diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2001-03-29 10:21:59 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2001-03-29 10:21:59 +0000 |
| commit | 2b3dc365d4b023a5259d936c068cb5df3426967b (patch) | |
| tree | b1346522cde73ec5b607759538d83c41556a8fb5 /usr.sbin/httpd/htdocs/manual | |
| parent | 818340ddb467ba6a4dbdf09a24dc1f0199231090 (diff) | |
Apache 1.3.19+mod_ssl 2.8.1 merge - also adds shared build of mod_headers
and mod_expire
Diffstat (limited to 'usr.sbin/httpd/htdocs/manual')
89 files changed, 2880 insertions, 1858 deletions
diff --git a/usr.sbin/httpd/htdocs/manual/bind.html b/usr.sbin/httpd/htdocs/manual/bind.html index 9b3d1c47fec..445fa85d2d4 100644 --- a/usr.sbin/httpd/htdocs/manual/bind.html +++ b/usr.sbin/httpd/htdocs/manual/bind.html @@ -128,7 +128,7 @@ not listening to, it cannot be accessed. <H2>See also</H2> See also the documentation on -<A HREF="vhosts/index.html">Virtual Hosts</A>, +<A HREF="vhosts/">Virtual Hosts</A>, <A HREF="mod/core.html#bindaddress">BindAddress directive</A>, <A HREF="mod/core.html#port">Port directive</A>, <A HREF="dns-caveats.html">DNS Issues</A> diff --git a/usr.sbin/httpd/htdocs/manual/content-negotiation.html b/usr.sbin/httpd/htdocs/manual/content-negotiation.html index f1d7c6602d5..1c701238e04 100644 --- a/usr.sbin/httpd/htdocs/manual/content-negotiation.html +++ b/usr.sbin/httpd/htdocs/manual/content-negotiation.html @@ -117,7 +117,7 @@ you must have a handler set in the configuration that defines a file suffix as <CODE>type-map</CODE>; this is best done with a <PRE> - AddHandler type-map var + AddHandler type-map .var </PRE> in the server configuration file. See the comments in the sample config @@ -345,7 +345,7 @@ variant remains, move on to the next test. <LI>Select the variants with the best language match, using either the order of languages in the Accept-Language header (if present), or else - else the order of languages in the <CODE>LanguagePriority</CODE> + the order of languages in the <CODE>LanguagePriority</CODE> directive (if present). <LI>Select the variants with the highest 'level' media parameter diff --git a/usr.sbin/httpd/htdocs/manual/dns-caveats.html b/usr.sbin/httpd/htdocs/manual/dns-caveats.html index 4982193c009..f91890d9db8 100644 --- a/usr.sbin/httpd/htdocs/manual/dns-caveats.html +++ b/usr.sbin/httpd/htdocs/manual/dns-caveats.html @@ -150,7 +150,7 @@ for your OS. <H3><A NAME="tips">Tips to Avoid these problems</A></H3> <UL> -<LI> use IP addresses in <CODE><VirtualHost></CODE> +<LI> use IP addresses in <CODE><VirtualHost></CODE> <LI> use IP addresses in <CODE>Listen</CODE> <LI> use IP addresses in <CODE>BindAddress</CODE> <LI> ensure all virtual hosts have an explicit <CODE>ServerName</CODE> @@ -164,9 +164,8 @@ for your OS. 1.2 we've attempted to make the server at least continue booting in the event of failed DNS, but it might not be the best we can do. In any event requiring the use of explicit IP addresses in -configuration files is highly undesirable in today's Internet where <A -HREF="http://www.ietf.org/html.charters/pier-charter.html">renumbering -</A> is a necessity. +configuration files is highly undesirable in today's Internet where +renumbering is a necessity. <P>A possible work around to the theft of service attack described above would be to perform a reverse DNS lookup on the ip address returned by diff --git a/usr.sbin/httpd/htdocs/manual/dso.html b/usr.sbin/httpd/htdocs/manual/dso.html index 741e81ad23f..067659b6bf8 100644 --- a/usr.sbin/httpd/htdocs/manual/dso.html +++ b/usr.sbin/httpd/htdocs/manual/dso.html @@ -29,7 +29,7 @@ Support </H1> <ADDRESS>Originally written by<BR> -Ralf S. Engelschall <rse@apache.org>, April 1998</ADDRESS> +Ralf S. Engelschall <rse@apache.org>, April 1998</ADDRESS> </DIV> @@ -145,17 +145,18 @@ HREF="mod/mod_so.html"><CODE>mod_so</CODE></A>'s <A HREF="mod/mod_so.html#loadmodule"><CODE>LoadModule</CODE></A> command in your <CODE>httpd.conf</CODE> file to load this module at server startup or restart. -<P>To simplify this creation of DSO files for Apache modules (especially for -third-party modules) a new support program named <CODE>apxs</CODE> (<EM>APache -eXtenSion</EM>) is available. It can be used to build DSO based modules -<EM>outside of</EM> the Apache source tree. The idea is simple: When -installing Apache the <CODE>configure</CODE>'s <CODE>make install</CODE> -procedure installs the Apache C header files and puts the platform-dependent -compiler and linker flags for building DSO files into the <CODE>apxs</CODE> -program. This way the user can use <CODE>apxs</CODE> to compile his Apache -module sources without the Apache distribution source tree and without having -to fiddle with the platform-dependent compiler and linker flags for DSO -support. +<P>To simplify this creation of DSO files for Apache modules +(especially for third-party modules) a new support program named <a +href="programs/apxs.html">apxs</a> (<EM>APache eXtenSion</EM>) is +available. It can be used to build DSO based modules <EM>outside +of</EM> the Apache source tree. The idea is simple: When installing +Apache the <CODE>configure</CODE>'s <CODE>make install</CODE> +procedure installs the Apache C header files and puts the +platform-dependent compiler and linker flags for building DSO files +into the <CODE>apxs</CODE> program. This way the user can use +<CODE>apxs</CODE> to compile his Apache module sources without the +Apache distribution source tree and without having to fiddle with the +platform-dependent compiler and linker flags for DSO support. <P>To place the complete Apache core program into a DSO library (only required on some of the supported platforms to force the linker to export the apache @@ -323,7 +324,7 @@ of</EM> the Apache source tree: <P> <UL> -<LI>Build and install via <CODE>apxs</CODE>: +<LI>Build and install via <a href="programs/apxs.html">apxs</a>: <TABLE BGCOLOR="#f0f0f0" CELLPADDING=10><TR><TD> <PRE> $ cd /path/to/3rdparty @@ -335,7 +336,7 @@ $ apxs -i -a -n foo mod_foo.so </OL> -<H3>Advantages & Disadvantages</H3> +<H3>Advantages & Disadvantages</H3> <P>The above DSO based features of Apache 1.3 have the following advantages: diff --git a/usr.sbin/httpd/htdocs/manual/ebcdic.html b/usr.sbin/httpd/htdocs/manual/ebcdic.html index 8524ff31f2e..9fa7e44820f 100644 --- a/usr.sbin/httpd/htdocs/manual/ebcdic.html +++ b/usr.sbin/httpd/htdocs/manual/ebcdic.html @@ -33,6 +33,8 @@ <P> The port was started initially to + </P> + <UL> <LI> prove the feasibility of porting <A HREF="http://dev.apache.org/">the Apache HTTP server</A> @@ -44,7 +46,6 @@ easily outperform the accept-fork-serve model used by CERN by a factor of 5 or more. </UL> - </P> <P> This document serves as a rationale to describe some of the design @@ -75,6 +76,8 @@ time, so a BUFF flag was added which defines whether a BUFF object has currently enabled conversion or not. This flag is modified at several points in the HTTP protocol: + </P> + <UL> <LI><STRONG>set</STRONG> before a request is received (because the request and the request header lines are always in ASCII @@ -91,10 +94,9 @@ sent - depending on the content type of the response body (because the response body may contain text or a binary file) </UL> - </P> <H2 ALIGN=CENTER>Porting Notes</H2> - <P> + <OL> <LI> The relevant changes in the source are #ifdef'ed into two @@ -111,8 +113,9 @@ mainframe platform only. This deals with include file differences and socket implementation topics which are only required on the BS2000/OSD platform. + <BR> </DL> - </LI><BR> + </LI> <LI> The possibility to translate between ASCII and EBCDIC at the @@ -131,7 +134,8 @@ therefore be inadequate.<BR> (In the case of text files of course, provisions must be made so that EBCDIC documents are always served in ASCII) - </LI><BR> + <BR> + </LI> <LI> This port therefore features a built-in protocol level conversion @@ -143,7 +147,8 @@ not be converted to ASCII a second time. This exception is only relevant for server-generated strings; and <EM>external</EM> EBCDIC documents are not expected to contain ASCII newline characters. - </LI><BR> + <BR> + </LI> <LI> By examining the call hierarchy for the BUFF management @@ -163,7 +168,8 @@ based on the type of document being served, whether the document body (except for the chunking information, of course) is in ASCII already or must be converted from EBCDIC. - </LI><BR> + <BR> + </LI> <LI> For Text documents (MIME types text/plain, text/html <EM>etc.</EM>), @@ -181,20 +187,23 @@ </PRE></BLOCKQUOTE> Similarly, any text/XXXX MIME type can be served as "raw ASCII" by configuring a MIME type "text/x-ascii-XXXX" for it using AddType. - </LI><BR> + <BR> + </LI> <LI> Non-text documents are always served "binary" without conversion. This seems to be the most sensible choice for, .<EM>e.g.</EM>, GIF/ZIP/AU file types. This of course requires the user to copy them to the mainframe host using the "rcp -b" binary switch. - </LI><BR> + <BR> + </LI> <LI> Server parsed files are always assumed to be in native (<EM>i.e.</EM>, EBCDIC) format as used on the machine, and are converted after processing. - </LI><BR> + <BR> + </LI> <LI> For CGI output, the CGI script determines whether a conversion is @@ -202,9 +211,9 @@ can be converted, or GIF output can be passed through unmodified. An example for the latter case is the wwwcount program which we ported as well. - </LI><BR> + <BR> + </LI> </OL> - </P> <H2 ALIGN=CENTER>Document Storage Notes</H2> <H3 ALIGN=CENTER>Binary Files</H3> @@ -238,7 +247,7 @@ </P> <H2 ALIGN=CENTER>Apache Modules' Status</H2> - <TABLE BORDER ALIGN=middle> + <TABLE BORDER="1" ALIGN="middle"> <TR> <TH>Module <TH>Status @@ -463,7 +472,7 @@ </TABLE> <H2 ALIGN=CENTER>Third Party Modules' Status</H2> - <TABLE BORDER ALIGN=middle> + <TABLE BORDER="1" ALIGN="middle"> <TR> <TH>Module <TH>Status diff --git a/usr.sbin/httpd/htdocs/manual/env.html b/usr.sbin/httpd/htdocs/manual/env.html index 8a3e16c04c2..c0bc17ded5b 100644 --- a/usr.sbin/httpd/htdocs/manual/env.html +++ b/usr.sbin/httpd/htdocs/manual/env.html @@ -1,7 +1,7 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> -<TITLE>Special Purpose Environment Variables</TITLE> +<TITLE>Environment Variables in Apache</TITLE> </HEAD> <!-- Background white, links blue (unvisited), navy (visited), red (active) --> @@ -19,7 +19,182 @@ </H3> </DIV> -<H1 ALIGN="CENTER">Special Purpose Environment Variables</H1> +<h1 align="center">Environment Variables in Apache</h1> + +<p>Many operating systems provide a facility for storage and +transmission of information called environment variables. Apache uses +environment variables in many ways to control operations and to +communicate with other programs like CGI scripts. This document +explains some of the ways to use environment variables in Apache.</p> + +<ul> +<li><a href="#setting">Setting Environment Variables</a></li> +<li><a href="#using">Using Environment Variables</a></li> +<li><a href="#special">Special Purpose Environment Variables</a></li> +<li><a href="#examples">Examples</a></li> +</ul> + +<hr> + +<h2><a name="setting">Setting Environment Variables</a></h2> + +<table border="1"> +<tr><td valign="top"> +<strong>Related Modules</strong><br><br> + +<a href="mod/mod_env.html">mod_env</a><br> +<a href="mod/mod_rewrite.html">mod_rewrite</a><br> +<a href="mod/mod_setenvif.html">mod_setenvif</a><br> +<a href="mod/mod_unique_id.html">mod_unique_id</a><br> + +</td><td valign="top"> +<strong>Related Directives</strong><br><br> + +<A HREF="mod/mod_setenvif.html#BrowserMatch">BrowserMatch</A><br> +<A HREF="mod/mod_setenvif.html#BrowserMatchNoCase">BrowserMatchNoCase</A><br> +<A HREF="mod/mod_env.html#passenv">PassEnv</A><br> +<A HREF="mod/mod_rewrite.html#RewriteRule">RewriteRule</A><br> +<A HREF="mod/mod_env.html#setenv">SetEnv</A><br> +<A HREF="mod/mod_setenvif.html#SetEnvIf">SetEnvIf</A><br> +<A HREF="mod/mod_setenvif.html#SetEnvIfNoCase">SetEnvIfNoCase</A><br> +<A HREF="mod/mod_env.html#unsetenv">UnsetEnv</A><br> +</td></tr></table> + +<h3>Basic Environment Manipulation</h3> + +<p>The most basic way to set an environment variable in Apache is +using the unconditional <code>SetEnv</code> directive. Variables +may also be passed from the environment of the shell which started +the server using the <code>PassEnv</code> directive.</p> + +<h3>Conditional Per-Request Settings</h3> + +<p>For additional flexibility, the directives provided by mod_setenvif +allow environment variables to be set on a per-request basis, +conditional on characteristics of particular requests. For example, a +variable could be set only when a specific browser (User-Agent) is +making a request, or only when a specific Referer [sic] header is +found. Even more flexibility is available through the mod_rewrite's +<code>RewriteRule</code> which uses the <code>[E=...]</code> option to +set environment variables.</p> + +<h3>Unique Identifiers</h3> + +<p>Finally, mod_unique_id sets the environment variable +<code>UNIQUE_ID</code> for each request to a value which is guaranteed +to be unique across "all" requests under very specific conditions.</p> + +<h3>Standard CGI Variables</h3> + +<p>In addition to all environment variables set within the Apache +configuration and passed from the shell, CGI scripts and SSI pages are +provided with a set of environment variables containing +meta-information about the request as required by the <a +href="misc/FAQ.html#cgi-spec">CGI specification</a>.</p> + +<h3>Some Caveats</h3> + +<ul> + +<li>It is not possible to override or change the standard CGI +variables using the environment manipulation directives.</li> + +<li>When <a href="suexec.html">suexec</a> is used to launch CGI +scripts, the environment will be cleaned down to a set of +<em>safe</em> variables before CGI scripts are launched. The list of +<em>safe</em> variables is defined at compile-time in +<code>suexec.c</code>.</li> + +<li>For portability reasons, the names of environment variables +may contain only letters, numbers, and the underscore character. +In addition, the first character may not be a number. Characters +which do not match this restriction will be replaced by an +underscore when passed to CGI scripts and SSI pages.</li> + +</ul> + +<hr> + +<h2><a name="using">Using Environment Variables</a></h2> + +<table border=1><tr><td valign="top"> +<strong>Related Modules</strong><br><br> + +<a href="mod/mod_access.html">mod_access</a><br> +<a href="mod/mod_cgi.html">mod_cgi</a><br> +<a href="mod/mod_include.html">mod_include</a><br> +<a href="mod/mod_log_config.html">mod_log_config</a><br> +<a href="mod/mod_rewrite.html">mod_rewrite</a><br> + +</td><td valign="top"> +<strong>Related Directives</strong><br><br> + +<A HREF="mod/mod_access.html#allow">Allow</A><br> +<a href="mod/mod_log_config.html#customlog">CustomLog</a><br> +<A HREF="mod/mod_access.html#deny">Deny</A><br> +<a href="mod/mod_log_config.html#logformat">LogFormat</a><br> +<A HREF="mod/mod_rewrite.html#RewriteCond">RewriteCond</A><br> +<A HREF="mod/mod_rewrite.html#RewriteRule">RewriteRule</A><br> + +</td></tr></table> + +<h3>CGI Scripts</h3> + +<p>One of the primary uses of environment variables is to communicate +information to CGI scripts. As discussed above, the environment +passed to CGI scripts includes standard meta-information about the request +in addition to any variables set within the Apache configuration. +For more details, see the <a href="howto/cgi.html">CGI tutorial</a>. +</p> + +<h3>SSI Pages</h3> + +<p>Server-parsed (SSI) documents processed by mod_include's +<code>server-parsed</code> handler can print environment variables +using the <code>echo</code> element, and can use environment variables +in flow control elements to makes parts of a page conditional on +characteristics of a request. Apache also provides SSI pages with the +standard CGI environment variables as discussed above. For more +details, see the <a href="howto/ssi.html">SSI tutorial</a>. +</p> + +<h3>Access Control</h3> + +<p>Access to the server can be controlled based on the value of +environment variables using the <code>allow from env=</code> and +<code>deny from env=</code> directives. In combination with +<code>SetEnvIf</code>, this allows for flexible control of access to +the server based on characteristics of the client. For example, you +can use these directives to deny access to a particular browser +(User-Agent). +</p> + +<h3>Conditional Logging</h3> + +<p>Environment variables can be logged in the access log using the +<code>LogFormat</code> option <code>%e</code>. In addition, the +decision on whether or not to log requests can be made based on the +status of environment variables using the conditional form of the +<code>CustomLog</code> directive. In combination with +<code>SetEnvIf</code> this allows for flexible control of which +requests are logged. For example, you can choose not to log requests +for filenames ending in <code>gif</code>, or you can choose to only +log requests from clients which are outside your subnet. +</p> + +<h3>URL Rewriting</h3> + +<p>The <code>%{ENV:...