc223428958ad9ff05011545bcdda000887b93e5slive</highlight>
dc223428958ad9ff05011545bcdda000887b93e5slive <p><glossary ref="regex">Regular expressions</glossary>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can also be used, with the addition of the
fb77c505254b6e9c925e23e734463e87574f8f40kess<Files ~ "\.(gif|jpe?g|png)$">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Files>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>would match most common Internet graphics formats. <directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd module="core" type="section">FilesMatch</directive> is preferred,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd however.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">Directory</directive> and <directive type="section"
fb77c505254b6e9c925e23e734463e87574f8f40kess module="core">Location</directive> sections, <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess type="section">Files</directive> sections can be used inside
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <code>.htaccess</code> files. This allows users to control access to
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess their own files, at a file-by-file level.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/sections.html">How <Directory>, <Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <Files> sections work</a> for an explanation of how these
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different sections are combined when a request is received</seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<description>Contains directives that apply to regular-expression matched
130d299c4b2b15be45532a176604c71fdc7bea5bndfilenames</description>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<syntax><FilesMatch <var>regex</var>> ... </FilesMatch></syntax>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<contextlist><context>server config</context><context>virtual host</context>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The <directive type="section">FilesMatch</directive> directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd limits the scope of the enclosed directives by filename, just as the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <directive module="core" type="section">Files</directive> directive
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd does. However, it accepts a <glossary ref="regex">regular
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<FilesMatch "\.(gif|jpe?g|png)$">
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</FilesMatch>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</highlight>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>would match most common Internet graphics formats.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<seealso><a href="/sections.html">How <Directory>, <Location>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd and <Files> sections work</a> for an explanation of how these
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd different sections are combined when a request is received</seealso>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Forces all matching files to be served with the specified
313bb560bc5c323cfd40c9cad7335b4b8e060aedkessmedia type in the HTTP Content-Type header field</description>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<contextlist><context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Moved to the core in Apache httpd 2.0</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When placed into an <code>.htaccess</code> file or a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Directory</directive>, or
8490b2f9f6469d5089163f6dd303d9a81f8e908ctrawick <directive type="section" module="core">Location</directive> or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Files</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive section, this directive forces all matching files to be served
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive with the content type identification given by
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>media-type</var>. For example, if you had a directory full of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive GIF files, but did not want to label them all with <code>.gif</code>,
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess you might want to use:</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <highlight language="config">ForceType image/gif</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Note that this directive overrides other indirect media type
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd associations defined in mime.types or via the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>You can also override more general
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<Location /images>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive# but normal mime-type associations here:
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive ForceType None
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive primarily overrides the content types generated for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive static files served out of the filesystem. For resources other than
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive static files, where the generator of the response typically specifies
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a Content-Type, this directive has no effect.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<description>Directory to write gmon.out profiling data to. </description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>GprofDir <var>/tmp/gprof/</var>|<var>/tmp/gprof/</var>%</syntax>
530eba85dbd41b8a0fa5255d3648d1440199a661slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
530eba85dbd41b8a0fa5255d3648d1440199a661slive <p>When the server has been compiled with gprof profiling support,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>GprofDir</directive> causes <code>gmon.out</code> files to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive be written to the specified directory when the process exits. If the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive argument ends with a percent symbol ('%'), subdirectories are created
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive for each process id.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive currently only works with the <module>prefork</module>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Enables DNS lookups on client IP addresses</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive enables DNS lookups so that host names can be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive logged (and passed to CGIs/SSIs in <code>REMOTE_HOST</code>).
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The value <code>Double</code> refers to doing double-reverse
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive DNS lookup. That is, after a reverse lookup is performed, a forward
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive lookup is then performed on that result. At least one of the IP
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive addresses in the forward lookup must match the original
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive address. (In "tcpwrappers" terminology this is called
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Regardless of the setting, when <module>mod_authz_host</module> is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive used for controlling access by hostname, a double reverse lookup
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive will be performed. This is necessary for security. Note that the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive result of this double-reverse isn't generally available unless you
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive set <code>HostnameLookups Double</code>. For example, if only
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>HostnameLookups On</code> and a request is made to an object
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that is protected by hostname restrictions, regardless of whether
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the double-reverse fails or not, CGIs will still be passed the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive single-reverse result in <code>REMOTE_HOST</code>.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The default is <code>Off</code> in order to save the network
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive traffic for those sites that don't truly need the reverse
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive lookups done. It is also better for the end users because they
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive don't have to suffer the extra latency that a lookup entails.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Heavily loaded sites should leave this directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>Off</code>, since DNS lookups can take considerable
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive amounts of time. The utility <program>logresolve</program>, compiled by
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive default to the <code>bin</code> subdirectory of your installation
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directory, can be used to look up host names from logged IP addresses
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive offline.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive href="mod_authz_host.html#reqhost">hostname-based Require
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives</a>, a hostname lookup will be performed regardless of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Contains directives that apply only if a condition is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivesatisfied by a request at runtime</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax><If <var>expression</var>> ... </If></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">If</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive evaluates an expression at runtime, and applies the enclosed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives if and only if the expression evaluates to true.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config"><If "-z req('Host')"></highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>would match HTTP/1.0 requests without a <var>Host:</var> header.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Expressions may contain various shell-like operators for string
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive comparison (<code>=</code>, <code>!=</code>, <code><</code>, ...),
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive integer comparison (<code>-eq</code>, <code>-ne</code>, ...),
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen and others (<code>-n</code>, <code>-z</code>, <code>-f</code>, ...).
