Annotation of doc/install/linux/rhes4/httpd.conf, revision 1.1

1.1     ! raeburn     1: #
        !             2: # Based upon the NCSA server configuration files originally by Rob McCool.
        !             3: #
        !             4: # This is the main Apache server configuration file.  It contains the
        !             5: # configuration directives that give the server its instructions.
        !             6: # See <URL:http://www.apache.org/docs/> for detailed information about
        !             7: # the directives.
        !             8: #
        !             9: # Do NOT simply read the instructions in here without understanding
        !            10: # what they do.  They're here only as hints or reminders.  If you are unsure
        !            11: # consult the online docs. You have been warned.  
        !            12: #
        !            13: # After this file is processed, the server will look for and process
        !            14: # /etc/httpd/conf/srm.conf and then /etc/httpd/conf/access.conf
        !            15: # unless you have overridden these with ResourceConfig and/or
        !            16: # AccessConfig directives here.
        !            17: #
        !            18: # The configuration directives are grouped into three basic sections:
        !            19: #  1. Directives that control the operation of the Apache server process as a
        !            20: #     whole (the 'global environment').
        !            21: #  2. Directives that define the parameters of the 'main' or 'default' server,
        !            22: #     which responds to requests that aren't handled by a virtual host.
        !            23: #     These directives also provide default values for the settings
        !            24: #     of all virtual hosts.
        !            25: #  3. Settings for virtual hosts, which allow Web requests to be sent to
        !            26: #     different IP addresses or hostnames and have them handled by the
        !            27: #     same Apache server process.
        !            28: #
        !            29: # Configuration and logfile names: If the filenames you specify for many
        !            30: # of the server's control files begin with "/" (or "drive:/" for Win32), the
        !            31: # server will use that explicit path.  If the filenames do *not* begin
        !            32: # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
        !            33: # with ServerRoot set to "/usr/local/apache" will be interpreted by the
        !            34: # server as "/usr/local/apache/logs/foo.log".
        !            35: #
        !            36: 
        !            37: ### Section 1: Global Environment
        !            38: #
        !            39: # The directives in this section affect the overall operation of Apache,
        !            40: # such as the number of concurrent requests it can handle or where it
        !            41: # can find its configuration files.
        !            42: #
        !            43: 
        !            44: #
        !            45: # ServerType is either inetd, or standalone.  Inetd mode is only supported on
        !            46: # Unix platforms.
        !            47: #
        !            48: ServerType standalone
        !            49: 
        !            50: #
        !            51: # ServerRoot: The top of the directory tree under which the server's
        !            52: # configuration, error, and log files are kept.
        !            53: #
        !            54: # NOTE!  If you intend to place this on an NFS (or otherwise network)
        !            55: # mounted filesystem then please read the LockFile documentation
        !            56: # (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
        !            57: # you will save yourself a lot of trouble.
        !            58: #
        !            59: # Do NOT add a slash at the end of the directory path.
        !            60: #
        !            61: ServerRoot "/etc/httpd"
        !            62: 
        !            63: #
        !            64: # The LockFile directive sets the path to the lockfile used when Apache
        !            65: # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
        !            66: # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
        !            67: # its default value. The main reason for changing it is if the logs
        !            68: # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
        !            69: # DISK. The PID of the main server process is automatically appended to
        !            70: # the filename. 
        !            71: #
        !            72: LockFile /var/run/httpd.lock
        !            73: 
        !            74: #
        !            75: # PidFile: The file in which the server should record its process
        !            76: # identification number when it starts.
        !            77: #
        !            78: PidFile /var/run/httpd.pid
        !            79: 
        !            80: #
        !            81: # ScoreBoardFile: File used to store internal server process information.
        !            82: # Not all architectures require this.  But if yours does (you'll know because
        !            83: # this file will be  created when you run Apache) then you *must* ensure that
        !            84: # no two invocations of Apache share the same scoreboard file.
        !            85: #
        !            86: ScoreBoardFile logs/apache_runtime_status
        !            87: 
        !            88: #
        !            89: # In the standard configuration, the server will process httpd.conf (this 
        !            90: # file, specified by the -f command line option), srm.conf, and access.conf 
        !            91: # in that order.  The latter two files are now distributed empty, as it is 
        !            92: # recommended that all directives be kept in a single file for simplicity.  
        !            93: # The commented-out values below are the built-in defaults.  You can have the 
        !            94: # server ignore these files altogether by using "/dev/null" (for Unix) or
        !            95: # "nul" (for Win32) for the arguments to the directives.
        !            96: #
        !            97: #ResourceConfig conf/srm.conf
        !            98: #AccessConfig conf/access.conf
        !            99: 
        !           100: #
        !           101: # Timeout: The number of seconds before receives and sends time out.
        !           102: #
        !           103: Timeout 300
        !           104: 
        !           105: #
        !           106: # KeepAlive: Whether or not to allow persistent connections (more than
        !           107: # one request per connection). Set to "Off" to deactivate.
        !           108: #
        !           109: KeepAlive Off
        !           110: 
        !           111: #
        !           112: # MaxKeepAliveRequests: The maximum number of requests to allow
        !           113: # during a persistent connection. Set to 0 to allow an unlimited amount.
        !           114: # We recommend you leave this number high, for maximum performance.
        !           115: #
        !           116: MaxKeepAliveRequests 100
        !           117: 
        !           118: #
        !           119: # KeepAliveTimeout: Number of seconds to wait for the next request from the
        !           120: # same client on the same connection.
        !           121: #
        !           122: KeepAliveTimeout 15
        !           123: 
        !           124: #
        !           125: # Server-pool size regulation.  Rather than making you guess how many
        !           126: # server processes you need, Apache dynamically adapts to the load it
        !           127: # sees --- that is, it tries to maintain enough server processes to
        !           128: # handle the current load, plus a few spare servers to handle transient
        !           129: # load spikes (e.g., multiple simultaneous requests from a single
        !           130: # Netscape browser).
        !           131: #
        !           132: # It does this by periodically checking how many servers are waiting
        !           133: # for a request.  If there are fewer than MinSpareServers, it creates
        !           134: # a new spare.  If there are more than MaxSpareServers, some of the
        !           135: # spares die off.  The default values are probably OK for most sites.
        !           136: #
        !           137: MinSpareServers 5
        !           138: MaxSpareServers 20
        !           139: 
        !           140: #
        !           141: # Number of servers to start initially --- should be a reasonable ballpark
        !           142: # figure.
        !           143: #
        !           144: StartServers 8
        !           145: 
        !           146: #
        !           147: # Limit on total number of servers running, i.e., limit on the number
        !           148: # of clients who can simultaneously connect --- if this limit is ever
        !           149: # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
        !           150: # It is intended mainly as a brake to keep a runaway server from taking
        !           151: # the system with it as it spirals down...
        !           152: #
        !           153: MaxClients 150
        !           154: 
        !           155: #
        !           156: # MaxRequestsPerChild: the number of requests each child process is
        !           157: # allowed to process before the child dies.  The child will exit so
        !           158: # as to avoid problems after prolonged use when Apache (and maybe the
        !           159: # libraries it uses) leak memory or other resources.  On most systems, this
        !           160: # isn't really needed, but a few (such as Solaris) do have notable leaks
        !           161: # in the libraries. For these platforms, set to something like 10000
        !           162: # or so; a setting of 0 means unlimited.
        !           163: #
        !           164: # NOTE: This value does not include keepalive requests after the initial
        !           165: #       request per connection. For example, if a child process handles
        !           166: #       an initial request and 10 subsequent "keptalive" requests, it
        !           167: #       would only count as 1 request towards this limit.
        !           168: #
        !           169: MaxRequestsPerChild 1000
        !           170: 
        !           171: #
        !           172: # Listen: Allows you to bind Apache to specific IP addresses and/or
        !           173: # ports, in addition to the default. See also the <VirtualHost>
        !           174: # directive.
        !           175: #
        !           176: #Listen 3000
        !           177: #Listen 12.34.56.78:80
        !           178: #Listen 80
        !           179: 
        !           180: #
        !           181: # BindAddress: You can support virtual hosts with this option. This directive
        !           182: # is used to tell the server which IP address to listen to. It can either
        !           183: # contain "*", an IP address, or a fully qualified Internet domain name.
        !           184: # See also the <VirtualHost> and Listen directives.
