Annotation of doc/install/suse/sles9/i386/httpd.conf, revision 1.2

1.1       raeburn     1: ##
                      2: ## httpd.conf -- Apache HTTP server configuration file
                      3: ##
                      4: 
                      5: #
                      6: # Based upon the NCSA server configuration files originally by Rob McCool.
                      7: #
                      8: # This is the main Apache server configuration file.  It contains the
                      9: # configuration directives that give the server its instructions.
                     10: # See <URL:http://www.apache.org/docs/> for detailed information about
                     11: # the directives.
                     12: #
                     13: # Do NOT simply read the instructions in here without understanding
                     14: # what they do.  They're here only as hints or reminders.  If you are unsure
                     15: # consult the online docs. You have been warned.  
                     16: #
                     17: # After this file is processed, the server will look for and process
                     18: # /etc/httpd/srm.conf and then /etc/httpd/access.conf
                     19: # unless you have overridden these with ResourceConfig and/or
                     20: # AccessConfig directives here.
                     21: #
                     22: # The configuration directives are grouped into three basic sections:
                     23: #  1. Directives that control the operation of the Apache server process as a
                     24: #     whole (the 'global environment').
                     25: #  2. Directives that define the parameters of the 'main' or 'default' server,
                     26: #     which responds to requests that aren't handled by a virtual host.
                     27: #     These directives also provide default values for the settings
                     28: #     of all virtual hosts.
                     29: #  3. Settings for virtual hosts, which allow Web requests to be sent to
                     30: #     different IP addresses or hostnames and have them handled by the
                     31: #     same Apache server process.
                     32: #
                     33: # Configuration and logfile names: If the filenames you specify for many
                     34: # of the server's control files begin with "/" (or "drive:/" for Win32), the
                     35: # server will use that explicit path.  If the filenames do *not* begin
                     36: # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
                     37: # with ServerRoot set to "/usr/local/apache" will be interpreted by the
                     38: # server as "/usr/local/apache/logs/foo.log".
                     39: #
                     40: 
                     41: ### Section 1: Global Environment
                     42: #
                     43: # The directives in this section affect the overall operation of Apache,
                     44: # such as the number of concurrent requests it can handle or where it
                     45: # can find its configuration files.
                     46: #
                     47: 
                     48: #
                     49: # ServerType is either inetd, or standalone.  Inetd mode is only supported on
                     50: # Unix platforms.
                     51: #
                     52: ServerType standalone
                     53: 
                     54: #
                     55: # ServerRoot: The top of the directory tree under which the server's
                     56: # configuration, error, and log files are kept.
                     57: #
                     58: # NOTE!  If you intend to place this on an NFS (or otherwise network)
                     59: # mounted filesystem then please read the LockFile documentation
                     60: # (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
                     61: # you will save yourself a lot of trouble.
                     62: #
                     63: ServerRoot "/etc/httpd"
                     64: 
                     65: #
                     66: # The LockFile directive sets the path to the lockfile used when Apache
                     67: # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
                     68: # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
                     69: # its default value. The main reason for changing it is if the logs
                     70: # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
                     71: # DISK. The PID of the main server process is automatically appended to
                     72: # the filename. 
                     73: #
                     74: LockFile /var/lock/subsys/httpd/httpd.accept.lock
                     75: 
                     76: #
                     77: # PidFile: The file in which the server should record its process
                     78: # identification number when it starts.
                     79: #
                     80: PidFile /var/run/httpd.pid
                     81: 
                     82: #
                     83: # ScoreBoardFile: File used to store internal server process information.
                     84: # Not all architectures require this.  But if yours does (you'll know because
                     85: # this file will be  created when you run Apache) then you *must* ensure that
                     86: # no two invocations of Apache share the same scoreboard file.
                     87: #
                     88: ScoreBoardFile /var/run/httpd.scoreboard
                     89: 
                     90: #
                     91: # In the standard configuration, the server will process httpd.conf (this 
                     92: # file, specified by the -f command line option), srm.conf, and access.conf 
                     93: # in that order.  The latter two files are now distributed empty, as it is 
                     94: # recommended that all directives be kept in a single file for simplicity.  
                     95: # The commented-out values below are the built-in defaults.  You can have the 
                     96: # server ignore these files altogether by using "/dev/null" (for Unix) or
                     97: # "nul" (for Win32) for the arguments to the directives.
                     98: #
                     99: #ResourceConfig /etc/httpd/srm.conf
                    100: #AccessConfig /etc/httpd/access.conf
                    101: 
                    102: #
                    103: # Timeout: The number of seconds before receives and sends time out.
                    104: #
                    105: Timeout 300
                    106: 
                    107: #
                    108: # KeepAlive: Whether or not to allow persistent connections (more than
                    109: # one request per connection). Set to "Off" to deactivate.
                    110: #
                    111: KeepAlive On
                    112: 
                    113: #
                    114: # MaxKeepAliveRequests: The maximum number of requests to allow
                    115: # during a persistent connection. Set to 0 to allow an unlimited amount.
                    116: # We recommend you leave this number high, for maximum performance.
                    117: #
                    118: MaxKeepAliveRequests 100
                    119: 
                    120: #
                    121: # KeepAliveTimeout: Number of seconds to wait for the next request from the
                    122: # same client on the same connection.
                    123: #
                    124: KeepAliveTimeout 15
                    125: 
                    126: #
                    127: # Server-pool size regulation.  Rather than making you guess how many
                    128: # server processes you need, Apache dynamically adapts to the load it
                    129: # sees --- that is, it tries to maintain enough server processes to
                    130: # handle the current load, plus a few spare servers to handle transient
                    131: # load spikes (e.g., multiple simultaneous requests from a single
                    132: # Netscape browser).
                    133: #
                    134: # It does this by periodically checking how many servers are waiting
                    135: # for a request.  If there are fewer than MinSpareServers, it creates
                    136: # a new spare.  If there are more than MaxSpareServers, some of the
                    137: # spares die off.  The default values are probably OK for most sites.
                    138: #
                    139: 
                    140: # Note: these two values are set by SuSEconfig according to the setting of the
                    141: # HTTPD_PERFORMANCE variable in /etc/sysconfig/apache! 
                    142: MinSpareServers 1
                    143: MaxSpareServers 1
                    144: 
                    145: #
                    146: # Number of servers to start initially --- should be a reasonable ballpark
                    147: # figure.
                    148: #
                    149: 
                    150: # Note: this value is set by SuSEconfig according to the setting of the
                    151: # HTTPD_PERFORMANCE variable in /etc/sysconfig/apache! 
                    152: StartServers 1
                    153: 
                    154: #
                    155: # Limit on total number of servers running, i.e., limit on the number
                    156: # of clients who can simultaneously connect --- if this limit is ever
                    157: # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
                    158: # It is intended mainly as a brake to keep a runaway server from taking
                    159: # the system with it as it spirals down...
                    160: #
                    161: 
                    162: # Note: this value is set by SuSEconfig according to the setting of the
                    163: # HTTPD_PERFORMANCE variable in /etc/sysconfig/apache! 
                    164: MaxClients 150
                    165: 
                    166: #
                    167: # MaxRequestsPerChild: the number of requests each child process is
                    168: # allowed to process before the child dies.  The child will exit so
                    169: # as to avoid problems after prolonged use when Apache (and maybe the
                    170: # libraries it uses) leak memory or other resources.  On most systems, this
                    171: # isn't really needed, but a few (such as Solaris) do have notable leaks
                    172: # in the libraries. For these platforms, set to something like 10000
                    173: # or so; a setting of 0 means unlimited.
                    174: #
                    175: # NOTE: This value does not include keepalive requests after the initial
                    176: #       request per connection. For example, if a child process handles
                    177: #       an initial request and 10 subsequent "keptalive" requests, it
                    178: #       would only count as 1 request towards this limit.
                    179: #
                    180: MaxRequestsPerChild 0
                    181: 
                    182: #
                    183: # Listen: Allows you to bind Apache to specific IP addresses and/or
                    184: # ports, instead of the default. See also the <VirtualHost>
                    185: # directive.
                    186: #
                    187: #Listen 3000
                    188: #Listen 12.34.56.78:80
                    189: 
                    190: #
                    191: # BindAddress: You can support virtual hosts with this option. This directive
                    192: # is used to tell the server which IP address to listen to. It can either
                    193: # contain "*", an IP address, or a fully qualified Internet domain name.
                    194: # See also the <VirtualHost> and Listen directives.
                    195: #
                    196: #BindAddress *
                    197: 
                    198: #
                    199: # Dynamic Shared Object (DSO) Support
                    200: #
                    201: # To be able to use the functionality of a module which was built as a DSO you
                    202: # have to place corresponding `LoadModule' lines at this location so the
                    203: # directives contained in it are actually available _before_ they are used.