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen It is also possible to use regular expressions, </p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <highlight language="config"><If "%{QUERY_STRING} =~ /(delete|commit)=.*?elem/"></highlight>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>shell-like pattern matches and many other operations. These operations
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can be done on request headers (<code>req</code>), environment variables
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (<code>env</code>), and a large number of other properties. The full
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive documentation is available in <a href="/expr.html">Expressions in
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<seealso><a href="/expr.html">Expressions in Apache HTTP Server</a>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivefor a complete reference and more examples.</seealso>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele<seealso><directive type="section" module="core">ElseIf</directive></seealso>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele<seealso><directive type="section" module="core">Else</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/sections.html">How <Directory>, <Location>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <Files> sections work</a> for an explanation of how these
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different sections are combined when a request is received.
fb77c505254b6e9c925e23e734463e87574f8f40kess <directive type="section">Else</directive> are applied last.</seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<description>Encloses directives that will be processed only
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndif a test is true at startup</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </IfDefine></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <code><IfDefine <var>test</var>>...</IfDefine>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </code> section is used to mark directives that are conditional. The
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives within an <directive type="section">IfDefine</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive section are only processed if the <var>test</var> is true. If <var>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive test</var> is false, everything between the start and end markers is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive ignored.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <var>test</var> in the <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >IfDefine</directive> section directive can be one of two forms:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In the former case, the directives between the start and end
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive markers are only processed if the parameter named
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>parameter-name</var> is defined. The second format reverses
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the test, and only processes the directives if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>parameter-name</var> is <strong>not</strong> defined.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <var>parameter-name</var> argument is a define as given on the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <program>httpd</program> command line via <code>-D<var>parameter</var>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </code> at the time the server was started or by the <directive
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p><directive type="section">IfDefine</directive> sections are
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess nest-able, which can be used to implement simple
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess multiple-parameter tests. Example:</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <example>httpd -DReverseProxy -DUseCache -DMemCache ...</example>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<IfDefine ReverseProxy>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive LoadModule proxy_http_module modules/mod_proxy_http.so
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <IfDefine UseCache>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <IfDefine MemCache>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </IfDefine>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <IfDefine !MemCache>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </IfDefine>
fb77c505254b6e9c925e23e734463e87574f8f40kess </IfDefine>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</IfDefine>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<description>Encloses directives that are processed conditional on the
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndpresence or absence of a specific module</description>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<syntax><IfModule [!]<var>module-file</var>|<var>module-identifier</var>> ...
52bb691f8e13e9d0b55fcc214018ee85846fa87frbowen </IfModule></syntax>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<contextlist><context>server config</context><context>virtual host</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess<context>directory</context><context>.htaccess</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<compatibility>Module identifiers are available in version 2.1 and
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndlater.</compatibility>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The <code><IfModule <var>test</var>>...</IfModule></code>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd section is used to mark directives that are conditional on the presence of
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd a specific module. The directives within an <directive type="section"
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd >IfModule</directive> section are only processed if the <var>test</var>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd is true. If <var>test</var> is false, everything between the start and
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd end markers is ignored.</p>
3386d67e54f92fdf6a3ffc5f7f8081eed6c44badslive <p>The <var>test</var> in the <directive type="section"
05201775eaa6b363b8a119c8aea5db246b967591yoshiki >IfModule</directive> section directive can be one of two forms:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In the former case, the directives between the start and end
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive markers are only processed if the module named <var>module</var>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd is included in Apache httpd -- either compiled in or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >LoadModule</directive>. The second format reverses the test,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and only processes the directives if <var>module</var> is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <var>module</var> argument can be either the module identifier or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the file name of the module, at the time it was compiled. For example,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>mod_rewrite.c</code> is the file name. If a module consists of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive several source files, use the name of the file containing the string
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">IfModule</directive> sections are
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive nest-able, which can be used to implement simple multiple-module
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note>This section should only be used if you need to have one
fb77c505254b6e9c925e23e734463e87574f8f40kess configuration file that works whether or not a specific module
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive is available. In normal operation, directives need not be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive placed in <directive type="section">IfModule</directive>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess sections.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Includes other configuration files from within
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivethe server configuration files</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>Include <var>file-path</var>|<var>directory-path</var>|<var>wildcard</var></syntax>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<contextlist><context>server config</context><context>virtual host</context>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd<compatibility>Wildcard matching available in 2.0.41 and later, directory
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndwildcard matching available in 2.3.6 and later</compatibility>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This directive allows inclusion of other configuration files
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd from within the server configuration files.</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>Shell-style (<code>fnmatch()</code>) wildcard characters can be used
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive in the filename or directory parts of the path to include several files
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive at once, in alphabetical order. In addition, if
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>Include</directive> points to a directory, rather than a file,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Apache httpd will read all files in that directory and any subdirectory.