}</code> form of <em>TestString</em> in the +<code>RewriteCond</code> allows mod_rewrite's rewrite engine to make +decisions conditional on environment variables. Note that the +variables accessible in mod_rewrite without the <code>ENV:</code> +prefix are not actually environment variables. Rather, they +are variables special to mod_rewrite which cannot be accessed from +other modules.</p> + +<hr> + +<H2><a name="special">Special Purpose Environment Variables</a></H2> <P> Interoperability problems have led to the introduction of mechanisms to modify the way Apache behaves when talking to particular @@ -57,13 +232,80 @@ them. <H2>nokeepalive</H2> <P> -This disables <A HREF="mod/core.html#keepalive">KeepAlive</A> when set. Because -of problems with Netscape 2.x and KeepAlive, we recommend the following -directive be used: +This disables <A HREF="mod/core.html#keepalive">KeepAlive</A> when set. </P> -<PRE> - BrowserMatch Mozilla/2 nokeepalive -</PRE> + + +<hr> + +<h2><a name="examples">Examples</a></h2> + +<h3>Changing protocol behavior with misbehaving clients</h3> + +<p>We recommend that the following lines be included in httpd.conf +to deal with known client problems.</p> + +<pre> +# +# The following directives modify normal HTTP response behavior. +# The first directive disables keepalive for Netscape 2.x and browsers that +# spoof it. There are known problems with these browser implementations. +# The second directive is for Microsoft Internet Explorer 4.0b2 +# which has a broken HTTP/1.1 implementation and does not properly +# support keepalive when it is used on 301 or 302 (redirect) responses. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + +# +# The following directive disables HTTP/1.1 responses to browsers which +# are in violation of the HTTP/1.0 spec by not being able to grok a +# basic 1.1 response. +# +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 +</pre> + +<h3>Do not log requests for images in the access log</h3> + +<p>This example keeps requests for images from appearing +in the access log. It can be easily modified to prevent logging +of particular directories, or to prevent logging of requests +coming from particular hosts.</p> + +<pre> + SetEnvIf Request_URI \.gif image-request + SetEnvIf Request_URI \.jpg image-request + SetEnvIf Request_URI \.png image-request + CustomLog logs/access_log env=!image-request +</pre> + +<h3>Prevent "Image Theft"</h3> + +<p>This example shows how to keep people not on your server from using +images on your server as inline-images on their pages. This is not +a recommended configuration, but it can work in limited +circumstances. We assume that all your images are in a directory +called /web/images.</p> + +<pre> + SetEnvIf Referer "^http://www.example.com/" local_referal + # Allow browsers that do not send Referer info + SetEnvIf Referer "^$" local_referal + <Directory /web/images> + Order Deny,Allow + Deny from all + Allow from env=local_referal + </Directory> +</pre> + +<p><em>Note:</em> spelling of 'referer' and 'referal' is intentional.<p> + +<p>For more information about this technique, see the ApacheToday +tutorial "<a +href="http://apachetoday.com/news_story.php3?ltsn=2000-06-14-002-01-PS">Keeping +Your Images from Adorning Other Sites</a>".</p> <HR> <H3 ALIGN="CENTER"> diff --git a/usr.sbin/httpd/htdocs/manual/invoking.html b/usr.sbin/httpd/htdocs/manual/invoking.html index 861ca18242a..879c59efded 100644 --- a/usr.sbin/httpd/htdocs/manual/invoking.html +++ b/usr.sbin/httpd/htdocs/manual/invoking.html @@ -21,129 +21,107 @@ <H1 ALIGN="CENTER">Starting Apache</H1> -<H2>Invoking Apache</H2> +<ul> +<li><a href="#windows">Starting Apache on Windows</a></li> +<li><a href="#unix">Starting Apache on Unix</a> +<ul> +<li><a href="#errors">Errors During Start-up</a></li> +<li><a href="#boot">Starting at Boot-Time</a></li> +<li><a href="#info">Additional Information</a></li> +</ul> +</li> +</ul> + +<hr> + +<h2><a name="windows">Starting Apache On Windows</a></h2> + +<p>On Windows, Apache is normally run as a service on Windows NT, or +as a console application on Windows 95. For details, see <A +HREF="windows.html#run">running Apache for Windows</A>.</p> + +<h2><a name="unix">Starting Apache on Unix</a></h2> + +<p>On Unix, the <a href="programs/httpd.html">httpd</a> program is run +as a daemon which executes continuously in the background to handle +requests. It is possible to have Apache invoked by the Internet daemon +<CODE>inetd</CODE> each time a connection to the HTTP service is made +using the <A HREF="mod/core.html#servertype">ServerType</A> directive, +but this is not recommended.</p> + +<p>If the <a href="mod/core.html#port">Port</a> specified in the +configuration file is the default of 80 (or any other port below +1024), then it is necessary to have root privileges in order to start +Apache, so that it can bind to this privileged port. Once the server +has started and completed a few preliminary activities such as opening +its log files, it will launch several <em>child</em> processes which +do the work of listening for and answering requests from clients. The +main <code>httpd</code> process continues to run as the root user, but +the child processes run as a less privileged user. This is controlled +by Apache's <a href="server-wide.html#process">process creation +directives</a>.</p> + +<p>The first thing that <code>httpd</code> does when it is invoked is +to locate and read the <a href="configuring.html">configuration +file</a> <code>httpd.conf</code>. The location of this file is set at +compile-time, but it is possible to specify its location at run time +using the <code>-f</code> command-line option as in</p> + +<blockquote><code> /usr/local/apache/bin/httpd -f +/usr/local/apache/conf/httpd.conf </code></blockquote> + +<p>As an alternative to invoking the <code>httpd</code> binary +directly, a shell script called <a +href="programs/apachectl.html">apachectl</a> is provided which can be +used to control the daemon process with simple commands such as +<code>apachectl start</code> and <code>apachectl stop</code>.</p> + +<p>If all goes well during startup, the server will detach from the +terminal and the command prompt will return almost immediately. +This indicates that the server is up and running. You can then +use your browser to connect to the server and view the test +page in the <a href="mod/core.html#documentroot">DocumentRoot</a> +directory and the local copy of the documentation linked from +that page.</p> + +<h3><a name="errors">Errors During Start-up</a></h3> + +<p>If Apache suffers a fatal problem during startup, it will write a +message describing the problem either to the console or to the <a +href="mod/core.html#errorlog">ErrorLog</a> before exiting. One of the +most common error messages is "<code>Unable to bind to Port +...</code>". This message is usually caused by either:</p> +<ul> +<li>Trying to start the server on a privileged port when not +logged in as the root user; or</li> +<li>Trying to start the server when there is another instance +of Apache or some other web server already bound to the same port.</li> +</ul> +<p>For further trouble-shooting instructions, consult the Apache <a +href="misc/FAQ.html">FAQ</a>.</p> + +<h3><a name="boot">Starting at Boot-Time</a></h3> + +<p>If you want your server to continue running after a system reboot, +you should add a call to <code>httpd</code> or <code>apachectl</code> +to your system startup files (typically <code>rc.local</code> or a +file in an <code>rc.N</code> directory). This will start Apache as +root. Before doing this ensure that your server is properly configured +for security and access restrictions. The <code>apachectl</code> +script is designed so that it can often be linked directly as an init +script, but be sure to check the exact requirements of your system.</p> + +<h3><a name="info">Additional Information</a></h3> + +<p>Additional information about the command-line options of <a +href="programs/httpd.html">httpd</a> and <a +href="programs/apachectl.html">apachectl</a> as well as other support +programs included with the server is available on the <a +href="programs/">Server and Supporting Programs</a> page. There is +also documentation on all the <a href="mod/">modules</a> included with +the Apache distribution and the <a +href="mod/directives.html">directives</a> that they provide.</p> -On Unix, the <CODE>httpd</CODE> program is usually run as a daemon -which executes continuously, handling requests. It is possible to -invoke Apache by the Internet daemon <CODE>inetd</CODE> each time a -connection to the HTTP service is made (use the <A -HREF="mod/core.html#servertype">ServerType</A> directive) but this is -not recommended. - -<P> - -On Windows, Apache is normally run as a service on Windows NT, or as a -console application on Windows 95. See also <A -HREF="windows.html#run">running Apache for Windows</A>. - -<H2>Command line options</H2> -The following options are recognized on the httpd command line: -<DL> -<DT><CODE>-d</CODE> <EM>serverroot</EM> -<DD>Set the initial value for the -<A HREF="mod/core.html#serverroot">ServerRoot</A> variable to -<EM>serverroot</EM>. This can be overridden by the ServerRoot command -in the configuration file. The default is -<CODE>/usr/local/apache</CODE> on Unix, <CODE>/apache</CODE> on -Windows and <CODE>/os2httpd</CODE> on OS/2. - -<DT><CODE>-D</CODE> <EM>name</EM> -<DD>Define a name for use in in -<A HREF="mod/core.html#ifdefine">IfDefine</A> directives. -This option can be used to optionally enable certain functionality in the -configuration file, or to use a common configuration for -several independent hosts, where host specific information is enclosed in -<IfDefine> sections. - -<DT><CODE>-f</CODE> <EM>config</EM> -<DD>Execute the commands in the file <EM>config</EM> on startup. If -<EM>config</EM> does not begin with a <CODE>/</CODE>, then it is taken to be a -path relative to the <A HREF="mod/core.html#serverroot">ServerRoot</A>. The -default is <CODE>conf/httpd.conf</CODE>. - -<DT><CODE>-C</CODE> <EM>"directive"</EM> -<DD>Process the given apache "directive" (just as if it had been part of a -configuration file) <STRONG>before</STRONG> actually reading the regular configuration files. - -<DT><CODE>-c</CODE> <EM>"directive"</EM> -<DD>Process the given apache "directive" <STRONG>after</STRONG> reading -all the regular configuration files. - -<DT><CODE>-X</CODE> -<DD>Run in single-process mode, for internal debugging purposes only; the -daemon does not detach from the terminal or fork any children. Do <EM>NOT</EM> -use this mode to provide ordinary web service. - -<DT><CODE>-v</CODE> -<DD>Print the version of httpd and its build date, and then exit. - -<DT><A NAME="version"><CODE>-V</CODE></A> -<DD>Print the base version of httpd, its -build date, and a list of compile time settings which influence the -behavior and performance of the apache server (<EM>e.g.</EM>, -<SAMP>-DUSE_MMAP_FILES</SAMP>), -then exit. - -<DT><CODE>-L</CODE> -<DD> - -Give a list of directives together with expected arguments and places -where the directive is valid, then exit. (Apache 1.3.4 and -later. Earlier versions used -l instead). - - -<DT><CODE>-l</CODE> -<DD> - -Give a list of all modules compiled into the server, then exit. -(Apache 1.3.4 and later. Earlier versions used -h instead).<br> - -Give a list of directives together with expected arguments and places -where the directive is valid, then exit. (Apache 1.2 to 1.3.3. Later -versions use -L instead). - - - -<DT><A NAME="help"><CODE>-h</CODE></A> -<DD> - -Print a list of the httpd options, then exit. (Apache 1.3.4 and -later. Earlier versions used -? instead).<br> - -Give a list of all modules compiled into the server, then exit. (Up to -Apache 1.3.3. Later versions use -l instead).<br> - - -<DT><CODE>-S</CODE> -<DD>Show the settings as parsed from the config file (currently only -shows a breakdown of the vhost settings) but do not start the -server. (Up to Apache 1.3.3, this option also started the server). - -<DT><CODE>-t</CODE> -<DD>Test the configuration file syntax (<EM>i.e.</EM>, read all configuration files -and interpret them) but do not start the server. If the configuration contains -errors, display an error message and exit with a non-zero exit status, -otherwise display "Syntax OK" and terminate with a zero exit status. This -command checks to see if all DocumentRoot entries exist and are directories. -For sites with many vhosts, this is expensive; consider the <CODE>-T</CODE> -command instead. - -<DT><CODE>-T</CODE> -<DD>Test the configuration file syntax (<EM>i.e.</EM>, read all configuration files -and interpret them) but do not start the server. If the configuration contains -errors, display an error message and exit with a non-zero exit status, -otherwise display "Syntax OK" and terminate with a zero exit status. This -command does not perform any checking of the DocumentRoot entries. - -<DT><CODE>-k</CODE> <EM>option</EM> -<DD>Windows only: signal Apache to restart or shutdown. <EM>option</EM> -is one of "shutdown" or "restart". (Apache 1.3.3 and later). - -<DT><CODE>-?</CODE> -<DD>Print a list of the httpd options, and then exit (up to Apache -1.3.3. Later version use -h instead). - -</DL> <HR> <H3 ALIGN="CENTER"> diff --git a/usr.sbin/httpd/htdocs/manual/location.html b/usr.sbin/httpd/htdocs/manual/location.html index 336b7997196..fadeeb2c073 100644 --- a/usr.sbin/httpd/htdocs/manual/location.html +++ b/usr.sbin/httpd/htdocs/manual/location.html @@ -40,8 +40,8 @@ URL. It is comparable to the <A HREF="mod/core.html#directory"><Directory></A> directive, and should be matched with a </Location> directive. Directives that -apply to the URL given should be listen -within. <CODE><Location></CODE> sections are processed in the +apply to the URL given should be listed +between them. <CODE><Location></CODE> sections are processed in the order they appear in the configuration file, after the <Directory> sections and <CODE>.htaccess</CODE> files are read.</P> diff --git a/usr.sbin/httpd/htdocs/manual/man-template.html b/usr.sbin/httpd/htdocs/manual/man-template.html index 6018f6daf90..8776b0758e7 100644 --- a/usr.sbin/httpd/htdocs/manual/man-template.html +++ b/usr.sbin/httpd/htdocs/manual/man-template.html @@ -103,7 +103,6 @@ or Experimental</EM></BLOCKQUOTE> 1.2 or later," or "The Apache syntax for this directive is not compatible with the NCSA directive of the same name."