                    204: # Please read the file http://httpd.apache.org/docs/dso.html for more
                    205: # details about the DSO mechanism and run `httpd -l' for the list of already
                    206: # built-in (statically linked and thus always available) modules in your httpd
                    207: # binary.
                    208: #
                    209: # Note: The order in which modules are loaded is important.  Don't change
                    210: # the order below without expert advice.
                    211: 
                    212: # Note:
                    213: #
                    214: # The file that is included after the LoadModule statements is generated 
                    215: # by SuSEconfig according to 
                    216: #
                    217: # 1) which modules (ones not included with apache) are installed
                    218: # 2) the settings in /etc/sysconfig/apache
                    219: # 
                    220: # SuSEconfig uses the /etc/httpd/modules/* files that come with each module 
                    221: # to determine the necessary directives. 
                    222: # 
                    223: # Apache no longer needs to be started with '-D <modules>' switches (with 
                    224: # the exception of mod_ssl, which has a lot of conditional statements).
                    225: 
                    226: # Example:
                    227: # LoadModule foo_module libexec/mod_foo.so
                    228: LoadModule mmap_static_module /usr/lib/apache/mod_mmap_static.so
                    229: LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so
                    230: LoadModule env_module         /usr/lib/apache/mod_env.so
                    231: LoadModule define_module      /usr/lib/apache/mod_define.so
                    232: LoadModule config_log_module  /usr/lib/apache/mod_log_config.so
                    233: LoadModule agent_log_module   /usr/lib/apache/mod_log_agent.so
                    234: LoadModule referer_log_module /usr/lib/apache/mod_log_referer.so
                    235: LoadModule mime_magic_module  /usr/lib/apache/mod_mime_magic.so
                    236: LoadModule mime_module        /usr/lib/apache/mod_mime.so
                    237: LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so
                    238: LoadModule status_module      /usr/lib/apache/mod_status.so
                    239: LoadModule info_module        /usr/lib/apache/mod_info.so
                    240: LoadModule includes_module    /usr/lib/apache/mod_include.so
                    241: LoadModule autoindex_module   /usr/lib/apache/mod_autoindex.so
                    242: LoadModule dir_module         /usr/lib/apache/mod_dir.so
                    243: LoadModule cgi_module         /usr/lib/apache/mod_cgi.so
                    244: LoadModule asis_module        /usr/lib/apache/mod_asis.so
                    245: LoadModule imap_module        /usr/lib/apache/mod_imap.so
                    246: LoadModule action_module      /usr/lib/apache/mod_actions.so
                    247: LoadModule speling_module     /usr/lib/apache/mod_speling.so
                    248: # mod_userdir will be included below by SuSEconfig if HTTPD_SEC_PUBLIC_HTML=yes
                    249: LoadModule alias_module       /usr/lib/apache/mod_alias.so
                    250: LoadModule rewrite_module     /usr/lib/apache/mod_rewrite.so
                    251: LoadModule access_module      /usr/lib/apache/mod_access.so
                    252: LoadModule auth_module        /usr/lib/apache/mod_auth.so
                    253: LoadModule anon_auth_module   /usr/lib/apache/mod_auth_anon.so
                    254: LoadModule dbm_auth_module    /usr/lib/apache/mod_auth_dbm.so
                    255: LoadModule db_auth_module     /usr/lib/apache/mod_auth_db.so
                    256: LoadModule digest_module      /usr/lib/apache/mod_digest.so
                    257: LoadModule proxy_module       /usr/lib/apache/libproxy.so
                    258: LoadModule cern_meta_module   /usr/lib/apache/mod_cern_meta.so
                    259: LoadModule expires_module     /usr/lib/apache/mod_expires.so
                    260: LoadModule headers_module     /usr/lib/apache/mod_headers.so
                    261: LoadModule usertrack_module   /usr/lib/apache/mod_usertrack.so
                    262: # LoadModule unique_id_module   /usr/lib/apache/mod_unique_id.so
                    263: LoadModule setenvif_module    /usr/lib/apache/mod_setenvif.so
                    264: <IfDefine DUMMYSSL>
                    265: LoadModule ssl_module         /usr/lib/apache/libssl.so
                    266: </IfDefine>
                    267: 
                    268: Include /etc/httpd/suse_loadmodule.conf
                    269: 
                    270: 
                    271: #  Reconstruction of the complete module list from all available modules
                    272: #  (static and shared ones) to achieve correct module execution order.
                    273: #  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
                    274: ClearModuleList
                    275: AddModule mod_mmap_static.c
                    276: AddModule mod_vhost_alias.c
                    277: AddModule mod_env.c
                    278: AddModule mod_define.c
                    279: AddModule mod_log_config.c
                    280: AddModule mod_log_agent.c
                    281: AddModule mod_log_referer.c
                    282: AddModule mod_mime_magic.c
                    283: AddModule mod_mime.c
                    284: AddModule mod_negotiation.c
                    285: AddModule mod_status.c
                    286: AddModule mod_info.c
                    287: AddModule mod_include.c
                    288: AddModule mod_autoindex.c
                    289: AddModule mod_dir.c
                    290: AddModule mod_cgi.c
                    291: AddModule mod_asis.c
                    292: AddModule mod_imap.c
                    293: AddModule mod_actions.c
                    294: AddModule mod_speling.c
                    295: # mod_userdir will be included below by SuSEconfig if HTTPD_SEC_PUBLIC_HTML=yes
                    296: AddModule mod_alias.c
                    297: AddModule mod_rewrite.c
                    298: AddModule mod_access.c
                    299: AddModule mod_auth.c
                    300: AddModule mod_auth_anon.c
                    301: AddModule mod_auth_dbm.c
                    302: AddModule mod_auth_db.c
                    303: AddModule mod_digest.c
                    304: AddModule mod_proxy.c
                    305: AddModule mod_cern_meta.c
                    306: AddModule mod_expires.c
                    307: AddModule mod_headers.c
                    308: AddModule mod_usertrack.c
                    309: # AddModule mod_unique_id.c
                    310: AddModule mod_so.c
                    311: AddModule mod_setenvif.c
                    312: <IfDefine DUMMYSSL>
                    313: AddModule mod_ssl.c
                    314: </IfDefine>
                    315: 
                    316: 
                    317: 
                    318: # Again, the following file is generated by SuSEconfig for modules that actually
                    319: # have been installed
                    320: 
                    321: Include /etc/httpd/suse_addmodule.conf
                    322: 
                    323: 
                    324: #
                    325: # ExtendedStatus controls whether Apache will generate "full" status
                    326: # information (ExtendedStatus On) or just basic information (ExtendedStatus
                    327: # Off) when the "server-status" handler is called. The default is Off.
                    328: #
                    329: ExtendedStatus On
                    330: 
                    331: 
                    332: #
                    333: # To enable mod_dav, add the following directive to the appropriate
                    334: # container(s) in the httpd.conf file:
                    335: #
                    336: <IfModule mod_dav.c>
                    337: DavLockDB /var/lib/httpd/DAVLock
                    338: </IfModule>
                    339: 
                    340: 
                    341: 
                    342: ### Section 2: 'Main' server configuration
                    343: #
                    344: # The directives in this section set up the values used by the 'main'
                    345: # server, which responds to any requests that aren't handled by a
                    346: # <VirtualHost> definition.  These values also provide defaults for
                    347: # any <VirtualHost> containers you may define later in the file.
                    348: #
                    349: # All of these directives may appear inside <VirtualHost> containers,
                    350: # in which case these default settings will be overridden for the
                    351: # virtual host being defined.
                    352: #
                    353: 
                    354: #
                    355: # If your ServerType directive (set earlier in the 'Global Environment'
                    356: # section) is set to "inetd", the next few directives don't have any
                    357: # effect since their settings are defined by the inetd configuration.
                    358: # Skip ahead to the ServerAdmin directive.
                    359: #
                    360: 
                    361: #
                    362: # Port: The port to which the standalone server listens. For
                    363: # ports < 1023, you will need httpd to be run as root initially.
                    364: #
                    365: Port 80
                    366: 
                    367: ##
                    368: ##  SSL Support
                    369: ##
                    370: ##  When we also provide SSL we have to listen to the 
                    371: ##  standard HTTP port (see above) and to the HTTPS port
                    372: ##
                    373: <IfDefine SSL>
                    374: Listen 80
                    375: Listen 443
                    376: </IfDefine>
                    377: 
                    378: #
                    379: # If you wish httpd to run as a different user or group, you must run
                    380: # httpd as root initially and it will switch.  
                    381: #
                    382: # User/Group: The name (or #number) of the user/group to run httpd as.
                    383: #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
                    384: #  . On HPUX you may not be able to use shared memory as nobody, and the
                    385: #    suggested workaround is to create a user www and use that user.
