src - OpenBSD base system

diff options


context:
space:
mode:

author	Henning Brauer <henning@cvs.openbsd.org>	2002-10-07 21:04:45 +0000
committer	Henning Brauer <henning@cvs.openbsd.org>	2002-10-07 21:04:45 +0000
commit	908fe14881fb9d53bfe0f1cc94945b82cb9dd485 (patch)
tree	08908fbaf1eab7220021f47bbc84e53f0c7e4a82 /usr.sbin/httpd/htdocs/manual/misc
parent	07c8ffe3d5afa52d20a30be91dccc111fbc1824f (diff)

merge apache 1.3.27

Diffstat (limited to 'usr.sbin/httpd/htdocs/manual/misc')

-rw-r--r--

usr.sbin/httpd/htdocs/manual/misc/FAQ.html

180

-rw-r--r--

usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html

-rw-r--r--

usr.sbin/httpd/htdocs/manual/misc/perf.html

-rw-r--r--

usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html

-rw-r--r--

usr.sbin/httpd/htdocs/manual/misc/tutorials.html

5 files changed, 214 insertions, 78 deletions

diff --git a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html b/usr.sbin/httpd/htdocs/manual/misc/FAQ.html
index 8d731d68613..b44edbb2ae5 100644
--- a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html
+++ b/usr.sbin/httpd/htdocs/manual/misc/FAQ.html

@@ -320,6 +320,10 @@

messages periodically, when I did not restart the

server?</a></li>

+ <li><a href="#modulemagic">Why am I getting "module

+ <em>module-name</em> is not compatible with this version of

+ Apache" messages in my error log?</a></li>

</ol>

</li>

@@ -418,6 +422,11 @@

<li><a href="#options">Why do my Options directives not have

the desired effect?</a></li>

+ <li><a href="#serverheader">How can I change the information

+ that Apache returns about itself in the headers?</a></li>

+ <li><a href="#proxyscan">Why do I see requests for other sites

+ appearing in my log files?</a></li>

</ol>

</li>

@@ -1891,10 +1900,10 @@

can safely ignore these error messages as they do not affect

Apache. ApacheWeek has an <a

href="http://www.apacheweek.com/features/codered">article</a>

- with more information.</p>

+ with more information.</p><hr />

</li>

- <li<a id="restart" name="restart"><b>Why am I getting server restart

+ <li><a id="restart" name="restart"><b>Why am I getting server restart

messages periodically, when I did not restart the server?</b></a>

<p>Problem: You are noticing restart messages in your error log,

@@ -1909,7 +1918,26 @@

<p>Check your cron jobs to see when/if your server logs are being

rotated. Compare the time of rotation to the error menage time.