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess However, including entire directories is not recommended, because it is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive easy to accidentally leave temporary files in a directory that can cause
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <program>httpd</program> to fail. Instead, we encourage you to use the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive wildcard syntax shown below, to include files that match a particular
fb77c505254b6e9c925e23e734463e87574f8f40kess pattern, such as *.conf, for example.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The <directive module="core">Include</directive> directive will
fb77c505254b6e9c925e23e734463e87574f8f40kess <strong>fail with an error</strong> if a wildcard expression does not
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive match any file. The <directive module="core">IncludeOptional</directive>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess directive can be used if non-matching wildcards should be ignored.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The file path specified may be an absolute path, or may be relative
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to the <directive module="core">ServerRoot</directive> directory.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Wildcards may be included in the directory or file portion of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive path. This example will fail if there is no subdirectory in conf/vhosts
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that contains at least one *.conf file:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">Include conf/vhosts/*/*.conf</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Alternatively, the following command will just be ignored in case of
fb77c505254b6e9c925e23e734463e87574f8f40kess missing files or directories:</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <highlight language="config">IncludeOptional conf/vhosts/*/*.conf</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">IncludeOptional</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<description>Includes other configuration files from within
130d299c4b2b15be45532a176604c71fdc7bea5bndthe server configuration files</description>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<syntax>IncludeOptional <var>file-path</var>|<var>directory-path</var>|<var>wildcard</var></syntax>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<contextlist><context>server config</context><context>virtual host</context>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</contextlist>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<compatibility>Available in 2.3.6 and later</compatibility>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>This directive allows inclusion of other configuration files
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive from within the server configuration files. It works identically to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="core">Include</directive> directive, with the
fb77c505254b6e9c925e23e734463e87574f8f40kess exception that if wildcards do not match any file or directory, the
fb77c505254b6e9c925e23e734463e87574f8f40kess <directive module="core">IncludeOptional</directive> directive will be
fb77c505254b6e9c925e23e734463e87574f8f40kess silently ignored instead of causing an error.</p>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<seealso><directive module="core">Include</directive></seealso>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<description>Enables HTTP persistent connections</description>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<contextlist><context>server config</context><context>virtual host</context>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The Keep-Alive extension to HTTP/1.0 and the persistent
fb77c505254b6e9c925e23e734463e87574f8f40kess connection feature of HTTP/1.1 provide long-lived HTTP sessions
fb77c505254b6e9c925e23e734463e87574f8f40kess which allow multiple requests to be sent over the same TCP
fb77c505254b6e9c925e23e734463e87574f8f40kess connection. In some cases this has been shown to result in an
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess almost 50% speedup in latency times for HTML documents with
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess many images. To enable Keep-Alive connections, set
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <p>For HTTP/1.0 clients, Keep-Alive connections will only be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive used if they are specifically requested by a client. In
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive addition, a Keep-Alive connection with an HTTP/1.0 client can
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive only be used when the length of the content is known in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive advance. This implies that dynamic content such as CGI output,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive SSI pages, and server-generated directory listings will
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive generally not use Keep-Alive connections to HTTP/1.0 clients.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive For HTTP/1.1 clients, persistent connections are the default
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive unless otherwise specified. If the client requests it, chunked
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive encoding will be used in order to send content of unknown
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess length over persistent connections.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When a client uses a Keep-Alive connection it will be counted
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive as a single "request" for the <directive module="mpm_common"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >MaxConnectionsPerChild</directive> directive, regardless
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of how many requests are sent using the connection.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">MaxKeepAliveRequests</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess<directivesynopsis>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess<description>Amount of time the server will wait for subsequent
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliverequests on a persistent connection</description>
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess<compatibility>Specifying a value in milliseconds is available in
ef8e89e090461194ecadd31e8796a2c51e0531a2kessApache httpd 2.3.2 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The number of seconds Apache httpd will wait for a subsequent
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request before closing the connection. By adding a postfix of ms the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive timeout can be also set in milliseconds. Once a request has been
9ed9eaf871c58d281af02e76125ceadb5060afa5nd received, the timeout value specified by the
9ed9eaf871c58d281af02e76125ceadb5060afa5nd <directive module="core">Timeout</directive> directive applies.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Setting <directive>KeepAliveTimeout</directive> to a high value
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd may cause performance problems in heavily loaded servers. The
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive higher the timeout, the more server processes will be kept
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive occupied waiting on connections with idle clients.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>In a name-based virtual host context, the value of the first
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd defined virtual host best matching the local IP and port will be used.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Restrict enclosed access controls to only certain HTTP
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivemethods</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax><Limit <var>method</var> [<var>method</var>] ... > ...
