summaryrefslogtreecommitdiff
path: root/usr.sbin/httpd/conf
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>1998-10-04 08:23:53 +0000
committerBob Beck <beck@cvs.openbsd.org>1998-10-04 08:23:53 +0000
commit0e4e6fa00f7ce348b3508e74402b5ce54ff46483 (patch)
treeb28fae660a5cfdfdbc14ba365b2ecaa00b02ced9 /usr.sbin/httpd/conf
parent020d27c2264a43cd5bb4b0d4364e01a3f2e2def1 (diff)
1.3.2 versions of conf files
Diffstat (limited to 'usr.sbin/httpd/conf')
-rw-r--r--usr.sbin/httpd/conf/access.conf29
-rw-r--r--usr.sbin/httpd/conf/httpd.conf109
-rw-r--r--usr.sbin/httpd/conf/srm.conf50
3 files changed, 167 insertions, 21 deletions
diff --git a/usr.sbin/httpd/conf/access.conf b/usr.sbin/httpd/conf/access.conf
index 94630fd115c..96cafc8a289 100644
--- a/usr.sbin/httpd/conf/access.conf
+++ b/usr.sbin/httpd/conf/access.conf
@@ -10,6 +10,19 @@
# Originally by Rob McCool
+# First, we configure the "default" to be a very restrictive set of
+# permissions.
+
+<Directory />
+Options FollowSymLinks
+AllowOverride None
+</Directory>
+
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+
# This should be changed to whatever you set DocumentRoot to.
<Directory /var/www/htdocs>
@@ -18,7 +31,7 @@
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
# Note that "MultiViews" must be named *explicitly* --- "Options All"
-# doesn't give it to you (or at least, not yet).
+# doesn't give it to you.
Options Indexes FollowSymLinks
@@ -35,7 +48,7 @@ allow from all
</Directory>
-# /usr/local/etc/httpd/cgi-bin should be changed to whatever your ScriptAliased
+# @@ServerRoot@@/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory /var/www/cgi-bin>
@@ -54,6 +67,18 @@ Options None
#allow from .your_domain.com
#</Location>
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".your_domain.com" to match your domain to enable.
+
+#<Location /server-info>
+#SetHandler server-info
+
+#order deny,allow
+#deny from all
+#allow from .your_domain.com
+#</Location>
+
# There have been reports of people trying to abuse an old bug from pre-1.1
# days. This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
diff --git a/usr.sbin/httpd/conf/httpd.conf b/usr.sbin/httpd/conf/httpd.conf
index 0657cbd0e50..e413ab7c4d7 100644
--- a/usr.sbin/httpd/conf/httpd.conf
+++ b/usr.sbin/httpd/conf/httpd.conf
@@ -7,6 +7,19 @@
# Originally by Rob McCool
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Please read the file README.DSO in the Apache 1.3 distribution for more
+# details about the DSO mechanism and run `httpd -l' for the list of already
+# built-in (statically linked and thus always available) modules in your httpd
+# binary.
+#
+# Example:
+# LoadModule foo_module libexec/mod_foo.so
+
# ServerType is either inetd, or standalone.
ServerType standalone
@@ -20,10 +33,10 @@ Port 80
# HostnameLookups: Log the names of clients or just their IP numbers
# e.g. www.apache.org (on) or 204.62.129.132 (off)
-# You should probably turn this off unless you are going to actually
-# use the information in your logs, or with a CGI. Leaving this on
-# can slow down access to your site.
-HostnameLookups on
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on.
+
+HostnameLookups off
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
@@ -32,23 +45,21 @@ HostnameLookups on
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
+# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
+# when the value of (unsigned)Group is above 60000;
+# don't use Group #-1 on these systems!
# On OpenBSD, use user www, group www
+
User www
Group www
-# The following directive disables keepalives and HTTP header flushes for
-# Netscape 2.x and browsers which spoof it. There are known problems with
-# these
-
-BrowserMatch Mozilla/2 nokeepalive
-
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.
ServerAdmin you@your.address
# ServerRoot: The directory the server's config, error, and log files
-# are kept in
+# are kept in.
# NOTE! If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.
@@ -67,10 +78,35 @@ ServerRoot /var/www
ErrorLog logs/error_log
-# TransferLog: The location of the transfer log file. If this does not
-# start with /, ServerRoot is prepended to it.
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+
+LogLevel warn
+
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# The location of the access logfile (Common Logfile Format).
+# If this does not start with /, ServerRoot is prepended to it.
-TransferLog logs/access_log
+CustomLog logs/access_log common
+
+# If you would like to have an agent and referer logfile uncomment the
+# following directives.
+
+#CustomLog logs/referer_log referer
+#CustomLog logs/agent_log agent
+
+# If you prefer a single logfile with access, agent and referer information
+# (Combined Logfile Format) you can use the following directive.