</EM> </BLOCKQUOTE> - </P> <P> The ADirective directive does something. diff --git a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html b/usr.sbin/httpd/htdocs/manual/misc/FAQ.html index b24bf19e14b..9d0cc579c40 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html +++ b/usr.sbin/httpd/htdocs/manual/misc/FAQ.html @@ -21,15 +21,15 @@ <H1 ALIGN="CENTER">Apache Server Frequently Asked Questions</H1> <P> - $Revision: 1.7 $ ($Date: 2000/12/15 22:17:28 $) + $Revision: 1.8 $ ($Date: 2001/03/29 10:21:30 $) </P> <P> The latest version of this FAQ is always available from the main Apache web site, at <<A - HREF="http://www.apache.org/docs/misc/FAQ.html" + HREF="http://httpd.apache.org/docs/misc/FAQ.html" REL="Help" - ><SAMP>http://www.apache.org/docs/misc/FAQ.html</SAMP></A>>. + ><SAMP>http://httpd.apache.org/docs/misc/FAQ.html</SAMP></A>>. </P> <!-- Notes about changes: --> <!-- - If adding a relative link to another part of the --> @@ -237,7 +237,7 @@ fills with "<SAMP>fcntl: F_SETLKW: No record locks available</SAMP>" or similar messages</A> </LI> - <LI><A HREF="#aixccbug">Why am I getting "<SAMP>Expected </Directory> + <LI><A HREF="#aixccbug">Why am I getting "<SAMP>Expected </Directory> but saw </Directory></SAMP>" when I try to start Apache?</A> </LI> <LI><A HREF="#redhat">I'm using RedHat Linux and I have problems with httpd @@ -550,7 +550,8 @@ <LI><A NAME="what"> <STRONG>What is Apache?</STRONG> </A> - <P>The Apache httpd server + <p>The Apache httpd server</p> + <UL> <LI>is a powerful, flexible, HTTP/1.1 compliant web server <LI>implements the latest protocols, including HTTP/1.1 (RFC2616) @@ -603,7 +604,6 @@ </DL> </UL> - </P> <HR> </LI> @@ -611,7 +611,7 @@ <STRONG>How and why was Apache created?</STRONG> </A> <P> - The <A HREF="http://www.apache.org/ABOUT_APACHE.html">About Apache</A> + The <A HREF="http://httpd.apache.org/ABOUT_APACHE.html">About Apache</A> document explains how the Apache project evolved from its beginnings as an outgrowth of the NCSA httpd project to its current status as one of the fastest, most efficient, and most functional web servers @@ -714,7 +714,7 @@ There is no official support for Apache. None of the developers want to be swamped by a flood of trivial questions that can be resolved elsewhere. Bug reports and suggestions should be sent <EM>via</EM> - <A HREF="http://www.apache.org/bug_report.html">the bug report page</A>. + <A HREF="http://httpd.apache.org/bug_report.html">the bug report page</A>. Other questions should be directed to the <A HREF="news:comp.infosystems.www.servers.unix" >comp.infosystems.www.servers.unix</A> or <A HREF= @@ -737,12 +737,12 @@ </A> <P> Indeed there is. See the main - <A HREF="http://www.apache.org/httpd">Apache web site</A>. + <A HREF="http://httpd.apache.org/">Apache web site</A>. There is also a regular electronic publication called <A HREF="http://www.apacheweek.com/" REL="Help"><CITE>Apache Week</CITE></A> available. Links to relevant <CITE>Apache Week</CITE> articles are included below where appropriate. There are also some - <A HREF="http://www.apache.org/info/apache_books.html" + <A HREF="http://httpd.apache.org/info/apache_books.html" >Apache-specific books</A> available. </P> <HR> @@ -754,7 +754,7 @@ <P> You can find out how to download the source for Apache at the project's - <A HREF="http://www.apache.org/httpd">main web page</A>. + <A HREF="http://httpd.apache.org/">main web page</A>. </P> <HR> </LI> @@ -822,7 +822,7 @@ </P> </LI> <LI><STRONG>Check the - <A HREF="http://www.apache.org/docs/misc/FAQ.html">FAQ</A>!</STRONG> + <A HREF="http://httpd.apache.org/docs/misc/FAQ.html">FAQ</A>!</STRONG> <P> The latest version of the Apache Frequently-Asked Questions list can always be found at the main Apache web site. @@ -864,7 +864,7 @@ If you've gone through those steps above that are appropriate and have obtained no relief, then please <EM>do</EM> let The Apache Group know about the problem by - <A HREF="http://www.apache.org/bug_report.html">logging a bug report</A>. + <A HREF="http://httpd.apache.org/bug_report.html">logging a bug report</A>. </P> <P> If your problem involves the server crashing and generating a core @@ -984,7 +984,7 @@ The Apache Group encourages patches from outside developers. There are 2 main "types" of patches: small bugfixes and general improvements. Bugfixes should be submitting using the Apache <A - HREF="http://www.apache.org/bug_report.html">bug report page</A>. + HREF="http://httpd.apache.org/bug_report.html">bug report page</A>. Improvements, modifications, and additions should follow the instructions below. </P> @@ -1063,8 +1063,7 @@ </A> <P> Check out Dean Gaudet's - <A HREF="http://www.apache.org/docs/misc/perf-tuning.html" - >performance tuning page</A>. + <A HREF="perf-tuning.html">performance tuning page</A>. </P> <HR> </LI> @@ -1075,17 +1074,17 @@ Regular expressions are a way of describing a pattern - for example, "all the words that begin with the letter A" or "every 10-digit phone number" or even "Every sentence with two commas in it, and no capital letter Q". - Regular expressions (aka "regexp"s) are useful in Apache because they + Regular expressions (aka "regex"s) are useful in Apache because they let you apply certain attributes against collections of files or resources in very flexible ways - for example, all .gif and .jpg files under - any "images" directory could be written as /.*\/images\/.*[jpg|gif]/. + any "images" directory could be written as /\/images\/.*(jpg|gif)$/. </P> <P> The best overview around is probably the one which comes with Perl. - We implement a simple subset of Perl's regexp support, but it's + We implement a simple subset of Perl's regex support, but it's still a good way to learn what they mean. You can start by going to the <A - HREF="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlre.html#Version_8_Regular_Expresions" + HREF="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlre.html#Regular_Expressions" >CPAN page on regular expressions</A>, and branching out from there. </P> @@ -1107,8 +1106,8 @@ <p> If you don't see a kit for your platform listed in the binary distribution area - (<URL:<a href="http://www.apache.org/dist/binaries/" - >http://www.apache.org/dist/binaries/</a>>), + (<URL:<a href="http://httpd.apache.org/dist/binaries/" + >http://httpd.apache.org/dist/binaries/</a>>), it means either that the platform isn't available to any of the developers, or that they just haven't gotten around to preparing a binary for it. As this is a voluntary project, @@ -1239,7 +1238,7 @@ platforms there are. If you have verified that none of the above issues is the cause of your problem, and it hasn't been reported before, please submit a - <A HREF="http://www.apache.org/bug_report.html">problem report</A>. + <A HREF="http://httpd.apache.org/bug_report.html">problem report</A>. Be sure to include <EM>complete</EM> details, such as the compiler & OS versions and exact error messages. </P> @@ -1421,9 +1420,9 @@ to rebuild the kernel with that support enabled (it's under the "General Setup" submenu). Documentation for kernel building is beyond the scope of this FAQ; you should consult the <A - HREF="http://www.linuxhq.com/HOWTO/Kernel-HOWTO.html" >Kernel + HREF="http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html">Kernel HOWTO</A>, or the documentation provided with your distribution, or - a <A HREF="http://www.linuxhq.com/HOWTO/META-FAQ.html" >Linux + a <A HREF="http://www.redhat.com/mirrors/LDP/HOWTO/META-FAQ.html">Linux newsgroup/mailing list</A>. As a last-resort workaround, you can comment out the <CODE>#define USE_SHMGET_SCOREBOARD</CODE> definition in the <SAMP>LINUX</SAMP> section of @@ -1471,7 +1470,7 @@ </LI> <LI><A NAME="aixccbug"><STRONG>Why am I getting "<SAMP>Expected - </Directory> but saw </Directory></SAMP>" when + </Directory> but saw </Directory></SAMP>" when I try to start Apache?</STRONG></A> <P> This is a known problem with certain versions of the AIX C compiler. @@ -1626,6 +1625,12 @@ >How to Add an Application to Aventail Connect's Application Exclusion List</a>." </p> + <p> + Apache is affected in a similar way by <em>any</em> firewall program that + isn't correctly configured. Assure you exclude your Apache server ports + (usually port 80) from the list of ports to block. Refer to your firewall + program's documentation for the how-to. + </p> <hr> </LI> <li><a name="err1067"><b>When I try to start Apache on Windows, I get @@ -1649,6 +1654,12 @@ The error you see will probably be one of those preceding this question in the FAQ. </p> + <p> + As of Apache 1.3.14, first check the Windows NT Event Log for + Application errors using the Windows NT/2000 Event Viewer program. + Any errors that occur prior to opening the Apache error log will + be stored here, if Apache is run as a Service on NT or 2000. As with + any error, also check your Apache error log. <hr> </li> </OL> @@ -1898,7 +1909,7 @@ <P></P> <P> More information about this issue can be found in the - <A HREF="http://www.apache.org/info/jdk-102.html" + <A HREF="http://httpd.apache.org/info/jdk-102.html" ><CITE>Java and HTTP/1.1</CITE></A> page at the Apache web site. </P> @@ -2038,7 +2049,7 @@ </P> <P> Apache 1.3b2 introduced a new directive, - <A HREF="http://www.apache.org/docs/mod/core.html#namevirtualhost" + <A HREF="../mod/core.html#namevirtualhost" ><SAMP>NameVirtualHost</SAMP></A>, which simplifies the rules quite a bit. However, changing the rules like this means that your existing name-based @@ -2229,7 +2240,7 @@ a line such as <P> <DL> - <DD><CODE>AddHandler cgi-script cgi</CODE> + <DD><CODE>AddHandler cgi-script .cgi</CODE> </DD> </DL> <P></P> @@ -2612,12 +2623,10 @@ Two alternatives are: <OL> <LI>Place the cgi-bin directory next to the public_html directory: - <P> <DL> <DD><CODE>ScriptAliasMatch ^/~([^/]*)/cgi-bin/(.*) /home/$1/cgi-bin/$2</CODE> </DD> </DL> - </P> </LI> <LI>Place the cgi-bin directory underneath the public_html directory: <P></p> @@ -2931,13 +2940,13 @@ </P> <P> To eliminate this problem you should + </P> <OL> <LI>Always use the trailing slash when requesting directories; <LI>Change the <CODE>ServerName</CODE> to match the name you are using in the URL; and/or <LI>Set <CODE>UseCanonicalName off</CODE>. </OL> - </P> <HR> </LI> @@ -3188,7 +3197,7 @@ </P> <P> Some SSL implementations of Apache are available, however; see the - "<A HREF="http://www.apache.org/related_projects.html" + "<A HREF="http://httpd.apache.org/related_projects.html" >related projects</A>" page at the main Apache web site. </P> @@ -3206,7 +3215,7 @@ </A> <P> You can make arbitrary changes to static documents by configuring an - <A HREF="http://www.apache.org/docs/mod/mod_actions.html#action"> + <A HREF="../mod/mod_actions.html#action"> Action</A> which launches a CGI script. The CGI is then responsible for setting a content-type and delivering the requested document (the location of which is passed in the @@ -3241,11 +3250,14 @@ <STRONG>How can I rotate my log files?</STRONG> </A> <P>The simple answer: by piping the transfer log into an appropriate - log file rotation utility.</P> - <P>The longer answer: In the src/support/ directory, you will find a - utility called <CODE>rotatelogs</CODE> which can be used like this:<PRE> - TransferLog "|/path/to/rotatelogs /path/to/logs/access_log 86400" - </PRE> to enable daily rotation of the log files.<BR> + log file rotation utility.</P> <P>The longer answer: In the + src/support/ directory, you will find a utility called <a + href="../programs/rotatelogs.html">rotatelogs</a> which can be used + like this:</p> + +<PRE> TransferLog "|/path/to/rotatelogs /path/to/logs/access_log 86400"</PRE> + + <p>to enable daily rotation of the log files.<BR> A more sophisticated solution of a logfile rotation utility is available under the name <CODE>cronolog</CODE> from Andrew Ford's site at <A HREF="http://www.ford-mason.co.uk/resources/cronolog/" @@ -3253,9 +3265,10 @@ create logfile subdirectories based on time and date, and can have a constant symlink point to the rotating logfiles. (As of version 1.6.1, cronolog is available under the <A HREF="../LICENSE">Apache License</A>). - Use it like this:<PRE> - CustomLog "|/path/to/cronolog --symlink=/usr/local/apache/logs/access_log /usr/local/apache/logs/%Y/%m/access_log" combined - </PRE></P> + Use it like this:</P> + +<PRE> CustomLog "|/path/to/cronolog --symlink=/usr/local/apache/logs/access_log /usr/local/apache/logs/%Y/%m/access_log" combined</PRE> + <HR> </LI> <LI><A NAME="conditional-logging"> @@ -3295,7 +3308,7 @@ The base Apache Web server package does not include ASP support. However, there are a couple of after-market solutions that let you add this functionality; see the - <a href="http://www.apache.org/related_projects.html" + <a href="http://httpd.apache.org/related_projects.html" >related projects</a> page to find out more. </p> <hr> diff --git a/usr.sbin/httpd/htdocs/manual/misc/compat_notes.html b/usr.sbin/httpd/htdocs/manual/misc/compat_notes.html index 6168fe4259e..727f1e73cf0 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/compat_notes.html +++ b/usr.sbin/httpd/htdocs/manual/misc/compat_notes.html @@ -28,7 +28,7 @@ httpd, there are a couple gotcha's to watch out for. These are mostly due to the fact that the parser for config and access control files was rewritten from scratch, so certain liberties the earlier servers took may not be available here. These are all easily fixable. If you -know of other non-fatal problems that belong here, <A +know of other problems that belong here, <A HREF="http://www.apache.org/bug_report.html">let us know.</A> <P>Please also check the <A HREF="known_client_problems.html">known @@ -49,7 +49,7 @@ client problems</A> page. <P> <LI>If you follow the NCSA guidelines for setting up access restrictions based on client domain, you may well have added - entries for, <CODE>AuthType, AuthName, AuthUserFile</CODE> or + entries for <CODE>AuthType, AuthName, AuthUserFile</CODE> or <CODE>AuthGroupFile</CODE>. <STRONG>None</STRONG> of these are needed (or appropriate) for restricting access based on client domain. When Apache sees <CODE>AuthType</CODE> it (reasonably) @@ -63,7 +63,7 @@ client problems</A> page. <P> <LI><CODE>exec cgi=""</CODE> produces reasonable <STRONG>malformed header</STRONG> responses when used to invoke non-CGI scripts.<BR> - The NCSA code ignores the missing header. (bad idea) + The NCSA code ignores the missing header (bad idea). <BR>Solution: write CGI to the CGI spec and use <CODE>include virtual</CODE>, or use <CODE>exec cmd=""</CODE> instead. @@ -96,7 +96,7 @@ client problems</A> page. booting unless an added <CODE>optional</CODE> keyword is included. <P> -<LI>Apache does not implement <CODE>OnDeny</CODE> use +<LI>Apache does not implement <CODE>OnDeny</CODE>; use <A HREF="../mod/core.html#errordocument"><CODE>ErrorDocument</CODE></A> instead. @@ -121,7 +121,7 @@ client problems</A> page. <LI>Apache does not allow ServerRoot settings inside a VirtualHost container. There is only one global ServerRoot in Apache; any desired changes in paths for virtual hosts need to be made with the explicit - directives, eg. DocumentRoot, TransferLog, <EM>etc.</EM> + directives, <em>e.g.</em>, DocumentRoot, TransferLog, <EM>etc.