                    386: #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
                    387: #  when the value of (unsigned)Group is above 60000; 
                    388: #  don't use Group "#-1" on these systems!
                    389: #
1.2     ! raeburn   390: User www
1.1       raeburn   391: Group www
                    392: 
                    393: #
                    394: # ServerAdmin: Your address, where problems with the server should be
                    395: # e-mailed.  This address appears on some server-generated pages, such
                    396: # as error documents.
                    397: #
                    398: 
                    399: # Note: this email address is set by SuSEconfig according to the setting of the
                    400: # HTTPD_SEC_SERVERADMIN variable in /etc/sysconfig/apache! 
                    401: ServerAdmin raeburn@msu.edu
                    402: 
                    403: #
                    404: # ServerName allows you to set a host name which is sent back to clients for
                    405: # your server if it's different than the one the program would get (i.e., use
                    406: # "www" instead of the host's real name).
                    407: #
                    408: # Note: You cannot just invent host names and hope they work. The name you 
                    409: # define here must be a valid DNS name for your host. If you don't understand
                    410: # this, ask your network administrator.
                    411: # If your host doesn't have a registered DNS name, enter its IP address here.
                    412: # You will have to access it by its address (e.g., http://123.45.67.89/)
                    413: # anyway, and this will make redirections work in a sensible way.
                    414: #
                    415: # 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your 
                    416: # machine always knows itself by this address. If you use Apache strictly for 
                    417: # local testing and development, you may use 127.0.0.1 as the server name.
                    418: #
                    419: 
                    420: # Note: the host name is set by SuSEconfig according to the setting of the
                    421: # FQHOSTNAME variable in /etc/sysconfig/network/config!
                    422: 
                    423: #
                    424: # DocumentRoot: The directory out of which you will serve your
                    425: # documents. By default, all requests are taken from this directory, but
                    426: # symbolic links and aliases may be used to point to other locations.
                    427: #
                    428: DocumentRoot "/home/httpd/html"
                    429: 
                    430: #
                    431: # Each directory to which Apache has access, can be configured with respect
                    432: # to which services and features are allowed and/or disabled in that
                    433: # directory (and its subdirectories). 
                    434: #
                    435: # First, we configure the "default" to be a very restrictive set of 
                    436: # permissions.  
                    437: #
                    438: <Directory />
                    439:     AuthUserFile  /etc/httpd/passwd
                    440:     AuthGroupFile /etc/httpd/group
                    441: 
                    442:     Options -FollowSymLinks +Multiviews
                    443:     AllowOverride None
                    444: 
                    445: </Directory>
                    446: 
                    447: 
                    448: #
                    449: # Note that from this point forward you must specifically allow
                    450: # particular features to be enabled - so if something's not working as
                    451: # you might expect, make sure that you have specifically enabled it
                    452: # below.
                    453: #
                    454: 
                    455: #
                    456: # This should be changed to whatever you set DocumentRoot to.
                    457: #
                    458: <Directory "/srv/www/htdocs">
                    459: 
                    460: #
                    461: # This may also be "None", "All", or any combination of "Indexes",
                    462: # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
                    463: #
                    464: # Note that "MultiViews" must be named *explicitly* --- "Options All"
                    465: # doesn't give it to you.
                    466: #
                    467:     Options Indexes -FollowSymLinks +Includes MultiViews
                    468: 
                    469: #
                    470: # This controls which options the .htaccess files in directories can
                    471: # override. Can also be "All", or any combination of "Options", "FileInfo", 
                    472: # "AuthConfig", and "Limit"
                    473: #
                    474:     AllowOverride None
                    475: 
                    476: #
                    477: # Controls who can get stuff from this server.
                    478: #
                    479:     Order allow,deny
                    480:     Allow from all
                    481: 
                    482: 
                    483: 	#
                    484: 	# disable WebDAV by default for security reasons. 
                    485: 	# 
                    486: 	<IfModule mod_dav.c>
                    487: 	DAV Off
                    488: 	</IfModule>
                    489: 
                    490: #
                    491: # Protect the php3 test page, so it cannot be viewed from an outside system. 
                    492: #
                    493: <Files test.php3>
                    494: 	Order deny,allow
                    495: 	deny from all
                    496: 	allow from localhost
                    497: </Files>
                    498: 
                    499: </Directory>
                    500: 
                    501: #
                    502: # UserDir: The name of the directory which is appended onto a user's home
                    503: # directory if a ~user request is received.
                    504: 
                    505: # Note: 
                    506: # The next three lines are commented out here. These directives and the access 
                    507: # control section have been put into /etc/httpd/suse_public_html.conf. 
                    508: # If the variable HTTPD_SEC_PUBLIC_HTML in /etc/sysconfig/apache 
                    509: # is set to "yes" (default), SuSEconfig will include that file via 
                    510: # /etc/httpd/suse_include.conf. 
                    511: # Also note that for the /home/*/public_html directories to be browsable the 
                    512: # executable flag must be set on the /home/* directories. 
                    513: 
                    514: #
                    515: # <IfModule mod_userdir.c>
                    516: #     UserDir public_html
                    517: # </IfModule>
                    518: 
                    519: #
                    520: # Control access to UserDir directories.  The following is an example
                    521: # for a site where these directories are restricted to read-only.
                    522: #
                    523: #<Directory /home/*/public_html>
                    524: #    AllowOverride FileInfo AuthConfig Limit
                    525: #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
                    526: #    <Limit GET POST OPTIONS PROPFIND>
                    527: #        Order allow,deny
                    528: #        Allow from all
                    529: #    </Limit>
                    530: #    <LimitExcept GET POST OPTIONS PROPFIND>
                    531: #        Order deny,allow
                    532: #        Deny from all
                    533: #    </LimitExcept>
                    534: #</Directory>
                    535: 
                    536: #
                    537: # DirectoryIndex: Name of the file or files to use as a pre-written HTML
                    538: # directory index.  Separate multiple entries with spaces.
                    539: #
                    540: <IfModule mod_dir.c>
                    541:     DirectoryIndex index.html
                    542: </IfModule>
                    543: 
                    544: #
                    545: # AccessFileName: The name of the file to look for in each directory
                    546: # for access control information.
                    547: #
                    548: AccessFileName .htaccess
                    549: 
                    550: #
                    551: # The following lines prevent .htaccess files from being viewed by
                    552: # Web clients.  Since .htaccess files often contain authorization
                    553: # information, access is disallowed for security reasons.  Comment
                    554: # these lines out if you want Web visitors to see the contents of
                    555: # .htaccess files.  If you change the AccessFileName directive above,
                    556: # be sure to make the corresponding changes here.
                    557: #
                    558: # Also, folks tend to use names such as .htpasswd for password
                    559: # files, so this will protect those as well.
                    560: #
                    561: <Files ~ "^\.ht">
                    562:     Order allow,deny
                    563:     Deny from all
                    564:     Satisfy All
                    565: </Files>
                    566: 
                    567: #
                    568: # CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
                    569: # document that was negotiated on the basis of content. This asks proxy
                    570: # servers not to cache the document. Uncommenting the following line disables
                    571: # this behavior, and proxies will be allowed to cache the documents.
                    572: #
                    573: #CacheNegotiatedDocs
                    574: 
                    575: #
                    576: # UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
                    577: # Apache needs to construct a self-referencing URL (a URL that refers back
                    578: # to the server the response is coming from) it will use ServerName and
                    579: # Port to form a "canonical" name.  With this setting off, Apache will
                    580: # use the hostname:port that the client supplied, when possible.  This
                    581: # also affects SERVER_NAME and SERVER_PORT in CGI scripts.
                    582: #
                    583: UseCanonicalName On
                    584: 
                    585: #
                    586: # TypesConfig describes where the mime.types file (or equivalent) is
                    587: # to be found.
                    588: #
                    589: <IfModule mod_mime.c>
                    590:     TypesConfig /etc/httpd/mime.types
                    591: </IfModule>
                    592: 
                    593: #
                    594: # DefaultType is the default MIME type the server will use for a document
                    595: # if it cannot otherwise determine one, such as from filename extensions.
                    596: # If your server contains mostly text or HTML documents, "text/plain" is
                    597: # a good value.  If most of your content is binary, such as applications
                    598: # or images, you may want to use "application/octet-stream" instead to
                    599: # keep browsers from trying to display binary files as though they are
                    600: # text.
                    601: #
                    602: DefaultType text/plain
                    603: 
                    604: #
                    605: # The mod_mime_magic module allows the server to use various hints from the
                    606: # contents of the file itself to determine its type.  The MIMEMagicFile
                    607: # directive tells the module where the hint definitions are located.