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </Limit></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Access controls are normally effective for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <strong>all</strong> access methods, and this is the usual
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive desired behavior. <strong>In the general case, access control
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives should not be placed within a
ef8e89e090461194ecadd31e8796a2c51e0531a2kess <directive type="section">Limit</directive> section.</strong></p>
530eba85dbd41b8a0fa5255d3648d1440199a661slive <p>The purpose of the <directive type="section">Limit</directive>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele directive is to restrict the effect of the access controls to the
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele nominated HTTP methods. For all other methods, the access
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive restrictions that are enclosed in the <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section">Limit</directive> bracket <strong>will have no
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive effect</strong>. The following example applies the access control
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive only to the methods <code>POST</code>, <code>PUT</code>, and
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>DELETE</code>, leaving all other methods unprotected:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<Limit POST PUT DELETE>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess Require valid-user
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Limit>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The method names listed can be one or more of: <code>GET</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>POST</code>, <code>PUT</code>, <code>DELETE</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>PATCH</code>, <code>PROPFIND</code>, <code>PROPPATCH</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>MKCOL</code>, <code>COPY</code>, <code>MOVE</code>,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>LOCK</code>, and <code>UNLOCK</code>. <strong>The method name is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive case-sensitive.</strong> If <code>GET</code> is used it will also
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive restrict <code>HEAD</code> requests. The <code>TRACE</code> method
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">LimitExcept</directive> section should always be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive used in preference to a <directive type="section">Limit</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive section when restricting access, since a <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">LimitExcept</directive> section provides protection
ef8e89e090461194ecadd31e8796a2c51e0531a2kess against arbitrary methods.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive type="section">Limit</directive> and
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele <directive type="section" module="core">LimitExcept</directive>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele directives may be nested. In this case, each successive level of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section">Limit</directive> or <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">LimitExcept</directive> directives must
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive further restrict the set of methods to which access controls apply.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section">LimitExcept</directive> directives with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the <directive module="mod_authz_core">Require</directive> directive,
ef8e89e090461194ecadd31e8796a2c51e0531a2kess note that the first <directive module="mod_authz_core">Require</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to succeed authorizes the request, regardless of the presence of other
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive module="mod_authz_core">Require</directive> directives.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For example, given the following configuration, all users will
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>Require group editors</code> directive will be ignored
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive in all cases:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<LimitExcept GET>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Require valid-user
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</LimitExcept>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<Limit POST>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Require group editors
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Limit>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Restrict access controls to all HTTP methods
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabeleexcept the named ones</description>
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele<syntax><LimitExcept <var>method</var> [<var>method</var>] ... > ...