        !           185: #
        !           186: #BindAddress *
        !           187: 
        !           188: #
        !           189: # Dynamic Shared Object (DSO) Support
        !           190: #
        !           191: # To be able to use the functionality of a module which was built as a DSO you
        !           192: # have to place corresponding `LoadModule' lines at this location so the
        !           193: # directives contained in it are actually available _before_ they are used.
        !           194: # Please read the file http://httpd.apache.org/docs/dso.html for more
        !           195: # details about the DSO mechanism and run `httpd -l' for the list of already
        !           196: # built-in (statically linked and thus always available) modules in your httpd
        !           197: # binary.
        !           198: #
        !           199: # Note: The order in which modules are loaded is important.  Don't change
        !           200: # the order below without expert advice.
        !           201: #
        !           202: # Example:
        !           203: # LoadModule foo_module modules/mod_foo.so
        !           204: 
        !           205: #LoadModule mmap_static_module modules/mod_mmap_static.so
        !           206: LoadModule vhost_alias_module modules/mod_vhost_alias.so
        !           207: <IfDefine HAVE_BANDWIDTH>
        !           208: #LoadModule bandwidth_module   modules/mod_bandwidth.so
        !           209: </IfDefine>
        !           210: <IfDefine HAVE_THROTTLE>
        !           211: #LoadModule throttle_module    modules/mod_throttle.so
        !           212: </IfDefine>
        !           213: LoadModule env_module         modules/mod_env.so
        !           214: LoadModule config_log_module  modules/mod_log_config.so
        !           215: LoadModule agent_log_module   modules/mod_log_agent.so
        !           216: LoadModule referer_log_module modules/mod_log_referer.so
        !           217: #LoadModule mime_magic_module  modules/mod_mime_magic.so
        !           218: LoadModule mime_module        modules/mod_mime.so
        !           219: LoadModule negotiation_module modules/mod_negotiation.so
        !           220: LoadModule status_module      modules/mod_status.so
        !           221: LoadModule info_module        modules/mod_info.so
        !           222: LoadModule includes_module    modules/mod_include.so
        !           223: LoadModule autoindex_module   modules/mod_autoindex.so
        !           224: LoadModule dir_module         modules/mod_dir.so
        !           225: LoadModule cgi_module         modules/mod_cgi.so
        !           226: LoadModule asis_module        modules/mod_asis.so
        !           227: LoadModule imap_module        modules/mod_imap.so
        !           228: LoadModule action_module      modules/mod_actions.so
        !           229: #LoadModule speling_module     modules/mod_speling.so
        !           230: LoadModule userdir_module     modules/mod_userdir.so
        !           231: LoadModule alias_module       modules/mod_alias.so
        !           232: LoadModule rewrite_module     modules/mod_rewrite.so
        !           233: LoadModule access_module      modules/mod_access.so
        !           234: LoadModule auth_module        modules/mod_auth.so
        !           235: LoadModule anon_auth_module   modules/mod_auth_anon.so
        !           236: LoadModule db_auth_module     modules/mod_auth_db.so
        !           237: #LoadModule auth_any_module    modules/mod_auth_any.so
        !           238: #LoadModule dbm_auth_module    modules/mod_auth_dbm.so
        !           239: #LoadModule auth_ldap_module   modules/mod_auth_ldap.so
        !           240: #LoadModule mysql_auth_module  modules/mod_auth_mysql.so
        !           241: #LoadModule auth_pgsql_module  modules/mod_auth_pgsql.so
        !           242: #LoadModule digest_module      modules/mod_digest.so
        !           243: #LoadModule proxy_module       modules/libproxy.so
        !           244: #LoadModule cern_meta_module   modules/mod_cern_meta.so
        !           245: LoadModule expires_module     modules/mod_expires.so
        !           246: LoadModule headers_module     modules/mod_headers.so
        !           247: #LoadModule usertrack_module   modules/mod_usertrack.so
        !           248: #LoadModule example_module     modules/mod_example.so
        !           249: #LoadModule unique_id_module   modules/mod_unique_id.so
        !           250: LoadModule setenvif_module    modules/mod_setenvif.so
        !           251: <IfDefine HAVE_PERL>
        !           252: LoadModule perl_module        modules/libperl.so
        !           253: </IfDefine>
        !           254: #<IfDefine HAVE_PHP>
        !           255: #LoadModule php_module         modules/mod_php.so
        !           256: #</IfDefine>
        !           257: #<IfDefine HAVE_PHP3>
        !           258: #LoadModule php3_module        modules/libphp3.so
        !           259: #</IfDefine>
        !           260: #<IfDefine HAVE_PHP4>
        !           261: #LoadModule php4_module        modules/libphp4.so
        !           262: #</IfDefine>
        !           263: #<IfDefine HAVE_DAV>
        !           264: #LoadModule dav_module         modules/libdav.so
        !           265: #</IfDefine>
        !           266: #<IfDefine HAVE_ROAMING>
        !           267: #LoadModule roaming_module     modules/mod_roaming.so
        !           268: #</IfDefine>
        !           269: #<IfDefine HAVE_SSL>
        !           270: #LoadModule ssl_module         modules/libssl.so
        !           271: #</IfDefine>
        !           272: #<IfDefine HAVE_PUT>
        !           273: #LoadModule put_module         modules/mod_put.so
        !           274: #</IfDefine>
        !           275: #<IfDefine HAVE_PYTHON>
        !           276: #LoadModule python_module      modules/mod_python.so
        !           277: #</IfDefine>
        !           278: 
        !           279: #  Reconstruction of the complete module list from all available modules
        !           280: #  (static and shared ones) to achieve correct module execution order.
        !           281: #  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
        !           282: ClearModuleList
        !           283: #AddModule mod_mmap_static.c
        !           284: AddModule mod_vhost_alias.c
        !           285: #<IfDefine HAVE_BANDWIDTH>
        !           286: #AddModule mod_bandwidth.c
        !           287: #</IfDefine>
        !           288: #<IfDefine HAVE_THROTTLE>
        !           289: #AddModule mod_throttle.c
        !           290: #</IfDefine>
        !           291: AddModule mod_env.c
        !           292: AddModule mod_log_config.c
        !           293: AddModule mod_log_agent.c
        !           294: AddModule mod_log_referer.c
        !           295: #AddModule mod_mime_magic.c
        !           296: AddModule mod_mime.c
        !           297: AddModule mod_negotiation.c
        !           298: AddModule mod_status.c
        !           299: AddModule mod_info.c
        !           300: AddModule mod_include.c
        !           301: AddModule mod_autoindex.c
        !           302: AddModule mod_dir.c
        !           303: AddModule mod_cgi.c
        !           304: AddModule mod_asis.c
        !           305: AddModule mod_imap.c
        !           306: AddModule mod_actions.c
        !           307: #AddModule mod_speling.c
        !           308: AddModule mod_userdir.c
        !           309: AddModule mod_alias.c
        !           310: AddModule mod_rewrite.c
        !           311: AddModule mod_access.c
        !           312: AddModule mod_auth.c
        !           313: AddModule mod_auth_anon.c
        !           314: AddModule mod_auth_db.c
        !           315: #AddModule mod_auth_any.c
        !           316: #AddModule mod_auth_dbm.c
        !           317: #AddModule auth_ldap.c
        !           318: #AddModule mod_auth_mysql.c
        !           319: #AddModule mod_auth_pgsql.c
        !           320: #AddModule mod_digest.c
        !           321: #AddModule mod_proxy.c
        !           322: #AddModule mod_cern_meta.c
        !           323: AddModule mod_expires.c
        !           324: AddModule mod_headers.c
        !           325: #AddModule mod_usertrack.c
        !           326: #AddModule mod_example.c
        !           327: #AddModule mod_unique_id.c
        !           328: AddModule mod_so.c
        !           329: AddModule mod_setenvif.c
        !           330: <IfDefine HAVE_PERL>
        !           331: AddModule mod_perl.c
        !           332: </IfDefine>
        !           333: #<IfDefine HAVE_PHP>
        !           334: #AddModule mod_php.c
        !           335: #</IfDefine>
        !           336: #<IfDefine HAVE_PHP3>
        !           337: #AddModule mod_php3.c
        !           338: #</IfDefine>
        !           339: #<IfDefine HAVE_PHP4>
        !           340: #AddModule mod_php4.c
        !           341: #</IfDefine>
        !           342: #<IfDefine HAVE_DAV>
        !           343: #AddModule mod_dav.c
        !           344: #</IfDefine>
        !           345: #<IfDefine HAVE_ROAMING>
        !           346: #AddModule mod_roaming.c
        !           347: #</IfDefine>
        !           348: #<IfDefine HAVE_SSL>
        !           349: #AddModule mod_ssl.c
        !           350: #</IfDefine>
        !           351: #<IfDefine HAVE_PUT>
        !           352: #AddModule mod_put.c
        !           353: #</IfDefine>
        !           354: #<IfDefine HAVE_PYTHON>
        !           355: #AddModule mod_python.c
        !           356: #</IfDefine>
        !           357: 
        !           358: #
        !           359: # ExtendedStatus controls whether Apache will generate "full" status
        !           360: # information (ExtendedStatus On) or just basic information (ExtendedStatus
        !           361: # Off) when the "server-status" handler is called. The default is Off.