                    608: # mod_mime_magic is not part of the default server (you have to add
                    609: # it yourself with a LoadModule [see the DSO paragraph in the 'Global
                    610: # Environment' section], or recompile the server and include mod_mime_magic
                    611: # as part of the configuration), so it's enclosed in an <IfModule> container.
                    612: # This means that the MIMEMagicFile directive will only be processed if the
                    613: # module is part of the server.
                    614: #
                    615: <IfModule mod_mime_magic.c>
                    616:     MIMEMagicFile /etc/httpd/magic
                    617: </IfModule>
                    618: 
                    619: #
                    620: # HostnameLookups: Log the names of clients or just their IP addresses
                    621: # e.g., www.apache.org (on) or 204.62.129.132 (off).
                    622: # The default is off because it'd be overall better for the net if people
                    623: # had to knowingly turn this feature on, since enabling it means that
                    624: # each client request will result in AT LEAST one lookup request to the
                    625: # nameserver.
                    626: #
                    627: HostnameLookups Off
                    628: 
                    629: 
                    630: #  The following are the directives necessary to get mod_backhand operational.
                    631: #  You will need to add Backhand directives to any directories that you wish
                    632: #  to balance..  For example, you could put the following inside a
                    633: #  ScriptAliased /cgi-cpu/ directory (for scripts that are cpu hogs)
                    634: 
                    635: # <Directory ...>
                    636: # ... stuff ...
                    637: # Backhand byAge
                    638: # Backhand byRandom
                    639: # Backhand byLogWindow
                    640: # Backhand byCPU
                    641: # ... stuff ...
                    642: # </Directory>
                    643: 
                    644: # This will eliminate servers you haven't heard from for a while
                    645: # Then randomize those remaining
                    646: # Then take the first log(n)  (log base 2 of course)
                    647: # Then use the one with the highest CPU idle time
                    648: 
                    649: <IfModule mod_backhand.c>
                    650: # UnixSocketDir is were the mod_backhand-Arriba file is stored
                    651: #   (how fast your machine is). This directory must be readable and writable
                    652: #   by euid of apache (wwwrun) because the children have dropped privileges
                    653: #   before they connect to a UNIX domain socket in this directory.
                    654: # This directive is singular.
                    655: #
                    656: # MulticastStats of the form [<IP ADDR>] <BROADCAST ADDR>:<PORT> will set
                    657: #   mod_backhand to broadcast server statistics on that address advertising
                    658: #   for a server on <IP ADDR> or gethostbyname(gethostname())
                    659: # MulticastStats of the form [<IP ADDR>] <MULTICAST ADDR>:<PORT>,<ttl> will
                    660: #   set mod_backhand to multicast server statistics on that address
                    661: #   advertising for a server on <IP ADDR> or gethostbyname(gethostname())
                    662: # This directive is singular.
                    663: #
                    664: # AcceptStats <a.b.c.d>[/<mask>] (like 10.0.0.4 or 10.0.0.0/24) will accept
                    665: #   statistics originating from that IP or IP network.
                    666: # This option can be cascaded.
                    667: 
                    668:   UnixSocketDir /var/lib/backhand
                    669: # MulticastStats 128.220.221.255:4445
                    670: # MulticastStats 225.220.221.20:4445,1
                    671: # AcceptStats 128.220.221.0/24
                    672: 
                    673: # Note that you _must_ configure the MulticastStats/AcceptStats directives, 
                    674: # otherwise apache will segfault!
                    675: 
                    676: # This is a status of sorts.  Visit it and see how valuable it is to you.
                    677:   <Location "/backhand/">
                    678:     SetHandler backhand-handler
                    679:   </Location>
                    680: </IfModule>
                    681: 
                    682: 
                    683: #
                    684: # working directory of mod_bandwidth
                    685: #
                    686: <IfModule mod_bandwidth.c>
                    687:     BandWidthDataDir /var/lib/httpd/mod_bandwidth
                    688: </IfModule>
                    689: 
                    690: 
                    691: #
                    692: # ErrorLog: The location of the error log file.
                    693: # If you do not specify an ErrorLog directive within a <VirtualHost>
                    694: # container, error messages relating to that virtual host will be
                    695: # logged here.  If you *do* define an error logfile for a <VirtualHost>
                    696: # container, that host's errors will be logged there and not here.
                    697: #
                    698: ErrorLog /var/log/httpd/error_log
                    699: 
                    700: #
                    701: # LogLevel: Control the number of messages logged to the error_log.
                    702: # Possible values include: debug, info, notice, warn, error, crit,
                    703: # alert, emerg.
                    704: #
                    705: LogLevel warn
                    706: 
                    707: #
                    708: # The following directives define some format nicknames for use with
                    709: # a CustomLog directive (see below).
                    710: #
                    711: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
                    712: LogFormat "%h %l %u %t \"%r\" %>s %b" common
                    713: LogFormat "%{Referer}i -> %U" referer
                    714: LogFormat "%{User-agent}i" agent
                    715: 
                    716: #
                    717: # The location and format of the access logfile (Common Logfile Format).
                    718: # If you do not define any access logfiles within a <VirtualHost>
                    719: # container, they will be logged here.  Contrariwise, if you *do*
                    720: # define per-<VirtualHost> access logfiles, transactions will be
                    721: # logged therein and *not* in this file.
                    722: #
                    723: CustomLog /var/log/httpd/access_log common
                    724: 
                    725: #
                    726: # If you would like to have agent and referer logfiles, uncomment the
                    727: # following directives.
                    728: #
                    729: #CustomLog /var/log/httpd/referer_log referer
                    730: #CustomLog /var/log/httpd/agent_log agent
                    731: 
                    732: #
                    733: # If you prefer a single logfile with access, agent, and referer information
                    734: # (Combined Logfile Format) you can use the following directive.
                    735: #
                    736: #CustomLog /var/log/httpd/access_log combined
                    737: 
                    738: #
                    739: # Optionally add a line containing the server version and virtual host
                    740: # name to server-generated pages (error documents, FTP directory listings,
                    741: # mod_status and mod_info output etc., but not CGI generated documents).
                    742: # Set to "EMail" to also include a mailto: link to the ServerAdmin.
                    743: # Set to one of:  On | Off | EMail
                    744: #
                    745: 
                    746: # Note: this is set by SuSEconfig according to the setting of the
                    747: # HTTPD_SEC_SAY_FULLNAME variable in /etc/sysconfig/apache! 
                    748: ServerSignature Off
                    749: 
                    750: 
                    751: # EBCDIC configuration:
                    752: # (only for mainframes using the EBCDIC codeset, currently one of:
                    753: # Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!!
                    754: # The following default configuration assumes that "text files"
                    755: # are stored in EBCDIC (so that you can operate on them using the
                    756: # normal POSIX tools like grep and sort) while "binary files" are
                    757: # stored with identical octets as on an ASCII machine.
                    758: #
                    759: # The directives are evaluated in configuration file order, with
                    760: # the EBCDICConvert directives applied before EBCDICConvertByType.
                    761: #
                    762: # If you want to have ASCII HTML documents and EBCDIC HTML documents
                    763: # at the same time, you can use the file extension to force
                    764: # conversion off for the ASCII documents:
                    765: # > AddType       text/html .ahtml
                    766: # > EBCDICConvert Off=InOut .ahtml
                    767: #
                    768: # EBCDICConvertByType  On=InOut text/* message/* multipart/*
                    769: # EBCDICConvertByType  On=In    application/x-www-form-urlencoded
                    770: # EBCDICConvertByType  On=InOut application/postscript model/vrml
                    771: # EBCDICConvertByType Off=InOut */*
                    772: 
                    773: 
                    774: #
                    775: # Aliases: Add here as many aliases as you need (with no limit). The format is 
                    776: # Alias fakename realname
                    777: #
                    778: <IfModule mod_alias.c>
                    779: 
                    780:     #
                    781:     # Note that if you include a trailing / on fakename then the server will
                    782:     # require it to be present in the URL.  So "/icons" isn't aliased in this
                    783:     # example, only "/icons/".  If the fakename is slash-terminated, then the 
                    784:     # realname must also be slash terminated, and if the fakename omits the 
                    785:     # trailing slash, the realname must also omit it.
                    786:     #
                    787:     Alias /icons/ "/srv/www/icons/"
                    788: 
                    789:     <Directory "/srv/www/icons">
                    790:         Options Indexes MultiViews
                    791:         AllowOverride None
                    792:         Order allow,deny
                    793:         Allow from all
                    794:     </Directory>
                    795: 
                    796:     # This Alias will project the on-line documentation tree under /manual/
                    797:     # even if you change the DocumentRoot. Comment it if you don't want to 
                    798:     # provide access to the on-line documentation.