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </LimitExcept></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">LimitExcept</directive> and
ef8e89e090461194ecadd31e8796a2c51e0531a2kess a group of access control directives which will then apply to any
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive HTTP access method <strong>not</strong> listed in the arguments;
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive i.e., it is the opposite of a <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="core">Limit</directive> section and can be used to control
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive both standard and nonstandard/unrecognized methods. See the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section">Limit</directive> for more details.</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<LimitExcept POST GET>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess Require valid-user
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</LimitExcept>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess </highlight>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Determine maximum number of internal redirects and nested
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivesubrequests</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>LimitInternalRecursion <var>number</var> [<var>number</var>]</syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess</contextlist>
003f0c9fda6664daf5092a0e42f65ede20098153slive<compatibility>Available in Apache httpd 2.0.47 and later</compatibility>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>An internal redirect happens, for example, when using the <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive module="mod_actions">Action</directive> directive, which internally
003f0c9fda6664daf5092a0e42f65ede20098153slive redirects the original request to a CGI script. A subrequest is Apache httpd's
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive mechanism to find out what would happen for some URI if it were requested.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive For example, <module>mod_dir</module> uses subrequests to look for the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive files listed in the <directive module="mod_dir">DirectoryIndex</directive>
9ed9eaf871c58d281af02e76125ceadb5060afa5nd directive.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p><directive>LimitInternalRecursion</directive> prevents the server
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive from crashing when entering an infinite loop of internal redirects or
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive subrequests. Such loops are usually caused by misconfigurations.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The directive stores two different limits, which are evaluated on
fb77c505254b6e9c925e23e734463e87574f8f40kess per-request basis. The first <var>number</var> is the maximum number of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive internal redirects, that may follow each other. The second <var>number</var>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive determines, how deep subrequests may be nested. If you specify only one
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>number</var>, it will be assigned to both limits.</p>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen <highlight language="config">LimitInternalRecursion 5</highlight>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen</directivesynopsis>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<directivesynopsis>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<description>Restricts the total size of the HTTP request body sent
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cndfrom the client</description>
d3f27ec18dfa6283e852aa98253212edafaa0e2brbowen<contextlist><context>server config</context><context>virtual host</context>
fb77c505254b6e9c925e23e734463e87574f8f40kess<context>directory</context><context>.htaccess</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive specifies the number of <var>bytes</var> from 0
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive (meaning unlimited) to 2147483647 (2GB) that are allowed in a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request body. See the note below for the limited applicability
fb77c505254b6e9c925e23e734463e87574f8f40kess to proxy requests.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The <directive>LimitRequestBody</directive> directive allows
fb77c505254b6e9c925e23e734463e87574f8f40kess the user to set a limit on the allowed size of an HTTP request
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele message body within the context in which the directive is given
18b4b0fd6056093002ddef488636bf5ebe415ef0erikabele (server, per-directory, per-file or per-location). If the client
003f0c9fda6664daf5092a0e42f65ede20098153slive request exceeds that limit, the server will return an error
fb77c505254b6e9c925e23e734463e87574f8f40kess response instead of servicing the request. The size of a normal
ef8e89e090461194ecadd31e8796a2c51e0531a2kess request message body will vary greatly depending on the nature of
ef8e89e090461194ecadd31e8796a2c51e0531a2kess the resource and the methods allowed on that resource. CGI scripts
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive typically use the message body for retrieving form information.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Implementations of the <code>PUT</code> method will require
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive a value at least as large as any representation that the server
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive wishes to accept for that resource.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>This directive gives the server administrator greater
fb77c505254b6e9c925e23e734463e87574f8f40kess control over abnormal client request behavior, which may be
fb77c505254b6e9c925e23e734463e87574f8f40kess useful for avoiding some forms of denial-of-service
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive attacks.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>If, for example, you are permitting file upload to a particular
fb77c505254b6e9c925e23e734463e87574f8f40kess location, and wish to limit the size of the uploaded file to 100K,
fb77c505254b6e9c925e23e734463e87574f8f40kess you might use the following directive:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">LimitRequestBody 102400</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note><p>For a full description of how this directive is interpreted by
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive proxy requests, see the <module>mod_proxy</module> documentation.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Limits the number of HTTP request header fields that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivewill be accepted from the client</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context></contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p><var>Number</var> is an integer from 0 (meaning unlimited) to
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd 32767. The default value is defined by the compile-time
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd constant <code>DEFAULT_LIMIT_REQUEST_FIELDS</code> (100 as
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive distributed).</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>LimitRequestFields</directive> directive allows
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the server administrator to modify the limit on the number of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request header fields allowed in an HTTP request. A server needs
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive this value to be larger than the number of fields that a normal
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive client request might include. The number of request header fields
003f0c9fda6664daf5092a0e42f65ede20098153slive used by a client rarely exceeds 20, but this may vary among
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different client implementations, often depending upon the extent
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd to which a user has configured their browser to support detailed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive content negotiation. Optional HTTP extensions are often expressed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive using request header fields.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive gives the server administrator greater
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive control over abnormal client request behavior, which may be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive useful for avoiding some forms of denial-of-service attacks.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive The value should be increased if normal clients see an error
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd response from the server that indicates too many fields were
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd sent in the request.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <highlight language="config">LimitRequestFields 50</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p> When name-based virtual hosting is used, the value for this