        !           362: #
        !           363: #ExtendedStatus On
        !           364: 
        !           365: ### Section 2: 'Main' server configuration
        !           366: #
        !           367: # The directives in this section set up the values used by the 'main'
        !           368: # server, which responds to any requests that aren't handled by a
        !           369: # <VirtualHost> definition.  These values also provide defaults for
        !           370: # any <VirtualHost> containers you may define later in the file.
        !           371: #
        !           372: # All of these directives may appear inside <VirtualHost> containers,
        !           373: # in which case these default settings will be overridden for the
        !           374: # virtual host being defined.
        !           375: #
        !           376: 
        !           377: #
        !           378: # If your ServerType directive (set earlier in the 'Global Environment'
        !           379: # section) is set to "inetd", the next few directives don't have any
        !           380: # effect since their settings are defined by the inetd configuration.
        !           381: # Skip ahead to the ServerAdmin directive.
        !           382: #
        !           383: 
        !           384: #
        !           385: # Port: The port to which the standalone server listens. For
        !           386: # ports < 1023, you will need httpd to be run as root initially.
        !           387: #
        !           388: Port 80
        !           389: 
        !           390: ##
        !           391: ##  SSL Support
        !           392: ##
        !           393: ##  When we also provide SSL we have to listen to the 
        !           394: ##  standard HTTP port (see above) and to the HTTPS port
        !           395: ##
        !           396: <IfDefine HAVE_SSL>
        !           397: Listen 80
        !           398: Listen 443
        !           399: </IfDefine>
        !           400: 
        !           401: #
        !           402: # If you wish httpd to run as a different user or group, you must run
        !           403: # httpd as root initially and it will switch.  
        !           404: #
        !           405: # User/Group: The name (or #number) of the user/group to run httpd as.
        !           406: #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
        !           407: #  . On HPUX you may not be able to use shared memory as nobody, and the
        !           408: #    suggested workaround is to create a user www and use that user.
        !           409: #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
        !           410: #  when the value of (unsigned)Group is above 60000; 
        !           411: #  don't use Group "#-1" on these systems!
        !           412: #
        !           413: User www
        !           414: Group www
        !           415: 
        !           416: #
        !           417: # ServerAdmin: Your address, where problems with the server should be
        !           418: # e-mailed.  This address appears on some server-generated pages, such
        !           419: # as error documents.
        !           420: #
        !           421: ServerAdmin root@localhost
        !           422: 
        !           423: #
        !           424: # ServerName allows you to set a host name which is sent back to clients for
        !           425: # your server if it's different than the one the program would get (i.e., use
        !           426: # "www" instead of the host's real name).
        !           427: #
        !           428: # Note: You cannot just invent host names and hope they work. The name you 
        !           429: # define here must be a valid DNS name for your host. If you don't understand
        !           430: # this, ask your network administrator.
        !           431: # If your host doesn't have a registered DNS name, enter its IP address here.
        !           432: # You will have to access it by its address (e.g., http://123.45.67.89/)
        !           433: # anyway, and this will make redirections work in a sensible way.
        !           434: #
        !           435: # 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your 
        !           436: # machine always knows itself by this address. If you use Apache strictly for 
        !           437: # local testing and development, you may use 127.0.0.1 as the server name.
        !           438: #
        !           439: #ServerName localhost
        !           440: 
        !           441: ##
        !           442: ## DocumentRoot: The directory out of which you will serve your
        !           443: ## documents. By default, all requests are taken from this directory, but
        !           444: ## symbolic links and aliases may be used to point to other locations.
        !           445: ##
        !           446: #DocumentRoot "/home/www/html"
        !           447: 
        !           448: ##
        !           449: ## Each directory to which Apache has access, can be configured with respect
        !           450: ## to which services and features are allowed and/or disabled in that
        !           451: ## directory (and its subdirectories). 
        !           452: ##
        !           453: ## First, we configure the "default" to be a very restrictive set of 
        !           454: ## permissions.  
        !           455: ##
        !           456: #<Directory />
        !           457: #    Options FollowSymLinks
        !           458: #    AllowOverride None
        !           459: #</Directory>
        !           460: 
        !           461: #
        !           462: # Note that from this point forward you must specifically allow
        !           463: # particular features to be enabled - so if something's not working as
        !           464: # you might expect, make sure that you have specifically enabled it
        !           465: # below.
        !           466: #
        !           467: 
        !           468: ##
        !           469: ## This should be changed to whatever you set DocumentRoot to.
        !           470: ##
        !           471: #<Directory "/home/www/html">
        !           472: #
        !           473: ##
        !           474: ## This may also be "None", "All", or any combination of "Indexes",
        !           475: ## "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
        !           476: ##
        !           477: ## Note that "MultiViews" must be named *explicitly* --- "Options All"
        !           478: ## doesn't give it to you.
        !           479: ##
        !           480: ##    Options Indexes FollowSymLinks
        !           481: #    Options FollowSymLinks
        !           482: #
        !           483: ##
        !           484: ## This controls which options the .htaccess files in directories can
        !           485: ## override. Can also be "All", or any combination of "Options", "FileInfo", 
        !           486: ## "AuthConfig", and "Limit"
        !           487: ##
        !           488: #    AllowOverride None
        !           489: #
        !           490: ##
        !           491: ## Controls who can get stuff from this server.
        !           492: ##
        !           493: #    Order allow,deny
        !           494: #    Allow from all
        !           495: #</Directory>
        !           496: 
        !           497: #
        !           498: # UserDir: The name of the directory which is appended onto a user's home
        !           499: # directory if a ~user request is received.
        !           500: #
        !           501: # The path to the end user account 'public_html' directory must be
        !           502: # accessible to the webserver userid.  This usually means that ~userid
        !           503: # must have permissions of 711, ~userid/public_html must have permissions
        !           504: # of 755, and documents contained therein must be world-readable.
        !           505: # Otherwise, the client will only receive a "403 Forbidden" message.
        !           506: #
        !           507: # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
        !           508: #
        !           509: #<IfModule mod_userdir.c>
        !           510: #    UserDir public_html
        !           511: #</IfModule>
        !           512: 
        !           513: #
        !           514: # Control access to UserDir directories.  The following is an example
        !           515: # for a site where these directories are restricted to read-only.
        !           516: #
        !           517: #<Directory /home/*/public_html>
        !           518: #    AllowOverride FileInfo AuthConfig Limit
        !           519: #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
        !           520: #    <Limit GET POST OPTIONS PROPFIND>
        !           521: #        Order allow,deny
        !           522: #        Allow from all
        !           523: #    </Limit>
        !           524: #    <LimitExcept GET POST OPTIONS PROPFIND>
        !           525: #        Order deny,allow
        !           526: #        Deny from all
        !           527: #    </LimitExcept>
        !           528: #</Directory>
        !           529: 
        !           530: #
        !           531: # DirectoryIndex: Name of the file or files to use as a pre-written HTML
        !           532: # directory index.  Separate multiple entries with spaces.
        !           533: #
        !           534: <IfModule mod_dir.c>
        !           535:     DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php3 index.phtml index.cgi
        !           536: </IfModule>
        !           537: 
        !           538: #
        !           539: # AccessFileName: The name of the file to look for in each directory
        !           540: # for access control information.
        !           541: #
        !           542: AccessFileName .htaccess
        !           543: 
        !           544: #
        !           545: # The following lines prevent .htaccess files from being viewed by
        !           546: # Web clients.  Since .htaccess files often contain authorization
        !           547: # information, access is disallowed for security reasons.  Comment
        !           548: # these lines out if you want Web visitors to see the contents of
        !           549: # .htaccess files.  If you change the AccessFileName directive above,
        !           550: # be sure to make the corresponding changes here.