</EM> <P> <LI>The <CODE>AddType</CODE> directive cannot be used to set the type of diff --git a/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html b/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html index 6b7b953311e..829141bebe0 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html +++ b/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html @@ -36,6 +36,7 @@ customized international server error responses</H1> </UL> <HR> <H2><A NAME="intro">Introduction</A></H2> +<p> This document describes an easy way to provide your apache WWW server with a set of customized error messages which take advantage of <A HREF="../content-negotiation.html">Content Negotiation</A> @@ -66,6 +67,8 @@ You have full flexibility in designing your error documents to your personal taste (or your company's conventions). For demonstration purposes, we present a simple generic error document scheme. For this hypothetic server, we assume that all error messages... +</P> + <UL> <LI>possibly are served by different virtual hosts (different host name, different IP address, or different port) on the server machine, @@ -77,7 +80,6 @@ For this hypothetic server, we assume that all error messages... <LI>display an apache logo and a feedback email address at the bottom of the error message. </UL> -</P> <P> An example of a "document not found" message for a german client might @@ -309,7 +311,7 @@ A simple shell script to do it (execute within the errordocs/ dir): variable within an error document: </P> <PRE> - <!--#if expr="\"$REDIRECT_ERROR_NOTES\" = \"\"" --> + <!--#if expr="$REDIRECT_ERROR_NOTES = ''" --> <p> The server encountered an unexpected condition which prevented it from fulfilling the request. @@ -346,7 +348,7 @@ documents, or to translate the error documents to different languages. modifications. </P> <P> - <!--#if expr="\"$HTTP_REFERER\" != \"\"" --> + <!--#if expr="$HTTP_REFERER != ''" --> Please inform the owner of <A HREF="<!--#echo var="HTTP_REFERER" -->">the referring page</A> about the malformed link. @@ -367,7 +369,7 @@ appears to support it (the latter requires server configuration lines of the form <BR><CODE>BrowserMatch "^Mozilla/[2-4]" anigif</CODE><BR> for browser types which support animated GIFs). <HR><PRE> -<!--#if expr="\"$SERVER_NAME\" = /.*\.mycompany\.com/" +<!--#if expr="$SERVER_NAME = /.*\.mycompany\.com/" --><!--#set var="IMG_CorpLogo" value="http://$SERVER_NAME:$SERVER_PORT/errordocs/CorpLogo.gif" --><!--#set var="ALT_CorpLogo" value="Powered by Linux!" diff --git a/usr.sbin/httpd/htdocs/manual/misc/descriptors.html b/usr.sbin/httpd/htdocs/manual/misc/descriptors.html index 79416c65061..ac37d0696f4 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/descriptors.html +++ b/usr.sbin/httpd/htdocs/manual/misc/descriptors.html @@ -129,6 +129,23 @@ situation somewhat. Here is a partial list of systems and workarounds between 60 and 11000, the default is 110. Relink and reboot, and the new number of descriptors will be available. + <P> + + <DT><STRONG>Compaq Tru64 UNIX/Digital UNIX/OSF</STRONG> + <DD><OL> + <LI>Raise <code>open_max_soft</code> and <code>open_max_hard</code> + to 4096 in the proc subsystem. + Do a man on sysconfig, sysconfigdb, and sysconfigtab. + <LI>Raise <code>max-vnodes</code> to a large number which is greater + than the number of apache processes * 4096 + (Setting it to 250,000 should be good for most people). + Do a man on sysconfig, sysconfigdb, and sysconfigtab. + <LI>If you are using Tru64 5.0, 5.0A, or 5.1, define + <code>NO_SLACK</code> to work around a bug in the OS. + <code>CFLAGS="-DNO_SLACK" ./configure</code> + </OL> + + <P> <DT><STRONG>Others</STRONG> <DD>If you have details on another operating system, please submit diff --git a/usr.sbin/httpd/htdocs/manual/misc/howto.html b/usr.sbin/httpd/htdocs/manual/misc/howto.html index 7cb757fc58d..6c5254b6587 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/howto.html +++ b/usr.sbin/httpd/htdocs/manual/misc/howto.html @@ -63,11 +63,11 @@ If that module is compiled in, the following lines RewriteRule /.* http://www.apache.org/ [R] </PRE></BLOCKQUOTE> -This will send an HTTP 302 Redirect back to the client, and no matter +will send an HTTP 302 Redirect back to the client, and no matter what they gave in the original URL, they'll be sent to -"http://www.apache.org". +"http://www.apache.org/". -The second option is to set up a <CODE>ScriptAlias</CODE> pointing to +<p>The second option is to set up a <CODE>ScriptAlias</CODE> pointing to a <STRONG>CGI script</STRONG> which outputs a 301 or 302 status and the location of the other server.</P> @@ -95,7 +95,7 @@ print "Status: 302 Moved Temporarily\r\n" . "Location: http://www.some.where.else.com/\r\n" . "\r\n"; -</PRE></BLOCKQUOTE></P> +</PRE></BLOCKQUOTE> <HR> @@ -124,7 +124,6 @@ it to reopen the logfiles.</P> mv access_log access_log.old<BR> kill -1 `cat httpd.pid` </CODE></BLOCKQUOTE> -</P> <P>Note: <CODE>httpd.pid</CODE> is a file containing the <STRONG>p</STRONG>rocess <STRONG>id</STRONG> @@ -141,7 +140,7 @@ nightly or weekly basis.</P> <CODE>robots.txt</CODE> which you don't have, and never did have?</P> <P>These clients are called <STRONG>robots</STRONG> (also known as crawlers, -spiders and other cute name) - special automated clients which +spiders and other cute names) - special automated clients which wander around the web looking for interesting resources.</P> <P>Most robots are used to generate some kind of <EM>web index</EM> which @@ -161,7 +160,7 @@ will want to stop.</P> <P>Another reason some webmasters want to block access to robots, is to stop them indexing dynamic information. Many search engines will use the -data collected from your pages for months to come - not much use if your +data collected from your pages for months to come - not much use if you're serving stock quotes, news, weather reports or anything else that will be stale by the time people find it in a search engine.</P> @@ -200,7 +199,7 @@ to set the directive ProxyRemote differently. Here are my settings: </PRE> <P> Requests on port 80 of my proxy <SAMP>nicklas</SAMP> are forwarded to -proxy<SAMP>.mayn.franken.de:8080</SAMP>, while requests on port 443 are +<SAMP>proxy.mayn.franken.de:8080</SAMP>, while requests on port 443 are forwarded to <SAMP>proxy.mayn.franken.de:443</SAMP>. If the remote proxy is not set up to handle port 443, then the last directive can be left out. SSL requests diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html b/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html index 2be7441ff23..27c36e0923a 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html +++ b/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html @@ -248,9 +248,7 @@ helped reduce the number of "unable" errors, because the CPU was often maxed out.</BLOCKQUOTE> <P> -<A NAME="accf"> -<H2>Accept filtering on FreeBSD</H2> -</A> +<H2><A NAME="accf">Accept filtering on FreeBSD</A></H2> <P> diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf-dec.html b/usr.sbin/httpd/htdocs/manual/misc/perf-dec.html index 21edc29af9b..552fc70b2db 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/perf-dec.html +++ b/usr.sbin/httpd/htdocs/manual/misc/perf-dec.html @@ -116,8 +116,6 @@ version of V4.0. -Jeff -<HR> - ---------------------------------------------------------------------------- From mogul@pa.dec.com (Jeffrey Mogul) diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html b/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html index d1ca21acc7a..280b7ce38b7 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html +++ b/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html @@ -11,11 +11,33 @@ VLINK="#000080" ALINK="#FF0000" > -<H1>Apache Performance Notes</H1> +<DIV ALIGN="CENTER"> + <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> + <H3> + Apache HTTP Server Version 1.3 + </H3> +</DIV> + +<H1 align="center">Apache Performance Notes</H1> <P>Author: Dean Gaudet -<H3>Introduction</H3> +<ul> +<li><a href="#introduction">Introduction</a></li> +<li><a href="#hardware">Hardware and Operating System Issues</a></li> +<li><a href="#runtime">Run-Time Configuration Issues</a></li> +<li><a href="#compiletime">Compile-Time Configuration Issues</a></li> +<li>Appendixes + <ul> + <li><a href="#trace">Detailed Analysis of a Trace</a></li> + <li><a href="#patches">Patches Available</a></li> + <li><a href="#preforking">The Pre-Forking Model</a></li> + </ul></li> +</ul> + +<hr> + +<H3><a name="introduction">Introduction</A></H3> <P>Apache is a general webserver, which is designed to be correct first, and fast second. Even so, its performance is quite satisfactory. Most sites have less than 10Mbits of outgoing bandwidth, which Apache can @@ -40,11 +62,13 @@ performance out of Apache's current model, and want to understand why it does some things which slow it down. <P>Note that this is tailored towards Apache 1.3 on Unix. Some of it applies -to Apache on NT. Apache on NT has not been tuned for performance yet, +to Apache on NT. Apache on NT has not been tuned for performance yet; in fact it probably performs very poorly because NT performance requires a different programming model. -<H3>Hardware and Operating System Issues</H3> +<hr> + +<H3><a name="hardware">Hardware and Operating System Issues</a></H3> <P>The single biggest hardware issue affecting webserver performance is RAM. A webserver should never ever have to swap, swapping increases @@ -64,7 +88,9 @@ HTTP serving completely breaks many of the assumptions built into Unix kernels up through 1994 and even 1995. Good choices include recent FreeBSD, and Linux. -<H3>Run-Time Configuration Issues</H3> +<hr> + +<H3><a name="runtime">Run-Time Configuration Issues</a></H3> <H4>HostnameLookups</H4> <P>Prior to Apache 1.3, <CODE>HostnameLookups</CODE> defaulted to On. @@ -86,7 +112,7 @@ lookups except for .html and .cgi files: <BLOCKQUOTE><PRE> HostnameLookups off -<Files ~ "\.(html|cgi)$> +<Files ~ "\.(html|cgi)$"> HostnameLookups on </Files> </PRE></BLOCKQUOTE> @@ -225,7 +251,9 @@ In no event should you raise this above about 60 seconds, as <A HREF="http://www.research.digital.com/wrl/techreports/abstracts/95.4.html" >most of the benefits are lost</A>. -<H3>Compile-Time Configuration Issues</H3> +<hr> + +<H3><a name="compiletime">Compile-Time Configuration Issues</a></H3> <H4>mod_status and ExtendedStatus On</H4> @@ -257,15 +285,15 @@ pedagogical purposes): for (;;) { fd_set accept_fds; - FD_ZERO (&accept_fds); + FD_ZERO (&accept_fds); for (i = first_socket; i <= last_socket; ++i) { - FD_SET (i, &accept_fds); + FD_SET (i, &accept_fds); } - rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); if (rc < 1) continue; new_connection = -1; for (i = first_socket; i <= last_socket; ++i) { - if (FD_ISSET (i, &accept_fds)) { + if (FD_ISSET (i, &accept_fds)) { new_connection = accept (i, NULL, NULL); if (new_connection != -1) break; } @@ -315,15 +343,15 @@ the inner loop. The loop looks like this (differences highlighted): for (;;) { fd_set accept_fds; - FD_ZERO (&accept_fds); + FD_ZERO (&accept_fds); for (i = first_socket; i <= last_socket; ++i) { - FD_SET (i, &accept_fds); + FD_SET (i, &accept_fds); } - rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); if (rc < 1) continue; new_connection = -1; for (i = first_socket; i <= last_socket; ++i) { - if (FD_ISSET (i, &accept_fds)) { + if (FD_ISSET (i, &accept_fds)) { new_connection = accept (i, NULL, NULL); if (new_connection != -1) break; } @@ -475,7 +503,7 @@ function looks roughly like this: select (s for reading, 2 second timeout); if (error) break; if (s is ready for reading) { - if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) { + if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) { break; } /* just toss away whatever is read */ @@ -529,7 +557,9 @@ server for every last ounce of performance) then you should add This will save RAM that's allocated only for supporting dynamically loaded modules. -<H3>Appendix: Detailed Analysis of a Trace</H3> +<hr> + +<H3><a name="trace">Appendix: Detailed Analysis of a Trace</a></H3> Here is a system call trace of Apache 1.3 running on Linux. The run-time configuration file is essentially the default plus: @@ -721,7 +751,7 @@ large may lock out low bandwidth clients unless you also increase the <CODE>Timeout</CODE>. <P>It may even be the case that <CODE>mmap</CODE> isn't -used on your architecture, if so then defining <CODE>USE_MMAP_FILES</CODE> +used on your architecture; if so then defining <CODE>USE_MMAP_FILES</CODE> and <CODE>HAVE_MMAP</CODE> might work (if it works then report back to us). <P>Apache does its best to avoid copying bytes around in memory. The @@ -753,7 +783,7 @@ up to <CODE>PIPE_BUF</CODE> bytes (a POSIX defined constant) of log entries are buffered before writing. At no time does it split a log entry across a <CODE>PIPE_BUF</CODE> boundary because those writes may not be atomic. (<EM>i.e.</EM>, entries from multiple children could become mixed together). -The code does it best to flush this buffer when a child dies. +The code does its best to flush this buffer when a child dies. <P>The lingering close code causes four system calls: @@ -818,7 +848,7 @@ these calls are used by few sites but required for backwards compatibility. cost of removing some functionality. </UL> -<H3>Appendix: The Pre-Forking Model</H3> +<H3><a name="preforking">Appendix: The Pre-Forking Model</a></H3> <P>Apache (on Unix) is a <EM>pre-forking</EM> model server. The <EM>parent</EM> process is responsible only for forking <EM>child</EM> @@ -857,7 +887,7 @@ depending on the operating system. 1.3 is multithreaded on NT. There have been at least two other experimental implementations of threaded Apache, one using the 1.3 code base on DCE, and one using a custom user-level threads package and the 1.0 code base; -neither is available publically. There is also an experimental port of +neither is publicly available. There is also an experimental port of Apache 1.3 to <A HREF="http://www.mozilla.org/docs/refList/refNSPR/"> Netscape's Portable Run Time</A>, which <A HREF="http://www.arctic.org/~dgaudet/apache/2.0/">is available</A> @@ -869,5 +899,14 @@ of Apache will include abstractions of the server model so that we can continue to support the pre-forking model, and also support various threaded models. +<HR> + +<H3 ALIGN="CENTER"> + Apache HTTP Server Version 1.3 +</H3> + +<A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> +<A HREF="../"><IMG SRC="../images/home.gif" ALT="Home"></A> + </BODY> </HTML> diff --git a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html b/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html index c63b4e8a639..a757974fa74 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html +++ b/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html @@ -28,7 +28,7 @@ URL Rewriting Guide<BR> </H1> <ADDRESS>Originally written by<BR> -Ralf S. Engelschall <rse@apache.org><BR> +Ralf S. Engelschall <rse@apache.org><BR> December 1997</ADDRESS> </DIV> diff --git a/usr.sbin/httpd/htdocs/manual/misc/tutorials.html b/usr.sbin/httpd/htdocs/manual/misc/tutorials.html index 1891637f33c..77f95320f36 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/tutorials.html +++ b/usr.sbin/httpd/htdocs/manual/misc/tutorials.html @@ -30,7 +30,7 @@ HREF="../">official Apache Server documentation</A> to verify what you read on external sites. -<H2>Installation & Getting Started</H2> +<H2>Installation & Getting Started</H2> <UL> @@ -76,6 +76,8 @@ HREF="http://apachetoday.com/news_story.php3?ltsn=2000-07-17-001-01-PS" <LI><A HREF="http://www.builder.com/Servers/Apache/ss02.html">Maximum Apache: Configure Apache</A> (CNET Builder.com) +<LI>Getting More Out of Apache <A HREF="http://www.devshed.com/Server_Side/Administration/MoreApache/">Part 1</A> - <A HREF="http://www.devshed.com/Server_Side/Administration/MoreApache2/">Part 2</A> (Developer Shed) + </UL> <H2>Security</H2> @@ -110,6 +112,9 @@ HREF="http://apachetoday.com/news_story.php3?ltsn=2000-08-07-001-01-NW-LF-SW" HREF="http://apachetoday.com/news_story.php3?ltsn=2000-08-14-001-01-NW-LF-SW" >Part 4</A> (ApacheToday) +<LI><a href="http://apachetoday.com/news_story.php3?ltsn=2000-11-13-003-01-SC-LF-SW" +>mod_access: Restricting Access by Host</a> (ApacheToday) + </UL> <H2>Logging</H2> @@ -186,10 +191,13 @@ Apache