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive is taken from the default (first-listed) virtual host for the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive local IP and port combination.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Limits the size of the HTTP request header allowed from the
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveclient</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax>LimitRequestFieldSize <var>bytes</var></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context></contextlist>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>This directive specifies the number of <var>bytes</var>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive that will be allowed in an HTTP request header.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>LimitRequestFieldSize</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive allows the server administrator to set the limit
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive on the allowed size of an HTTP request header field. A server
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd needs this value to be large enough to hold any one header field
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd from a normal client request. The size of a normal request header
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd field will vary greatly among different client implementations,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive often depending upon the extent to which a user has configured
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive their browser to support detailed content negotiation. SPNEGO
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive authentication headers can be up to 12392 bytes.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive gives the server administrator greater
fb77c505254b6e9c925e23e734463e87574f8f40kess control over abnormal client request behavior, which may be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive useful for avoiding some forms of denial-of-service attacks.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">LimitRequestFieldSize 4094</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note>Under normal conditions, the value should not be changed from
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the default.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p> When name-based virtual hosting is used, the value for this
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive is taken from the default (first-listed) virtual host best
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive matching the current IP address and port combination.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess<description>Limit the size of the HTTP request line that will be accepted
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivefrom the client</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive sets the number of <var>bytes</var> that will be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive allowed on the HTTP request-line.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p>The <directive>LimitRequestLine</directive> directive allows
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the server administrator to set the limit on the allowed size
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd of a client's HTTP request-line. Since the request-line consists of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive HTTP method, URI, and protocol version, the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive>LimitRequestLine</directive> directive places a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive restriction on the length of a request-URI allowed for a request
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive on the server. A server needs this value to be large enough to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive hold any of its resource names, including any information that
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive might be passed in the query part of a <code>GET</code> request.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>This directive gives the server administrator greater
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive control over abnormal client request behavior, which may be
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive useful for avoiding some forms of denial-of-service attacks.</p>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <highlight language="config">LimitRequestLine 4094</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <note>Under normal conditions, the value should not be changed from
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the default. Also, you can't set this higher than 8190 without
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive modifying the source and rebuilding.</note>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p> When name-based virtual hosting is used, the value for this
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive is taken from the default (first-listed) virtual host best
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive matching the current IP address and port combination.</p>
58e56a1d61ae176cc5ecb7c4863881736947d8b8rbowen</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Limits the size of an XML-based request body</description>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<context>directory</context><context>.htaccess</context></contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Limit (in bytes) on maximum size of an XML-based request
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive body. A value of <code>0</code> will disable any checking.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">LimitXMLRequestBody 0</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
fb77c505254b6e9c925e23e734463e87574f8f40kess<description>Applies the enclosed directives only to matching
fb77c505254b6e9c925e23e734463e87574f8f40kessURLs</description>
fb77c505254b6e9c925e23e734463e87574f8f40kess<syntax><Location
ef8e89e090461194ecadd31e8796a2c51e0531a2kess <var>URL-path</var>|<var>URL</var>> ... </Location></syntax>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess<contextlist><context>server config</context><context>virtual host</context>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess</contextlist>
530eba85dbd41b8a0fa5255d3648d1440199a661slive <p>The <directive type="section">Location</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive limits the scope of the enclosed directives by URL. It is similar to the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <directive type="section" module="core">Directory</directive>
530eba85dbd41b8a0fa5255d3648d1440199a661slive directive, and starts a subsection which is terminated with a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section">Location</directive> sections are processed in the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive order they appear in the configuration file, after the <directive
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz type="section" module="core">Directory</directive> sections and
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz <code>.htaccess</code> files are read, and after the <directive
7b5535ed88e0f561b3bfb3330137bd804846afd4slive type="section" module="core">Files</directive> sections.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p><directive type="section">Location</directive> sections operate
f35c904c3b359610a46e94fbb4ba8495b2338521slive completely outside the filesystem. This has several consequences.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Most importantly, <directive type="section">Location</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives should not be used to control access to filesystem
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive locations. Since several different URLs may map to the same
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive filesystem location, such access controls may by circumvented.</p>
ef8e89e090461194ecadd31e8796a2c51e0531a2kess <p>The enclosed directives will be applied to the request if the path component
fb77c505254b6e9c925e23e734463e87574f8f40kess of the URL meets <em>any</em> of the following criteria:
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>The specified location matches exactly the path component of the URL.
530eba85dbd41b8a0fa5255d3648d1440199a661slive <li>The specified location, which ends in a forward slash, is a prefix
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive of the path component of the URL (treated as a context root).
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <li>The specified location, with the addition of a trailing slash, is a
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive prefix of the path component of the URL (also treated as a context root).
530eba85dbd41b8a0fa5255d3648d1440199a661slive In the example below, where no trailing slash is used, requests to
530eba85dbd41b8a0fa5255d3648d1440199a661slive /private1, /private1/ and /private1/file.txt will have the enclosed
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives applied, but /private1other would not.