        !           551: #
        !           552: # Also, folks tend to use names such as .htpasswd for password
        !           553: # files, so this will protect those as well.
        !           554: #
        !           555: <Files ~ "^\.ht">
        !           556:     Order allow,deny
        !           557:     Deny from all
        !           558:     Satisfy All
        !           559: </Files>
        !           560: 
        !           561: #
        !           562: # CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
        !           563: # document that was negotiated on the basis of content. This asks proxy
        !           564: # servers not to cache the document. Uncommenting the following line disables
        !           565: # this behavior, and proxies will be allowed to cache the documents.
        !           566: #
        !           567: #CacheNegotiatedDocs
        !           568: 
        !           569: #
        !           570: # UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
        !           571: # Apache needs to construct a self-referencing URL (a URL that refers back
        !           572: # to the server the response is coming from) it will use ServerName and
        !           573: # Port to form a "canonical" name.  With this setting off, Apache will
        !           574: # use the hostname:port that the client supplied, when possible.  This
        !           575: # also affects SERVER_NAME and SERVER_PORT in CGI scripts.
        !           576: #
        !           577: UseCanonicalName On
        !           578: 
        !           579: #
        !           580: # TypesConfig describes where the mime.types file (or equivalent) is
        !           581: # to be found.
        !           582: #
        !           583: <IfModule mod_mime.c>
        !           584:     TypesConfig /etc/mime.types
        !           585: </IfModule>
        !           586: 
        !           587: #
        !           588: # DefaultType is the default MIME type the server will use for a document
        !           589: # if it cannot otherwise determine one, such as from filename extensions.
        !           590: # If your server contains mostly text or HTML documents, "text/plain" is
        !           591: # a good value.  If most of your content is binary, such as applications
        !           592: # or images, you may want to use "application/octet-stream" instead to
        !           593: # keep browsers from trying to display binary files as though they are
        !           594: # text.
        !           595: #
        !           596: DefaultType text/plain
        !           597: 
        !           598: #
        !           599: # The mod_mime_magic module allows the server to use various hints from the
        !           600: # contents of the file itself to determine its type.  The MIMEMagicFile
        !           601: # directive tells the module where the hint definitions are located.
        !           602: # mod_mime_magic is not part of the default server (you have to add
        !           603: # it yourself with a LoadModule [see the DSO paragraph in the 'Global
        !           604: # Environment' section], or recompile the server and include mod_mime_magic
        !           605: # as part of the configuration), so it's enclosed in an <IfModule> container.
        !           606: # This means that the MIMEMagicFile directive will only be processed if the
        !           607: # module is part of the server.
        !           608: #
        !           609: <IfModule mod_mime_magic.c>
        !           610: #   MIMEMagicFile /usr/share/magic.mime
        !           611:     MIMEMagicFile conf/magic
        !           612: </IfModule>
        !           613: 
        !           614: #
        !           615: # HostnameLookups: Log the names of clients or just their IP addresses
        !           616: # e.g., www.apache.org (on) or 204.62.129.132 (off).
        !           617: # The default is off because it'd be overall better for the net if people
        !           618: # had to knowingly turn this feature on, since enabling it means that
        !           619: # each client request will result in AT LEAST one lookup request to the
        !           620: # nameserver.
        !           621: #
        !           622: HostnameLookups Off
        !           623: 
        !           624: #
        !           625: # ErrorLog: The location of the error log file.
        !           626: # If you do not specify an ErrorLog directive within a <VirtualHost>
        !           627: # container, error messages relating to that virtual host will be
        !           628: # logged here.  If you *do* define an error logfile for a <VirtualHost>
        !           629: # container, that host's errors will be logged there and not here.
        !           630: #
        !           631: ErrorLog logs/error_log
        !           632: 
        !           633: #
        !           634: # LogLevel: Control the number of messages logged to the error_log.
        !           635: # Possible values include: debug, info, notice, warn, error, crit,
        !           636: # alert, emerg.
        !           637: #
        !           638: LogLevel warn
        !           639: 
        !           640: #
        !           641: # The following directives define some format nicknames for use with
        !           642: # a CustomLog directive (see below).
        !           643: #
        !           644: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        !           645: LogFormat "%h %l %u %t \"%r\" %>s %b" common
        !           646: LogFormat "%{Referer}i -> %U" referer
        !           647: LogFormat "%{User-agent}i" agent
        !           648: 
        !           649: #
        !           650: # The location and format of the access logfile (Common Logfile Format).
        !           651: # If you do not define any access logfiles within a <VirtualHost>
        !           652: # container, they will be logged here.  Contrariwise, if you *do*
        !           653: # define per-<VirtualHost> access logfiles, transactions will be
        !           654: # logged therein and *not* in this file.
        !           655: #
        !           656: # CustomLog /var/log/httpd/access_log common
        !           657: CustomLog logs/access_log combined
        !           658: 
        !           659: #
        !           660: # If you would like to have agent and referer logfiles, uncomment the
        !           661: # following directives.
        !           662: #
        !           663: #CustomLog logs/referer_log referer
        !           664: #CustomLog logs/agent_log agent
        !           665: 
        !           666: #
        !           667: # If you prefer a single logfile with access, agent, and referer information
        !           668: # (Combined Logfile Format) you can use the following directive.
        !           669: #
        !           670: #CustomLog logs/access_log combined
        !           671: 
        !           672: #
        !           673: # Optionally add a line containing the server version and virtual host
        !           674: # name to server-generated pages (error documents, FTP directory listings,
        !           675: # mod_status and mod_info output etc., but not CGI generated documents).
        !           676: # Set to "EMail" to also include a mailto: link to the ServerAdmin.
        !           677: # Set to one of:  On | Off | EMail
        !           678: #
        !           679: ServerSignature On
        !           680: 
        !           681: # EBCDIC configuration:
        !           682: # (only for mainframes using the EBCDIC codeset, currently one of:
        !           683: # Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!!
        !           684: # The following default configuration assumes that "text files"
        !           685: # are stored in EBCDIC (so that you can operate on them using the
        !           686: # normal POSIX tools like grep and sort) while "binary files" are
        !           687: # stored with identical octets as on an ASCII machine.
        !           688: #
        !           689: # The directives are evaluated in configuration file order, with
        !           690: # the EBCDICConvert directives applied before EBCDICConvertByType.
        !           691: #
        !           692: # If you want to have ASCII HTML documents and EBCDIC HTML documents
        !           693: # at the same time, you can use the file extension to force
        !           694: # conversion off for the ASCII documents:
        !           695: # > AddType       text/html .ahtml
        !           696: # > EBCDICConvert Off=InOut .ahtml
        !           697: #
        !           698: # EBCDICConvertByType  On=InOut text/* message/* multipart/*
        !           699: # EBCDICConvertByType  On=In    application/x-www-form-urlencoded
        !           700: # EBCDICConvertByType  On=InOut application/postscript model/vrml
        !           701: # EBCDICConvertByType Off=InOut */*
        !           702: 
        !           703: 
        !           704: #
        !           705: # Aliases: Add here as many aliases as you need (with no limit). The format is 
        !           706: # Alias fakename realname
        !           707: #
        !           708: <IfModule mod_alias.c>
        !           709: 
        !           710:     #
        !           711:     # Note that if you include a trailing / on fakename then the server will
        !           712:     # require it to be present in the URL.  So "/icons" isn't aliased in this
        !           713:     # example, only "/icons/".  If the fakename is slash-terminated, then the 
        !           714:     # realname must also be slash terminated, and if the fakename omits the 
        !           715:     # trailing slash, the realname must also omit it.
        !           716:     #
        !           717:     Alias /icons/ "/home/httpd/icons/"
        !           718: 
        !           719:     <Directory "/home/httpd/icons">
        !           720:         Options Indexes MultiViews
        !           721:         AllowOverride None
        !           722:         Order allow,deny
        !           723:         Allow from all
        !           724:     </Directory>
        !           725: 
        !           726:     # This Alias will project the on-line documentation tree under /manual/
        !           727:     # even if you change the DocumentRoot. Comment it if you don't want to 
        !           728:     # provide access to the on-line documentation.
