Annotation of doc/install/linux/rhes4/httpd.conf, revision 1.1
1.1 ! raeburn 1: #
! 2: # Based upon the NCSA server configuration files originally by Rob McCool.
! 3: #
! 4: # This is the main Apache server configuration file. It contains the
! 5: # configuration directives that give the server its instructions.
! 6: # See <URL:http://www.apache.org/docs/> for detailed information about
! 7: # the directives.
! 8: #
! 9: # Do NOT simply read the instructions in here without understanding
! 10: # what they do. They're here only as hints or reminders. If you are unsure
! 11: # consult the online docs. You have been warned.
! 12: #
! 13: # After this file is processed, the server will look for and process
! 14: # /etc/httpd/conf/srm.conf and then /etc/httpd/conf/access.conf
! 15: # unless you have overridden these with ResourceConfig and/or
! 16: # AccessConfig directives here.
! 17: #
! 18: # The configuration directives are grouped into three basic sections:
! 19: # 1. Directives that control the operation of the Apache server process as a
! 20: # whole (the 'global environment').
! 21: # 2. Directives that define the parameters of the 'main' or 'default' server,
! 22: # which responds to requests that aren't handled by a virtual host.
! 23: # These directives also provide default values for the settings
! 24: # of all virtual hosts.
! 25: # 3. Settings for virtual hosts, which allow Web requests to be sent to
! 26: # different IP addresses or hostnames and have them handled by the
! 27: # same Apache server process.
! 28: #
! 29: # Configuration and logfile names: If the filenames you specify for many
! 30: # of the server's control files begin with "/" (or "drive:/" for Win32), the
! 31: # server will use that explicit path. If the filenames do *not* begin
! 32: # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
! 33: # with ServerRoot set to "/usr/local/apache" will be interpreted by the
! 34: # server as "/usr/local/apache/logs/foo.log".
! 35: #
! 36:
! 37: ### Section 1: Global Environment
! 38: #
! 39: # The directives in this section affect the overall operation of Apache,
! 40: # such as the number of concurrent requests it can handle or where it
! 41: # can find its configuration files.
! 42: #
! 43:
! 44: #
! 45: # ServerType is either inetd, or standalone. Inetd mode is only supported on
! 46: # Unix platforms.
! 47: #
! 48: ServerType standalone
! 49:
! 50: #
! 51: # ServerRoot: The top of the directory tree under which the server's
! 52: # configuration, error, and log files are kept.
! 53: #
! 54: # NOTE! If you intend to place this on an NFS (or otherwise network)
! 55: # mounted filesystem then please read the LockFile documentation
! 56: # (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
! 57: # you will save yourself a lot of trouble.
! 58: #
! 59: # Do NOT add a slash at the end of the directory path.
! 60: #
! 61: ServerRoot "/etc/httpd"
! 62:
! 63: #
! 64: # The LockFile directive sets the path to the lockfile used when Apache
! 65: # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
! 66: # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
! 67: # its default value. The main reason for changing it is if the logs
! 68: # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
! 69: # DISK. The PID of the main server process is automatically appended to
! 70: # the filename.
! 71: #
! 72: LockFile /var/run/httpd.lock
! 73:
! 74: #
! 75: # PidFile: The file in which the server should record its process
! 76: # identification number when it starts.
! 77: #
! 78: PidFile /var/run/httpd.pid
! 79:
! 80: #
! 81: # ScoreBoardFile: File used to store internal server process information.
! 82: # Not all architectures require this. But if yours does (you'll know because
! 83: # this file will be created when you run Apache) then you *must* ensure that
! 84: # no two invocations of Apache share the same scoreboard file.
! 85: #
! 86: ScoreBoardFile logs/apache_runtime_status
! 87:
! 88: #
! 89: # In the standard configuration, the server will process httpd.conf (this
! 90: # file, specified by the -f command line option), srm.conf, and access.conf
! 91: # in that order. The latter two files are now distributed empty, as it is
! 92: # recommended that all directives be kept in a single file for simplicity.
! 93: # The commented-out values below are the built-in defaults. You can have the
! 94: # server ignore these files altogether by using "/dev/null" (for Unix) or
! 95: # "nul" (for Win32) for the arguments to the directives.
! 96: #
! 97: #ResourceConfig conf/srm.conf
! 98: #AccessConfig conf/access.conf
! 99:
! 100: #
! 101: # Timeout: The number of seconds before receives and sends time out.
! 102: #
! 103: Timeout 300
! 104:
! 105: #
! 106: # KeepAlive: Whether or not to allow persistent connections (more than
! 107: # one request per connection). Set to "Off" to deactivate.
! 108: #
! 109: KeepAlive Off
! 110:
! 111: #
! 112: # MaxKeepAliveRequests: The maximum number of requests to allow
! 113: # during a persistent connection. Set to 0 to allow an unlimited amount.
! 114: # We recommend you leave this number high, for maximum performance.
! 115: #
! 116: MaxKeepAliveRequests 100
! 117:
! 118: #
! 119: # KeepAliveTimeout: Number of seconds to wait for the next request from the
! 120: # same client on the same connection.
! 121: #
! 122: KeepAliveTimeout 15
! 123:
! 124: #
! 125: # Server-pool size regulation. Rather than making you guess how many
! 126: # server processes you need, Apache dynamically adapts to the load it
! 127: # sees --- that is, it tries to maintain enough server processes to
! 128: # handle the current load, plus a few spare servers to handle transient
! 129: # load spikes (e.g., multiple simultaneous requests from a single
! 130: # Netscape browser).
! 131: #
! 132: # It does this by periodically checking how many servers are waiting
! 133: # for a request. If there are fewer than MinSpareServers, it creates
! 134: # a new spare. If there are more than MaxSpareServers, some of the
! 135: # spares die off. The default values are probably OK for most sites.
! 136: #
! 137: MinSpareServers 5
! 138: MaxSpareServers 20
! 139:
! 140: #
! 141: # Number of servers to start initially --- should be a reasonable ballpark
! 142: # figure.
! 143: #
! 144: StartServers 8
! 145:
! 146: #
! 147: # Limit on total number of servers running, i.e., limit on the number
! 148: # of clients who can simultaneously connect --- if this limit is ever
! 149: # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
! 150: # It is intended mainly as a brake to keep a runaway server from taking
! 151: # the system with it as it spirals down...
! 152: #
! 153: MaxClients 150
! 154:
! 155: #
! 156: # MaxRequestsPerChild: the number of requests each child process is
! 157: # allowed to process before the child dies. The child will exit so
! 158: # as to avoid problems after prolonged use when Apache (and maybe the
! 159: # libraries it uses) leak memory or other resources. On most systems, this
! 160: # isn't really needed, but a few (such as Solaris) do have notable leaks
! 161: # in the libraries. For these platforms, set to something like 10000
! 162: # or so; a setting of 0 means unlimited.
! 163: #
! 164: # NOTE: This value does not include keepalive requests after the initial
! 165: # request per connection. For example, if a child process handles
! 166: # an initial request and 10 subsequent "keptalive" requests, it
! 167: # would only count as 1 request towards this limit.
! 168: #
! 169: MaxRequestsPerChild 1000
! 170:
! 171: #
! 172: # Listen: Allows you to bind Apache to specific IP addresses and/or
! 173: # ports, in addition to the default. See also the <VirtualHost>
! 174: # directive.
! 175: #
! 176: #Listen 3000
! 177: #Listen 12.34.56.78:80
! 178: #Listen 80
! 179:
! 180: #
! 181: # BindAddress: You can support virtual hosts with this option. This directive
! 182: # is used to tell the server which IP address to listen to. It can either
! 183: # contain "*", an IP address, or a fully qualified Internet domain name.
! 184: # See also the <VirtualHost> and Listen directives.