cf1595220a90759be0a39ab8b11c8cb834b698a9ianh<Location /private1>
cf1595220a90759be0a39ab8b11c8cb834b698a9ianh</Location>
cf1595220a90759be0a39ab8b11c8cb834b698a9ianh </highlight>
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh In the example below, where a trailing slash is used, requests to
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh /private2/ and /private2/file.txt will have the enclosed
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh directives applied, but /private2 and /private2other would not.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>Use <directive type="section">Location</directive> to apply
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directives to content that lives outside the filesystem. For
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh content that lives in the filesystem, use <directive
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh type="section" module="core">Directory</directive> and <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">Files</directive>. An exception is
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code><Location /></code>, which is an easy way to
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive apply a configuration to the entire server.</p>
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz <p>For all origin (non-proxy) requests, the URL to be matched is a
7b5535ed88e0f561b3bfb3330137bd804846afd4slive URL-path of the form <code>/path/</code>. <em>No scheme, hostname,
7b5535ed88e0f561b3bfb3330137bd804846afd4slive port, or query string may be included.</em> For proxy requests, the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive URL to be matched is of the form
f35c904c3b359610a46e94fbb4ba8495b2338521slive <code>scheme://servername/path</code>, and you must include the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive prefix.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The URL may use wildcards. In a wild-card string, <code>?</code> matches
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive any single character, and <code>*</code> matches any sequences of
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive characters. Neither wildcard character matches a / in the URL-path.</p>
fb77c505254b6e9c925e23e734463e87574f8f40kess <p><glossary ref="regex">Regular expressions</glossary>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive can also be used, with the addition of the <code>~</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive character. For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<Location ~ "/(extra|special)/data">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>would match URLs that contained the substring <code>/extra/data</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive or <code>/special/data</code>. The directive <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section" module="core">LocationMatch</directive> behaves
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd identical to the regex version of <directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive type="section">Location</directive>, and is preferred, for the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive simple reason that <code>~</code> is hard to distinguish from
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd functionality is especially useful when combined with the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive. For example, to enable status requests, but allow them
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive only from browsers at <code>example.com</code>, you might use:</p>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess<Location /status>
db1b819ff8966e3c6a5ca03c59a8ae06c2cecc9frbowen SetHandler server-status
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd Require host example.com
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd</Location>
130d299c4b2b15be45532a176604c71fdc7bea5bnd </highlight>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The slash character has special meaning depending on where in a
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd URL it appears. People may be used to its behavior in the filesystem
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive where multiple adjacent slashes are frequently collapsed to a single
db1b819ff8966e3c6a5ca03c59a8ae06c2cecc9frbowen slash (<em>i.e.</em>, <code>/home///foo</code> is the same as
db1b819ff8966e3c6a5ca03c59a8ae06c2cecc9frbowen <code>/home/foo</code>). In URL-space this is not necessarily true.
db1b819ff8966e3c6a5ca03c59a8ae06c2cecc9frbowen The <directive type="section" module="core">LocationMatch</directive>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive directive and the regex version of <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >Location</directive> require you to explicitly specify multiple
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive slashes if that is your intention.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>For example, <code><LocationMatch ^/abc></code> would match
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the request URL <code>/abc</code> but not the request URL <code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >Location</directive> directive behaves similarly when used for
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive proxy requests. But when (non-regex) <directive type="section"
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive >Location</directive> is used for non-proxy requests it will
003f0c9fda6664daf5092a0e42f65ede20098153slive implicitly match multiple slashes with a single slash. For example,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive if you specify <code><Location /abc/def></code> and the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive request is to <code>/abc//def</code> then it will match.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/sections.html">How <Directory>, <Location>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive and <Files> sections work</a> for an explanation of how these
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive different sections are combined when a request is received.</seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><directive module="core">LocationMatch</directive></seealso>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Applies the enclosed directives only to regular-expression
80c4526970a11f37c0f8e3b82afdf03902dac3f3slivematching URLs</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<syntax><LocationMatch
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>regex</var>> ... </LocationMatch></syntax>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>The <directive type="section">LocationMatch</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive limits the scope of the enclosed directives by URL, in an identical manner
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive to <directive module="core" type="section">Location</directive>. However,
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive it takes a <glossary ref="regex">regular expression</glossary>
003f0c9fda6664daf5092a0e42f65ede20098153slive as an argument instead of a simple string. For example:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<LocationMatch "/(extra|special)/data">
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</LocationMatch>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>would match URLs that contained the substring <code>/extra/data</code>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<seealso><a href="/sections.html">How <Directory>, <Location>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd and <Files> sections work</a> for an explanation of how these
130d299c4b2b15be45532a176604c71fdc7bea5bnd different sections are combined when a request is received</seealso>
130d299c4b2b15be45532a176604c71fdc7bea5bnd</directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<description>Controls the verbosity of the ErrorLog</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<compatibility>Per-module and per-directory configuration is available in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Apache HTTP Server 2.3.6 and later</compatibility>
003f0c9fda6664daf5092a0e42f65ede20098153slive <p><directive>LogLevel</directive> adjusts the verbosity of the
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive messages recorded in the error logs (see <directive
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess module="core">ErrorLog</directive> directive). The following
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <var>level</var>s are available, in order of decreasing
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive significance:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <columnspec><column width=".2"/><column width=".3"/><column width=".5"/>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </columnspec>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>"getpwuid: couldn't determine user name from uid"</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>"socket: Failed to get a socket, exiting child"</td>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <td>"child process 1234 did not exit, sending another
3c6c63407f1855ddfc45ac69b69a2a9bf15135e6rbowen SIGHUP"</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>"httpd: caught SIGBUS, attempting to dump core in
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>"Server seems busy, (you may need to increase
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <td>"proxy: CONNECT: sending the CONNECT request to the remote proxy"</td>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <td>"read from buffered SSL brigade, mode 0, 17 bytes"</td>
a23acbbd61b9565caecea9931b6bcdf0b6228cbbslive <td>"map lookup FAILED: map=rewritemap key=keyname"</td>
130d299c4b2b15be45532a176604c71fdc7bea5bnd <td>"| 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 |"</td>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <td>Trace messages, dumping large amounts of data</td>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <td>"| 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 |"</td>
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd <p>When a particular level is specified, messages from all
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd other levels of higher significance will be reported as well.