        !           729:     #
        !           730:     # Alias /manual/ "/etc/httpd/htdocs/manual/"
        !           731:     #
        !           732:     # <Directory "/etc/httpd/htdocs/manual">
        !           733:     #     Options Indexes FollowSymlinks MultiViews
        !           734:     #     AllowOverride None
        !           735:     #     Order allow,deny
        !           736:     #     Allow from all
        !           737:     # </Directory>
        !           738: 
        !           739:     #
        !           740:     # ScriptAlias: This controls which directories contain server scripts.
        !           741:     # ScriptAliases are essentially the same as Aliases, except that
        !           742:     # documents in the realname directory are treated as applications and
        !           743:     # run by the server when requested rather than as documents sent to the client.
        !           744:     # The same rules about trailing "/" apply to ScriptAlias directives as to
        !           745:     # Alias.
        !           746:     #
        !           747:     ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
        !           748: 
        !           749:     #
        !           750:     # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
        !           751:     # CGI directory exists, if you have that configured.
        !           752:     #
        !           753:     <Directory "/home/httpd/cgi-bin">
        !           754:         AllowOverride None
        !           755:         Options None
        !           756:         Order allow,deny
        !           757:         Allow from all
        !           758:     </Directory>
        !           759: 
        !           760: </IfModule>
        !           761: # End of aliases.
        !           762: 
        !           763: #
        !           764: # Redirect allows you to tell clients about documents which used to exist in
        !           765: # your server's namespace, but do not anymore. This allows you to tell the
        !           766: # clients where to look for the relocated document.
        !           767: # Format: Redirect old-URI new-URL
        !           768: #
        !           769: 
        !           770: #
        !           771: # Directives controlling the display of server-generated directory listings.
        !           772: #
        !           773: <IfModule mod_autoindex.c>
        !           774: 
        !           775:     #
        !           776:     # FancyIndexing is whether you want fancy directory indexing or standard
        !           777:     #
        !           778:     IndexOptions FancyIndexing NameWidth=*
        !           779: 
        !           780:     #
        !           781:     # AddIcon* directives tell the server which icon to show for different
        !           782:     # files or filename extensions.  These are only displayed for
        !           783:     # FancyIndexed directories.
        !           784:     #
        !           785:     AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
        !           786: 
        !           787:     AddIconByType (TXT,/icons/text.gif) text/*
        !           788:     AddIconByType (IMG,/icons/image2.gif) image/*
        !           789:     AddIconByType (SND,/icons/sound2.gif) audio/*
        !           790:     AddIconByType (VID,/icons/movie.gif) video/*
        !           791: 
        !           792:     AddIcon /icons/binary.gif .bin .exe
        !           793:     AddIcon /icons/binhex.gif .hqx
        !           794:     AddIcon /icons/tar.gif .tar
        !           795:     AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
        !           796:     AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
        !           797:     AddIcon /icons/a.gif .ps .ai .eps
        !           798:     AddIcon /icons/layout.gif .html .shtml .htm .pdf
        !           799:     AddIcon /icons/text.gif .txt
        !           800:     AddIcon /icons/c.gif .c
        !           801:     AddIcon /icons/p.gif .pl .py
        !           802:     AddIcon /icons/f.gif .for
        !           803:     AddIcon /icons/dvi.gif .dvi
        !           804:     AddIcon /icons/uuencoded.gif .uu
        !           805:     AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
        !           806:     AddIcon /icons/tex.gif .tex
        !           807:     AddIcon /icons/bomb.gif core
        !           808: 
        !           809:     AddIcon /icons/back.gif ..
        !           810:     AddIcon /icons/hand.right.gif README
        !           811:     AddIcon /icons/folder.gif ^^DIRECTORY^^
        !           812:     AddIcon /icons/blank.gif ^^BLANKICON^^
        !           813: 
        !           814:     #
        !           815:     # DefaultIcon is which icon to show for files which do not have an icon
        !           816:     # explicitly set.
        !           817:     #
        !           818:     DefaultIcon /icons/unknown.gif
        !           819: 
        !           820:     #
        !           821:     # AddDescription allows you to place a short description after a file in
        !           822:     # server-generated indexes.  These are only displayed for FancyIndexed
        !           823:     # directories.
        !           824:     # Format: AddDescription "description" filename
        !           825:     #
        !           826:     #AddDescription "GZIP compressed document" .gz
        !           827:     #AddDescription "tar archive" .tar
        !           828:     #AddDescription "GZIP compressed tar archive" .tgz
        !           829: 
        !           830:     #
        !           831:     # ReadmeName is the name of the README file the server will look for by
        !           832:     # default, and append to directory listings.
        !           833:     #
        !           834:     # HeaderName is the name of a file which should be prepended to
        !           835:     # directory indexes. 
        !           836:     #
        !           837:     # If MultiViews are amongst the Options in effect, the server will
        !           838:     # first look for name.html and include it if found.  If name.html
        !           839:     # doesn't exist, the server will then look for name.txt and include
        !           840:     # it as plaintext if found.
        !           841:     #
        !           842:     ReadmeName README
        !           843:     HeaderName HEADER
        !           844: 
        !           845:     #
        !           846:     # IndexIgnore is a set of filenames which directory indexing should ignore
        !           847:     # and not include in the listing.  Shell-style wildcarding is permitted.
        !           848:     #
        !           849:     IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
        !           850: 
        !           851: </IfModule>
        !           852: # End of indexing directives.
        !           853: 
        !           854: #
        !           855: # Document types.
        !           856: #
        !           857: <IfModule mod_mime.c>
        !           858: 
        !           859:     #
        !           860:     # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
        !           861:     # information on the fly. Note: Not all browsers support this.
        !           862:     # Despite the name similarity, the following Add* directives have nothing
        !           863:     # to do with the FancyIndexing customization directives above.
        !           864:     #
        !           865:     AddEncoding x-compress Z
        !           866:     AddEncoding x-gzip gz tgz
        !           867: 
        !           868:     #
        !           869:     # AddLanguage allows you to specify the language of a document. You can
        !           870:     # then use content negotiation to give a browser a file in a language
        !           871:     # it can understand.  
        !           872:     #
        !           873:     # Note 1: The suffix does not have to be the same as the language 
        !           874:     # keyword --- those with documents in Polish (whose net-standard 
        !           875:     # language code is pl) may wish to use "AddLanguage pl .po" to 
        !           876:     # avoid the ambiguity with the common suffix for perl scripts.
        !           877:     #
        !           878:     # Note 2: The example entries below illustrate that in quite
        !           879:     # some cases the two character 'Language' abbreviation is not
        !           880:     # identical to the two character 'Country' code for its country,
        !           881:     # E.g. 'Danmark/dk' versus 'Danish/da'.
        !           882:     #
        !           883:     # Note 3: In the case of 'ltz' we violate the RFC by using a three char 
        !           884:     # specifier. But there is 'work in progress' to fix this and get 
        !           885:     # the reference data for rfc1766 cleaned up.
        !           886:     #
        !           887:     # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
        !           888:     # French (fr) - German (de) - Greek-Modern (el)
        !           889:     # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn)
        !           890:     # Portugese (pt) - Luxembourgeois* (ltz)
        !           891:     # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
        !           892:     # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
        !           893:     # Russian (ru)
        !           894:     #
        !           895:     AddLanguage da .dk
        !           896:     AddLanguage nl .nl
        !           897:     AddLanguage en .en
        !           898:     AddLanguage et .ee
        !           899:     AddLanguage fr .fr
        !           900:     AddLanguage de .de
        !           901:     AddLanguage el .el
        !           902:     AddLanguage he .he
        !           903:     AddCharset ISO-8859-8 .iso8859-8
        !           904:     AddLanguage it .it
        !           905:     AddLanguage ja .ja
        !           906:     AddCharset ISO-2022-JP .jis
        !           907:     AddLanguage kr .kr
        !           908:     AddCharset ISO-2022-KR .iso-kr
        !           909:     AddLanguage nn .nn
        !           910:     AddLanguage no .no
        !           911:     AddLanguage pl .po
        !           912:     AddCharset ISO-8859-2 .iso-pl
        !           913:     AddLanguage pt .pt
        !           914:     AddLanguage pt-br .pt-br
        !           915:     AddLanguage ltz .lu
        !           916:     AddLanguage ca .ca
        !           917:     AddLanguage es .es
        !           918:     AddLanguage sv .se
        !           919:     AddLanguage cz .cz
        !           920:     AddLanguage ru .ru
        !           921:     AddLanguage zh-tw .tw
        !           922:     AddLanguage tw .tw
        !           923:     AddCharset Big5         .Big5    .big5
        !           924:     AddCharset WINDOWS-1251 .cp-1251
        !           925:     AddCharset CP866        .cp866
        !           926:     AddCharset ISO-8859-5   .iso-ru
        !           927:     AddCharset KOI8-R       .koi8-r
        !           928:     AddCharset UCS-2        .ucs2
        !           929:     AddCharset UCS-4        .ucs4
        !           930:     AddCharset UTF-8        .utf8
        !           931: 
        !           932:     # LanguagePriority allows you to give precedence to some languages
        !           933:     # in case of a tie during content negotiation.