Imagemaps</A> (Apacheweek) HREF="http://apachetoday.com/news_story.php3?ltsn=2000-06-14-002-01-PS" >Keeping Your Images from Adorning Other Sites</A> (ApacheToday) +<LI><A HREF="http://ppewww.ph.gla.ac.uk/~flavell/www/lang-neg.html" +>Language Negotiation Notes</A> (Alan J. Flavell) + </UL> -<P>If you have a pointer to a an accurate and well-written tutorial +<P>If you have a pointer to an accurate and well-written tutorial not included here, please let us know by submitting it to the <A HREF="http://bugs.apache.org/">Apache Bug Database</A>. diff --git a/usr.sbin/httpd/htdocs/manual/misc/vif-info.html b/usr.sbin/httpd/htdocs/manual/misc/vif-info.html index f81190e2c35..ee5c53771ab 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/vif-info.html +++ b/usr.sbin/httpd/htdocs/manual/misc/vif-info.html @@ -13,7 +13,7 @@ <DIV ALIGN="CENTER"> <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> <H3> - Apache HTTP Server Version 1.2 + Apache HTTP Server Version 1.3 </H3> </DIV> @@ -32,7 +32,7 @@ John Ionnidis writes: This is a topic that comes up once in a while on comp.protocols.tcp-ip and other newsgroups. The question is, how to get a machine with one -network interface to respond to more than one IP addresses. +network interface to respond to more than one IP addresses. I have a solution than might suit you. For my doctoral work (there's a paper about it in this year's ('91) SIGCOMM, also available for @@ -58,16 +58,16 @@ class C nets). Here are the ifconfigs: ifconfig le0 198.3.2.1 up -trailers # config primary interface ifconfig vif0 198.4.3.2 up # config first virtual interface - route delete net 198.4.3 198.4.3.2 # delete spurious route + route delete net 198.4.3 198.4.3.2 # delete spurious route route add host 198.4.3.2 198.4.3.2 0 # add route for this i/f ifconfig vif1 198.5.4.3 up # config second virtual interface - route delete net 198.5.4 198.5.4.3 # delete spurious route + route delete net 198.5.4 198.5.4.3 # delete spurious route route add host 198.5.4.3 198.5.4.3 0 # add route for this i/f The route deletes are needed because the ifconfig creates a default route to the interface's network, which can cause problems; all that's -needed is the (host) route to the interface's address. +needed is the (host) route to the interface's address. Now, get le0's ethernet address (say, 8:0:20:3:2:1), and add the following static ARP entries: @@ -76,12 +76,12 @@ following static ARP entries: arp -s 198.5.4.3 8:0:20:3:2:1 pub This will cause any ARP requests for the VIF addresses to be replied -with your machine's ethernet address. +with your machine's ethernet address. Now, make sure your default route is to your segment's gateway, through the real interface. Finally, make sure your routers and/or hosts on the same segment as yours know that 198.4.3.2 and 198.5.4.3 -are on that cable. +are on that cable. Here's what you've accomplished. @@ -91,7 +91,7 @@ the virtual ones because of the public static arp entries). Packets reaching your host with any of these addresses will be accepted by the ip_input routine because they match the address of one of the host's interfaces. Packets leaving your host can have any of its addresses -(real and virtual). +(real and virtual). The code for vif follows. To use it, put the stuff in netinet/if_vif.c and netinet/if_vif.h, configure your kernel with the number of @@ -140,10 +140,10 @@ Make sure you remember the correct major device number, 14 in this case! Finally, here's the code. It has the tunneling pieces removed (you need more code to use that anyway), and it comes from a Mach 2.6 kernel; it should compile on any Berkeley-derived unix with minor -changes (most likely only in the includes). +changes (most likely only in the includes). ---------------------netinet/if_vif.h-------------------------------------- -typedef struct +typedef struct { struct ifnet vif_if; struct ifnet *vif_sif; /* slave interface */ @@ -200,10 +200,10 @@ vifattach() register int i; register struct ifnet *ifp; int vifoutput(), vififioctl(); - + for (i=0; i<NVIF; i++) { - ifp = &vif_softc[i].vif_if; + ifp = &vif_softc[i].vif_if; ifp->if_name = "vif"; ifp->if_unit = i; ifp->if_mtu = VIFMTU; @@ -218,20 +218,20 @@ vifopen(dev, flag) int dev, flag; { int unit; - + if (!vifs_inited) { vifattach(); vifs_inited = 1; printf("vif initialized\n"); } - + unit = minor(dev); if ((unit < 0) || (unit >= NVIF)) { return ENXIO; } - + return 0; } @@ -265,10 +265,10 @@ vifoutput(ifp, m0, dst) register struct ifqueue *ifq; struct mbuf *m; struct sockaddr_in *din; - + if (dst->sa_family != AF_INET) { - printf("%s%d: can't handle af%d\n", + printf("%s%d: can't handle af%d\n", ifp->if_name, ifp->if_unit, dst->sa_family); m_freem(m0); @@ -276,16 +276,16 @@ vifoutput(ifp, m0, dst) } din = (struct sockaddr_in *)dst; - + if (din->sin_addr.s_addr == IA_SIN(ifp->if_addrlist)->sin_addr.s_addr) { /* printf("%s%d: looping\n", ifp->if_name, ifp->if_unit); */ - + /* * Place interface pointer before the data * for the receiving protocol. */ - if (m0->m_off <= MMAXOFF && + if (m0->m_off <= MMAXOFF && m0->m_off >= MMINOFF + sizeof(struct ifnet *)) { m0->m_off -= sizeof(struct ifnet *); m0->m_len += sizeof(struct ifnet *); @@ -351,14 +351,14 @@ caddr_t arg; int mode; { int unit; - + unit = minor(dev); if ((unit < 0) || (unit >= NVIF)) return ENXIO; - + return EINVAL; } ----------------------------------------------------------------------------- +---------------------------------------------------------------------------- To use it, compile your kernel, and reboot. Then create the vif device: @@ -372,16 +372,16 @@ it: This will cause the device to be opened, which will if_attach the interfaces. If you feel like playing with the code, you may want to -kmem_alloc() the vif_softc structrure at open time, and use the minor -number of the device to tell it how many interfaces to create. +kmem_alloc() the vif_softc structure at open time, and use the minor +number of the device to tell it how many interfaces to create. -Now you can go ahead and ifconfig etc. +Now you can go ahead and ifconfig <EM>etc.</EM> I'll be happy to answer minor questions, and hear about success and failure stories, but I cannot help you if you don't already know how to hack kernels. -Good luck! +Good luck! /ji @@ -401,8 +401,9 @@ for SunOS 4.1.3_U1. <P> <HR> + <H3 ALIGN="CENTER"> - Apache HTTP Server Version 1.2 + Apache HTTP Server Version 1.3 </H3> <A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> diff --git a/usr.sbin/httpd/htdocs/manual/mod/core.html b/usr.sbin/httpd/htdocs/manual/mod/core.html index 1dd8bf35b69..dd4ebb14c15 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/core.html +++ b/usr.sbin/httpd/htdocs/manual/mod/core.html @@ -145,7 +145,8 @@ as configuration files. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AccessFileName <EM>filename filename ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AccessFileName <EM>filename</em> +[<em>filename</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -176,11 +177,16 @@ for directives, unless they have been disabled with <BLOCKQUOTE><CODE> <Directory /><BR> AllowOverride None<BR> -</Directory></CODE></BLOCKQUOTE><P><HR> +</Directory></CODE> +</BLOCKQUOTE><P> + +<P><STRONG>See Also:</STRONG> +<A HREF="#allowoverride">AllowOverride</a></P> +<HR> <H2><A NAME="adddefaultcharset">AddDefaultCharset directive</A></H2> <A HREF="directive-dict.html#Syntax" REL="Help"><STRONG>Syntax:</STRONG></A> -AddDefaultCharset <EM>Off / On / charset</EM><BR> +AddDefaultCharset On|Off|<em>charset</em><BR> <A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A> all<BR> <A HREF="directive-dict.html#Status" REL="Help" ><STRONG>Status:</STRONG></A> @@ -197,7 +203,7 @@ in the body of the document via a <CODE>META</CODE> tag. A setting of <CODE>AddDefaultCharset Off</CODE> disables this functionality. <CODE>AddDefaultCharset On</CODE> enables Apache's internal default charset of <code>iso-8859-1</code> as required by the -directive. You can also specify an alternate charset to be used; +directive. You can also specify an alternate <em>charset</em> to be used; e.g. <code>AddDefaultCharset utf-8</code>. <P><HR> @@ -206,7 +212,7 @@ e.g. <code>AddDefaultCharset utf-8</code>. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddModule <EM>module module ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddModule <EM>module</em> [<em>module</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -232,7 +238,8 @@ directive.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AllowOverride <EM>override override ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AllowOverride All|None|<EM>directive-type</em> +[<em>directive-type</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -246,13 +253,21 @@ directive.<P><HR> REL="Help" ><STRONG>Status:</STRONG></A> core<P> -When the server finds an .htaccess file (as specified by +<p>When the server finds an .htaccess file (as specified by <A HREF="#accessfilename">AccessFileName</A>) it needs to know which -directives declared in that file can override earlier access information.<P> +directives declared in that file can override earlier access information.</p> + +<p>When this directive is set to <code>None</code>, then +.htaccess files are completely ignored. In this case, the server +will not even attempt to read .htaccess files in the filesystem.</p> -<EM>Override</EM> can be set to <CODE>None</CODE>, in which case the server -will not read the file, <CODE>All</CODE> in which case the server will -allow all the directives, or one or more of the following: +<p>When this directive is set to <code>All</code>, then any directive +which has the .htaccess <a +href="directive-dict.html#Context">Context</a> is allowed in .htaccess +files.</p> + +<p>The <em>directive-type</em> can be one of the following groupings +of directives.</p> <DL> <DT>AuthConfig <DD> @@ -299,7 +314,11 @@ Allow use of the directives controlling host access (Allow, Deny and Order). Allow use of the directives controlling specific directory features (<A HREF="#options">Options</A> and <A HREF="mod_include.html#xbithack">XBitHack</A>). -</DL><P><HR> +</DL><P> + +<P><STRONG>See Also:</STRONG> +<A HREF="#accessfilename">AccessFileName</A></P> +<HR> <H2><A NAME="authname">AuthName directive</A></H2> <!--%plaintext <?INDEX {\tt AuthName} directive> --> @@ -334,7 +353,7 @@ It must be accompanied by <A HREF="#authtype">AuthType</A> and <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthType <EM>type</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthType Basic|Digest<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -361,7 +380,8 @@ It must be accompanied by <A HREF="#authname">AuthName</A> and <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> BindAddress <EM>saddr</EM><BR> +><STRONG>Syntax:</STRONG></A> BindAddress +*|<em>IP-address</em>|<EM>domain-name</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -375,28 +395,22 @@ It must be accompanied by <A HREF="#authname">AuthName</A> and REL="Help" ><STRONG>Status:</STRONG></A> core<P> -A Unix® http server can either listen for connections to every +<p>A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server -machine. <EM>Saddr</EM> can be - -<MENU> -<LI>* -<LI>An IP address -<LI>A fully-qualified Internet domain name -</MENU> -If the value is *, then the server will listen for connections on -every IP address, otherwise it will only listen on the IP address -specified. <P> +machine. If the argument to this directive is *, then the +server will listen for connections on every IP address. Otherwise, +the server can listen to only a specific <em>IP-address</em> +or a fully-qualified Internet <em>domain-name</em>.</p> -Only one <CODE>BindAddress</CODE> directive can be used. For more +<p>Only one <CODE>BindAddress</CODE> directive can be used. For more control over which address and ports Apache listens to, use the <CODE><A HREF="#listen">Listen</A></CODE> directive instead of -<CODE>BindAddress</CODE>.<P> +<CODE>BindAddress</CODE>.</P> -<CODE>BindAddress</CODE> can be used as an alternative method for -supporting <A HREF="../vhosts/index.html">virtual hosts</A> using +<p><CODE>BindAddress</CODE> can be used as an alternative method for +supporting <A HREF="../vhosts/">virtual hosts</A> using multiple independent servers, instead of using <CODE><A -HREF="#virtualhost"><VirtualHost></A></CODE> sections. +HREF="#virtualhost"><VirtualHost></A></CODE> sections.</p> <P><STRONG>See Also:</STRONG> <A HREF="../dns-caveats.html">DNS Issues</A><BR> @@ -473,7 +487,7 @@ re-populated using the <A HREF="#addmodule">AddModule</A> directive.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ContentDigest <EM>on|off</EM><BR> +><STRONG>Syntax:</STRONG></A> ContentDigest on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -824,8 +838,8 @@ one of four things, using the <CODE>ErrorDocument</CODE> directive, which is followed by the HTTP response code and a message or URL. -<P><EM>Messages</EM> in this context begin with a single quote -(<CODE>"</CODE>), which does not form part of the message itself. +<P><EM>Messages</EM> in this context begin with a single double-quote +character (<CODE>"</CODE>), which does not form part of the message itself. Apache will sometimes offer additional information regarding the problem/error. @@ -860,7 +874,7 @@ responses.</A><P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ErrorLog <EM>filename</EM>|<CODE>syslog[:facility]</CODE> +><STRONG>Syntax:</STRONG></A> ErrorLog <EM>filename</EM>|syslog[:<em>facility</em>] <BR> <A HREF="directive-dict.html#Default" @@ -1055,7 +1069,7 @@ considerations.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> HostNameLookups <EM>on | off | double</EM><BR> +><STRONG>Syntax:</STRONG></A> HostNameLookups on|off|double<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1103,18 +1117,19 @@ versions of Apache prior to 1.3. It was changed to <CODE>off</CODE> in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup -entails. -Heavily loaded sites should leave this directive <CODE>off</CODE>, since DNS -lookups can take considerable amounts of time. The utility <EM>logresolve</EM>, -provided in the <EM>/support</EM> directory, can be used to look up host names -from logged IP addresses offline.<P><HR> +entails. Heavily loaded sites should leave this directive +<CODE>off</CODE>, since DNS lookups can take considerable amounts of +time. The utility <a +href="../programs/logresolve.html">logresolve</a>, provided in the +<EM>/support</EM> directory, can be used to look up host names from +logged IP addresses offline.<P><HR> <H2><A NAME="identitycheck">IdentityCheck directive</A></H2> <!--%plaintext <?INDEX {\tt IdentityCheck} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> IdentityCheck <EM>boolean</EM><BR> +><STRONG>Syntax:</STRONG></A> IdentityCheck on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1285,12 +1300,17 @@ and later. This directive allows inclusion of other configuration files from within the server configuration files. +<P>New in Apache 1.3.13 is the feature that if <CODE>Include</CODE> +points to a directory, rather than a file, Apache will read all +files in that directory, and any subdirectory, and parse those +as configuration files. + <P> <HR> <H2><A NAME="keepalive">KeepAlive directive</A></H2> <STRONG>Syntax: (Apache 1.1)</STRONG> KeepAlive <EM>max-requests</EM><BR> <STRONG>Default: (Apache 1.1)</STRONG> <CODE>KeepAlive 5</CODE><BR> -<STRONG>Syntax: (Apache 1.2)</STRONG> KeepAlive <EM>on/off</EM><BR> +<STRONG>Syntax: (Apache 1.2)</STRONG> KeepAlive on|off<BR> <STRONG>Default: (Apache 1.2)</STRONG> <CODE>KeepAlive On</CODE><BR> <A HREF="directive-dict.html#Context" @@ -1306,18 +1326,36 @@ server configuration files. ><STRONG>Compatibility:</STRONG></A> KeepAlive is only available in Apache 1.1 and later.