130d299c4b2b15be45532a176604c71fdc7bea5bnd <em>E.g.</em>, when <code>LogLevel info</code> is specified,
130d299c4b2b15be45532a176604c71fdc7bea5bnd recommended.</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <highlight language="config">LogLevel notice</highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>When logging to a regular file messages of the level
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <code>notice</code> cannot be suppressed and thus are always
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive logged. However, this doesn't apply when logging is done
130d299c4b2b15be45532a176604c71fdc7bea5bnd <p>Specifying a level without a module name will reset the level
130d299c4b2b15be45532a176604c71fdc7bea5bnd for all modules to that level. Specifying a level with a module
fb77c505254b6e9c925e23e734463e87574f8f40kess name will set the level for that module only. It is possible to
130d299c4b2b15be45532a176604c71fdc7bea5bnd use the module source file name, the module identifier, or the
130d299c4b2b15be45532a176604c71fdc7bea5bnd module identifier with the trailing <code>_module</code> omitted
130d299c4b2b15be45532a176604c71fdc7bea5bnd as module specification. This means the following three specifications
130d299c4b2b15be45532a176604c71fdc7bea5bnd are equivalent:</p>
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveLogLevel info ssl:warn
80c4526970a11f37c0f8e3b82afdf03902dac3f3sliveLogLevel info mod_ssl.c:warn
fb77c505254b6e9c925e23e734463e87574f8f40kessLogLevel info ssl_module:warn
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
a23acbbd61b9565caecea9931b6bcdf0b6228cbbslive <p>It is also possible to change the level per directory:</p>
fb77c505254b6e9c925e23e734463e87574f8f40kessLogLevel info
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive LogLevel debug
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</Directory>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive </highlight>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive Per directory loglevel configuration only affects messages that are
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive logged after the request has been parsed and that are associated with
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive the request. Log messages which are associated with the connection or
130d299c4b2b15be45532a176604c71fdc7bea5bnd the server are not affected.
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive</directivesynopsis>
130d299c4b2b15be45532a176604c71fdc7bea5bnd<directivesynopsis>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<description>Number of requests allowed on a persistent
ef8e89e090461194ecadd31e8796a2c51e0531a2kessconnection</description>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive<contextlist><context>server config</context><context>virtual host</context>
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess</contextlist>
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive <p>The <directive>MaxKeepAliveRequests</directive> directive
80c4526970a11f37c0f8e3b82afdf03902dac3f3slive limits the number of requests allowed per connection when
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess <directive module="core" >KeepAlive</directive> is on. If it is
<description>Number of overlapping ranges (eg: <code>100-200,150-300</code>) allowed before returning the complete
<description>Number of range reversals (eg: <code>100-200,50-70</code>) allowed before returning the complete
<p>You only need to set the protocol if you are running on non-standard ports, otherwise <code>http</code> is assumed for port 80 and <code>https</code> for port 443.</p>
<p>For example, if you are running <code>https</code> on a non-standard port, specify the protocol explicitly:</p>
<p>You can also specify the protocol using the <directive module="mpm_common">Listen</directive> directive.</p>
ServerName server.example.com
ServerAlias server server2.example.com server2
ServerAlias *.example.com
<syntax>ServerName [<var>scheme</var>://]<var>fully-qualified-domain-name</var>[:<var>port</var>]</syntax>
settings which determine whether self-referential URLs (e.g., by the
httpd: Could not reliably determine the server's fully qualified domain name, using rocinante.local for ServerName
href="http://wiki.apache.org/httpd/FAQ#Why_does_Apache_ask_for_my_password_twice_before_serving_a_file.3F">
ServerName host.example.com
ServerName host.example.com