        !           934:     #
        !           935:     # Just list the languages in decreasing order of preference. We have
        !           936:     # more or less alphabetized them here. You probably want to change this.
        !           937:     #
        !           938:     <IfModule mod_negotiation.c>
        !           939:         LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
        !           940:     </IfModule>
        !           941: 
        !           942:     #
        !           943:     # AddType allows you to tweak mime.types without actually editing it, or to
        !           944:     # make certain files to be certain types.
        !           945:     #
        !           946:     AddType application/x-tar .tgz
        !           947: 
        !           948:     #
        !           949:     # These types cause httpd to let the PHP interpreter handle files with
        !           950:     # the specified extensions.
        !           951:     #
        !           952:     ##<IfModule mod_php4.c>
        !           953:     ##    AddType application/x-httpd-php .php .php4 .php3 .phtml
        !           954:     ##    AddType application/x-httpd-php-source .phps
        !           955:     ##</IfModule>
        !           956:     ##<IfModule mod_php3.c>
        !           957:     ##    AddType application/x-httpd-php3 .php3
        !           958:     ##    AddType application/x-httpd-php3-source .phps
        !           959:     ##</IfModule>
        !           960:     ##<IfModule mod_php.c>
        !           961:     ##    AddType application/x-httpd-php .phtml
        !           962:     ##</IfModule>
        !           963: 
        !           964:     #
        !           965:     # AddHandler allows you to map certain file extensions to "handlers",
        !           966:     # actions unrelated to filetype. These can be either built into the server
        !           967:     # or added with the Action command (see below)
        !           968:     #
        !           969:     # If you want to use server side includes, or CGI outside
        !           970:     # ScriptAliased directories, uncomment the following lines.
        !           971:     #
        !           972:     # To use CGI scripts:
        !           973:     #
        !           974:     #AddHandler cgi-script .cgi
        !           975: 
        !           976:     #
        !           977:     # To use server-parsed HTML files
        !           978:     #
        !           979:     AddType text/html .shtml
        !           980:     AddHandler server-parsed .shtml
        !           981: 
        !           982:     #
        !           983:     # Uncomment the following line to enable Apache's send-asis HTTP file
        !           984:     # feature
        !           985:     #
        !           986:     #AddHandler send-as-is asis
        !           987: 
        !           988:     #
        !           989:     # If you wish to use server-parsed imagemap files, use
        !           990:     #
        !           991:     AddHandler imap-file map
        !           992: 
        !           993:     #
        !           994:     # To enable type maps, you might want to use
        !           995:     #
        !           996:     #AddHandler type-map var
        !           997: 
        !           998: </IfModule>
        !           999: # End of document types.
        !          1000: 
        !          1001: #
        !          1002: # Action lets you define media types that will execute a script whenever
        !          1003: # a matching file is called. This eliminates the need for repeated URL
        !          1004: # pathnames for oft-used CGI file processors.
        !          1005: # Format: Action media/type /cgi-script/location
        !          1006: # Format: Action handler-name /cgi-script/location
        !          1007: #
        !          1008: 
        !          1009: #
        !          1010: # MetaDir: specifies the name of the directory in which Apache can find
        !          1011: # meta information files. These files contain additional HTTP headers
        !          1012: # to include when sending the document
        !          1013: #
        !          1014: #MetaDir .web
        !          1015: 
        !          1016: #
        !          1017: # MetaSuffix: specifies the file name suffix for the file containing the
        !          1018: # meta information.
        !          1019: #
        !          1020: #MetaSuffix .meta
        !          1021: 
        !          1022: #
        !          1023: # Customizable error response (Apache style)
        !          1024: #  these come in three flavors
        !          1025: #
        !          1026: #    1) plain text
        !          1027: #ErrorDocument 500 "The server made a boo boo.
        !          1028: #  n.b.  the single leading (") marks it as text, it does not get output
        !          1029: #
        !          1030: #    2) local redirects
        !          1031: #ErrorDocument 404 /missing.html
        !          1032: #  to redirect to local URL /missing.html
        !          1033: #ErrorDocument 404 /cgi-bin/missing_handler.pl
        !          1034: #  N.B.: You can redirect to a script or a document using server-side-includes.
        !          1035: #
        !          1036: #    3) external redirects
        !          1037: #ErrorDocument 402 http://some.other-server.com/subscription_info.html
        !          1038: #  N.B.: Many of the environment variables associated with the original
        !          1039: #  request will *not* be available to such a script.
        !          1040: 
        !          1041: #
        !          1042: # Customize behaviour based on the browser
        !          1043: #
        !          1044: <IfModule mod_setenvif.c>
        !          1045: 
        !          1046:     #
        !          1047:     # The following directives modify normal HTTP response behavior.
        !          1048:     # The first directive disables keepalive for Netscape 2.x and browsers that
        !          1049:     # spoof it. There are known problems with these browser implementations.
        !          1050:     # The second directive is for Microsoft Internet Explorer 4.0b2
        !          1051:     # which has a broken HTTP/1.1 implementation and does not properly
        !          1052:     # support keepalive when it is used on 301 or 302 (redirect) responses.
        !          1053:     #
        !          1054:     BrowserMatch "Mozilla/2" nokeepalive
        !          1055:     BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
        !          1056: 
        !          1057:     #
        !          1058:     # The following directive disables HTTP/1.1 responses to browsers which
        !          1059:     # are in violation of the HTTP/1.0 spec by not being able to grok a
        !          1060:     # basic 1.1 response.
        !          1061:     #
        !          1062:     BrowserMatch "RealPlayer 4\.0" force-response-1.0
        !          1063:     BrowserMatch "Java/1\.0" force-response-1.0
        !          1064:     BrowserMatch "JDK/1\.0" force-response-1.0
        !          1065: 
        !          1066: </IfModule>
        !          1067: # End of browser customization directives
        !          1068: 
        !          1069: #
        !          1070: # If the perl module is installed, this will allow execution of mod_perl
        !          1071: # to compile your scripts to subroutines which it will execute directly,
        !          1072: # avoiding the costly compile process for most requests.
        !          1073: #
        !          1074: #<IfModule mod_perl.c>
        !          1075: #    Alias /perl /var/www/perl
        !          1076: #    <Directory /var/www/perl>
        !          1077: #        SetHandler perl-script
        !          1078: #        PerlHandler Apache::Registry
        !          1079: #        Options +ExecCGI
        !          1080: #    </Directory>
        !          1081: #</IfModule>
        !          1082: 
        !          1083: #
        !          1084: # Allow http put (such as Netscape Gold's publish feature)
        !          1085: # Use htpasswd to generate /etc/httpd/conf/passwd.
        !          1086: #
        !          1087: #<IfModule mod_put.c>
        !          1088: #    Alias /upload /tmp
        !          1089: #    <Directory /tmp>
        !          1090: #        EnablePut On
        !          1091: #        AuthType Basic
        !          1092: #        AuthName Temporary
        !          1093: #        AuthUserFile /etc/httpd/conf/passwd
        !          1094: #        EnableDelete Off
        !          1095: #        umask 007
        !          1096: #        <Limit PUT>
        !          1097: #            require valid-user
        !          1098: #        </Limit>
        !          1099: #    </Directory>
        !          1100: #</IfModule>
        !          1101: 
        !          1102: #
        !          1103: # Allow server status reports, with the URL of http://servername/server-status
        !          1104: # Change the ".your-domain.com" to match your domain to enable.
        !          1105: #
        !          1106: #<Location /server-status>
        !          1107: #    SetHandler server-status
        !          1108: #    Order deny,allow
        !          1109: #    Deny from all
        !          1110: #    Allow from .your-domain.com
        !          1111: #</Location>
        !          1112: 
        !          1113: #
        !          1114: # Allow remote server configuration reports, with the URL of
        !          1115: # http://servername/server-info (requires that mod_info.c be loaded).