If they are the same, you can somewhat safely assume that the

- restart is due to your server logs being rotated.</p>

+ restart is due to your server logs being rotated.</p><hr />

+ </li>

+ <li><a id="modulemagic" name="modulemagic"><b>Why am I getting

+ "module <em>module-name</em> is not compatible with this version

+ of Apache" messages in my error log?</b></a>

+ <p>Module Magic Number (MMN) is a constant defined in Apache

+ source that is associated with binary compatibility of

+ modules. It is changed when internal Apache structures,

+ function calls and other significant parts of API change in

+ such a way that binary compatiblity cannot be guaranteed any

+ more. On MMN change, all third party modules have to be at

+ least recompiled, sometimes even slightly changed in order

+ to work with the new version of Apache.</p>

+ <p>If you're getting the above error messages, contact the

+ vendor of the module for the new binary, or compile it if

+ you have access to the source code.</p><hr />

+ </li>

</ol>

@@ -2520,9 +2548,25 @@ NameVirtualHost *<br />

<p>To turn on automatic directory indexing, find the

<a href="../mod/core.html#options">Options</a> directive that

applies to the directory and add the <code>Indexes</code>

- keyword. To turn off automatic directory indexing, remove

+ keyword. For example:</p>

+ <blockquote><code>

+ <Directory /path/to/directory><br />

+    Options +Indexes<br />

+ </Directory>

+ </code></blockquote>

+ <p>To turn off automatic directory indexing, remove

the <code>Indexes</code> keyword from the appropriate

- <code>Options</code> line.</p>

+ <code>Options</code> line. To turn off directory listing

+ for a particular subdirectory, you can use

+ <code>Options -Indexes</code>. For example:</p>

+ <blockquote><code>

+ <Directory /path/to/directory><br />

+    Options -Indexes<br />

+ </Directory>

+ </code></blockquote>

@@ -2561,6 +2605,132 @@ Options Includes ExecCGI<br />

+ <li><a id="serverheader" name="servername"><strong>How can I change

+ the information that Apache returns about itself in the

+ headers?</strong></a>

+ <p>When a client connects to Apache, part of the information returned in

+ the headers is the name "Apache" Additional information that can be sent

+ is the version number, such as "1.3.26", the operating system, and a

+ list of non-standard modules you have installed.</p>

+ <p>For example:</p>

+<blockquote><code>

+Server: Apache/1.3.26 (Unix) mod_perl/1.26

+</code></blockquote>

+ <p>Frequently, people want to remove this information, under the mistaken

+ understanding that this will make the system more secure. This is

+ probably not the case, as the same exploits will likely be attempted

+ regardless of the header information you provide.</p>

+ <p>There are, however, two answers to this question: the correct answer,

+ and the answer that you are probably looking for.</p>

+ <p>The correct answer to this question is that you should use the

+ ServerTokens directive to alter the quantity of information which is

+ passed in the headers. Setting this directive to <code>Prod</code> will

+ pass the least possible amount of information:</p>

+<blockquote><code>

+Server: Apache

+</code></blockquote>

+ <p>The answer you are probably looking for is how to make Apache lie

+ about what what it is, ie send something like:</p>

+<blockquote><code>

+Server: Bob's Happy HTTPd Server

+</code></blockquote>

+ <p>In order to do this, you will need to modify the Apache source code and

+ rebuild Apache. This is not advised, as it is almost certain not to

+ provide you with the added security you think that you are gaining. The

+ exact method of doing this is left as an exercise for the reader, as we

+ are not keen on helping you do something that is intrinsically a bad

+ idea.</p>

+ <hr /></li>

+ <li><a id="proxyscan" name="proxyscan"><strong>Why do I see requests

+ for other sites appearing in my log files?</strong></a>

+ <p>A an access_log entry showing this situation could look

+ like this:</p>

+ <blockquote><code> 63.251.56.142 - -

+ [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/

+ HTTP/1.0" 200 1456 </code></blockquote>

+ <p>The question is: why did a request for

+ <code>www.yahoo.com</code> come to your server instead of

+ Yahoo's server? And why does the response have a status

+ code of 200 (success)?</p>

+ <p>This is usually the result of malicious clients trying to

+ exploit open proxy servers to access a website without

+ revealing their true location. If you find entries like this

+ in your log, the first thing to do is to make sure you have

+ properly configured your server not to proxy for unknown

+ clients. If you don't need to provide a proxy server at all,

+ you should simply assure that the <a

+ href="../mod/mod_proxy.html#proxyrequests">ProxyRequests</a>

+ directive is <strong>not</strong> set <code>on</code>.

+ If you do need to run a proxy server, then you must ensure

+ that you <a href="../mod/mod_proxy.html#access">secure your

+ server properly</a> so that only authorized clients can use

+ it.</p>

+ <p>If your server is configured properly, then the attempt to

+ proxy through your server will fail. If you see a status

+ code of <code>404</code> (file not found) in the log, then

+ you know that the request failed. If you see a status code

+ of <code>200</code> (success), that does not necessarily mean

+ that the attempt to proxy succeeded. RFC2616 section 5.1.2

+ mandates that Apache must accept requests with absolute URLs

+ in the request-URI, even for non-proxy requests. Since

+ Apache has no way to know all the different names that your

+ server may be known under, it cannot simply reject hostnames

+ it does not recognize. Instead, it will serve requests for

+ unknown sites locally by stripping off the hostname and using

+ the default server or virtual host. Therefore you can

+ compare the size of the file (1456 in the above example) to

+ the size of the corresponding file in your default server.

+ If they are the same, then the proxy attempt failed, since a

+ document from your server was delivered, not a document from

+ <code>www.yahoo.com</code>.</p>

+ <p>If you wish to prevent this type of request entirely, then

+ you need to let Apache know what hostnames to accept and what

+ hostnames to reject. You do this by configuring name-virtual

+ hosts, where the first listed host is the default host that

+ will catch and reject unknown hostnames. For example:</p>

+<blockquote>

+<pre>

+NameVirtualHost *

+<VirtualHost *>

+ ServerName default.only

+ <Location />

+ Order allow,deny

+ Deny from all

+ </Location>

+</VirtualHost>

+<VirtualHost *>

+ ServerName realhost1.example.com

+ ServerAlias alias1.example.com alias2.example.com

+ DocumentRoot /path/to/site1

+</VirtualHost>

+...