<P> -This directive enables -<A HREF="../keepalive.html">Keep-Alive</A> -support. - -<P><STRONG>Apache 1.1</STRONG>: Set <EM>max-requests</EM> +<p>The Keep-Alive extension to HTTP/1.0 and the persistent connection +feature of HTTP/1.1 provide long-lived HTTP sessions which allow +multiple requests to be sent over the same TCP connection. In some +cases this has been shown to result in an almost 50% speedup in +latency times for HTML documents with many images. To enable +Keep-Alive connections in Apache 1.2 and later, set <code>KeepAlive +On</code>.</p> + +<p>For HTTP/1.0 clients, Keep-Alive connections will only be used if +they are specifically requested by a client. In addition, a +Keep-Alive connection with an HTTP/1.0 client can only be used when +the length of the content is known in advance. This implies that +dynamic content such as CGI output, SSI pages, and server-generated +directory listings will generally not use Keep-Alive connections to +HTTP/1.0 clients. For HTTP/1.1 clients, persistent connections are +the default unless otherwise specified. If the client requests it, +chunked encoding will be used in order to send content of unknown +length over persistent connections.</p> + +<P><STRONG>Apache 1.1 only</STRONG>: Set <EM>max-requests</EM> to the maximum number of requests you want Apache to entertain per -request. A limit is imposed to prevent a client from hogging your -server resources. Set this to <CODE>0</CODE> to disable support. +connection. A limit is imposed to prevent a client from hogging your +server resources. Set this to <CODE>0</CODE> to disable support. In +Apache 1.2 and 1.3, this is controlled through the +MaxKeepAliveRequests directive instead.</p> -<P><STRONG>Apache 1.2 and later</STRONG>: Set to "On" to enable -persistent connections, "Off" to disable. See also the <A -HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A> directive.</P><HR> +<p>See also <A +HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A>.</P> + +<HR> <H2><A NAME="keepalivetimeout">KeepAliveTimeout directive</A></H2> <A @@ -1342,11 +1380,17 @@ HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A> directive.</P><HR> ><STRONG>Compatibility:</STRONG></A> KeepAliveTimeout is only available in Apache 1.1 and later.<P> -The number of seconds Apache will wait for a subsequent request before -closing the connection. Once a request has been received, the timeout -value specified by the <A -HREF="#timeout"><CODE>Timeout</CODE></A> directive -applies. +<p>The number of seconds Apache will wait for a subsequent request +before closing the connection. Once a request has been received, the +timeout value specified by the <A +HREF="#timeout"><CODE>Timeout</CODE></A> directive applies.</p> + +<p>Setting <code>KeepAliveTimeout</code> to a high value may +cause performance problems in heavily loaded servers. The +higher the timeout, the more server processes will be kept +occupied waiting on connections with idle clients.</p> + + <HR> <H2><A NAME="limit"><Limit> directive</A></H2> @@ -1355,7 +1399,7 @@ applies. HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> - <Limit <EM>method method</EM> ... > ... </Limit><BR> + <Limit <EM>method</em> [<em>method</EM>] ... > ... </Limit><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -1396,7 +1440,7 @@ requests. HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> - <LimitExcept <EM>method method</EM> ... > ... </LimitExcept><BR> + <LimitExcept <EM>method</em> [<em>method</EM>] ... > ... </LimitExcept><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -1424,7 +1468,7 @@ standard and nonstandard/unrecognized methods. See the documentation for <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestBody <EM>number</EM><BR> +><STRONG>Syntax:</STRONG></A> LimitRequestBody <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1445,8 +1489,9 @@ standard and nonstandard/unrecognized methods. See the documentation for Apache 1.3.2 and later. <P> -<EM>Number</EM> is a long integer from 0 (meaning unlimited) to 2147483647 -(2GB). The default value is defined by the compile-time constant +<p>This directive specifies the number of <em>bytes</em> from 0 +(meaning unlimited) to 2147483647 (2GB) that are allowed in a request +body. The default value is defined by the compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_BODY</CODE> (0 as distributed). <P> @@ -1495,7 +1540,7 @@ of denial-of-service attacks. Apache 1.3.2 and later. <P> -<EM>Number</EM> is an integer from 0 (meaning unlimited) to 32767. +<p><em>Number</em> is an integer from 0 (meaning unlimited) to 32767. The default value is defined by the compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_FIELDS</CODE> (100 as distributed). <P> @@ -1523,7 +1568,7 @@ fields were sent in the request.<P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestFieldsize <EM>number</EM><BR> +><STRONG>Syntax:</STRONG></A> LimitRequestFieldsize <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1543,9 +1588,10 @@ fields were sent in the request.<P> Apache 1.3.2 and later. <P> -<EM>Number</EM> is an integer size in bytes from 0 to the value of the -compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_FIELDSIZE</CODE> -(8190 as distributed). +This directive specifies the number of <em>bytes</em> from 0 to the +value of the compile-time constant +<CODE>DEFAULT_LIMIT_REQUEST_FIELDSIZE</CODE> (8190 as distributed) +that will be allowed in an HTTP request header. <P> The LimitRequestFieldsize directive allows the server administrator to reduce @@ -1570,7 +1616,7 @@ not be changed from the default.<P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestLine <EM>number</EM><BR> +><STRONG>Syntax:</STRONG></A> LimitRequestLine <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1590,9 +1636,9 @@ not be changed from the default.<P> Apache 1.3.2 and later. <P> -<EM>Number</EM> is an integer size in bytes from 0 to the value of the -compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_LINE</CODE> -(8190 as distributed). +This directive sets the number of <em>bytes</em> from 0 to the value +of the compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_LINE</CODE> +(8190 as distributed) that will be allowed on the HTTP request-line. <P> The LimitRequestLine directive allows the server administrator to reduce @@ -1617,7 +1663,7 @@ not be changed from the default.<P> HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> -Listen [<EM>IP address</EM>:]<EM>port number</EM><BR> +Listen [<EM>IP-address</EM>:]<EM>port</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -2010,7 +2056,9 @@ end of a different request, the connection will then be serviced. allowed per connection when <A HREF="#keepalive">KeepAlive</A> is on. If it is set to "<CODE>0</CODE>", unlimited requests will be allowed. We recommend that this setting be kept to a high value for -maximum server performance.</P><HR> +maximum server performance. In Apache 1.1, this is controlled through an option to the KeepAlive directive.</P> + +<HR> <H2><A NAME="maxrequestsperchild">MaxRequestsPerChild directive</A></H2> <!--%plaintext <?INDEX {\tt MaxRequestsPerChild} directive> --> @@ -2147,10 +2195,10 @@ See also <A HREF="#maxspareservers">MaxSpareServers</A> and Apache 1.3 and later<P> The NameVirtualHost directive is a required directive if you want to configure -<A HREF="../vhosts/index.html">name-based virtual hosts</A>.<P> +<A HREF="../vhosts/">name-based virtual hosts</A>.<P> Although <EM>addr</EM> can be hostname it is recommended that you always use -an IP address, <EM>e.g.</EM> +an IP address or wildcard, <EM>e.g.</EM> <BLOCKQUOTE><CODE>NameVirtualHost 111.22.33.44</CODE></BLOCKQUOTE> @@ -2183,14 +2231,14 @@ if you want only name-based virtual hosts and you don't want to hard-code the server's IP address into the configuration file.<P> <STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> +<A HREF="../vhosts/">Apache Virtual Host documentation</A> <HR> <H2><A NAME="options">Options directive</A></H2> <!--%plaintext <?INDEX {\tt Options} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Options <EM>[+|-]option [+|-]option ...</EM><BR> +><STRONG>Syntax:</STRONG></A> Options [+|-]<em>option</em> [[+|-]<em>option</em>] ...</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -2368,7 +2416,7 @@ Apache).<P> In the absence of any <A HREF="#listen">Listen</A> or <A HREF="#bindaddress">BindAddress</A> directives specifying a port number, a Port directive given in the "main server" -(<EM>i.e.</EM>, outside any <A HREF="#virtualhost"><VirtualHost></A> section) +(<EM>i.e.</EM>, outside any <A HREF="#virtualhost"><VirtualHost></A> section) sets the network port on which the server listens. If there are any Listen or BindAddress directives specifying <CODE>:number</CODE> then Port has no effect on what address the server @@ -2413,7 +2461,7 @@ attack.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Require <EM>entity-name entity entity...</EM><BR> +><STRONG>Syntax:</STRONG></A> Require <EM>entity-name</em> [<em>entity-name</em>] ...</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -2430,9 +2478,9 @@ attack.<P><HR> This directive selects which authenticated users can access a directory. The allowed syntaxes are: <UL> -<LI>Require user <EM>userid userid ...</EM><P> +<LI>Require user <EM>userid</em> [<em>userid</em>] ...<P> Only the named users can access the directory.<P> -<LI>Require group <EM>group-name group-name ...</EM><P> +<LI>Require group <EM>group-name</em> [<em>group-name</em>] ...<P> Only users in the named groups can access the directory.<P> <LI>Require valid-user<P> All valid users can access the directory. @@ -2503,8 +2551,8 @@ as configuration files. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitCPU <EM># or 'max'</EM> - <EM>[# or 'max']</EM> +><STRONG>Syntax:</STRONG></A> RLimitCPU <EM>number</EM>|max + [<em>number</em>|max] <BR> <A HREF="directive-dict.html#Default" @@ -2527,7 +2575,7 @@ and later<P> Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. -Either parameter can be a number, or <EM>max</EM> to indicate to the server +Either parameter can be a number, or <code>max</code> to indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.<P> @@ -2547,8 +2595,8 @@ See also <A HREF="#rlimitmem">RLimitMEM</A> or <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitMEM <EM># or 'max'</EM> - <EM>[# or 'max']</EM><BR> +><STRONG>Syntax:</STRONG></A> RLimitMEM <EM>number</em>|max + [<em>number</em>|max]<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2568,12 +2616,13 @@ See also <A HREF="#rlimitmem">RLimitMEM</A> or ><STRONG>Compatibility:</STRONG></A> RLimitMEM is only available in Apache 1.2 and later<P> -Takes 1 or 2 parameters. The first parameter sets the soft resource limit for -all processes and the second parameter sets the maximum resource limit. Either -parameter can be a number, or <EM>max</EM> to indicate to the server that the -limit should be set to the maximum allowed by the operating system -configuration. Raising the maximum resource limit requires that the -server is running as root, or in the initial startup phase.<P> +Takes 1 or 2 parameters. The first parameter sets the soft resource +limit for all processes and the second parameter sets the maximum +resource limit. Either parameter can be a number, or <code>max</code> +to indicate to the server that the limit should be set to the maximum +allowed by the operating system configuration. Raising the maximum +resource limit requires that the server is running as root, or in the +initial startup phase.<P> This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI @@ -2590,8 +2639,8 @@ See also <A HREF="#rlimitcpu">RLimitCPU</A> or <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitNPROC <EM># or 'max'</EM> - <EM>[# or 'max']</EM><BR> +><STRONG>Syntax:</STRONG></A> RLimitNPROC <EM>number</em>|max + [<em>number</EM>|max]<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2611,12 +2660,13 @@ See also <A HREF="#rlimitcpu">RLimitCPU</A> or ><STRONG>Compatibility:</STRONG></A> RLimitNPROC is only available in Apache 1.2 and later<P> -Takes 1 or 2 parameters. The first parameter sets the soft resource limit -for all processes and the second parameter sets the maximum resource limit. -Either parameter can be a number, or <EM>max</EM> to indicate to the server -that the limit should be set to the maximum allowed by the operating system -configuration. Raising the maximum resource limit requires that the server -is running as root, or in the initial startup phase.<P> +Takes 1 or 2 parameters. The first parameter sets the soft resource +limit for all processes and the second parameter sets the maximum +resource limit. Either parameter can be a number, or <code>max</code> +to indicate to the server that the limit should be set to the maximum +allowed by the operating system configuration. Raising the maximum +resource limit requires that the server is running as root, or in the +initial startup phase.<P> This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI @@ -2641,7 +2691,7 @@ See also <A HREF="#rlimitmem">RLimitMEM</A> or <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Satisfy <EM>'any' or 'all'</EM><BR> +><STRONG>Syntax:</STRONG></A> Satisfy any|all<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2673,7 +2723,7 @@ password. This can be used to password restrict an area, but to let clients from particular addresses in without prompting for a password. <P> See also <A HREF="#require">Require</A> and -<A HREF="mod_access.html">mod_access</A>. +<A HREF="mod_access.html#allow">Allow</A>. <P><HR> @@ -2734,7 +2784,7 @@ release. (Prior to 1.3b4, <CODE>HAVE_SHMGET</CODE> would have sufficed.)<P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ScriptInterpreterSource <EM>'registry' or 'script'</EM><BR> +><STRONG>Syntax:</STRONG></A> ScriptInterpreterSource registry|script<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2803,7 +2853,7 @@ as users do not always mention that they are talking about the server!<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ServerAlias <EM>host1 host2 ...</EM><BR> +><STRONG>Syntax:</STRONG></A> ServerAlias <EM>hostname</em> [<em>hostname</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -2823,7 +2873,7 @@ with <A HREF="../vhosts/name-based.html">name-based virtual hosts</A>. <P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> +<A HREF="../vhosts/">Apache Virtual Host documentation</A> <HR> @@ -2832,7 +2882,7 @@ with <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ServerName <EM>fully-qualified domain name</EM> +><STRONG>Syntax:</STRONG></A> ServerName <EM>fully-qualified-domain-name</EM> <BR> <A HREF="directive-dict.html#Context" @@ -2859,7 +2909,7 @@ section specifies what hostname must appear in the request's <P><STRONG>See Also</STRONG>:<BR> <A HREF="../dns-caveats.html">DNS Issues</A><BR> -<A HREF="../vhosts/index.html">Apache virtual host documentation</A><BR> +<A HREF="../vhosts/">Apache virtual host documentation</A><BR> <A HREF="#usecanonicalname">UseCanonicalName</A><BR> <A HREF="#namevirtualhost">NameVirtualHost</A><BR> <A HREF="#serveralias">ServerAlias</A><BR> @@ -2887,10 +2937,10 @@ section specifies what hostname must appear in the request's 1.1 and later.<P> The ServerPath directive sets the legacy URL pathname for a host, for -use with <A HREF="../vhosts/index.html">name-based virtual hosts</A>. +use with <A HREF="../vhosts/">name-based virtual hosts</A>. <P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> +<A HREF="../vhosts/">Apache Virtual Host documentation</A> <HR> @@ -2929,7 +2979,7 @@ for information on how to properly set permissions on the ServerRoot.