                    799:     #
                    800:     Alias /manual/ "/srv/www/htdocs/manual/"
                    801: 
                    802:     <Directory "/srv/www/htdocs/manual">
                    803:         Options Indexes FollowSymlinks MultiViews
                    804:         AllowOverride None
                    805:         Order allow,deny
                    806:         Allow from all
                    807:     </Directory>
                    808: 
                    809:     #
                    810:     # ScriptAlias: This controls which directories contain server scripts.
                    811:     # ScriptAliases are essentially the same as Aliases, except that
                    812:     # documents in the realname directory are treated as applications and
                    813:     # run by the server when requested rather than as documents sent to the client.
                    814:     # The same rules about trailing "/" apply to ScriptAlias directives as to
                    815:     # Alias.
                    816:     #
                    817: #    ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
                    818: 
                    819: <IfModule mod_perl.c>
                    820:     # Provide two aliases to the same cgi-bin directory, 
                    821:     # to see the effects of the 2 different mod_perl modes.
                    822:     # for Apache::Registry Mode
                    823:     ScriptAlias /perl/          "/srv/www/cgi-bin/"
                    824:     # for Apache::Perlrun Mode
                    825:     ScriptAlias /cgi-perl/      "/srv/www/cgi-bin/"
                    826: </IfModule>
                    827:     #
                    828:     # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
                    829:     # CGI directory exists, if you have that configured.
                    830:     #
                    831:     <Directory "/srv/www/cgi-bin">
                    832:         AllowOverride None
                    833:         Options None
                    834:         Order allow,deny
                    835:         Allow from all
                    836:     </Directory>
                    837: 
                    838: </IfModule>
                    839: # End of aliases.
                    840: 
                    841: 
                    842: #
                    843: # set /cgi-bin for CGI execution
                    844: #
1.2     ! raeburn   845: #<Location /cgi-bin>
        !           846: #AllowOverride None
        !           847: #Options +ExecCGI -Includes
        !           848: #SetHandler cgi-script
        !           849: #</Location>
1.1       raeburn   850: 
                    851: #
                    852: # If mod_perl is activated, load configuration information
                    853: #
                    854: <IfModule mod_perl.c>
1.2     ! raeburn   855: #Perlrequire /usr/include/apache/modules/perl/startup.perl
1.1       raeburn   856: PerlModule Apache::Registry
                    857: 
                    858: #
                    859: # set Apache::Registry Mode for /perl Alias
                    860: #
1.2     ! raeburn   861: #<Location /perl>
        !           862: #SetHandler  perl-script
        !           863: #PerlHandler Apache::Registry
        !           864: #Options ExecCGI
        !           865: #PerlSendHeader On
        !           866: #</Location>
1.1       raeburn   867: 
                    868: #
                    869: # set Apache::PerlRun Mode for /cgi-perl Alias
                    870: #
1.2     ! raeburn   871: #<Location /cgi-perl>
        !           872: #SetHandler  perl-script
        !           873: #PerlHandler Apache::PerlRun
        !           874: #Options ExecCGI
        !           875: #PerlSendHeader On
        !           876: #</Location>
1.1       raeburn   877: 
                    878: </IfModule>
                    879: 
                    880: 
                    881: 
                    882: #
                    883: # Redirect allows you to tell clients about documents which used to exist in
                    884: # your server's namespace, but do not anymore. This allows you to tell the
                    885: # clients where to look for the relocated document.
                    886: # Format: Redirect old-URI new-URL
                    887: #
                    888: 
                    889: #
                    890: # Directives controlling the display of server-generated directory listings.
                    891: #
                    892: <IfModule mod_autoindex.c>
                    893: 
                    894:     #
                    895:     # FancyIndexing is whether you want fancy directory indexing or standard
                    896:     #
                    897:     IndexOptions FancyIndexing
                    898: 
                    899:     #
                    900:     # AddIcon* directives tell the server which icon to show for different
                    901:     # files or filename extensions.  These are only displayed for
                    902:     # FancyIndexed directories.
                    903:     #
                    904:     AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
                    905: 
                    906:     AddIconByType (TXT,/icons/text.gif) text/*
                    907:     AddIconByType (IMG,/icons/image2.gif) image/*
                    908:     AddIconByType (SND,/icons/sound2.gif) audio/*
                    909:     AddIconByType (VID,/icons/movie.gif) video/*
                    910: 
                    911:     AddIcon /icons/binary.gif .bin .exe
                    912:     AddIcon /icons/binhex.gif .hqx
                    913:     AddIcon /icons/tar.gif .tar
                    914:     AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
                    915:     AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
                    916:     AddIcon /icons/a.gif .ps .ai .eps
                    917:     AddIcon /icons/layout.gif .html .shtml .htm .pdf
                    918:     AddIcon /icons/text.gif .txt
                    919:     AddIcon /icons/c.gif .c
                    920:     AddIcon /icons/p.gif .pl .py
                    921:     AddIcon /icons/f.gif .for
                    922:     AddIcon /icons/dvi.gif .dvi
                    923:     AddIcon /icons/uuencoded.gif .uu
                    924:     AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
                    925:     AddIcon /icons/tex.gif .tex
                    926:     AddIcon /icons/bomb.gif core
                    927: 
                    928:     AddIcon /icons/back.gif ..
                    929:     AddIcon /icons/hand.right.gif README
                    930:     AddIcon /icons/folder.gif ^^DIRECTORY^^
                    931:     AddIcon /icons/blank.gif ^^BLANKICON^^
                    932: 
                    933:     #
                    934:     # DefaultIcon is which icon to show for files which do not have an icon
                    935:     # explicitly set.
                    936:     #
                    937:     DefaultIcon /icons/unknown.gif
                    938: 
                    939:     #
                    940:     # AddDescription allows you to place a short description after a file in
                    941:     # server-generated indexes.  These are only displayed for FancyIndexed
                    942:     # directories.
                    943:     # Format: AddDescription "description" filename
                    944:     #
                    945:     AddDescription "GZIP compressed document" .gz
                    946:     AddDescription "tar archive" .tar
                    947:     AddDescription "GZIP compressed tar archive" .tgz
                    948: 
                    949:     #
                    950:     # ReadmeName is the name of the README file the server will look for by
                    951:     # default, and append to directory listings.
                    952:     #
                    953:     # HeaderName is the name of a file which should be prepended to
                    954:     # directory indexes. 
                    955:     #
                    956:     ReadmeName README
                    957:     HeaderName HEADER
                    958: 
                    959:     #
                    960:     # IndexIgnore is a set of filenames which directory indexing should ignore
                    961:     # and not include in the listing.  Shell-style wildcarding is permitted.
                    962:     #
                    963:     IndexIgnore .??* *~ *#   RCS CVS *,v *,t
                    964: 
                    965: </IfModule>
                    966: # End of indexing directives.
                    967: 
                    968: #
                    969: # Document types.
                    970: #
                    971: <IfModule mod_mime.c>
                    972: 
                    973:     #
                    974:     # AddLanguage allows you to specify the language of a document. You can
                    975:     # then use content negotiation to give a browser a file in a language
                    976:     # it can understand.  
                    977:     #
                    978:     # Note 1: The suffix does not have to be the same as the language 
                    979:     # keyword --- those with documents in Polish (whose net-standard 
                    980:     # language code is pl) may wish to use "AddLanguage pl .po" to 
                    981:     # avoid the ambiguity with the common suffix for perl scripts.
                    982:     #
                    983:     # Note 2: The example entries below illustrate that in quite
                    984:     # some cases the two character 'Language' abbreviation is not
                    985:     # identical to the two character 'Country' code for its country,
                    986:     # E.g. 'Danmark/dk' versus 'Danish/da'.
                    987:     #
                    988:     # Note 3: In the case of 'ltz' we violate the RFC by using a three char 
                    989:     # specifier. But there is 'work in progress' to fix this and get 
                    990:     # the reference data for rfc1766 cleaned up.