! 185: #
! 186: #BindAddress *
! 187:
! 188: #
! 189: # Dynamic Shared Object (DSO) Support
! 190: #
! 191: # To be able to use the functionality of a module which was built as a DSO you
! 192: # have to place corresponding `LoadModule' lines at this location so the
! 193: # directives contained in it are actually available _before_ they are used.
! 194: # Please read the file http://httpd.apache.org/docs/dso.html for more
! 195: # details about the DSO mechanism and run `httpd -l' for the list of already
! 196: # built-in (statically linked and thus always available) modules in your httpd
! 197: # binary.
! 198: #
! 199: # Note: The order in which modules are loaded is important. Don't change
! 200: # the order below without expert advice.
! 201: #
! 202: # Example:
! 203: # LoadModule foo_module modules/mod_foo.so
! 204:
! 205: #LoadModule mmap_static_module modules/mod_mmap_static.so
! 206: LoadModule vhost_alias_module modules/mod_vhost_alias.so
! 207: <IfDefine HAVE_BANDWIDTH>
! 208: #LoadModule bandwidth_module modules/mod_bandwidth.so
! 209: </IfDefine>
! 210: <IfDefine HAVE_THROTTLE>
! 211: #LoadModule throttle_module modules/mod_throttle.so
! 212: </IfDefine>
! 213: LoadModule env_module modules/mod_env.so
! 214: LoadModule config_log_module modules/mod_log_config.so
! 215: LoadModule agent_log_module modules/mod_log_agent.so
! 216: LoadModule referer_log_module modules/mod_log_referer.so
! 217: #LoadModule mime_magic_module modules/mod_mime_magic.so
! 218: LoadModule mime_module modules/mod_mime.so
! 219: LoadModule negotiation_module modules/mod_negotiation.so
! 220: LoadModule status_module modules/mod_status.so
! 221: LoadModule info_module modules/mod_info.so
! 222: LoadModule includes_module modules/mod_include.so
! 223: LoadModule autoindex_module modules/mod_autoindex.so
! 224: LoadModule dir_module modules/mod_dir.so
! 225: LoadModule cgi_module modules/mod_cgi.so
! 226: LoadModule asis_module modules/mod_asis.so
! 227: LoadModule imap_module modules/mod_imap.so
! 228: LoadModule action_module modules/mod_actions.so
! 229: #LoadModule speling_module modules/mod_speling.so
! 230: LoadModule userdir_module modules/mod_userdir.so
! 231: LoadModule alias_module modules/mod_alias.so
! 232: LoadModule rewrite_module modules/mod_rewrite.so
! 233: LoadModule access_module modules/mod_access.so
! 234: LoadModule auth_module modules/mod_auth.so
! 235: LoadModule anon_auth_module modules/mod_auth_anon.so
! 236: LoadModule db_auth_module modules/mod_auth_db.so
! 237: #LoadModule auth_any_module modules/mod_auth_any.so
! 238: #LoadModule dbm_auth_module modules/mod_auth_dbm.so
! 239: #LoadModule auth_ldap_module modules/mod_auth_ldap.so
! 240: #LoadModule mysql_auth_module modules/mod_auth_mysql.so
! 241: #LoadModule auth_pgsql_module modules/mod_auth_pgsql.so
! 242: #LoadModule digest_module modules/mod_digest.so
! 243: #LoadModule proxy_module modules/libproxy.so
! 244: #LoadModule cern_meta_module modules/mod_cern_meta.so
! 245: LoadModule expires_module modules/mod_expires.so
! 246: LoadModule headers_module modules/mod_headers.so
! 247: #LoadModule usertrack_module modules/mod_usertrack.so
! 248: #LoadModule example_module modules/mod_example.so
! 249: #LoadModule unique_id_module modules/mod_unique_id.so
! 250: LoadModule setenvif_module modules/mod_setenvif.so
! 251: <IfDefine HAVE_PERL>
! 252: LoadModule perl_module modules/libperl.so
! 253: </IfDefine>
! 254: #<IfDefine HAVE_PHP>
! 255: #LoadModule php_module modules/mod_php.so
! 256: #</IfDefine>
! 257: #<IfDefine HAVE_PHP3>
! 258: #LoadModule php3_module modules/libphp3.so
! 259: #</IfDefine>
! 260: #<IfDefine HAVE_PHP4>
! 261: #LoadModule php4_module modules/libphp4.so
! 262: #</IfDefine>
! 263: #<IfDefine HAVE_DAV>
! 264: #LoadModule dav_module modules/libdav.so
! 265: #</IfDefine>
! 266: #<IfDefine HAVE_ROAMING>
! 267: #LoadModule roaming_module modules/mod_roaming.so
! 268: #</IfDefine>
! 269: #<IfDefine HAVE_SSL>
! 270: #LoadModule ssl_module modules/libssl.so
! 271: #</IfDefine>
! 272: #<IfDefine HAVE_PUT>
! 273: #LoadModule put_module modules/mod_put.so
! 274: #</IfDefine>
! 275: #<IfDefine HAVE_PYTHON>
! 276: #LoadModule python_module modules/mod_python.so
! 277: #</IfDefine>
! 278:
! 279: # Reconstruction of the complete module list from all available modules
! 280: # (static and shared ones) to achieve correct module execution order.
! 281: # [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
! 282: ClearModuleList
! 283: #AddModule mod_mmap_static.c
! 284: AddModule mod_vhost_alias.c
! 285: #<IfDefine HAVE_BANDWIDTH>
! 286: #AddModule mod_bandwidth.c
! 287: #</IfDefine>
! 288: #<IfDefine HAVE_THROTTLE>
! 289: #AddModule mod_throttle.c
! 290: #</IfDefine>
! 291: AddModule mod_env.c
! 292: AddModule mod_log_config.c
! 293: AddModule mod_log_agent.c
! 294: AddModule mod_log_referer.c
! 295: #AddModule mod_mime_magic.c
! 296: AddModule mod_mime.c
! 297: AddModule mod_negotiation.c
! 298: AddModule mod_status.c
! 299: AddModule mod_info.c
! 300: AddModule mod_include.c
! 301: AddModule mod_autoindex.c
! 302: AddModule mod_dir.c
! 303: AddModule mod_cgi.c
! 304: AddModule mod_asis.c
! 305: AddModule mod_imap.c
! 306: AddModule mod_actions.c
! 307: #AddModule mod_speling.c
! 308: AddModule mod_userdir.c
! 309: AddModule mod_alias.c
! 310: AddModule mod_rewrite.c
! 311: AddModule mod_access.c
! 312: AddModule mod_auth.c
! 313: AddModule mod_auth_anon.c
! 314: AddModule mod_auth_db.c
! 315: #AddModule mod_auth_any.c
! 316: #AddModule mod_auth_dbm.c
! 317: #AddModule auth_ldap.c
! 318: #AddModule mod_auth_mysql.c
! 319: #AddModule mod_auth_pgsql.c
! 320: #AddModule mod_digest.c
! 321: #AddModule mod_proxy.c
! 322: #AddModule mod_cern_meta.c
! 323: AddModule mod_expires.c
! 324: AddModule mod_headers.c
! 325: #AddModule mod_usertrack.c
! 326: #AddModule mod_example.c
! 327: #AddModule mod_unique_id.c
! 328: AddModule mod_so.c
! 329: AddModule mod_setenvif.c
! 330: <IfDefine HAVE_PERL>
! 331: AddModule mod_perl.c
! 332: </IfDefine>
! 333: #<IfDefine HAVE_PHP>
! 334: #AddModule mod_php.c
! 335: #</IfDefine>
! 336: #<IfDefine HAVE_PHP3>
! 337: #AddModule mod_php3.c
! 338: #</IfDefine>
! 339: #<IfDefine HAVE_PHP4>
! 340: #AddModule mod_php4.c
! 341: #</IfDefine>
! 342: #<IfDefine HAVE_DAV>
! 343: #AddModule mod_dav.c
! 344: #</IfDefine>
! 345: #<IfDefine HAVE_ROAMING>
! 346: #AddModule mod_roaming.c
! 347: #</IfDefine>
! 348: #<IfDefine HAVE_SSL>
! 349: #AddModule mod_ssl.c
! 350: #</IfDefine>
! 351: #<IfDefine HAVE_PUT>
! 352: #AddModule mod_put.c
! 353: #</IfDefine>
! 354: #<IfDefine HAVE_PYTHON>
! 355: #AddModule mod_python.c
! 356: #</IfDefine>
! 357:
! 358: #
! 359: # ExtendedStatus controls whether Apache will generate "full" status
! 360: # information (ExtendedStatus On) or just basic information (ExtendedStatus
! 361: # Off) when the "server-status" handler is called. The default is Off.