<P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ServerSignature <EM>Off | On | EMail</EM><BR> +><STRONG>Syntax:</STRONG></A> ServerSignature On|Off|EMail<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2972,7 +3022,7 @@ referenced document. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ServerTokens <EM>Minimal|ProductOnly|OS|Full</EM><BR> +><STRONG>Syntax:</STRONG></A> ServerTokens Minimal|ProductOnly|OS|Full<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -3208,7 +3258,7 @@ a packet is sent. <H2><A NAME="usecanonicalname">UseCanonicalName directive</A></H2> <!--%plaintext <?INDEX {\tt UseCanonicalName} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help"> -<STRONG>Syntax:</STRONG></A> UseCanonicalName <EM>on|off|dns</EM><BR> +<STRONG>Syntax:</STRONG></A> UseCanonicalName on|off|dns<BR> <A HREF="directive-dict.html#Default" REL="Help"> <STRONG>Default:</STRONG></A> <CODE>UseCanonicalName on</CODE><BR> <A HREF="directive-dict.html#Context" REL="Help"> @@ -3325,7 +3375,7 @@ dangers are.<P><HR> HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> <VirtualHost <EM>addr</EM>[:<EM>port</EM>] - ...> ... +[<EM>addr</EM>[:<EM>port</EM>]] ...> ... </VirtualHost> <BR> <A HREF="directive-dict.html#Context" @@ -3416,7 +3466,7 @@ either <A HREF="#bindaddress">BindAddress</A> or <A HREF="#listen">Listen</A>. <P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A><BR> +<A HREF="../vhosts/">Apache Virtual Host documentation</A><BR> <STRONG>See also:</STRONG> <A HREF="../dns-caveats.html">Warnings about DNS and Apache</A><BR> <STRONG>See also:</STRONG> diff --git a/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html b/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html index 7e5297ef0e0..13acf60ba58 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html +++ b/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html @@ -24,7 +24,7 @@ <P> Below is a list of all of the modules that come as part of the Apache distribution. See also the list of modules <A -HREF="index.html">sorted alphabetically</A> and the complete +HREF="./">sorted alphabetically</A> and the complete alphabetical list of <A HREF="directives.html" >all Apache directives</A>. For modules that are not part of the Apache distribution, please see @@ -35,7 +35,7 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="core.html">Core</A> -<DD>Core Apache features. +<DD>Core Apache features </DL> <H2>Environment Creation</H2> @@ -53,11 +53,11 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_mime.html">mod_mime</A> -<DD>Determining document types using file extensions. +<DD>Determining document types using file extensions <DT><A HREF="mod_mime_magic.html">mod_mime_magic</A> -<DD>Determining document types using "magic numbers". +<DD>Determining document types using "magic numbers" <DT><A HREF="mod_negotiation.html">mod_negotiation</A> -<DD>Content negotiation. +<DD>Content negotiation </DL> <H2>URL Mapping</H2> @@ -65,11 +65,11 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_alias.html">mod_alias</A> <DD>Mapping different parts of the host filesystem in the document tree, - and URL redirection. + and URL redirection <DT><A HREF="mod_rewrite.html">mod_rewrite</A> Apache 1.2 and up <DD>Powerful URI-to-filename mapping using regular expressions <DT><A HREF="mod_userdir.html">mod_userdir</A> -<DD>User home directories. +<DD>User home directories <DT><A HREF="mod_speling.html">mod_speling</A> Apache 1.3 and up <DD>Automatically correct minor typos in URLs <DT><A HREF="mod_vhost_alias.html">mod_vhost_alias</A> Apache 1.3.7 and up @@ -80,26 +80,26 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_dir.html">mod_dir</A> -<DD>Basic directory handling. +<DD>Basic directory handling <DT><A HREF="mod_autoindex.html">mod_autoindex</A> -<DD>Automatic directory listings. +<DD>Automatic directory listings </DL> <H2>Access Control</H2> <DL> <DT><A HREF="mod_access.html">mod_access</A> -<DD>Access control based on client hostname or IP address. +<DD>Access control based on client hostname or IP address <DT><A HREF="mod_auth.html">mod_auth</A> -<DD>User authentication using text files. +<DD>User authentication using text files <DT><A HREF="mod_auth_dbm.html">mod_auth_dbm</A> -<DD>User authentication using DBM files. +<DD>User authentication using DBM files <DT><A HREF="mod_auth_db.html">mod_auth_db</A> -<DD>User authentication using Berkeley DB files. +<DD>User authentication using Berkeley DB files <DT><A HREF="mod_auth_anon.html">mod_auth_anon</A> Apache 1.1 and up -<DD>Anonymous user access to authenticated areas. +<DD>Anonymous user access to authenticated areas <DT><A HREF="mod_auth_digest.html">mod_auth_digest</A> Apache 1.3.8 and up -<DD>MD5 authentication +<DD>Experimental MD5 authentication <DT><A HREF="mod_digest.html">mod_digest</A> Apache 1.1 and up <DD>MD5 authentication @@ -111,22 +111,22 @@ For modules that are not part of the Apache distribution, please see <DT><A HREF="mod_headers.html">mod_headers</A> Apache 1.2 and up <DD>Add arbitrary HTTP headers to resources <DT><A HREF="mod_cern_meta.html">mod_cern_meta</A> Apache 1.1 and up -<DD>Support for HTTP header metafiles. +<DD>Support for HTTP header metafiles <DT><A HREF="mod_expires.html">mod_expires</A> Apache 1.2 and up <DD>Apply Expires: headers to resources <DT><A HREF="mod_asis.html">mod_asis</A> -<DD>Sending files which contain their own HTTP headers. +<DD>Sending files which contain their own HTTP headers </DL> <H2>Dynamic Content</H2> <DL> <DT><A HREF="mod_include.html">mod_include</A> -<DD>Server-parsed documents. +<DD>Server-parsed documents <DT><A HREF="mod_cgi.html">mod_cgi</A> -<DD>Invoking CGI scripts. +<DD>Invoking CGI scripts <DT><A HREF="mod_actions.html">mod_actions</A> Apache 1.1 and up -<DD>Executing CGI scripts based on media type or request method. +<DD>Executing CGI scripts based on media type or request method <DT><A HREF="mod_isapi.html">mod_isapi</A> WIN32 only <DD>Windows ISAPI Extension support </DL> @@ -144,11 +144,11 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_log_config.html">mod_log_config</A> -<DD>User-configurable logging replacement for mod_log_common. +<DD>User-configurable logging replacement for mod_log_common <DT><A HREF="mod_log_agent.html">mod_log_agent</A> -<DD>Logging of User Agents. +<DD>Logging of User Agents <DT><A HREF="mod_log_referer.html">mod_log_referer</A> -<DD>Logging of document references. +<DD>Logging of document references <DT><A HREF="mod_usertrack.html">mod_usertrack</A> Apache 1.2 and up <DD>User tracking using Cookies (replacement for mod_cookies.c) </DL> @@ -157,13 +157,13 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_imap.html">mod_imap</A> Apache 1.1 and up -<DD>The imagemap file handler. +<DD>The imagemap file handler <DT><A HREF="mod_proxy.html">mod_proxy</A> Apache 1.1 and up <DD>Caching proxy abilities <DT><A HREF="mod_so.html">mod_so</A> Apache 1.3 and up -<DD>Experimental support for loading modules (DLLs on Windows) at runtime +<DD>Support for loading modules (DLLs on Windows) at runtime <DT><A HREF="mod_mmap_static.html">mod_mmap_static</A> Apache 1.3 and up -<DD>Mapping files into memory for faster serving. +<DD><DD>Experimental file caching, mapping files into memory to improve performace <DT><A HREF="mod_ssl/index.html">mod_ssl</A> Apache 1.3 with mod_ssl applied <DD>Apache SSL interface to OpenSSL </DL> @@ -188,8 +188,6 @@ For modules that are not part of the Apache distribution, please see mod_usertrack <DT><A HREF="mod_dld.html">mod_dld</A> Apache 1.2.* and earlier <DD>Start-time linking with the GNU libdld. Replaced in Apache 1.3 by mod_so -<DT><A HREF="mod_dll.html">mod_dll</A> Apache 1.3b1 to 1.3b5 only -<DD>Replaced in 1.3b6 by mod_so <DT><A HREF="mod_log_common.html">mod_log_common</A> up to Apache 1.1.1 <DD>Standard logging in the Common Logfile Format. Replaced by the mod_log_config module in Apache 1.2 and up diff --git a/usr.sbin/httpd/htdocs/manual/mod/index.html b/usr.sbin/httpd/htdocs/manual/mod/index.html index 38ee8100311..d43dd5e4251 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/index.html +++ b/usr.sbin/httpd/htdocs/manual/mod/index.html @@ -33,35 +33,35 @@ distribution, please see <DL> <DT><A HREF="core.html">Core</A> -<DD>Core Apache features. +<DD>Core Apache features <DT><A HREF="mod_access.html">mod_access</A> -<DD>Access control based on client hostname or IP address. +<DD>Access control based on client hostname or IP address <DT><A HREF="mod_actions.html">mod_actions</A> Apache 1.1 and up -<DD>Executing CGI scripts based on media type or request method. +<DD>Executing CGI scripts based on media type or request method <DT><A HREF="mod_alias.html">mod_alias</A> <DD>Mapping different parts of the host filesystem in the document tree, - and URL redirection. + and URL redirection <DT><A HREF="mod_asis.html">mod_asis</A> -<DD>Sending files which contain their own HTTP headers. +<DD>Sending files which contain their own HTTP headers <DT><A HREF="mod_auth.html">mod_auth</A> -<DD>User authentication using text files. +<DD>User authentication using text files <DT><A HREF="mod_auth_anon.html">mod_auth_anon</A> Apache 1.1 and up -<DD>Anonymous user access to authenticated areas. +<DD>Anonymous user access to authenticated areas <DT><A HREF="mod_auth_db.html">mod_auth_db</A> Apache 1.1 and up -<DD>User authentication using Berkeley DB files. +<DD>User authentication using Berkeley DB files <DT><A HREF="mod_auth_dbm.html">mod_auth_dbm</A> -<DD>User authentication using DBM files. +<DD>User authentication using DBM files <DT><A HREF="mod_auth_digest.html">mod_auth_digest</A> Apache 1.3.8 and up -<DD>MD5 authentication (experimental) +<DD>Experimental MD5 authentication <DT><A HREF="mod_autoindex.html">mod_autoindex</A> -<DD>Automatic directory listings. +<DD>Automatic directory listings <DT><A HREF="mod_browser.html">mod_browser</A> Apache 1.2.* only <DD>Set environment variables based on User-Agent strings. Replaced by mod_setenvif in Apache 1.3 and up <DT><A HREF="mod_cern_meta.html">mod_cern_meta</A> Apache 1.1 and up -<DD>Support for HTTP header metafiles. +<DD>Support for HTTP header metafiles <DT><A HREF="mod_cgi.html">mod_cgi</A> -<DD>Invoking CGI scripts. +<DD>Invoking CGI scripts <DT><A HREF="mod_cookies.html">mod_cookies</A> up to Apache 1.1.1 <DD>Support for Netscape-like cookies. Replaced in Apache 1.2 by mod_usertrack @@ -70,11 +70,9 @@ mod_usertrack <DT><A HREF="mod_digest.html">mod_digest</A> Apache 1.1 and up <DD>MD5 authentication <DT><A HREF="mod_dir.html">mod_dir</A> -<DD>Basic directory handling. +<DD>Basic directory handling <DT><A HREF="mod_dld.html">mod_dld</A> Apache 1.2.* and earlier <DD>Start-time linking with the GNU libdld. Replaced in Apache 1.3 by mod_so -<DT><A HREF="mod_dll.html">mod_dll</A> Apache 1.3b1 to 1.3b5 only -<DD>Replaced in 1.3b6 by mod_so <DT><A HREF="mod_env.html">mod_env</A> Apache 1.1 and up <DD>Passing of environments to CGI scripts <DT><A HREF="mod_example.html">mod_example</A> Apache 1.2 and up @@ -84,30 +82,30 @@ mod_usertrack <DT><A HREF="mod_headers.html">mod_headers</A> Apache 1.2 and up <DD>Add arbitrary HTTP headers to resources <DT><A HREF="mod_imap.html">mod_imap</A> Apache 1.1 and up -<DD>The imagemap file handler. +<DD>The imagemap file handler <DT><A HREF="mod_include.html">mod_include</A> -<DD>Server-parsed documents. +<DD>Server-parsed documents <DT><A HREF="mod_info.html">mod_info</A> Apache 1.1 and up <DD>Server configuration information <DT><A HREF="mod_isapi.html">mod_isapi</A> WIN32 only <DD>Windows ISAPI Extension support <DT><A HREF="mod_log_agent.html">mod_log_agent</A> -<DD>Logging of User Agents. +<DD>Logging of User Agents <DT><A HREF="mod_log_common.html">mod_log_common</A> up to Apache 1.1.1 <DD>Standard logging in the Common Logfile Format. Replaced by the mod_log_config module in Apache 1.2 and up <DT><A HREF="mod_log_config.html">mod_log_config</A> -<DD>User-configurable logging replacement for mod_log_common. +<DD>User-configurable logging replacement for mod_log_common <DT><A HREF="mod_log_referer.html">mod_log_referer</A> -<DD>Logging of document references. +<DD>Logging of document references <DT><A HREF="mod_mime.html">mod_mime</A> -<DD>Determining document types using file extensions. +<DD>Determining document types using file extensions <DT><A HREF="mod_mime_magic.html">mod_mime_magic</A> -<DD>Determining document types using "magic numbers". +<DD>Determining document types using "magic numbers" <DT><A HREF="mod_mmap_static.html">mod_mmap_static</A> Apache 1.3 and up -<DD>Mapping files into memory for faster serving. +<DD>Experimental file caching, mapping files into memory to improve performance <DT><A HREF="mod_negotiation.html">mod_negotiation</A> -<DD>Content negotiation. +<DD>Content negotiation <DT><A HREF="mod_proxy.html">mod_proxy</A> Apache 1.1 and up <DD>Caching proxy abilities <DT><A HREF="mod_rewrite.html">mod_rewrite</A> Apache 1.2 and up @@ -115,7 +113,7 @@ mod_log_config module in Apache 1.2 and up <DT><A HREF="mod_setenvif.html">mod_setenvif</A> Apache 1.3 and up <DD>Set environment variables based on client information <DT><A HREF="mod_so.html">mod_so</A> Apache 1.3 and up -<DD>Experimental support for loading modules (DLLs on Windows) at runtime +<DD>Support for loading modules (.so's on Unix, .dll's on Win32) at runtime <DT><A HREF="mod_speling.html">mod_speling</A> Apache 1.3 and up <DD>Automatically correct minor typos in URLs <DT><A HREF="mod_ssl/index.html">mod_ssl</A> Apache 1.3 with mod_ssl applied @@ -123,7 +121,7 @@ mod_log_config module in Apache 1.2 and up <DT><A HREF="mod_status.html">mod_status</A> Apache 1.1 and up <DD>Server status display <DT><A HREF="mod_userdir.html">mod_userdir</A> -<DD>User home directories. +<DD>User home directories <DT><A HREF="mod_unique_id.html">mod_unique_id</A> Apache 1.3 and up <DD>Generate unique request identifier for every request <DT><A HREF="mod_usertrack.html">mod_usertrack</A> Apache 1.2 and up diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html index babc2923db2..c5bf586b058 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html @@ -22,8 +22,8 @@ <H1 ALIGN="CENTER">Module mod_access</H1> <P> -This module provides access control based on client hostname or IP -address. +This module provides access control based on client hostname, IP +address, or other characteristics of the client request. </P> <P><A @@ -42,14 +42,42 @@ REL="Help" ><STRONG>Module Identifier:</STRONG></A> access_module </P> +<h2>Summary</h2> + +<p>The directives provided by mod_access are used in <CODE><A +HREF="core.html#directory"><Directory></A>, <A +HREF="core.html#files"><Files></A>,</code> and <code> <A +HREF="core.html#location"><Location></A></code> sections as +well as <code><a +href="core.html#accessfilename">.htaccess</a></code> files +to control access to particular parts of the server. Access +can be controlled based on the client hostname, IP address, +or other characteristics of the client request, as captured +in <a href="../env.html">environment variables</a>. The +<code>Allow</code> and <code>Deny</code> directives are used +to specify which clients are or are not allowed access to the +server, while the <code>Order</code> directive sets the +default access state, and configures how the <code>Allow</code> +and <code>Deny</code> directives interact with each other.</p> + +<p>Both host-based access restrictions and password-based +authentication may be implemented simultaneously. In +that case, the <a href="core.html#satsify">Satisfy</a> directive +is used to determine how the two sets of restrictions +interact.</p> + +<p>In general, access restriction directives apply to all access +methods (<code>GET</code>, <code>PUT</code>, <code>POST</code>, etc). +This is the desired behavior in most cases. However, it is possible +to restrict some methods, while leaving other methods unrestricted, by +enclosing the directives in a <a +href="core.html#limit"><Limit></a> section.