                    991:     #
                    992:     # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
                    993:     # French (fr) - German (de) - Greek-Modern (el)
                    994:     # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn)
                    995:     # Portugese (pt) - Luxembourgeois* (ltz)
                    996:     # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cs)
                    997:     # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
                    998:     # Russian (ru)
                    999:     #
                   1000:     AddLanguage da .dk
                   1001:     AddLanguage nl .nl
                   1002:     AddLanguage en .en
                   1003:     AddLanguage et .ee
                   1004:     AddLanguage fr .fr
                   1005:     AddLanguage de .de
                   1006:     AddLanguage el .el
                   1007:     AddLanguage he .he
                   1008:     AddCharset ISO-8859-8 .iso8859-8
                   1009:     AddLanguage it .it
                   1010:     AddLanguage ja .ja
                   1011:     AddCharset ISO-2022-JP .jis
                   1012:     AddLanguage kr .kr
                   1013:     AddCharset ISO-2022-KR .iso-kr
                   1014:     AddLanguage nn .nn
                   1015:     AddLanguage no .no
                   1016:     AddLanguage pl .po
                   1017:     AddCharset ISO-8859-2 .iso-pl
                   1018:     AddLanguage pt .pt
                   1019:     AddLanguage pt-br .pt-br
                   1020:     AddLanguage ltz .lu
                   1021:     AddLanguage ca .ca
                   1022:     AddLanguage es .es
                   1023:     AddLanguage sv .sv
                   1024:     AddLanguage cs .cz .cs
                   1025:     AddLanguage ru .ru
                   1026:     AddLanguage zh-TW .zh-tw
                   1027:     AddCharset Big5         .Big5    .big5
                   1028:     AddCharset WINDOWS-1251 .cp-1251
                   1029:     AddCharset CP866        .cp866
                   1030:     AddCharset ISO-8859-5   .iso-ru
                   1031:     AddCharset KOI8-R       .koi8-r
                   1032:     AddCharset UCS-2        .ucs2
                   1033:     AddCharset UCS-4        .ucs4
                   1034:     AddCharset UTF-8        .utf8
                   1035: 
                   1036:     # LanguagePriority allows you to give precedence to some languages
                   1037:     # in case of a tie during content negotiation.
                   1038:     #
                   1039:     # Just list the languages in decreasing order of preference. We have
                   1040:     # more or less alphabetized them here. You probably want to change this.
                   1041:     #
                   1042:     <IfModule mod_negotiation.c>
                   1043:         LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
                   1044:     </IfModule>
                   1045: 
                   1046:     #
                   1047:     # AddType allows you to tweak mime.types without actually editing it, or to
                   1048:     # make certain files to be certain types.
                   1049:     #
                   1050:     AddType application/x-tar .tgz
                   1051: 
                   1052:     #
                   1053:     # AddEncoding allows you to have certain browsers uncompress
                   1054:     # information on the fly. Note: Not all browsers support this.
                   1055:     # Despite the name similarity, the following Add* directives have nothing
                   1056:     # to do with the FancyIndexing customization directives above.
                   1057:     #
                   1058:     AddEncoding x-compress .Z
                   1059:     AddEncoding x-gzip .gz .tgz
                   1060:     #
                   1061:     # If the AddEncoding directives above are commented-out, then you
                   1062:     # probably should define those extensions to indicate media types:
                   1063:     #
                   1064:     #AddType application/x-compress .Z
                   1065:     #AddType application/x-gzip .gz .tgz
                   1066: 
                   1067:     # Some more types:
                   1068: 
                   1069:     #
                   1070:     # PHP 3.x:
                   1071:     #
                   1072:     <IfModule mod_php3.c>
                   1073:     AddType application/x-httpd-php3 .php3
                   1074:     AddType application/x-httpd-php3-source .phps
                   1075:     AddType application/x-httpd-php3 .phtml
                   1076:     </IfModule>
                   1077: 
                   1078:     #
                   1079:     # PHP 4.x:
                   1080:     #
                   1081:     <IfModule mod_php4.c>
                   1082:     AddType application/x-httpd-php .php
                   1083:     AddType application/x-httpd-php .php4
                   1084:     AddType application/x-httpd-php-source .phps
                   1085:     </IfModule>
                   1086: 
                   1087:     #
                   1088:     # mod_dtcl can execute tcl scripts
                   1089:     #
                   1090:     <IfModule mod_dtcl.c>
                   1091:     AddType application/x-httpd-tcl .ttml
                   1092:     AddType application/x-dtcl-tcl  .tcl
                   1093:     </IfModule>
                   1094: 
                   1095:     AddType text/vnd.wap.wml wml
                   1096:     AddType text/vnd.wap.wmlscript wmls
                   1097:     AddType application/vnd.wap.wmlc wmlc
                   1098:     AddType application/vnd.wap.wmlscriptc wmlsc
                   1099:     Addtype image/vnd.wap.wbmp wbmp
                   1100:     #
                   1101:     # AddHandler allows you to map certain file extensions to "handlers",
                   1102:     # actions unrelated to filetype. These can be either built into the server
                   1103:     # or added with the Action command (see below)
                   1104:     #
                   1105:     # If you want to use server side includes, or CGI outside
                   1106:     # ScriptAliased directories, uncomment the following lines.
                   1107:     #
                   1108:     # To use CGI scripts:
                   1109:     #
                   1110:     AddHandler cgi-script .cgi
                   1111: 
                   1112:     #
                   1113:     # To use server-parsed HTML files
                   1114:     #
                   1115:     AddType text/html .shtml
                   1116:     AddHandler server-parsed .shtml
                   1117: 
                   1118:     #
                   1119:     # Uncomment the following line to enable Apache's send-asis HTTP file
                   1120:     # feature
                   1121:     #
                   1122:     #AddHandler send-as-is asis
                   1123: 
                   1124:     #
                   1125:     # If you wish to use server-parsed imagemap files, use
                   1126:     #
                   1127:     #AddHandler imap-file map
                   1128: 
                   1129:     #
                   1130:     # To enable type maps, you might want to use
                   1131:     #
                   1132:     #AddHandler type-map var
                   1133: 
                   1134: </IfModule>
                   1135: # End of document types.
                   1136: 
                   1137: #
                   1138: # Action lets you define media types that will execute a script whenever
                   1139: # a matching file is called. This eliminates the need for repeated URL
                   1140: # pathnames for oft-used CGI file processors.
                   1141: # Format: Action media/type /cgi-script/location
                   1142: # Format: Action handler-name /cgi-script/location
                   1143: #
                   1144: 
                   1145: #
                   1146: # MetaDir: specifies the name of the directory in which Apache can find
                   1147: # meta information files. These files contain additional HTTP headers
                   1148: # to include when sending the document
                   1149: #
                   1150: #MetaDir .web
                   1151: 
                   1152: #
                   1153: # MetaSuffix: specifies the file name suffix for the file containing the
                   1154: # meta information.
                   1155: #
                   1156: #MetaSuffix .meta
                   1157: 
                   1158: #
                   1159: # Customizable error response (Apache style)
                   1160: #  these come in three flavors
                   1161: #
                   1162: #    1) plain text
                   1163: #ErrorDocument 500 "The server made a boo boo.
                   1164: #  n.b.  the single leading (") marks it as text, it does not get output
                   1165: #
                   1166: #    2) local redirects
                   1167: #ErrorDocument 404 /missing.html
                   1168: #  to redirect to local URL /missing.html
                   1169: #ErrorDocument 404 /cgi-bin/missing_handler.pl
                   1170: #  N.B.: You can redirect to a script or a document using server-side-includes.
                   1171: #
                   1172: #    3) external redirects
                   1173: #ErrorDocument 402 http://some.other-server.com/subscription_info.html
                   1174: #  N.B.: Many of the environment variables associated with the original
                   1175: #  request will *not* be available to such a script.
                   1176: 
                   1177: #
                   1178: # Customize behaviour based on the browser
                   1179: #
                   1180: <IfModule mod_setenvif.c>
                   1181: 
                   1182:     #
                   1183:     # The following directives modify normal HTTP response behavior.
                   1184:     # The first directive disables keepalive for Netscape 2.x and browsers that
                   1185:     # spoof it. There are known problems with these browser implementations.
                   1186:     # The second directive is for Microsoft Internet Explorer 4.0b2
                   1187:     # which has a broken HTTP/1.1 implementation and does not properly
                   1188:     # support keepalive when it is used on 301 or 302 (redirect) responses.
                   1189:     #
                   1190:     BrowserMatch "Mozilla/2" nokeepalive
                   1191:     BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
                   1192: 
                   1193:     #
                   1194:     # The following directive disables HTTP/1.1 responses to browsers which
                   1195:     # are in violation of the HTTP/1.0 spec by not being able to grok a
                   1196:     # basic 1.1 response.
                   1197:     #
                   1198:     BrowserMatch "RealPlayer 4\.0" force-response-1.0
                   1199:     BrowserMatch "Java/1\.0" force-response-1.0
                   1200:     BrowserMatch "JDK/1\.0" force-response-1.0
                   1201: 
                   1202: </IfModule>
                   1203: # End of browser customization directives
                   1204: 
                   1205: #
                   1206: # Allow server status reports, with the URL of http://servername/server-status
                   1207: # Change the ".your-domain.com" to match your domain to enable.
                   1208: #
                   1209: # Note: apache is started (by /etc/init.d/apache) with -D STATUS if 
                   1210: # HTTPD_SEC_ACCESS_SERVERINFO is set to "yes" in 
                   1211: # /etc/sysconfig/apache.
                   1212: 
                   1213: <IfDefine STATUS>
                   1214: <Location /server-status>
                   1215:     SetHandler server-status
                   1216:     Order deny,allow
                   1217:     Deny from all
                   1218:     Allow from localhost
                   1219: </Location>
                   1220: 
                   1221: #
                   1222: # Allow remote server configuration reports, with the URL of
                   1223: # http://servername/server-info (requires that mod_info.c be loaded).
