diff options
author | Bob Beck <beck@cvs.openbsd.org> | 1998-10-04 08:23:53 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 1998-10-04 08:23:53 +0000 |
commit | 0e4e6fa00f7ce348b3508e74402b5ce54ff46483 (patch) | |
tree | b28fae660a5cfdfdbc14ba365b2ecaa00b02ced9 /usr.sbin/httpd/conf | |
parent | 020d27c2264a43cd5bb4b0d4364e01a3f2e2def1 (diff) |
1.3.2 versions of conf files
Diffstat (limited to 'usr.sbin/httpd/conf')
-rw-r--r-- | usr.sbin/httpd/conf/access.conf | 29 | ||||
-rw-r--r-- | usr.sbin/httpd/conf/httpd.conf | 109 | ||||
-rw-r--r-- | usr.sbin/httpd/conf/srm.conf | 50 |
3 files changed, 167 insertions, 21 deletions
diff --git a/usr.sbin/httpd/conf/access.conf b/usr.sbin/httpd/conf/access.conf index 94630fd115c..96cafc8a289 100644 --- a/usr.sbin/httpd/conf/access.conf +++ b/usr.sbin/httpd/conf/access.conf @@ -10,6 +10,19 @@ # Originally by Rob McCool +# First, we configure the "default" to be a very restrictive set of +# permissions. + +<Directory /> +Options FollowSymLinks +AllowOverride None +</Directory> + +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. + # This should be changed to whatever you set DocumentRoot to. <Directory /var/www/htdocs> @@ -18,7 +31,7 @@ # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". # Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you (or at least, not yet). +# doesn't give it to you. Options Indexes FollowSymLinks @@ -35,7 +48,7 @@ allow from all </Directory> -# /usr/local/etc/httpd/cgi-bin should be changed to whatever your ScriptAliased +# @@ServerRoot@@/cgi-bin should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. <Directory /var/www/cgi-bin> @@ -54,6 +67,18 @@ Options None #allow from .your_domain.com #</Location> +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".your_domain.com" to match your domain to enable. + +#<Location /server-info> +#SetHandler server-info + +#order deny,allow +#deny from all +#allow from .your_domain.com +#</Location> + # There have been reports of people trying to abuse an old bug from pre-1.1 # days. This bug involved a CGI script distributed as a part of Apache. # By uncommenting these lines you can redirect these attacks to a logging diff --git a/usr.sbin/httpd/conf/httpd.conf b/usr.sbin/httpd/conf/httpd.conf index 0657cbd0e50..e413ab7c4d7 100644 --- a/usr.sbin/httpd/conf/httpd.conf +++ b/usr.sbin/httpd/conf/httpd.conf @@ -7,6 +7,19 @@ # Originally by Rob McCool +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Please read the file README.DSO in the Apache 1.3 distribution for more +# details about the DSO mechanism and run `httpd -l' for the list of already +# built-in (statically linked and thus always available) modules in your httpd +# binary. +# +# Example: +# LoadModule foo_module libexec/mod_foo.so + # ServerType is either inetd, or standalone. ServerType standalone @@ -20,10 +33,10 @@ Port 80 # HostnameLookups: Log the names of clients or just their IP numbers # e.g. www.apache.org (on) or 204.62.129.132 (off) -# You should probably turn this off unless you are going to actually -# use the information in your logs, or with a CGI. Leaving this on -# can slow down access to your site. -HostnameLookups on +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on. + +HostnameLookups off # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. @@ -32,23 +45,21 @@ HostnameLookups on # On SCO (ODT 3) use User nouser and Group nogroup # On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. +# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) +# when the value of (unsigned)Group is above 60000; +# don't use Group #-1 on these systems! # On OpenBSD, use user www, group www + User www Group www -# The following directive disables keepalives and HTTP header flushes for -# Netscape 2.x and browsers which spoof it. There are known problems with -# these - -BrowserMatch Mozilla/2 nokeepalive - # ServerAdmin: Your address, where problems with the server should be # e-mailed. ServerAdmin you@your.address # ServerRoot: The directory the server's config, error, and log files -# are kept in +# are kept in. # NOTE! If you intend to place this on a NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation, # you will save yourself a lot of trouble. @@ -67,10 +78,35 @@ ServerRoot /var/www ErrorLog logs/error_log -# TransferLog: The location of the transfer log file. If this does not -# start with /, ServerRoot is prepended to it. +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. + +LogLevel warn + +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). + +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# The location of the access logfile (Common Logfile Format). +# If this does not start with /, ServerRoot is prepended to it. -TransferLog logs/access_log +CustomLog logs/access_log common + +# If you would like to have an agent and referer logfile uncomment the +# following directives. + +#CustomLog logs/referer_log referer +#CustomLog logs/agent_log agent + +# If you prefer a single logfile with access, agent and referer information +# (Combined Logfile Format) you can use the following directive. + +#CustomLog logs/access_log combined # PidFile: The file the server should log its pid to PidFile logs/httpd.pid @@ -79,7 +115,23 @@ PidFile logs/httpd.pid # Not all architectures require this. But if yours does (you'll know because # this file is created when you run Apache) then you *must* ensure that # no two invocations of Apache share the same scoreboard file. -ScoreBoardFile logs/apache_status +ScoreBoardFile logs/apache_runtime_status + +# The LockFile directive sets the path to the lockfile used when Apache +# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or +# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at +# its default value. The