! 362: #
! 363: #ExtendedStatus On
! 364:
! 365: ### Section 2: 'Main' server configuration
! 366: #
! 367: # The directives in this section set up the values used by the 'main'
! 368: # server, which responds to any requests that aren't handled by a
! 369: # <VirtualHost> definition. These values also provide defaults for
! 370: # any <VirtualHost> containers you may define later in the file.
! 371: #
! 372: # All of these directives may appear inside <VirtualHost> containers,
! 373: # in which case these default settings will be overridden for the
! 374: # virtual host being defined.
! 375: #
! 376:
! 377: #
! 378: # If your ServerType directive (set earlier in the 'Global Environment'
! 379: # section) is set to "inetd", the next few directives don't have any
! 380: # effect since their settings are defined by the inetd configuration.
! 381: # Skip ahead to the ServerAdmin directive.
! 382: #
! 383:
! 384: #
! 385: # Port: The port to which the standalone server listens. For
! 386: # ports < 1023, you will need httpd to be run as root initially.
! 387: #
! 388: Port 80
! 389:
! 390: ##
! 391: ## SSL Support
! 392: ##
! 393: ## When we also provide SSL we have to listen to the
! 394: ## standard HTTP port (see above) and to the HTTPS port
! 395: ##
! 396: <IfDefine HAVE_SSL>
! 397: Listen 80
! 398: Listen 443
! 399: </IfDefine>
! 400:
! 401: #
! 402: # If you wish httpd to run as a different user or group, you must run
! 403: # httpd as root initially and it will switch.
! 404: #
! 405: # User/Group: The name (or #number) of the user/group to run httpd as.
! 406: # . On SCO (ODT 3) use "User nouser" and "Group nogroup".
! 407: # . On HPUX you may not be able to use shared memory as nobody, and the
! 408: # suggested workaround is to create a user www and use that user.
! 409: # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
! 410: # when the value of (unsigned)Group is above 60000;
! 411: # don't use Group "#-1" on these systems!
! 412: #
! 413: User www
! 414: Group www
! 415:
! 416: #
! 417: # ServerAdmin: Your address, where problems with the server should be
! 418: # e-mailed. This address appears on some server-generated pages, such
! 419: # as error documents.
! 420: #
! 421: ServerAdmin root@localhost
! 422:
! 423: #
! 424: # ServerName allows you to set a host name which is sent back to clients for
! 425: # your server if it's different than the one the program would get (i.e., use
! 426: # "www" instead of the host's real name).
! 427: #
! 428: # Note: You cannot just invent host names and hope they work. The name you
! 429: # define here must be a valid DNS name for your host. If you don't understand
! 430: # this, ask your network administrator.
! 431: # If your host doesn't have a registered DNS name, enter its IP address here.
! 432: # You will have to access it by its address (e.g., http://123.45.67.89/)
! 433: # anyway, and this will make redirections work in a sensible way.
! 434: #
! 435: # 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your
! 436: # machine always knows itself by this address. If you use Apache strictly for
! 437: # local testing and development, you may use 127.0.0.1 as the server name.
! 438: #
! 439: #ServerName localhost
! 440:
! 441: ##
! 442: ## DocumentRoot: The directory out of which you will serve your
! 443: ## documents. By default, all requests are taken from this directory, but
! 444: ## symbolic links and aliases may be used to point to other locations.
! 445: ##
! 446: #DocumentRoot "/home/www/html"
! 447:
! 448: ##
! 449: ## Each directory to which Apache has access, can be configured with respect
! 450: ## to which services and features are allowed and/or disabled in that
! 451: ## directory (and its subdirectories).
! 452: ##
! 453: ## First, we configure the "default" to be a very restrictive set of
! 454: ## permissions.
! 455: ##
! 456: #<Directory />
! 457: # Options FollowSymLinks
! 458: # AllowOverride None
! 459: #</Directory>
! 460:
! 461: #
! 462: # Note that from this point forward you must specifically allow
! 463: # particular features to be enabled - so if something's not working as
! 464: # you might expect, make sure that you have specifically enabled it
! 465: # below.
! 466: #
! 467:
! 468: ##
! 469: ## This should be changed to whatever you set DocumentRoot to.
! 470: ##
! 471: #<Directory "/home/www/html">
! 472: #
! 473: ##
! 474: ## This may also be "None", "All", or any combination of "Indexes",
! 475: ## "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
! 476: ##
! 477: ## Note that "MultiViews" must be named *explicitly* --- "Options All"
! 478: ## doesn't give it to you.
! 479: ##
! 480: ## Options Indexes FollowSymLinks
! 481: # Options FollowSymLinks
! 482: #
! 483: ##
! 484: ## This controls which options the .htaccess files in directories can
! 485: ## override. Can also be "All", or any combination of "Options", "FileInfo",
! 486: ## "AuthConfig", and "Limit"
! 487: ##
! 488: # AllowOverride None
! 489: #
! 490: ##
! 491: ## Controls who can get stuff from this server.
! 492: ##
! 493: # Order allow,deny
! 494: # Allow from all
! 495: #</Directory>
! 496:
! 497: #
! 498: # UserDir: The name of the directory which is appended onto a user's home
! 499: # directory if a ~user request is received.
! 500: #
! 501: # The path to the end user account 'public_html' directory must be
! 502: # accessible to the webserver userid. This usually means that ~userid
! 503: # must have permissions of 711, ~userid/public_html must have permissions
! 504: # of 755, and documents contained therein must be world-readable.
! 505: # Otherwise, the client will only receive a "403 Forbidden" message.
! 506: #
! 507: # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
! 508: #
! 509: #<IfModule mod_userdir.c>
! 510: # UserDir public_html
! 511: #</IfModule>
! 512:
! 513: #
! 514: # Control access to UserDir directories. The following is an example
! 515: # for a site where these directories are restricted to read-only.
! 516: #
! 517: #<Directory /home/*/public_html>
! 518: # AllowOverride FileInfo AuthConfig Limit
! 519: # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
! 520: # <Limit GET POST OPTIONS PROPFIND>
! 521: # Order allow,deny
! 522: # Allow from all
! 523: # </Limit>
! 524: # <LimitExcept GET POST OPTIONS PROPFIND>
! 525: # Order deny,allow
! 526: # Deny from all
! 527: # </LimitExcept>
! 528: #</Directory>
! 529:
! 530: #
! 531: # DirectoryIndex: Name of the file or files to use as a pre-written HTML
! 532: # directory index. Separate multiple entries with spaces.
! 533: #
! 534: <IfModule mod_dir.c>
! 535: DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php3 index.phtml index.cgi
! 536: </IfModule>
! 537:
! 538: #
! 539: # AccessFileName: The name of the file to look for in each directory
! 540: # for access control information.