                   1224: # Change the ".your-domain.com" to match your domain to enable.
                   1225: #
                   1226: <Location /server-info>
                   1227:     SetHandler server-info
                   1228:     Order deny,allow
                   1229:     Deny from all
                   1230:     Allow from localhost
                   1231: </Location>
                   1232: 
                   1233: #
                   1234: # enable perl-status for mod_perl
                   1235: #
                   1236: <IfModule mod_perl.c>
                   1237: <Location /perl-status>
                   1238:     SetHandler perl-script
                   1239:     PerlHandler Apache::Status
                   1240:     order deny,allow
                   1241:     deny from all
                   1242:     allow from localhost
                   1243: </Location>
                   1244: </IfModule>
                   1245: </IfDefine>
                   1246: 
                   1247: 
                   1248: #
                   1249: # There have been reports of people trying to abuse an old bug from pre-1.1
                   1250: # days.  This bug involved a CGI script distributed as a part of Apache.
                   1251: # By uncommenting these lines you can redirect these attacks to a logging 
                   1252: # script on phf.apache.org.  Or, you can record them yourself, using the script
                   1253: # support/phf_abuse_log.cgi.
                   1254: #
                   1255: #<Location /cgi-bin/phf*>
                   1256: #    Deny from all
                   1257: #    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
                   1258: #</Location>
                   1259: 
                   1260: #
                   1261: # Proxy Server directives. Uncomment the following lines to
                   1262: # enable the proxy server:
                   1263: #
                   1264: #<IfModule mod_proxy.c>
                   1265: #    ProxyRequests On
                   1266: 
                   1267: #    <Directory proxy:*>
                   1268: #        Order deny,allow
                   1269: #        Deny from all
                   1270: #        Allow from .your-domain.com
                   1271: #    </Directory>
                   1272: 
                   1273:     #
                   1274:     # Enable/disable the handling of HTTP/1.1 "Via:" headers.
                   1275:     # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
                   1276:     # Set to one of: Off | On | Full | Block
                   1277:     #
                   1278: #    ProxyVia On
                   1279: 
                   1280:     #
                   1281:     # To enable the cache as well, edit and uncomment the following lines:
                   1282:     # (no cacheing without CacheRoot)
                   1283:     #
                   1284: #    CacheRoot "/var/cache/httpd"
                   1285: #    CacheSize 5
                   1286: #    CacheGcInterval 4
                   1287: #    CacheMaxExpire 24
                   1288: #    CacheLastModifiedFactor 0.1
                   1289: #    CacheDefaultExpire 1
                   1290: #    NoCache a-domain.com another-domain.edu joes.garage-sale.com
                   1291: 
                   1292: #</IfModule>
                   1293: # End of proxy directives.
                   1294: 
                   1295: ### Section 3: Virtual Hosts
                   1296: #
                   1297: # VirtualHost: If you want to maintain multiple domains/hostnames on your
                   1298: # machine you can setup VirtualHost containers for them. Most configurations
                   1299: # use only name-based virtual hosts so the server doesn't need to worry about
                   1300: # IP addresses. This is indicated by the asterisks in the directives below.
                   1301: #
                   1302: # Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
                   1303: # for further details before you try to setup virtual hosts.
                   1304: #
                   1305: # You may use the command line option '-S' to verify your virtual host
                   1306: # configuration.
                   1307: 
                   1308: #
                   1309: # Use name-based virtual hosting.
                   1310: #
                   1311: #NameVirtualHost *:80
                   1312: 
                   1313: #
                   1314: # VirtualHost example:
                   1315: # Almost any Apache directive may go into a VirtualHost container.
                   1316: # The first VirtualHost section is used for requests without a known
                   1317: # server name.
                   1318: #
                   1319: #<VirtualHost *:80>
                   1320: #    ServerAdmin webmaster@dummy-host.example.com
                   1321: #    DocumentRoot /www/docs/dummy-host.example.com
                   1322: #    ServerName dummy-host.example.com
                   1323: #    ErrorLog logs/dummy-host.example.com-error_log
                   1324: #    CustomLog logs/dummy-host.example.com-access_log common
                   1325: #</VirtualHost>
                   1326: 
                   1327: #<VirtualHost _default_:*>
                   1328: #</VirtualHost>
                   1329: 
                   1330: ##
                   1331: ##  SSL Global Context
                   1332: ##
                   1333: ##  All SSL configuration in this context applies both to
                   1334: ##  the main server and all SSL-enabled virtual hosts.
                   1335: ##
                   1336: 
                   1337: #
                   1338: #   Some MIME-types for downloading Certificates and CRLs
                   1339: #
                   1340: <IfDefine SSL>
                   1341: AddType application/x-x509-ca-cert .crt
                   1342: AddType application/x-pkcs7-crl    .crl
                   1343: </IfDefine>
                   1344: 
                   1345: <IfModule mod_ssl.c>
                   1346: 
                   1347: #   Pass Phrase Dialog:
                   1348: #   Configure the pass phrase gathering process.
                   1349: #   The filtering dialog program (`builtin' is a internal
                   1350: #   terminal dialog) has to provide the pass phrase on stdout.
                   1351: SSLPassPhraseDialog  builtin
                   1352: 
                   1353: #   Inter-Process Session Cache:
                   1354: #   Configure the SSL Session Cache: First the mechanism 
                   1355: #   to use and second the expiring timeout (in seconds, default=300).
                   1356: #   shm means the same as shmht. 
                   1357: #   Note that on most platforms shared memory segments are not allowed to be on 
                   1358: #   network-mounted drives, so in that case you need to use the dbm method.
                   1359: #SSLSessionCache        none
                   1360: #SSLSessionCache        shmht:/var/run/ssl_scache(512000)
                   1361: #SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
                   1362: #SSLSessionCache        dbm:/var/run/ssl_scache
                   1363: SSLSessionCache         shmcb:/var/lib/httpd/ssl_scache
                   1364: SSLSessionCacheTimeout  600
                   1365: 
                   1366: #   Semaphore:
                   1367: #   Configure the path to the mutual exclusion semaphore the
                   1368: #   SSL engine uses internally for inter-process synchronization. 
                   1369: #SSLMutex  file:/var/run/ssl_mutex
                   1370: SSLMutex  sem
                   1371: 
                   1372: #   Pseudo Random Number Generator (PRNG):
                   1373: #   Configure one or more sources to seed the PRNG of the 
                   1374: #   SSL library. The seed data should be of good random quality.
                   1375: #   WARNING! On some platforms /dev/random blocks if not enough entropy
                   1376: #   is available. This means you then cannot use the /dev/random device
                   1377: #   because it would lead to very long connection times (as long as
                   1378: #   it requires to make more entropy available). But usually those
                   1379: #   platforms additionally provide a /dev/urandom device which doesn't
                   1380: #   block. So, if available, use this one instead. Read the mod_ssl User
                   1381: #   Manual for more details.
                   1382: SSLRandomSeed startup builtin
                   1383: SSLRandomSeed connect builtin
                   1384: #SSLRandomSeed startup file:/dev/random  512
                   1385: #SSLRandomSeed startup file:/dev/urandom 512
                   1386: #SSLRandomSeed connect file:/dev/random  512
                   1387: #SSLRandomSeed connect file:/dev/urandom 512
                   1388: 
                   1389: #   Logging:
                   1390: #   The home of the dedicated SSL protocol logfile. Errors are
                   1391: #   additionally duplicated in the general error log file.  Put
                   1392: #   this somewhere where it cannot be used for symlink attacks on
                   1393: #   a real server (i.e. somewhere where only root can write).
                   1394: #   Log levels are (ascending order: higher ones include lower ones):
                   1395: #   none, error, warn, info, trace, debug.
                   1396: SSLLog      /var/log/httpd/ssl_engine_log
                   1397: SSLLogLevel info
                   1398: 
                   1399: </IfModule>
                   1400: 
                   1401: <IfDefine SSL>
                   1402: 
                   1403: ##
                   1404: ## SSL Virtual Host Context
                   1405: ##
                   1406: 
                   1407: <VirtualHost _default_:443>
                   1408: 
                   1409: #  General setup for the virtual host
                   1410: DocumentRoot "/srv/www/htdocs"
                   1411: ServerName new.host.name
                   1412: ServerAdmin you@your.address
                   1413: ErrorLog /var/log/httpd/error_log
                   1414: TransferLog /var/log/httpd/access_log
                   1415: 
                   1416: #   SSL Engine Switch:
                   1417: #   Enable/Disable SSL for this virtual host.