+</pre>

+</blockquote>

+ <hr /></li>

</ol>

diff --git a/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html b/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html
index c4774dd3d71..5b4b8faa017 100644
--- a/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html
+++ b/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html

@@ -6,7 +6,6 @@

<title>Connections in FIN_WAIT_2 and Apache</title>

- <link rev="made" href="mailto:marc@apache.org" />

</head>

@@ -254,10 +253,7 @@

patch available</a> for adding a timeout to the FIN_WAIT_2

state; it was originally intended for BSD/OS, but should be

adaptable to most systems using BSD networking code. You

- need kernel source code to be able to use it. If you do

- adapt it to work for any other systems, please drop me a

- note at <a

- href="mailto:marc@apache.org">marc@apache.org</a>.</p>

+ need kernel source code to be able to use it.

<h3>Compile without using

<code>lingering_close()</code></h3>

@@ -332,16 +328,9 @@

Off".</p>

</li>

- <li>

- Feedback If you have any information to add to this page,

- please contact me at <a

- href="mailto:marc@apache.org">marc@apache.org</a>.

- <h2><a id="appendix" name="appendix"></a></h2>

- </li>

<li>

- Appendix

+ <h2><a id="appendix" name="appendix">Appendix</a></h2>

<p>Below is a message from Roy Fielding, one of the authors

of HTTP/1.1.</p>

diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf.html b/usr.sbin/httpd/htdocs/manual/misc/perf.html
index 506129bb232..24b345a1ba6 100644
--- a/usr.sbin/httpd/htdocs/manual/misc/perf.html
+++ b/usr.sbin/httpd/htdocs/manual/misc/perf.html

@@ -37,6 +37,8 @@

+ <li><a href="#irix">IRIX</a></li>

<li><a href="#Linux">Linux</a></li>

<li><a href="#Solaris">Solaris</a></li>

@@ -75,6 +77,14 @@

</ul>

<hr />

+ <h3><a id="irix" name="irix">IRIX</a></h3>

+ <p>An SGI document covering tuning of IRIX 6.2 through 6.5 is

+ available from <a

+ href="http://gea.stanford.edu/SGI_tuning/">Stanford</a>.</p>

+ <hr />

<h3><a id="Linux" name="Linux">Linux</a></h3>

There are no known problems with heavily loaded systems running

Linux kernels 2.0.32 or later. Earlier kernels have some

@@ -82,6 +92,7 @@

eliminate various security and denial of service attacks.

<hr />

<h3><a id="Solaris" name="Solaris">Solaris 2.4</a></h3>

The Solaris 2.4 TCP implementation has a few inherent

limitations that only became apparent under heavy loads. This

@@ -165,8 +176,10 @@

<hr />

<h3>More welcome!</h3>

- If you have tips to contribute, send mail to <a

- href="mailto:apache@apache.org">apache@apache.org</a>

+ If you have tips to contribute, please submit them to

+ the <a href="http://www.apache.org/bug_report.html">Apache Bug

+ Database</a>.

<hr />

<h3 align="CENTER">Apache HTTP Server Version 1.3</h3>

diff --git a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html b/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html
index 78642802323..345a9188bc2 100644
--- a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html
+++ b/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html

@@ -1686,7 +1686,7 @@ HREF="*"

<dd>How can we transform a static page

<code>foo.html</code> into a dynamic variant

- <code>foo.cgi</code> in a seemless way, i.e. without notice

+ <code>foo.cgi</code> in a seamless way, i.e. without notice

by the browser/user.</dd>

<dt><strong>Solution:</strong></dt>

diff --git a/usr.sbin/httpd/htdocs/manual/misc/tutorials.html b/usr.sbin/httpd/htdocs/manual/misc/tutorials.html
index 3c2771ccefd..f2938f25957 100644
--- a/usr.sbin/httpd/htdocs/manual/misc/tutorials.html
+++ b/usr.sbin/httpd/htdocs/manual/misc/tutorials.html

@@ -32,14 +32,6 @@

<h2>Installation & Getting Started</h2>

<ul>

- <li><a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-06-1-001-01-NW-DP-LF">

- Getting Started with Apache 1.3</a> (ApacheToday)</li>

- <li><a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-07-10-001-01-NW-LF-SW">