! 541: #
! 542: AccessFileName .htaccess
! 543:
! 544: #
! 545: # The following lines prevent .htaccess files from being viewed by
! 546: # Web clients. Since .htaccess files often contain authorization
! 547: # information, access is disallowed for security reasons. Comment
! 548: # these lines out if you want Web visitors to see the contents of
! 549: # .htaccess files. If you change the AccessFileName directive above,
! 550: # be sure to make the corresponding changes here.
! 551: #
! 552: # Also, folks tend to use names such as .htpasswd for password
! 553: # files, so this will protect those as well.
! 554: #
! 555: <Files ~ "^\.ht">
! 556: Order allow,deny
! 557: Deny from all
! 558: Satisfy All
! 559: </Files>
! 560:
! 561: #
! 562: # CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
! 563: # document that was negotiated on the basis of content. This asks proxy
! 564: # servers not to cache the document. Uncommenting the following line disables
! 565: # this behavior, and proxies will be allowed to cache the documents.
! 566: #
! 567: #CacheNegotiatedDocs
! 568:
! 569: #
! 570: # UseCanonicalName: (new for 1.3) With this setting turned on, whenever
! 571: # Apache needs to construct a self-referencing URL (a URL that refers back
! 572: # to the server the response is coming from) it will use ServerName and
! 573: # Port to form a "canonical" name. With this setting off, Apache will
! 574: # use the hostname:port that the client supplied, when possible. This
! 575: # also affects SERVER_NAME and SERVER_PORT in CGI scripts.
! 576: #
! 577: UseCanonicalName On
! 578:
! 579: #
! 580: # TypesConfig describes where the mime.types file (or equivalent) is
! 581: # to be found.
! 582: #
! 583: <IfModule mod_mime.c>
! 584: TypesConfig /etc/mime.types
! 585: </IfModule>
! 586:
! 587: #
! 588: # DefaultType is the default MIME type the server will use for a document
! 589: # if it cannot otherwise determine one, such as from filename extensions.
! 590: # If your server contains mostly text or HTML documents, "text/plain" is
! 591: # a good value. If most of your content is binary, such as applications
! 592: # or images, you may want to use "application/octet-stream" instead to
! 593: # keep browsers from trying to display binary files as though they are
! 594: # text.
! 595: #
! 596: DefaultType text/plain
! 597:
! 598: #
! 599: # The mod_mime_magic module allows the server to use various hints from the
! 600: # contents of the file itself to determine its type. The MIMEMagicFile
! 601: # directive tells the module where the hint definitions are located.
! 602: # mod_mime_magic is not part of the default server (you have to add
! 603: # it yourself with a LoadModule [see the DSO paragraph in the 'Global
! 604: # Environment' section], or recompile the server and include mod_mime_magic
! 605: # as part of the configuration), so it's enclosed in an <IfModule> container.
! 606: # This means that the MIMEMagicFile directive will only be processed if the
! 607: # module is part of the server.
! 608: #
! 609: <IfModule mod_mime_magic.c>
! 610: # MIMEMagicFile /usr/share/magic.mime
! 611: MIMEMagicFile conf/magic
! 612: </IfModule>
! 613:
! 614: #
! 615: # HostnameLookups: Log the names of clients or just their IP addresses
! 616: # e.g., www.apache.org (on) or 204.62.129.132 (off).
! 617: # The default is off because it'd be overall better for the net if people
! 618: # had to knowingly turn this feature on, since enabling it means that
! 619: # each client request will result in AT LEAST one lookup request to the
! 620: # nameserver.
! 621: #
! 622: HostnameLookups Off
! 623:
! 624: #
! 625: # ErrorLog: The location of the error log file.
! 626: # If you do not specify an ErrorLog directive within a <VirtualHost>
! 627: # container, error messages relating to that virtual host will be
! 628: # logged here. If you *do* define an error logfile for a <VirtualHost>
! 629: # container, that host's errors will be logged there and not here.
! 630: #
! 631: ErrorLog logs/error_log
! 632:
! 633: #
! 634: # LogLevel: Control the number of messages logged to the error_log.
! 635: # Possible values include: debug, info, notice, warn, error, crit,
! 636: # alert, emerg.
! 637: #
! 638: LogLevel warn
! 639:
! 640: #
! 641: # The following directives define some format nicknames for use with
! 642: # a CustomLog directive (see below).
! 643: #
! 644: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
! 645: LogFormat "%h %l %u %t \"%r\" %>s %b" common
! 646: LogFormat "%{Referer}i -> %U" referer
! 647: LogFormat "%{User-agent}i" agent
! 648:
! 649: #
! 650: # The location and format of the access logfile (Common Logfile Format).
! 651: # If you do not define any access logfiles within a <VirtualHost>
! 652: # container, they will be logged here. Contrariwise, if you *do*
! 653: # define per-<VirtualHost> access logfiles, transactions will be
! 654: # logged therein and *not* in this file.
! 655: #
! 656: # CustomLog /var/log/httpd/access_log common
! 657: CustomLog logs/access_log combined
! 658:
! 659: #
! 660: # If you would like to have agent and referer logfiles, uncomment the
! 661: # following directives.
! 662: #
! 663: #CustomLog logs/referer_log referer
! 664: #CustomLog logs/agent_log agent
! 665:
! 666: #
! 667: # If you prefer a single logfile with access, agent, and referer information
! 668: # (Combined Logfile Format) you can use the following directive.
! 669: #
! 670: #CustomLog logs/access_log combined
! 671:
! 672: #
! 673: # Optionally add a line containing the server version and virtual host
! 674: # name to server-generated pages (error documents, FTP directory listings,
! 675: # mod_status and mod_info output etc., but not CGI generated documents).
! 676: # Set to "EMail" to also include a mailto: link to the ServerAdmin.
! 677: # Set to one of: On | Off | EMail
! 678: #
! 679: ServerSignature On
! 680:
! 681: # EBCDIC configuration:
! 682: # (only for mainframes using the EBCDIC codeset, currently one of:
! 683: # Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!!
! 684: # The following default configuration assumes that "text files"
! 685: # are stored in EBCDIC (so that you can operate on them using the
! 686: # normal POSIX tools like grep and sort) while "binary files" are
! 687: # stored with identical octets as on an ASCII machine.
! 688: #
! 689: # The directives are evaluated in configuration file order, with
! 690: # the EBCDICConvert directives applied before EBCDICConvertByType.
! 691: #
! 692: # If you want to have ASCII HTML documents and EBCDIC HTML documents
! 693: # at the same time, you can use the file extension to force
! 694: # conversion off for the ASCII documents:
! 695: # > AddType text/html .ahtml
! 696: # > EBCDICConvert Off=InOut .ahtml
! 697: #
! 698: # EBCDICConvertByType On=InOut text/* message/* multipart/*
! 699: # EBCDICConvertByType On=In application/x-www-form-urlencoded
! 700: # EBCDICConvertByType On=InOut application/postscript model/vrml
! 701: # EBCDICConvertByType Off=InOut */*
! 702:
! 703:
! 704: #
! 705: # Aliases: Add here as many aliases as you need (with no limit). The format is
! 706: # Alias fakename realname
! 707: #
! 708: <IfModule mod_alias.c>
! 709:
! 710: #
! 711: # Note that if you include a trailing / on fakename then the server will
! 712: # require it to be present in the URL. So "/icons" isn't aliased in this
! 713: # example, only "/icons/". If the fakename is slash-terminated, then the
! 714: # realname must also be slash terminated, and if the fakename omits the
! 715: # trailing slash, the realname must also omit it.
! 716: #
! 717: Alias /icons/ "/home/httpd/icons/"
! 718:
! 719: <Directory "/home/httpd/icons">
! 720: Options Indexes MultiViews
! 721: AllowOverride None
! 722: Order allow,deny
! 723: Allow from all
! 724: </Directory>
! 725:
! 726: # This Alias will project the on-line documentation tree under /manual/
! 727: # even if you change the DocumentRoot. Comment it if you don't want to
! 728: # provide access to the on-line documentation.