        !          1116: # Change the ".your-domain.com" to match your domain to enable.
        !          1117: #
        !          1118: #<Location /server-info>
        !          1119: #    SetHandler server-info
        !          1120: #    Order deny,allow
        !          1121: #    Deny from all
        !          1122: #    Allow from .your-domain.com
        !          1123: #</Location>
        !          1124: 
        !          1125: #
        !          1126: # Allow access to local system documentation from localhost
        !          1127: #
        !          1128: Alias /doc/ /usr/share/doc/
        !          1129: <Directory /usr/share/doc>
        !          1130:     order deny,allow
        !          1131:     deny from all
        !          1132:     allow from localhost .localdomain
        !          1133:     Options Indexes FollowSymLinks
        !          1134: </Directory>
        !          1135: 
        !          1136: #
        !          1137: # There have been reports of people trying to abuse an old bug from pre-1.1
        !          1138: # days.  This bug involved a CGI script distributed as a part of Apache.
        !          1139: # By uncommenting these lines you can redirect these attacks to a logging 
        !          1140: # script on phf.apache.org.  Or, you can record them yourself, using the script
        !          1141: # support/phf_abuse_log.cgi.
        !          1142: #
        !          1143: #<Location /cgi-bin/phf*>
        !          1144: #    Deny from all
        !          1145: #    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
        !          1146: #</Location>
        !          1147: 
        !          1148: #
        !          1149: # Proxy Server directives. Uncomment the following lines to
        !          1150: # enable the proxy server:
        !          1151: #
        !          1152: #<IfModule mod_proxy.c>
        !          1153: #    ProxyRequests On
        !          1154: 
        !          1155: #    <Directory proxy:*>
        !          1156: #        Order deny,allow
        !          1157: #        Deny from all
        !          1158: #        Allow from .your-domain.com
        !          1159: #    </Directory>
        !          1160: 
        !          1161:     #
        !          1162:     # Enable/disable the handling of HTTP/1.1 "Via:" headers.
        !          1163:     # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
        !          1164:     # Set to one of: Off | On | Full | Block
        !          1165:     #
        !          1166: #    ProxyVia On
        !          1167: 
        !          1168:     #
        !          1169:     # To enable the cache as well, edit and uncomment the following lines:
        !          1170:     # (no caching without CacheRoot)
        !          1171:     #
        !          1172: #    CacheRoot "/var/cache/httpd"
        !          1173: #    CacheSize 5
        !          1174: #    CacheGcInterval 4
        !          1175: #    CacheMaxExpire 24
        !          1176: #    CacheLastModifiedFactor 0.1
        !          1177: #    CacheDefaultExpire 1
        !          1178: #    NoCache a-domain.com another-domain.edu joes.garage-sale.com
        !          1179: 
        !          1180: #</IfModule>
        !          1181: # End of proxy directives.
        !          1182: 
        !          1183: ### Section 3: Virtual Hosts
        !          1184: #
        !          1185: # VirtualHost: If you want to maintain multiple domains/hostnames on your
        !          1186: # machine you can setup VirtualHost containers for them. Most configurations
        !          1187: # use only name-based virtual hosts so the server doesn't need to worry about
        !          1188: # IP addresses. This is indicated by the asterisks in the directives below.
        !          1189: #
        !          1190: # Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
        !          1191: # for further details before you try to setup virtual hosts.
        !          1192: #
        !          1193: # You may use the command line option '-S' to verify your virtual host
        !          1194: # configuration.
        !          1195: 
        !          1196: #
        !          1197: # Use name-based virtual hosting.
        !          1198: #
        !          1199: #NameVirtualHost *
        !          1200: 
        !          1201: #
        !          1202: # VirtualHost example:
        !          1203: # Almost any Apache directive may go into a VirtualHost container.
        !          1204: # The first VirtualHost section is used for requests without a known
        !          1205: # server name.
        !          1206: #
        !          1207: #<VirtualHost *>
        !          1208: #    ServerAdmin webmaster@dummy-host.example.com
        !          1209: #    DocumentRoot /www/docs/dummy-host.example.com
        !          1210: #    ServerName dummy-host.example.com
        !          1211: #    ErrorLog logs/dummy-host.example.com-error_log
        !          1212: #    CustomLog logs/dummy-host.example.com-access_log common
        !          1213: #</VirtualHost>
        !          1214: 
        !          1215: #<VirtualHost _default_:*>
        !          1216: #</VirtualHost>
        !          1217: 
        !          1218: ##
        !          1219: ##  SSL Global Context
        !          1220: ##
        !          1221: ##  All SSL configuration in this context applies both to
        !          1222: ##  the main server and all SSL-enabled virtual hosts.
        !          1223: ##
        !          1224: 
        !          1225: #
        !          1226: #   Some MIME-types for downloading Certificates and CRLs
        !          1227: #
        !          1228: <IfDefine HAVE_SSL>
        !          1229: AddType application/x-x509-ca-cert .crt
        !          1230: AddType application/x-pkcs7-crl    .crl
        !          1231: </IfDefine>
        !          1232: 
        !          1233: <IfModule mod_ssl.c>
        !          1234: 
        !          1235: #   Pass Phrase Dialog:
        !          1236: #   Configure the pass phrase gathering process.
        !          1237: #   The filtering dialog program (`builtin' is a internal
        !          1238: #   terminal dialog) has to provide the pass phrase on stdout.
        !          1239: SSLPassPhraseDialog  builtin
        !          1240: 
        !          1241: #   Inter-Process Session Cache:
        !          1242: #   Configure the SSL Session Cache: First the mechanism 
        !          1243: #   to use and second the expiring timeout (in seconds).
        !          1244: #SSLSessionCache        none
        !          1245: #SSLSessionCache        shmht:logs/ssl_scache(512000)
        !          1246: #SSLSessionCache        shmcb:logs/ssl_scache(512000)
        !          1247: SSLSessionCache         dbm:logs/ssl_scache
        !          1248: SSLSessionCacheTimeout  300
        !          1249: 
        !          1250: #   Semaphore:
        !          1251: #   Configure the path to the mutual exclusion semaphore the
        !          1252: #   SSL engine uses internally for inter-process synchronization. 
        !          1253: SSLMutex  file:logs/ssl_mutex
        !          1254: 
        !          1255: #   Pseudo Random Number Generator (PRNG):
        !          1256: #   Configure one or more sources to seed the PRNG of the 
        !          1257: #   SSL library. The seed data should be of good random quality.
        !          1258: #   WARNING! On some platforms /dev/random blocks if not enough entropy
        !          1259: #   is available. This means you then cannot use the /dev/random device
        !          1260: #   because it would lead to very long connection times (as long as
        !          1261: #   it requires to make more entropy available). But usually those
        !          1262: #   platforms additionally provide a /dev/urandom device which doesn't
        !          1263: #   block. So, if available, use this one instead. Read the mod_ssl User
        !          1264: #   Manual for more details.
        !          1265: SSLRandomSeed startup builtin
        !          1266: SSLRandomSeed connect builtin
        !          1267: #SSLRandomSeed startup file:/dev/random  512
        !          1268: #SSLRandomSeed startup file:/dev/urandom 512
        !          1269: #SSLRandomSeed connect file:/dev/random  512
        !          1270: #SSLRandomSeed connect file:/dev/urandom 512
        !          1271: 
        !          1272: #   Logging:
        !          1273: #   The home of the dedicated SSL protocol logfile. Errors are
        !          1274: #   additionally duplicated in the general error log file.  Put
        !          1275: #   this somewhere where it cannot be used for symlink attacks on
        !          1276: #   a real server (i.e. somewhere where only root can write).
        !          1277: #   Log levels are (ascending order: higher ones include lower ones):
        !          1278: #   none, error, warn, info, trace, debug.
        !          1279: SSLLog      logs/ssl_engine_log
        !          1280: SSLLogLevel error
        !          1281: 
        !          1282: </IfModule>
        !          1283: 
        !          1284: <IfDefine HAVE_SSL>
        !          1285: 
        !          1286: ##
        !          1287: ## SSL Virtual Host Context
        !          1288: ##
        !          1289: 
        !          1290: <VirtualHost _default_:443>
        !          1291: 
        !          1292: #  General setup for the virtual host
        !          1293: #DocumentRoot "/etc/httpd/htdocs"
        !          1294: #ServerName new.host.name
        !          1295: #ServerAdmin you@your.address
        !          1296: ErrorLog logs/error_log
        !          1297: TransferLog logs/access_log
        !          1298: 
        !          1299: #   SSL Engine Switch:
        !          1300: #   Enable/Disable SSL for this virtual host.