+
+#CustomLog logs/access_log combined
# PidFile: The file the server should log its pid to
PidFile logs/httpd.pid
@@ -79,7 +115,23 @@ PidFile logs/httpd.pid
# Not all architectures require this. But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
-ScoreBoardFile logs/apache_status
+ScoreBoardFile logs/apache_runtime_status
+
+# The LockFile directive sets the path to the lockfile used when Apache
+# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
+# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
+# its default value. The main reason for changing it is if the logs
+# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
+# DISK. The PID of the main server process is automatically appended to
+# the filename.
+#
+#LockFile logs/accept.lock
+
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the server-status Handler is called. The default is Off.
+#
+#ExtendedStatus On
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
@@ -88,9 +140,27 @@ ScoreBoardFile logs/apache_status
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
+# If your host doesn't have a registered DNS name, enter its IP address here.
+# You will have to access it by its address (e.g., http://123.45.67.89)
+# anyway, and this will make redirections work in a sensible way.
#ServerName new.host.name
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (error documents, ftp directory listings,
+# mod_status and mod_info output etc., but not SSI generated documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+ServerSignature on
+
+# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
+# Apache needs to construct a self-referencing URL (a url that refers back
+# to the server the response is coming from) it will use ServerName and
+# Port to form a "canonical" name. With this setting off, Apache will
+# use the hostname:port that the client supplied, when possible. This
+# also affects SERVER_NAME and SERVER_PORT in CGIs.
+UseCanonicalName on
+
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
@@ -158,9 +228,16 @@ MaxRequestsPerChild 30
#ProxyRequests On
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#ProxyVia on
+
# To enable the cache as well, edit and uncomment the following lines:
+# (no cacheing without CacheRoot)
+
+#CacheRoot @@ServerRoot@@/proxy
-#CacheRoot /usr/local/etc/httpd/proxy
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
diff --git a/usr.sbin/httpd/conf/srm.conf b/usr.sbin/httpd/conf/srm.conf
index 42728f126cb..23c953c9ce3 100644
--- a/usr.sbin/httpd/conf/srm.conf
+++ b/usr.sbin/httpd/conf/srm.conf
@@ -17,7 +17,7 @@ DocumentRoot /var/www/htdocs
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is recieved.
-UserDir public_html
+# UserDir public_html
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
@@ -84,13 +84,30 @@ HeaderName HEADER
# IndexIgnore is a set of filenames which directory indexing should ignore
# Format: IndexIgnore name1 name2...
-IndexIgnore */.??* *~ *# */HEADER* */README* */RCS
+IndexIgnore .??* *~ *# HEADER* README* RCS
# AccessFileName: The name of the file to look for in each directory
# for access control information.
AccessFileName .htaccess
+# The following lines prevent .htaccess files from being viewed by
+# Web clients. Since .htaccess files often contain authorization
+# information, access is disallowed for security reasons. Comment
+# these lines out if you want Web visitors to see the contents of
+# .htaccess files. If you change the AccessFileName directive above,
+# be sure to make the corresponding changes here.
+
+<Files .htaccess>
+order allow,deny
+deny from all
+</Files>
+
+# TypesConfig describes where the mime.types file (or equivalent) is
+# to be found.
+
+TypesConfig conf/mime.types
+
# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.
@@ -135,7 +152,7 @@ LanguagePriority en fr de
# require it to be present in the URL. So "/icons" isn't aliased in this
# example.
-#Alias /icons/ /var/www/icons/
+Alias /icons/ /var/www/icons/
# ScriptAlias: This controls which directories contain server scripts.
# Format: ScriptAlias fakename realname
@@ -149,6 +166,11 @@ ScriptAlias /cgi-bin/ /var/www/cgi-bin/
# make certain files to be certain types.
# Format: AddType type/subtype ext1
+# For example, the PHP3 module (not part of the Apache distribution)
+# will typically use:
+#AddType application/x-httpd-php3 .phtml
+#AddType application/x-httpd-php3-source .phps
+
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
@@ -204,3 +226,25 @@ ScriptAlias /cgi-bin/ /var/www/cgi-bin/
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
#
+
+# mod_mime_magic allows the server to use various hints from the file itself
+# to determine its type.
+#MimeMagicFile conf/magic
+
+# The following directives disable keepalives and HTTP header flushes.
+# The first directive disables it for Netscape 2.x and browsers which
+# spoof it. There are known problems with these.
+# The second directive is for Microsoft Internet Explorer 4.0b2
+# which has a broken HTTP/1.1 implementation and does not properly
+# support keepalive when it is used on 301 or 302 (redirect) responses.
+
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+
+# The following directive disables HTTP/1.1 responses to browsers which
+# are in violation of the HTTP/1.0 spec by not being able to grok a
+# basic 1.1 response.
+
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0