! 729: #
! 730: # Alias /manual/ "/etc/httpd/htdocs/manual/"
! 731: #
! 732: # <Directory "/etc/httpd/htdocs/manual">
! 733: # Options Indexes FollowSymlinks MultiViews
! 734: # AllowOverride None
! 735: # Order allow,deny
! 736: # Allow from all
! 737: # </Directory>
! 738:
! 739: #
! 740: # ScriptAlias: This controls which directories contain server scripts.
! 741: # ScriptAliases are essentially the same as Aliases, except that
! 742: # documents in the realname directory are treated as applications and
! 743: # run by the server when requested rather than as documents sent to the client.
! 744: # The same rules about trailing "/" apply to ScriptAlias directives as to
! 745: # Alias.
! 746: #
! 747: ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
! 748:
! 749: #
! 750: # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
! 751: # CGI directory exists, if you have that configured.
! 752: #
! 753: <Directory "/home/httpd/cgi-bin">
! 754: AllowOverride None
! 755: Options None
! 756: Order allow,deny
! 757: Allow from all
! 758: </Directory>
! 759:
! 760: </IfModule>
! 761: # End of aliases.
! 762:
! 763: #
! 764: # Redirect allows you to tell clients about documents which used to exist in
! 765: # your server's namespace, but do not anymore. This allows you to tell the
! 766: # clients where to look for the relocated document.
! 767: # Format: Redirect old-URI new-URL
! 768: #
! 769:
! 770: #
! 771: # Directives controlling the display of server-generated directory listings.
! 772: #
! 773: <IfModule mod_autoindex.c>
! 774:
! 775: #
! 776: # FancyIndexing is whether you want fancy directory indexing or standard
! 777: #
! 778: IndexOptions FancyIndexing NameWidth=*
! 779:
! 780: #
! 781: # AddIcon* directives tell the server which icon to show for different
! 782: # files or filename extensions. These are only displayed for
! 783: # FancyIndexed directories.
! 784: #
! 785: AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
! 786:
! 787: AddIconByType (TXT,/icons/text.gif) text/*
! 788: AddIconByType (IMG,/icons/image2.gif) image/*
! 789: AddIconByType (SND,/icons/sound2.gif) audio/*
! 790: AddIconByType (VID,/icons/movie.gif) video/*
! 791:
! 792: AddIcon /icons/binary.gif .bin .exe
! 793: AddIcon /icons/binhex.gif .hqx
! 794: AddIcon /icons/tar.gif .tar
! 795: AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
! 796: AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
! 797: AddIcon /icons/a.gif .ps .ai .eps
! 798: AddIcon /icons/layout.gif .html .shtml .htm .pdf
! 799: AddIcon /icons/text.gif .txt
! 800: AddIcon /icons/c.gif .c
! 801: AddIcon /icons/p.gif .pl .py
! 802: AddIcon /icons/f.gif .for
! 803: AddIcon /icons/dvi.gif .dvi
! 804: AddIcon /icons/uuencoded.gif .uu
! 805: AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
! 806: AddIcon /icons/tex.gif .tex
! 807: AddIcon /icons/bomb.gif core
! 808:
! 809: AddIcon /icons/back.gif ..
! 810: AddIcon /icons/hand.right.gif README
! 811: AddIcon /icons/folder.gif ^^DIRECTORY^^
! 812: AddIcon /icons/blank.gif ^^BLANKICON^^
! 813:
! 814: #
! 815: # DefaultIcon is which icon to show for files which do not have an icon
! 816: # explicitly set.
! 817: #
! 818: DefaultIcon /icons/unknown.gif
! 819:
! 820: #
! 821: # AddDescription allows you to place a short description after a file in
! 822: # server-generated indexes. These are only displayed for FancyIndexed
! 823: # directories.
! 824: # Format: AddDescription "description" filename
! 825: #
! 826: #AddDescription "GZIP compressed document" .gz
! 827: #AddDescription "tar archive" .tar
! 828: #AddDescription "GZIP compressed tar archive" .tgz
! 829:
! 830: #
! 831: # ReadmeName is the name of the README file the server will look for by
! 832: # default, and append to directory listings.
! 833: #
! 834: # HeaderName is the name of a file which should be prepended to
! 835: # directory indexes.
! 836: #
! 837: # If MultiViews are amongst the Options in effect, the server will
! 838: # first look for name.html and include it if found. If name.html
! 839: # doesn't exist, the server will then look for name.txt and include
! 840: # it as plaintext if found.
! 841: #
! 842: ReadmeName README
! 843: HeaderName HEADER
! 844:
! 845: #
! 846: # IndexIgnore is a set of filenames which directory indexing should ignore
! 847: # and not include in the listing. Shell-style wildcarding is permitted.
! 848: #
! 849: IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
! 850:
! 851: </IfModule>
! 852: # End of indexing directives.
! 853:
! 854: #
! 855: # Document types.
! 856: #
! 857: <IfModule mod_mime.c>
! 858:
! 859: #
! 860: # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
! 861: # information on the fly. Note: Not all browsers support this.
! 862: # Despite the name similarity, the following Add* directives have nothing
! 863: # to do with the FancyIndexing customization directives above.
! 864: #
! 865: AddEncoding x-compress Z
! 866: AddEncoding x-gzip gz tgz
! 867:
! 868: #
! 869: # AddLanguage allows you to specify the language of a document. You can
! 870: # then use content negotiation to give a browser a file in a language
! 871: # it can understand.
! 872: #
! 873: # Note 1: The suffix does not have to be the same as the language
! 874: # keyword --- those with documents in Polish (whose net-standard
! 875: # language code is pl) may wish to use "AddLanguage pl .po" to
! 876: # avoid the ambiguity with the common suffix for perl scripts.
! 877: #
! 878: # Note 2: The example entries below illustrate that in quite
! 879: # some cases the two character 'Language' abbreviation is not
! 880: # identical to the two character 'Country' code for its country,
! 881: # E.g. 'Danmark/dk' versus 'Danish/da'.
! 882: #
! 883: # Note 3: In the case of 'ltz' we violate the RFC by using a three char
! 884: # specifier. But there is 'work in progress' to fix this and get
! 885: # the reference data for rfc1766 cleaned up.
! 886: #
! 887: # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
! 888: # French (fr) - German (de) - Greek-Modern (el)
! 889: # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn)
! 890: # Portugese (pt) - Luxembourgeois* (ltz)
! 891: # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
! 892: # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
! 893: # Russian (ru)
! 894: #
! 895: AddLanguage da .dk
! 896: AddLanguage nl .nl
! 897: AddLanguage en .en
! 898: AddLanguage et .ee
! 899: AddLanguage fr .fr
! 900: AddLanguage de .de
! 901: AddLanguage el .el
! 902: AddLanguage he .he
! 903: AddCharset ISO-8859-8 .iso8859-8
! 904: AddLanguage it .it
! 905: AddLanguage ja .ja
! 906: AddCharset ISO-2022-JP .jis
! 907: AddLanguage kr .kr
! 908: AddCharset ISO-2022-KR .iso-kr
! 909: AddLanguage nn .nn
! 910: AddLanguage no .no
! 911: AddLanguage pl .po
! 912: AddCharset ISO-8859-2 .iso-pl
! 913: AddLanguage pt .pt
! 914: AddLanguage pt-br .pt-br
! 915: AddLanguage ltz .lu
! 916: AddLanguage ca .ca
! 917: AddLanguage es .es
! 918: AddLanguage sv .se
! 919: AddLanguage cz .cz
! 920: AddLanguage ru .ru
! 921: AddLanguage zh-tw .tw
! 922: AddLanguage tw .tw
! 923: AddCharset Big5 .Big5 .big5
! 924: AddCharset WINDOWS-1251 .cp-1251
! 925: AddCharset CP866 .cp866
! 926: AddCharset ISO-8859-5 .iso-ru
! 927: AddCharset KOI8-R .koi8-r
! 928: AddCharset UCS-2 .ucs2
! 929: AddCharset UCS-4 .ucs4
! 930: AddCharset UTF-8 .utf8
! 931:
! 932: # LanguagePriority allows you to give precedence to some languages
! 933: # in case of a tie during content negotiation.