        !          1301: SSLEngine on
        !          1302: 
        !          1303: #   SSL Cipher Suite:
        !          1304: #   List the ciphers that the client is permitted to negotiate.
        !          1305: #   See the mod_ssl documentation for a complete list.
        !          1306: #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        !          1307: 
        !          1308: #   Server Certificate:
        !          1309: #   Point SSLCertificateFile at a PEM encoded certificate.  If
        !          1310: #   the certificate is encrypted, then you will be prompted for a
        !          1311: #   pass phrase.  Note that a kill -HUP will prompt again. A test
        !          1312: #   certificate can be generated with `make certificate' under
        !          1313: #   built time. Keep in mind that if you've both a RSA and a DSA
        !          1314: #   certificate you can configure both in parallel (to also allow
        !          1315: #   the use of DSA ciphers, etc.)
        !          1316: SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
        !          1317: #SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt
        !          1318: 
        !          1319: #   Server Private Key:
        !          1320: #   If the key is not combined with the certificate, use this
        !          1321: #   directive to point at the key file.  Keep in mind that if
        !          1322: #   you've both a RSA and a DSA private key you can configure
        !          1323: #   both in parallel (to also allow the use of DSA ciphers, etc.)
        !          1324: SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
        !          1325: #SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key
        !          1326: 
        !          1327: #   Server Certificate Chain:
        !          1328: #   Point SSLCertificateChainFile at a file containing the
        !          1329: #   concatenation of PEM encoded CA certificates which form the
        !          1330: #   certificate chain for the server certificate. Alternatively
        !          1331: #   the referenced file can be the same as SSLCertificateFile
        !          1332: #   when the CA certificates are directly appended to the server
        !          1333: #   certificate for convinience.
        !          1334: #SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
        !          1335: 
        !          1336: #   Certificate Authority (CA):
        !          1337: #   Set the CA certificate verification path where to find CA
        !          1338: #   certificates for client authentication or alternatively one
        !          1339: #   huge file containing all of them (file must be PEM encoded)
        !          1340: #   Note: Inside SSLCACertificatePath you need hash symlinks
        !          1341: #         to point to the certificate files. Use the provided
        !          1342: #         Makefile to update the hash symlinks after changes.
        !          1343: #SSLCACertificatePath /etc/httpd/conf/ssl.crt
        !          1344: #SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
        !          1345: 
        !          1346: #   Certificate Revocation Lists (CRL):
        !          1347: #   Set the CA revocation path where to find CA CRLs for client
        !          1348: #   authentication or alternatively one huge file containing all
        !          1349: #   of them (file must be PEM encoded)
        !          1350: #   Note: Inside SSLCARevocationPath you need hash symlinks
        !          1351: #         to point to the certificate files. Use the provided
        !          1352: #         Makefile to update the hash symlinks after changes.
        !          1353: #SSLCARevocationPath /etc/httpd/conf/ssl.crl
        !          1354: #SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
        !          1355: 
        !          1356: #   Client Authentication (Type):
        !          1357: #   Client certificate verification type and depth.  Types are
        !          1358: #   none, optional, require and optional_no_ca.  Depth is a
        !          1359: #   number which specifies how deeply to verify the certificate
        !          1360: #   issuer chain before deciding the certificate is not valid.
        !          1361: #SSLVerifyClient require
        !          1362: #SSLVerifyDepth  10
        !          1363: 
        !          1364: #   Access Control:
        !          1365: #   With SSLRequire you can do per-directory access control based
        !          1366: #   on arbitrary complex boolean expressions containing server
        !          1367: #   variable checks and other lookup directives.  The syntax is a
        !          1368: #   mixture between C and Perl.  See the mod_ssl documentation
        !          1369: #   for more details.
        !          1370: #<Location />
        !          1371: #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
        !          1372: #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
        !          1373: #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
        !          1374: #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
        !          1375: #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
        !          1376: #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
        !          1377: #</Location>
        !          1378: 
        !          1379: #   SSL Engine Options:
        !          1380: #   Set various options for the SSL engine.
        !          1381: #   o FakeBasicAuth:
        !          1382: #     Translate the client X.509 into a Basic Authorisation.  This means that
        !          1383: #     the standard Auth/DBMAuth methods can be used for access control.  The
        !          1384: #     user name is the `one line' version of the client's X.509 certificate.
        !          1385: #     Note that no password is obtained from the user. Every entry in the user
        !          1386: #     file needs this password: `xxj31ZMTZzkVA'.
        !          1387: #   o ExportCertData:
        !          1388: #     This exports two additional environment variables: SSL_CLIENT_CERT and
        !          1389: #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
        !          1390: #     server (always existing) and the client (only existing when client
        !          1391: #     authentication is used). This can be used to import the certificates
        !          1392: #     into CGI scripts.
        !          1393: #   o StdEnvVars:
        !          1394: #     This exports the standard SSL/TLS related `SSL_*' environment variables.
        !          1395: #     Per default this exportation is switched off for performance reasons,
        !          1396: #     because the extraction step is an expensive operation and is usually
        !          1397: #     useless for serving static content. So one usually enables the
        !          1398: #     exportation for CGI and SSI requests only.
        !          1399: #   o CompatEnvVars:
        !          1400: #     This exports obsolete environment variables for backward compatibility
        !          1401: #     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
        !          1402: #     to provide compatibility to existing CGI scripts.
        !          1403: #   o StrictRequire:
        !          1404: #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
        !          1405: #     under a "Satisfy any" situation, i.e. when it applies access is denied
        !          1406: #     and no other module can change it.
        !          1407: #   o OptRenegotiate:
        !          1408: #     This enables optimized SSL connection renegotiation handling when SSL
        !          1409: #     directives are used in per-directory context. 
        !          1410: #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
        !          1411: <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        !          1412:     SSLOptions +StdEnvVars
        !          1413: </Files>
        !          1414: <Directory "/var/www/cgi-bin">
        !          1415:     SSLOptions +StdEnvVars
        !          1416: </Directory>
        !          1417: 
        !          1418: #   SSL Protocol Adjustments:
        !          1419: #   The safe and default but still SSL/TLS standard compliant shutdown
        !          1420: #   approach is that mod_ssl sends the close notify alert but doesn't wait for
        !          1421: #   the close notify alert from client. When you need a different shutdown
        !          1422: #   approach you can use one of the following variables:
        !          1423: #   o ssl-unclean-shutdown:
        !          1424: #     This forces an unclean shutdown when the connection is closed, i.e. no
        !          1425: #     SSL close notify alert is send or allowed to received.  This violates
        !          1426: #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
        !          1427: #     this when you receive I/O errors because of the standard approach where
        !          1428: #     mod_ssl sends the close notify alert.
        !          1429: #   o ssl-accurate-shutdown:
        !          1430: #     This forces an accurate shutdown when the connection is closed, i.e. a
        !          1431: #     SSL close notify alert is send and mod_ssl waits for the close notify
        !          1432: #     alert of the client. This is 100% SSL/TLS standard compliant, but in
        !          1433: #     practice often causes hanging connections with brain-dead browsers. Use
        !          1434: #     this only for browsers where you know that their SSL implementation
        !          1435: #     works correctly. 
        !          1436: #   Notice: Most problems of broken clients are also related to the HTTP
        !          1437: #   keep-alive facility, so you usually additionally want to disable
        !          1438: #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
        !          1439: #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
        !          1440: #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
        !          1441: #   "force-response-1.0" for this.
        !          1442: SetEnvIf User-Agent ".*MSIE.*" \
        !          1443:          nokeepalive ssl-unclean-shutdown \
        !          1444:          downgrade-1.0 force-response-1.0
        !          1445: 
        !          1446: #   Per-Server Logging:
        !          1447: #   The home of a custom SSL log file. Use this when you want a
        !          1448: #   compact non-error SSL logfile on a virtual host basis.
        !          1449: CustomLog logs/ssl_request_log \
        !          1450:           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
        !          1451: 
        !          1452: </VirtualHost>                                  
        !          1453: 
        !          1454: </IfDefine>
        !          1455: 
        !          1456: Include conf/srm.conf
        !          1457: Include conf/access.conf
        !          1458: Include conf/loncapa_apache.conf

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>