                   1418: SSLEngine on
                   1419: 
                   1420: #   SSL Cipher Suite:
                   1421: #   List the ciphers that the client is permitted to negotiate.
                   1422: #   See the mod_ssl documentation for a complete list.
                   1423: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
                   1424: 
                   1425: #   Server Certificate:
                   1426: #   Point SSLCertificateFile at a PEM encoded certificate.  If
                   1427: #   the certificate is encrypted, then you will be prompted for a
                   1428: #   pass phrase.  Note that a kill -HUP will prompt again. A test
                   1429: #   certificate can be generated with `make certificate' under
                   1430: #   built time. Keep in mind that if you've both a RSA and a DSA
                   1431: #   certificate you can configure both in parallel (to also allow
                   1432: #   the use of DSA ciphers, etc.)
                   1433: SSLCertificateFile /etc/httpd/ssl.crt/server.crt
                   1434: #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
                   1435: 
                   1436: #   Server Private Key:
                   1437: #   If the key is not combined with the certificate, use this
                   1438: #   directive to point at the key file.  Keep in mind that if
                   1439: #   you've both a RSA and a DSA private key you can configure
                   1440: #   both in parallel (to also allow the use of DSA ciphers, etc.)
                   1441: SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
                   1442: #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
                   1443: 
                   1444: #   Server Certificate Chain:
                   1445: #   Point SSLCertificateChainFile at a file containing the
                   1446: #   concatenation of PEM encoded CA certificates which form the
                   1447: #   certificate chain for the server certificate. Alternatively
                   1448: #   the referenced file can be the same as SSLCertificateFile
                   1449: #   when the CA certificates are directly appended to the server
                   1450: #   certificate for convinience.
                   1451: #SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
                   1452: 
                   1453: #   Certificate Authority (CA):
                   1454: #   Set the CA certificate verification path where to find CA
                   1455: #   certificates for client authentication or alternatively one
                   1456: #   huge file containing all of them (file must be PEM encoded)
                   1457: #   Note: Inside SSLCACertificatePath you need hash symlinks
                   1458: #         to point to the certificate files. Use the provided
                   1459: #         Makefile to update the hash symlinks after changes.
                   1460: #SSLCACertificatePath /etc/httpd/ssl.crt
                   1461: #SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
                   1462: 
                   1463: #   Certificate Revocation Lists (CRL):
                   1464: #   Set the CA revocation path where to find CA CRLs for client
                   1465: #   authentication or alternatively one huge file containing all
                   1466: #   of them (file must be PEM encoded)
                   1467: #   Note: Inside SSLCARevocationPath you need hash symlinks
                   1468: #         to point to the certificate files. Use the provided
                   1469: #         Makefile to update the hash symlinks after changes.
                   1470: #SSLCARevocationPath /etc/httpd/ssl.crl
                   1471: #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
                   1472: 
                   1473: #   Client Authentication (Type):
                   1474: #   Client certificate verification type and depth.  Types are
                   1475: #   none, optional, require and optional_no_ca.  Depth is a
                   1476: #   number which specifies how deeply to verify the certificate
                   1477: #   issuer chain before deciding the certificate is not valid.
                   1478: #SSLVerifyClient require
                   1479: #SSLVerifyDepth  10
                   1480: 
                   1481: #   Access Control:
                   1482: #   With SSLRequire you can do per-directory access control based
                   1483: #   on arbitrary complex boolean expressions containing server
                   1484: #   variable checks and other lookup directives.  The syntax is a
                   1485: #   mixture between C and Perl.  See the mod_ssl documentation
                   1486: #   for more details.
                   1487: #<Location />
                   1488: #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
                   1489: #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
                   1490: #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
                   1491: #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
                   1492: #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
                   1493: #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
                   1494: #</Location>
                   1495: 
                   1496: #   SSL Engine Options:
                   1497: #   Set various options for the SSL engine.
                   1498: #   o FakeBasicAuth:
                   1499: #     Translate the client X.509 into a Basic Authorisation.  This means that
                   1500: #     the standard Auth/DBMAuth methods can be used for access control.  The
                   1501: #     user name is the `one line' version of the client's X.509 certificate.
                   1502: #     Note that no password is obtained from the user. Every entry in the user
                   1503: #     file needs this password: `xxj31ZMTZzkVA'.
                   1504: #   o ExportCertData:
                   1505: #     This exports two additional environment variables: SSL_CLIENT_CERT and
                   1506: #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
                   1507: #     server (always existing) and the client (only existing when client
                   1508: #     authentication is used). This can be used to import the certificates
                   1509: #     into CGI scripts.
                   1510: #   o StdEnvVars:
                   1511: #     This exports the standard SSL/TLS related `SSL_*' environment variables.
                   1512: #     Per default this exportation is switched off for performance reasons,
                   1513: #     because the extraction step is an expensive operation and is usually
                   1514: #     useless for serving static content. So one usually enables the
                   1515: #     exportation for CGI and SSI requests only.
                   1516: #   o CompatEnvVars:
                   1517: #     This exports obsolete environment variables for backward compatibility
                   1518: #     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
                   1519: #     to provide compatibility to existing CGI scripts.
                   1520: #   o StrictRequire:
                   1521: #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
                   1522: #     under a "Satisfy any" situation, i.e. when it applies access is denied
                   1523: #     and no other module can change it.
                   1524: #   o OptRenegotiate:
                   1525: #     This enables optimized SSL connection renegotiation handling when SSL
                   1526: #     directives are used in per-directory context. 
                   1527: #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
                   1528: <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                   1529:     SSLOptions +StdEnvVars
                   1530: </Files>
                   1531: <Directory "/srv/www/cgi-bin">
                   1532:     SSLOptions +StdEnvVars
                   1533: </Directory>
                   1534: 
                   1535: #   SSL Protocol Adjustments:
                   1536: #   The safe and default but still SSL/TLS standard compliant shutdown
                   1537: #   approach is that mod_ssl sends the close notify alert but doesn't wait for
                   1538: #   the close notify alert from client. When you need a different shutdown
                   1539: #   approach you can use one of the following variables:
                   1540: #   o ssl-unclean-shutdown:
                   1541: #     This forces an unclean shutdown when the connection is closed, i.e. no
                   1542: #     SSL close notify alert is send or allowed to received.  This violates
                   1543: #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
                   1544: #     this when you receive I/O errors because of the standard approach where
                   1545: #     mod_ssl sends the close notify alert.
                   1546: #   o ssl-accurate-shutdown:
                   1547: #     This forces an accurate shutdown when the connection is closed, i.e. a
                   1548: #     SSL close notify alert is send and mod_ssl waits for the close notify
                   1549: #     alert of the client. This is 100% SSL/TLS standard compliant, but in
                   1550: #     practice often causes hanging connections with brain-dead browsers. Use
                   1551: #     this only for browsers where you know that their SSL implementation
                   1552: #     works correctly. 
                   1553: #   Notice: Most problems of broken clients are also related to the HTTP
                   1554: #   keep-alive facility, so you usually additionally want to disable
                   1555: #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
                   1556: #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
                   1557: #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                   1558: #   "force-response-1.0" for this.
                   1559: SetEnvIf User-Agent ".*MSIE.*" \
                   1560:          nokeepalive ssl-unclean-shutdown \
                   1561:          downgrade-1.0 force-response-1.0
                   1562: 
                   1563: #   Per-Server Logging:
                   1564: #   The home of a custom SSL log file. Use this when you want a
                   1565: #   compact non-error SSL logfile on a virtual host basis.
                   1566: CustomLog /var/log/httpd/ssl_request_log \
                   1567:           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
                   1568: 
                   1569: </VirtualHost>                                  
                   1570: 
                   1571: </IfDefine>
                   1572: 
                   1573: 
                   1574: 
                   1575: # Note:
                   1576: #
                   1577: # The file that is included below is generated by SuSEconfig.
                   1578: #
                   1579: # In this file, SuSEconfig puts Include statements it finds
                   1580: # in /etc/httpd/modules/* (lines with "File:..." or "Include:..."). 
                   1581: # If such a module file also contains a "Variable:..." statement, the settings 
                   1582: # in /etc/sysconfig/apache will be honored. 
                   1583: # 
                   1584: # In addition, any files listed in the HTTPD_CONF_INCLUDE_FILES variable 
                   1585: # in /etc/sysconfig/apache will be included here by SuSEconfig. 
                   1586: # This allows you to add e.g. VirtualHost statements without touching
                   1587: # /etc/httpd/httpd.conf itself, which means that SuSEconfig will continue doing its
                   1588: # job (since it would not touch httpd.conf any longer as soon it detects changes
                   1589: # made by the admin via the md5sum mechanism)
                   1590: 
                   1591: Include /etc/httpd/suse_include.conf
                   1592: Include /etc/httpd/conf/loncapa_apache.conf
                   1593: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>