! 934: #
! 935: # Just list the languages in decreasing order of preference. We have
! 936: # more or less alphabetized them here. You probably want to change this.
! 937: #
! 938: <IfModule mod_negotiation.c>
! 939: LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
! 940: </IfModule>
! 941:
! 942: #
! 943: # AddType allows you to tweak mime.types without actually editing it, or to
! 944: # make certain files to be certain types.
! 945: #
! 946: AddType application/x-tar .tgz
! 947:
! 948: #
! 949: # These types cause httpd to let the PHP interpreter handle files with
! 950: # the specified extensions.
! 951: #
! 952: ##<IfModule mod_php4.c>
! 953: ## AddType application/x-httpd-php .php .php4 .php3 .phtml
! 954: ## AddType application/x-httpd-php-source .phps
! 955: ##</IfModule>
! 956: ##<IfModule mod_php3.c>
! 957: ## AddType application/x-httpd-php3 .php3
! 958: ## AddType application/x-httpd-php3-source .phps
! 959: ##</IfModule>
! 960: ##<IfModule mod_php.c>
! 961: ## AddType application/x-httpd-php .phtml
! 962: ##</IfModule>
! 963:
! 964: #
! 965: # AddHandler allows you to map certain file extensions to "handlers",
! 966: # actions unrelated to filetype. These can be either built into the server
! 967: # or added with the Action command (see below)
! 968: #
! 969: # If you want to use server side includes, or CGI outside
! 970: # ScriptAliased directories, uncomment the following lines.
! 971: #
! 972: # To use CGI scripts:
! 973: #
! 974: #AddHandler cgi-script .cgi
! 975:
! 976: #
! 977: # To use server-parsed HTML files
! 978: #
! 979: AddType text/html .shtml
! 980: AddHandler server-parsed .shtml
! 981:
! 982: #
! 983: # Uncomment the following line to enable Apache's send-asis HTTP file
! 984: # feature
! 985: #
! 986: #AddHandler send-as-is asis
! 987:
! 988: #
! 989: # If you wish to use server-parsed imagemap files, use
! 990: #
! 991: AddHandler imap-file map
! 992:
! 993: #
! 994: # To enable type maps, you might want to use
! 995: #
! 996: #AddHandler type-map var
! 997:
! 998: </IfModule>
! 999: # End of document types.
! 1000:
! 1001: #
! 1002: # Action lets you define media types that will execute a script whenever
! 1003: # a matching file is called. This eliminates the need for repeated URL
! 1004: # pathnames for oft-used CGI file processors.
! 1005: # Format: Action media/type /cgi-script/location
! 1006: # Format: Action handler-name /cgi-script/location
! 1007: #
! 1008:
! 1009: #
! 1010: # MetaDir: specifies the name of the directory in which Apache can find
! 1011: # meta information files. These files contain additional HTTP headers
! 1012: # to include when sending the document
! 1013: #
! 1014: #MetaDir .web
! 1015:
! 1016: #
! 1017: # MetaSuffix: specifies the file name suffix for the file containing the
! 1018: # meta information.
! 1019: #
! 1020: #MetaSuffix .meta
! 1021:
! 1022: #
! 1023: # Customizable error response (Apache style)
! 1024: # these come in three flavors
! 1025: #
! 1026: # 1) plain text
! 1027: #ErrorDocument 500 "The server made a boo boo.
! 1028: # n.b. the single leading (") marks it as text, it does not get output
! 1029: #
! 1030: # 2) local redirects
! 1031: #ErrorDocument 404 /missing.html
! 1032: # to redirect to local URL /missing.html
! 1033: #ErrorDocument 404 /cgi-bin/missing_handler.pl
! 1034: # N.B.: You can redirect to a script or a document using server-side-includes.
! 1035: #
! 1036: # 3) external redirects
! 1037: #ErrorDocument 402 http://some.other-server.com/subscription_info.html
! 1038: # N.B.: Many of the environment variables associated with the original
! 1039: # request will *not* be available to such a script.
! 1040:
! 1041: #
! 1042: # Customize behaviour based on the browser
! 1043: #
! 1044: <IfModule mod_setenvif.c>
! 1045:
! 1046: #
! 1047: # The following directives modify normal HTTP response behavior.
! 1048: # The first directive disables keepalive for Netscape 2.x and browsers that
! 1049: # spoof it. There are known problems with these browser implementations.
! 1050: # The second directive is for Microsoft Internet Explorer 4.0b2
! 1051: # which has a broken HTTP/1.1 implementation and does not properly
! 1052: # support keepalive when it is used on 301 or 302 (redirect) responses.
! 1053: #
! 1054: BrowserMatch "Mozilla/2" nokeepalive
! 1055: BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
! 1056:
! 1057: #
! 1058: # The following directive disables HTTP/1.1 responses to browsers which
! 1059: # are in violation of the HTTP/1.0 spec by not being able to grok a
! 1060: # basic 1.1 response.
! 1061: #
! 1062: BrowserMatch "RealPlayer 4\.0" force-response-1.0
! 1063: BrowserMatch "Java/1\.0" force-response-1.0
! 1064: BrowserMatch "JDK/1\.0" force-response-1.0
! 1065:
! 1066: </IfModule>
! 1067: # End of browser customization directives
! 1068:
! 1069: #
! 1070: # If the perl module is installed, this will allow execution of mod_perl
! 1071: # to compile your scripts to subroutines which it will execute directly,
! 1072: # avoiding the costly compile process for most requests.
! 1073: #
! 1074: #<IfModule mod_perl.c>
! 1075: # Alias /perl /var/www/perl
! 1076: # <Directory /var/www/perl>
! 1077: # SetHandler perl-script
! 1078: # PerlHandler Apache::Registry
! 1079: # Options +ExecCGI
! 1080: # </Directory>
! 1081: #</IfModule>
! 1082:
! 1083: #
! 1084: # Allow http put (such as Netscape Gold's publish feature)
! 1085: # Use htpasswd to generate /etc/httpd/conf/passwd.
! 1086: #
! 1087: #<IfModule mod_put.c>
! 1088: # Alias /upload /tmp
! 1089: # <Directory /tmp>
! 1090: # EnablePut On
! 1091: # AuthType Basic
! 1092: # AuthName Temporary
! 1093: # AuthUserFile /etc/httpd/conf/passwd
! 1094: # EnableDelete Off
! 1095: # umask 007
! 1096: # <Limit PUT>
! 1097: # require valid-user
! 1098: # </Limit>
! 1099: # </Directory>
! 1100: #</IfModule>
! 1101:
! 1102: #
! 1103: # Allow server status reports, with the URL of http://servername/server-status
! 1104: # Change the ".your-domain.com" to match your domain to enable.
! 1105: #
! 1106: #<Location /server-status>
! 1107: # SetHandler server-status
! 1108: # Order deny,allow
! 1109: # Deny from all
! 1110: # Allow from .your-domain.com
! 1111: #</Location>
! 1112:
! 1113: #
! 1114: # Allow remote server configuration reports, with the URL of
! 1115: # http://servername/server-info (requires that mod_info.c be loaded).
! 1116: # Change the ".your-domain.com" to match your domain to enable.