- Configuring Your Apache Server Installation</a>

- (ApacheToday)</li>

<li><a

href="http://www.onlamp.com/pub/a/apache/2000/02/24/installing_apache.html">

@@ -54,6 +46,11 @@

href="http://www.devshed.com/Server_Side/Administration/APACHE/">

How to Build the Apache of Your Dreams</a> (Developer

Shed)</li>

+ <li><a

+ href="http://apache-server.com/tutorials/ATgetting-started.html">Getting

+ Started with Apache 1.3</a> (Ken Coar)</li>

</ul>

<h2>Basic Configuration</h2>

@@ -65,20 +62,17 @@

Apache DevCenter)</li>

<li><a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-07-19-002-01-NW-LF-SW">

- Using .htaccess Files with Apache</a> (ApacheToday)</li>

- <li><a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-07-17-001-01-PS">

- Setting Up Virtual Hosts</a> (ApacheToday)</li>

- <li><a

href="http://www.builder.com/Servers/Apache/ss02.html">Maximum

Apache: Configure Apache</a> (CNET Builder.com)</li>

<li><a

href="http://www.devshed.com/Server_Side/Administration/MoreApache/">

Getting More Out of Apache</a> (Developer Shed)</li>

+ <li><a

+ href="http://apache-server.com/tutorials/ATusing-htaccess.html">Using

+ .htaccess Files with Apache</a> (Ken Coar)</li>

</ul>

<h2>Security</h2>

@@ -104,19 +98,10 @@

href="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">

Securing Apache - Access Control</a> (Linux.com)</li>

- <li>Apache Authentication <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-07-24-002-01-NW-LF-SW">

- Part 1</a> - <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-07-31-001-01-NW-DP-LF">

- Part 2</a> - <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-08-07-001-01-NW-LF-SW">

- Part 3</a> - <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-08-14-001-01-NW-LF-SW">

- Part 4</a> (ApacheToday)</li>

<li><a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-11-13-003-01-SC-LF-SW">

- mod_access: Restricting Access by Host</a> (ApacheToday)</li>

+ href="http://apache-server.com/tutorials/LPsuexec.html">Using

+ Apache with suexec on Linux</a> (Ken Coar)</li>

</ul>

<h2>Logging</h2>

@@ -131,25 +116,11 @@

Visitor Information: Customising Your Logfiles</a>

(Apacheweek)</li>

- <li>Apache Guide: Logging <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-08-21-003-01-NW-LF-SW">

- Part 1</a> - <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-08-28-001-01-NW-LF-SW">

- Part 2</a> - <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-09-05-001-01-NW-LF-SW">

- Part 3</a> - <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-09-18-003-01-NW-LF-SW">

- Part 4</a> - <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-09-25-001-01-NW-LF-SW">

- Part 5</a> (ApacheToday)</li>

</ul>

<ul>

- <li><a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-06-05-001-10-NW-LF-SW">

- Dynamic Content with CGI</a> (ApacheToday)</li>

<li><a

href="http://www.cpan.org/doc/FAQs/cgi/idiots-guide.html">

@@ -163,19 +134,13 @@

<li><a href="http://www.htmlhelp.org/faq/cgifaq.html">CGI

Programming FAQ</a> (Web Design Group)</li>

- <li>Introduction to Server Side Includes <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-06-12-001-01-PS">

- Part 1</a> - <a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-06-19-002-01-NW-LF-SW">

- Part 2</a> (ApacheToday)</li>

- <li><a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-06-26-001-01-NW-LF-SW">

- Advanced SSI Techniques</a> (ApacheToday)</li>

<li><a

href="http://www.builder.com/Servers/ApacheFiles/082400/">Setting

up CGI and SSI with Apache</a> (CNET Builder.com)</li>

+ <li><a

+ href="http://www.opendeveloper.org/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=1&page=1">How

+ to Set Up Server Side Includes in Apache</a> (OpenDeveloper.org)</li>

</ul>

<h2>Other Features</h2>

@@ -190,13 +155,12 @@

Apache Imagemaps</a> (Apacheweek)</li>

<li><a

- href="http://apachetoday.com/news_story.php3?ltsn=2000-06-14-002-01-PS">

- Keeping Your Images from Adorning Other Sites</a>

- (ApacheToday)</li>

- <li><a

href="http://ppewww.ph.gla.ac.uk/~flavell/www/lang-neg.html">Language

Negotiation Notes</a> (Alan J. Flavell)</li>

+ <li><a

+ href="http://apache-server.com/tutorials/ATimage-theft.html">Preventing

+ Image 'Theft'</a> (Ken Coar)</li>

</ul>

<p>If you have a pointer to an accurate and well-written