main reason for changing it is if the logs +# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL +# DISK. The PID of the main server process is automatically appended to +# the filename. +# +#LockFile logs/accept.lock + +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the server-status Handler is called. The default is Off. +# +#ExtendedStatus On # ServerName allows you to set a host name which is sent back to clients for # your server if it's different than the one the program would get (i.e. use @@ -88,9 +140,27 @@ ScoreBoardFile logs/apache_status # Note: You cannot just invent host names and hope they work. The name you # define here must be a valid DNS name for your host. If you don't understand # this, ask your network administrator. +# If your host doesn't have a registered DNS name, enter its IP address here. +# You will have to access it by its address (e.g., http://123.45.67.89) +# anyway, and this will make redirections work in a sensible way. #ServerName new.host.name +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (error documents, ftp directory listings, +# mod_status and mod_info output etc., but not SSI generated documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +ServerSignature on + +# UseCanonicalName: (new for 1.3) With this setting turned on, whenever +# Apache needs to construct a self-referencing URL (a url that refers back +# to the server the response is coming from) it will use ServerName and +# Port to form a "canonical" name. With this setting off, Apache will +# use the hostname:port that the client supplied, when possible. This +# also affects SERVER_NAME and SERVER_PORT in CGIs. +UseCanonicalName on + # CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each # document that was negotiated on the basis of content. This asks proxy # servers not to cache the document. Uncommenting the following line disables @@ -158,9 +228,16 @@ MaxRequestsPerChild 30 #ProxyRequests On +# Enable/disable the handling of HTTP/1.1 "Via:" headers. +# ("Full" adds the server version; "Block" removes all outgoing Via: headers) +# Set to one of: Off | On | Full | Block +#ProxyVia on + # To enable the cache as well, edit and uncomment the following lines: +# (no cacheing without CacheRoot) + +#CacheRoot @@ServerRoot@@/proxy -#CacheRoot /usr/local/etc/httpd/proxy #CacheSize 5 #CacheGcInterval 4 #CacheMaxExpire 24 diff --git a/usr.sbin/httpd/conf/srm.conf b/usr.sbin/httpd/conf/srm.conf index 42728f126cb..23c953c9ce3 100644 --- a/usr.sbin/httpd/conf/srm.conf +++ b/usr.sbin/httpd/conf/srm.conf @@ -17,7 +17,7 @@ DocumentRoot /var/www/htdocs # UserDir: The name of the directory which is appended onto a user's home # directory if a ~user request is recieved. -UserDir public_html +# UserDir public_html # DirectoryIndex: Name of the file or files to use as a pre-written HTML # directory index. Separate multiple entries with spaces. @@ -84,13 +84,30 @@ HeaderName HEADER # IndexIgnore is a set of filenames which directory indexing should ignore # Format: IndexIgnore name1 name2... -IndexIgnore */.??* *~ *# */HEADER* */README* */RCS +IndexIgnore .??* *~ *# HEADER* README* RCS # AccessFileName: The name of the file to look for in each directory # for access control information. AccessFileName .htaccess +# The following lines prevent .htaccess files from being viewed by +# Web clients. Since .htaccess files often contain authorization +# information, access is disallowed for security reasons. Comment +# these lines out if you want Web visitors to see the contents of +# .htaccess files. If you change the AccessFileName directive above, +# be sure to make the corresponding changes here. + +<Files .htaccess> +order allow,deny +deny from all +</Files> + +# TypesConfig describes where the mime.types file (or equivalent) is +# to be found. + +TypesConfig conf/mime.types + # DefaultType is the default MIME type for documents which the server # cannot find the type of from filename extensions. @@ -135,7 +152,7 @@ LanguagePriority en fr de # require it to be present in the URL. So "/icons" isn't aliased in this # example. -#Alias /icons/ /var/www/icons/ +Alias /icons/ /var/www/icons/ # ScriptAlias: This controls which directories contain server scripts. # Format: ScriptAlias fakename realname @@ -149,6 +166,11 @@ ScriptAlias /cgi-bin/ /var/www/cgi-bin/ # make certain files to be certain types. # Format: AddType type/subtype ext1 +# For example, the PHP3 module (not part of the Apache distribution) +# will typically use: +#AddType application/x-httpd-php3 .phtml +#AddType application/x-httpd-php3-source .phps + # AddHandler allows you to map certain file extensions to "handlers", # actions unrelated to filetype. These can be either built into the server # or added with the Action command (see below) @@ -204,3 +226,25 @@ ScriptAlias /cgi-bin/ /var/www/cgi-bin/ # 3) external redirects #ErrorDocument 402 http://some.other_server.com/subscription_info.html # + +# mod_mime_magic allows the server to use various hints from the file itself +# to determine its type. +#MimeMagicFile conf/magic + +# The following directives disable keepalives and HTTP header flushes. +# The first directive disables it for Netscape 2.x and browsers which +# spoof it. There are known problems with these. +# The second directive is for Microsoft Internet Explorer 4.0b2 +# which has a broken HTTP/1.1 implementation and does not properly +# support keepalive when it is used on 301 or 302 (redirect) responses. + +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + +# The following directive disables HTTP/1.1 responses to browsers which +# are in violation of the HTTP/1.0 spec by not being able to grok a +# basic 1.1 response. + +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 |