! 1117: #
! 1118: #<Location /server-info>
! 1119: # SetHandler server-info
! 1120: # Order deny,allow
! 1121: # Deny from all
! 1122: # Allow from .your-domain.com
! 1123: #</Location>
! 1124:
! 1125: #
! 1126: # Allow access to local system documentation from localhost
! 1127: #
! 1128: Alias /doc/ /usr/share/doc/
! 1129: <Directory /usr/share/doc>
! 1130: order deny,allow
! 1131: deny from all
! 1132: allow from localhost .localdomain
! 1133: Options Indexes FollowSymLinks
! 1134: </Directory>
! 1135:
! 1136: #
! 1137: # There have been reports of people trying to abuse an old bug from pre-1.1
! 1138: # days. This bug involved a CGI script distributed as a part of Apache.
! 1139: # By uncommenting these lines you can redirect these attacks to a logging
! 1140: # script on phf.apache.org. Or, you can record them yourself, using the script
! 1141: # support/phf_abuse_log.cgi.
! 1142: #
! 1143: #<Location /cgi-bin/phf*>
! 1144: # Deny from all
! 1145: # ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
! 1146: #</Location>
! 1147:
! 1148: #
! 1149: # Proxy Server directives. Uncomment the following lines to
! 1150: # enable the proxy server:
! 1151: #
! 1152: #<IfModule mod_proxy.c>
! 1153: # ProxyRequests On
! 1154:
! 1155: # <Directory proxy:*>
! 1156: # Order deny,allow
! 1157: # Deny from all
! 1158: # Allow from .your-domain.com
! 1159: # </Directory>
! 1160:
! 1161: #
! 1162: # Enable/disable the handling of HTTP/1.1 "Via:" headers.
! 1163: # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
! 1164: # Set to one of: Off | On | Full | Block
! 1165: #
! 1166: # ProxyVia On
! 1167:
! 1168: #
! 1169: # To enable the cache as well, edit and uncomment the following lines:
! 1170: # (no caching without CacheRoot)
! 1171: #
! 1172: # CacheRoot "/var/cache/httpd"
! 1173: # CacheSize 5
! 1174: # CacheGcInterval 4
! 1175: # CacheMaxExpire 24
! 1176: # CacheLastModifiedFactor 0.1
! 1177: # CacheDefaultExpire 1
! 1178: # NoCache a-domain.com another-domain.edu joes.garage-sale.com
! 1179:
! 1180: #</IfModule>
! 1181: # End of proxy directives.
! 1182:
! 1183: ### Section 3: Virtual Hosts
! 1184: #
! 1185: # VirtualHost: If you want to maintain multiple domains/hostnames on your
! 1186: # machine you can setup VirtualHost containers for them. Most configurations
! 1187: # use only name-based virtual hosts so the server doesn't need to worry about
! 1188: # IP addresses. This is indicated by the asterisks in the directives below.
! 1189: #
! 1190: # Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
! 1191: # for further details before you try to setup virtual hosts.
! 1192: #
! 1193: # You may use the command line option '-S' to verify your virtual host
! 1194: # configuration.
! 1195:
! 1196: #
! 1197: # Use name-based virtual hosting.
! 1198: #
! 1199: #NameVirtualHost *
! 1200:
! 1201: #
! 1202: # VirtualHost example:
! 1203: # Almost any Apache directive may go into a VirtualHost container.
! 1204: # The first VirtualHost section is used for requests without a known
! 1205: # server name.
! 1206: #
! 1207: #<VirtualHost *>
! 1208: # ServerAdmin webmaster@dummy-host.example.com
! 1209: # DocumentRoot /www/docs/dummy-host.example.com
! 1210: # ServerName dummy-host.example.com
! 1211: # ErrorLog logs/dummy-host.example.com-error_log
! 1212: # CustomLog logs/dummy-host.example.com-access_log common
! 1213: #</VirtualHost>
! 1214:
! 1215: #<VirtualHost _default_:*>
! 1216: #</VirtualHost>
! 1217:
! 1218: ##
! 1219: ## SSL Global Context
! 1220: ##
! 1221: ## All SSL configuration in this context applies both to
! 1222: ## the main server and all SSL-enabled virtual hosts.
! 1223: ##
! 1224:
! 1225: #
! 1226: # Some MIME-types for downloading Certificates and CRLs
! 1227: #
! 1228: <IfDefine HAVE_SSL>
! 1229: AddType application/x-x509-ca-cert .crt
! 1230: AddType application/x-pkcs7-crl .crl
! 1231: </IfDefine>
! 1232:
! 1233: <IfModule mod_ssl.c>
! 1234:
! 1235: # Pass Phrase Dialog:
! 1236: # Configure the pass phrase gathering process.
! 1237: # The filtering dialog program (`builtin' is a internal
! 1238: # terminal dialog) has to provide the pass phrase on stdout.
! 1239: SSLPassPhraseDialog builtin
! 1240:
! 1241: # Inter-Process Session Cache:
! 1242: # Configure the SSL Session Cache: First the mechanism
! 1243: # to use and second the expiring timeout (in seconds).
! 1244: #SSLSessionCache none
! 1245: #SSLSessionCache shmht:logs/ssl_scache(512000)
! 1246: #SSLSessionCache shmcb:logs/ssl_scache(512000)
! 1247: SSLSessionCache dbm:logs/ssl_scache
! 1248: SSLSessionCacheTimeout 300
! 1249:
! 1250: # Semaphore:
! 1251: # Configure the path to the mutual exclusion semaphore the
! 1252: # SSL engine uses internally for inter-process synchronization.
! 1253: SSLMutex file:logs/ssl_mutex
! 1254:
! 1255: # Pseudo Random Number Generator (PRNG):
! 1256: # Configure one or more sources to seed the PRNG of the
! 1257: # SSL library. The seed data should be of good random quality.
! 1258: # WARNING! On some platforms /dev/random blocks if not enough entropy
! 1259: # is available. This means you then cannot use the /dev/random device
! 1260: # because it would lead to very long connection times (as long as
! 1261: # it requires to make more entropy available). But usually those
! 1262: # platforms additionally provide a /dev/urandom device which doesn't
! 1263: # block. So, if available, use this one instead. Read the mod_ssl User
! 1264: # Manual for more details.
! 1265: SSLRandomSeed startup builtin
! 1266: SSLRandomSeed connect builtin
! 1267: #SSLRandomSeed startup file:/dev/random 512
! 1268: #SSLRandomSeed startup file:/dev/urandom 512
! 1269: #SSLRandomSeed connect file:/dev/random 512
! 1270: #SSLRandomSeed connect file:/dev/urandom 512
! 1271:
! 1272: # Logging:
! 1273: # The home of the dedicated SSL protocol logfile. Errors are
! 1274: # additionally duplicated in the general error log file. Put
! 1275: # this somewhere where it cannot be used for symlink attacks on
! 1276: # a real server (i.e. somewhere where only root can write).
! 1277: # Log levels are (ascending order: higher ones include lower ones):
! 1278: # none, error, warn, info, trace, debug.
! 1279: SSLLog logs/ssl_engine_log
! 1280: SSLLogLevel error
! 1281:
! 1282: </IfModule>
! 1283:
! 1284: <IfDefine HAVE_SSL>
! 1285:
! 1286: ##
! 1287: ## SSL Virtual Host Context
! 1288: ##
! 1289:
! 1290: <VirtualHost _default_:443>
! 1291:
! 1292: # General setup for the virtual host
! 1293: #DocumentRoot "/etc/httpd/htdocs"
! 1294: #ServerName new.host.name
! 1295: #ServerAdmin you@your.address
! 1296: ErrorLog logs/error_log
! 1297: TransferLog logs/access_log
! 1298:
! 1299: # SSL Engine Switch:
! 1300: # Enable/Disable SSL for this virtual host.
! 1301: SSLEngine on
! 1302:
! 1303: # SSL Cipher Suite:
! 1304: # List the ciphers that the client is permitted to negotiate.
! 1305: # See the mod_ssl documentation for a complete list.
! 1306: #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
! 1307:
! 1308: # Server Certificate:
! 1309: # Point SSLCertificateFile at a PEM encoded certificate. If
! 1310: # the certificate is encrypted, then you will be prompted for a
! 1311: # pass phrase. Note that a kill -HUP will prompt again. A test
! 1312: # certificate can be generated with `make certificate' under
! 1313: # built time. Keep in mind that if you've both a RSA and a DSA
! 1314: # certificate you can configure both in parallel (to also allow
! 1315: # the use of DSA ciphers, etc.)
! 1316: SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
! 1317: #SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt
! 1318:
! 1319: # Server Private Key:
! 1320: # If the key is not combined with the certificate, use this
! 1321: # directive to point at the key file. Keep in mind that if
! 1322: # you've both a RSA and a DSA private key you can configure
! 1323: # both in parallel (to also allow the use of DSA ciphers, etc.)
! 1324: SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
! 1325: #SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key
! 1326:
! 1327: # Server Certificate Chain:
! 1328: # Point SSLCertificateChainFile at a file containing the
! 1329: # concatenation of PEM encoded CA certificates which form the
! 1330: # certificate chain for the server certificate. Alternatively
! 1331: # the referenced file can be the same as SSLCertificateFile
! 1332: # when the CA certificates are directly appended to the server
! 1333: # certificate for convinience.
! 1334: #SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
! 1335:
! 1336: # Certificate Authority (CA):
! 1337: # Set the CA certificate verification path where to find CA
! 1338: # certificates for client authentication or alternatively one
! 1339: # huge file containing all of them (file must be PEM encoded)
! 1340: # Note: Inside SSLCACertificatePath you need hash symlinks
! 1341: # to point to the certificate files. Use the provided
! 1342: # Makefile to update the hash symlinks after changes.
! 1343: #SSLCACertificatePath /etc/httpd/conf/ssl.crt
! 1344: #SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
! 1345:
! 1346: # Certificate Revocation Lists (CRL):
! 1347: # Set the CA revocation path where to find CA CRLs for client
! 1348: # authentication or alternatively one huge file containing all
! 1349: # of them (file must be PEM encoded)
! 1350: # Note: Inside SSLCARevocationPath you need hash symlinks
! 1351: # to point to the certificate files. Use the provided
! 1352: # Makefile to update the hash symlinks after changes.
! 1353: #SSLCARevocationPath /etc/httpd/conf/ssl.crl
! 1354: #SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
! 1355:
! 1356: # Client Authentication (Type):
! 1357: # Client certificate verification type and depth. Types are
! 1358: # none, optional, require and optional_no_ca. Depth is a
! 1359: # number which specifies how deeply to verify the certificate
! 1360: # issuer chain before deciding the certificate is not valid.
! 1361: #SSLVerifyClient require
! 1362: #SSLVerifyDepth 10
! 1363:
! 1364: # Access Control:
! 1365: # With SSLRequire you can do per-directory access control based
! 1366: # on arbitrary complex boolean expressions containing server
! 1367: # variable checks and other lookup directives. The syntax is a
! 1368: # mixture between C and Perl. See the mod_ssl documentation
! 1369: # for more details.
! 1370: #<Location />
! 1371: #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
! 1372: # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
! 1373: # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
! 1374: # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
! 1375: # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
! 1376: # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
! 1377: #</Location>
! 1378:
! 1379: # SSL Engine Options:
! 1380: # Set various options for the SSL engine.
! 1381: # o FakeBasicAuth:
! 1382: # Translate the client X.509 into a Basic Authorisation. This means that
! 1383: # the standard Auth/DBMAuth methods can be used for access control. The
! 1384: # user name is the `one line' version of the client's X.509 certificate.
! 1385: # Note that no password is obtained from the user. Every entry in the user
! 1386: # file needs this password: `xxj31ZMTZzkVA'.
! 1387: # o ExportCertData:
! 1388: # This exports two additional environment variables: SSL_CLIENT_CERT and
! 1389: # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
! 1390: # server (always existing) and the client (only existing when client
! 1391: # authentication is used). This can be used to import the certificates
! 1392: # into CGI scripts.
! 1393: # o StdEnvVars:
! 1394: # This exports the standard SSL/TLS related `SSL_*' environment variables.
! 1395: # Per default this exportation is switched off for performance reasons,
! 1396: # because the extraction step is an expensive operation and is usually
! 1397: # useless for serving static content. So one usually enables the
! 1398: # exportation for CGI and SSI requests only.
! 1399: # o CompatEnvVars:
! 1400: # This exports obsolete environment variables for backward compatibility
! 1401: # to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
! 1402: # to provide compatibility to existing CGI scripts.
! 1403: # o StrictRequire:
! 1404: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
! 1405: # under a "Satisfy any" situation, i.e. when it applies access is denied
! 1406: # and no other module can change it.
! 1407: # o OptRenegotiate:
! 1408: # This enables optimized SSL connection renegotiation handling when SSL
! 1409: # directives are used in per-directory context.
! 1410: #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
! 1411: <Files ~ "\.(cgi|shtml|phtml|php3?)$">
! 1412: SSLOptions +StdEnvVars
! 1413: </Files>
! 1414: <Directory "/var/www/cgi-bin">
! 1415: SSLOptions +StdEnvVars
! 1416: </Directory>
! 1417:
! 1418: # SSL Protocol Adjustments:
! 1419: # The safe and default but still SSL/TLS standard compliant shutdown
! 1420: # approach is that mod_ssl sends the close notify alert but doesn't wait for
! 1421: # the close notify alert from client. When you need a different shutdown
! 1422: # approach you can use one of the following variables:
! 1423: # o ssl-unclean-shutdown:
! 1424: # This forces an unclean shutdown when the connection is closed, i.e. no
! 1425: # SSL close notify alert is send or allowed to received. This violates
! 1426: # the SSL/TLS standard but is needed for some brain-dead browsers. Use
! 1427: # this when you receive I/O errors because of the standard approach where
! 1428: # mod_ssl sends the close notify alert.
! 1429: # o ssl-accurate-shutdown:
! 1430: # This forces an accurate shutdown when the connection is closed, i.e. a
! 1431: # SSL close notify alert is send and mod_ssl waits for the close notify
! 1432: # alert of the client. This is 100% SSL/TLS standard compliant, but in
! 1433: # practice often causes hanging connections with brain-dead browsers. Use
! 1434: # this only for browsers where you know that their SSL implementation
! 1435: # works correctly.
! 1436: # Notice: Most problems of broken clients are also related to the HTTP
! 1437: # keep-alive facility, so you usually additionally want to disable
! 1438: # keep-alive for those clients, too. Use variable "nokeepalive" for this.
! 1439: # Similarly, one has to force some clients to use HTTP/1.0 to workaround
! 1440: # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
! 1441: # "force-response-1.0" for this.
! 1442: SetEnvIf User-Agent ".*MSIE.*" \
! 1443: nokeepalive ssl-unclean-shutdown \
! 1444: downgrade-1.0 force-response-1.0
! 1445:
! 1446: # Per-Server Logging:
! 1447: # The home of a custom SSL log file. Use this when you want a
! 1448: # compact non-error SSL logfile on a virtual host basis.
! 1449: CustomLog logs/ssl_request_log \
! 1450: "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
! 1451:
! 1452: </VirtualHost>
! 1453:
! 1454: </IfDefine>
! 1455:
! 1456: Include conf/srm.conf
! 1457: Include conf/access.conf
! 1458: Include conf/loncapa_apache.conf
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to httpd.conf CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / install / linux / rhes4