</p> <H2>Directives</H2> <UL> <LI><A HREF="#allow">Allow</A> -<LI><A HREF="#allowfromenv">Allow from env=</A> <LI><A HREF="#deny">Deny</A> -<LI><A HREF="#denyfromenv">Deny from env=</A> <LI><A HREF="#order">Order</A> </UL> @@ -59,13 +87,15 @@ REL="Help" <HR> -<H2><A NAME="allow">Allow directive</A></H2> +<H2><A NAME="allow">Allow</a> <a name="allowfromenv">directive</A></H2> <P> <!--%plaintext <?INDEX {\tt Allow} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Allow from <EM>host host ...</EM><BR> +><STRONG>Syntax:</STRONG></A> Allow from + all|<EM>host</em>|env=<em>variablename</em> + [<em>host</em>|env=<em>variablename</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -83,75 +113,67 @@ REL="Help" REL="Help" ><STRONG>Module:</STRONG></A> mod_access </P> + <P> -The Allow directive affects which hosts can access a given directory. -<EM>Host</EM> is one of the following: -</P> +The <code>Allow</code> directive affects which hosts can access an +area of the server. Access can be controlled by hostname, IP Address, +IP Address range, or by other characteristics of the client +request captured in environment variables.</p> + +<p>The first argument to this directive is always <code>from</code>. +The subsequent arguments can take three different forms. If +<code>Allow from all</code> is specified, then all hosts are allowed +access, subject to the configuration of the <code>Deny</code> and +<code>Order</code> directives as discussed below. To allow only +particular hosts or groups of hosts to access the server, the +<em>host</em> can be specified in any of the following formats:</p> <DL> -<DT><CODE>all</CODE> -<DD>All hosts are allowed access -<DT>A (partial) domain-name -<DD>Hosts whose names match, or end in, this string are allowed access. -<DT>A full IP address -<DD>An IP address of a host allowed access -<DT>A partial IP address -<DD>The first 1 to 3 bytes of an IP address, for subnet restriction. -<DT>A network/netmask pair (<STRONG>Apache 1.3 and later</STRONG>) -<DD>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet - restriction. (<EM>i.e.</EM>, 10.1.0.0/255.255.0.0) -<DT>A network/nnn CIDR specification (<STRONG>Apache 1.3 and later</STRONG>) -<DD>Similar to the previous case, except the netmask consists of nnn - high-order 1 bits. (<EM>i.e.</EM>, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0) + +<DT>A (partial) domain-name</dt> <dd>Example: <code>Allow from +apache.org</code><br> Hosts whose names match, or end in, this string +are allowed access. Only complete components are matched, so the +above example will match <code>foo.apache.org</code> but it will not +match <code>fooapache.org</code>. This configuration will cause the +server to perform a reverse DNS lookup on the client IP address, +regardless of the setting of the <a +href="core.html#hostnamelookups">HostNameLookups</a> directive.</dd> + +<DT>A full IP address</dt> +<DD>Example: <code>Allow from 10.1.2.3</code><br> +An IP address of a host allowed access</dd> + +<DT>A partial IP address</dt> +<dd>Example: <code>Allow from 10.1</code><br> +The first 1 to 3 bytes of an IP address, for subnet restriction.</dd> + +<DT>A network/netmask pair</dt> +<dd>Example: <code>Allow from 10.1.0.0/255.255.0.0</code><br> + A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet + restriction. (Apache 1.3 and later)</dd> + +<DT>A network/nnn CIDR specification</dt> <dd>Example: <code>Allow +from 10.1.0.0/16</code><br> Similar to the previous case, except the +netmask consists of nnn high-order 1 bits. (Apache 1.3 and +later)</dd> </DL> -<P> -Example: -</P> -<BLOCKQUOTE><CODE>Allow from .ncsa.uiuc.edu</CODE></BLOCKQUOTE> -<P> -All hosts in the specified domain are allowed access. -</P> -<P> -Note that this compares whole components; <CODE>bar.edu</CODE> -would not match <CODE>foobar.edu</CODE>. -</P> -<P> -See also <A HREF="#allowfromenv">Allow from env=</A>, <A -HREF="#deny">Deny</A> and <A HREF="#order">Order</A>. -</P> -<HR> +<p>Note that the last three examples above match exactly the +same set of hosts.</p> -<H2><A NAME="allowfromenv">Allow from env= directive</A></H2> +<p>The third format of the arguments to the <code>Allow</code> +directive allows access to the server to be controlled based on the +existence of an <a href="../env.html">environment variable</a>. When +<code>Allow from env=</code><em>variablename</em> is specified, then +the request is allowed access if the environment variable +<em>variablename</em> exists. The server provides the ability to set +environment variables in a flexible way based on characteristics of +the client request using the directives provided by <a +href="mod_setenvif.html">mod_setenvif</a>. Therefore, this directive +can be used to allow access based on such factors as the clients +<code>User-Agent</code> (browser type), <code>Referer</code>, or other +HTTP request header fields.</P> <P> -<STRONG>Syntax:</STRONG> Allow from - env=<EM>variablename</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> Limit<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Base<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_access<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Apache 1.2 and above -</P> -<P> -The <CODE>Allow from env</CODE> directive controls access to a directory by the -existence (or non-existence) of an environment variable. -</P> -<P> Example: </P> <BLOCKQUOTE><PRE> @@ -162,21 +184,25 @@ SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in Allow from env=let_me_in </Directory> </PRE></BLOCKQUOTE> -In this case browsers with the user-agent string <TT>KnockKnock/2.0</TT> will -be allowed access, and all others will be denied. + +<p>In this case, browsers with a user-agent string beginning with +<TT>KnockKnock/2.0</TT> will be allowed access, and all others will be +denied.</p> <P> -See also <A HREF="#denyfromenv">Deny from env=</A>, <A HREF="#order">Order</A> +See also <a href="#deny">Deny</a>, <A HREF="#order">Order</A> and <A HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>. </P> <HR> -<H2><A NAME="deny">Deny directive</A></H2> +<H2><A NAME="deny">Deny</a> <a name="denyfromenv">directive</A></H2> <P> <!--%plaintext <?INDEX {\tt Deny} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Deny from <EM>host host ...</EM><BR> +><STRONG>Syntax:</STRONG></A> Deny from + all|<EM>host</em>|env=<em>variablename</em> + [<em>host</em>|env=<em>variablename</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -194,93 +220,14 @@ and <A HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>. REL="Help" ><STRONG>Module:</STRONG></A> mod_access </P> -<P> -The <CODE>Deny</CODE> directive affects which hosts can access a given directory. -<EM>Host</EM> is one of the following: -</P> -<DL> -<DT><CODE>all</CODE> -<DD>all hosts are denied access -<DT>A (partial) domain-name -<DD>host whose name is, or ends in, this string are denied access. -<DT>A full IP address -<DD>An IP address of a host denied access -<DT>A partial IP address -<DD>The first 1 to 3 bytes of an IP address, for subnet restriction. -<DT>A network/netmask pair (<STRONG>Apache 1.3 and later</STRONG>) -<DD>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet - restriction. (<EM>i.e.</EM>, 10.1.0.0/255.255.0.0) -<DT>A network/nnn CIDR specification (<STRONG>Apache 1.3 and later</STRONG>) -<DD>Similar to the previous case, except the netmask consists of nnn - high-order 1 bits. (<EM>i.e.</EM>, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0) -</DL> -<P> -Example: -</P> -<BLOCKQUOTE><CODE>Deny from 16</CODE></BLOCKQUOTE> -<P> -All hosts in the specified network are denied access. -</P> -<P> -Note that this compares whole components; <CODE>bar.edu</CODE> -would not match <CODE>foobar.edu</CODE>. -</P> -<P> -See also <A HREF="#denyfromenv">Deny from env=</A>, <A -HREF="#allow">Allow</A> and <A HREF="#order">Order</A>. -</P> - -<HR> -<H2><A NAME="denfromenv">Deny from env= directive</A></H2> +<p>This directive allows access to the server to be restricted based +on hostname, IP address, or environment variables. The arguments for +the <code>Deny</code> directive are identical to the arguments for the +<a href="#allow">Allow</a> directive.</p> -<P> -<STRONG>Syntax:</STRONG> Deny from - env=<EM>variablename</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> Limit<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Base<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_access<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Apache 1.2 and above -</P> -<P> -The <CODE>Deny from env</CODE> directive controls access to a directory by the -existence (or non-existence) of an environment variable. -</P> -<P> -Example: -</P> -<BLOCKQUOTE><PRE> -SetEnvIf User-Agent ^BadRobot/0.9 go_away -<Directory /docroot> - Order Allow,Deny - Allow from all - Deny from env=go_away -</Directory> -</PRE></BLOCKQUOTE> -In this case browsers with the user-agent string <TT>BadRobot/0.9</TT> will -be denied access, and all others will be allowed. - -<P> -See also <A HREF="#allowfromenv">Allow from env=</A>, <A -HREF="#order">Order</A> and <A -HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>. -</P> +<p>See also <a href="#allow">Allow</a>, <A HREF="#order">Order</A> +and <A HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>.</p> <HR> <H2><A NAME="order">Order directive</A></H2> @@ -312,43 +259,94 @@ HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>. ><STRONG>Module:</STRONG></A> mod_access </P> <P> -The <CODE>Order</CODE> directive controls the order in which -<A HREF="#allow">Allow</A> and <A HREF="#deny">Deny</A> directives are -evaluated. <EM>Ordering</EM> is one -of +The <CODE>Order</CODE> directive controls the default access state and +the order in which <A HREF="#allow">Allow</A> and <A +HREF="#deny">Deny</A> directives are evaluated. <EM>Ordering</EM> is +one of </P> <DL> -<DT>Deny,Allow -<DD>the <CODE>Deny</CODE> directives are evaluated before the <CODE>Allow</CODE> -directives. (The initial state is OK.) -<DT>Allow,Deny -<DD>the <CODE>Allow</CODE> directives are evaluated before the <CODE>Deny</CODE> -directives. (The initial state is FORBIDDEN.) -<DT>Mutual-failure -<DD>Only those hosts which appear on the <CODE>Allow</CODE> list and do not -appear on the <CODE>Deny</CODE> list are granted access. (The initial state is -irrelevant.) This ordering has the same effect as <code>Order Allow,Deny</code> -and is deprecated in favor of that configuration. +<DT>Deny,Allow</dt> <DD>The <CODE>Deny</CODE> directives are evaluated +before the <CODE>Allow</CODE> directives. Access is allowed +by default. Any client which does not match a <code>Deny</code> +directive or does match an <code>Allow</code> directive will be +allowed access to the server.</dd> + +<DT>Allow,Deny</dt> <DD>The <CODE>Allow</CODE> directives are +evaluated before the <CODE>Deny</CODE> directives. Access is +denied by default. Any client which does not match +an <code>Allow</code> directive or does match a <code>Deny</code> +directive will be denied access to the server.</dd> + +<DT>Mutual-failure</dt> <DD>Only those hosts which appear on the +<CODE>Allow</CODE> list and do not appear on the <CODE>Deny</CODE> +list are granted access. This ordering has the same effect as +<code>Order Allow,Deny</code> and is deprecated in favor of that +configuration.</dd> </DL> -<P> -Keywords may only be separated by a comma; no whitespace is allowed between -them. -<STRONG>Note that in all cases every <CODE>Allow</CODE> and <CODE>Deny</CODE> -statement is evaluated, there is no "short-circuiting".</STRONG> -</P> -<P> -Example: + +<P>Keywords may only be separated by a comma; no whitespace is allowed +between them. Note that in all cases every <CODE>Allow</CODE> +and <CODE>Deny</CODE> statement is evaluated.</P> + +<P>In the following example, all hosts in the apache.org domain are +allowed access; all other hosts are denied access. </P> + <BLOCKQUOTE><CODE> Order Deny,Allow<BR> Deny from all<BR> - Allow from .ncsa.uiuc.edu<BR> + Allow from apache.org<BR> </CODE></BLOCKQUOTE> -<P> -Hosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are -denied access. + +<P>In the next example, all hosts in the apache.org domain are allowed +access, except for the hosts which are in the foo.apache.org +subdomain, who are denied access. All hosts not in the apache.org +domain are denied access because the default state is to deny access +to the server. </P> +<blockquote><code> + Order Allow,Deny<br> + Allow from apache.org<br> + Deny from foo.apache.org<br> +</code></blockquote> + +<p>On the other hand, if the <code>Order</code> in the last example is +changed to <code>Deny,Allow</code>, all hosts will be allowed access. +This happens because, regardless of the actual ordering of the +directives in the configuration file, the <code>Allow from +apache.org</code> will be evaluated last and will override the +<code>Deny from foo.apache.org</code>. All hosts not in the +<code>apache.org</code> domain will also be allowed access because the +default state will change to <em>allow</em>.</p> + +<p>The presence of an <code>Order</code> directive can +affect access to a part of the server even in the absence +of accompanying <code>Allow</code> and <code>Deny</code> +directives because of its effect on the default access state. +For example,</p> + +<blockquote><code> +<Directory /www><br> + Order Allow,Deny<br> +</Directory> +</code></blockquote> + +<p>will deny all access to the <code>/www</code> directory because +the default access state will be set to <em>deny</em>.</p> + +<p>The <code>Order</code> directive controls the order of access +directive processing only within each phase of the server's +configuration processing. This implies, for example, that an +<code>Allow</code> or <code>Deny</code> directive occurring +in a <Location> section will always be evaluated after +an <code>Allow</code> or <code>Deny</code> directive occurring +in a <Directory> section or <code>.htaccess</code> file, +regardless of the setting of the <code>Order</code> directive. +For details on the merging of configuration sections, +see the documentation on <a href="../sections.html">How Directory, +Location and Files sections work</a>.</p> + <P>See also: <A HREF="#deny">Deny</A> and <A HREF="#allow">Allow</A>. <HR> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html b/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html index 5ab919643d0..70d2fa87a43 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html @@ -163,7 +163,6 @@ to activate the <CODE>/icons</CODE> directory, one might use: <PRE> AliasMatch ^/icons(.*) /usr/local/apache/icons$1 </PRE> -</P> <HR> @@ -173,7 +172,7 @@ to activate the <CODE>/icons</CODE> directory, one might use: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Redirect [ <EM>status</EM> ] +><STRONG>Syntax:</STRONG></A> Redirect [<EM>status</EM>] <EM>url-path url</EM><BR> <A HREF="directive-dict.html#Context" @@ -293,7 +292,6 @@ one might use: <PRE> RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg </PRE> -</P> <HR> @@ -440,7 +438,6 @@ to activate the standard <CODE>/cgi-bin</CODE>, one might use: <PRE> ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1 </PRE> -</P> <HR> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html index d69871ab454..b9d33dccca1 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html @@ -139,10 +139,10 @@ slash), it is treated as relative to the ServerRoot. by a colon, followed by the crypt() encrypted password. The behavior of multiple occurrences of the same user is undefined. <P> -The utility <code>htpasswd</code> which is installed as part of the -binary distribution, or which can be found in <code>src/support</code>, -is used to maintain this password file. See the <code>man</code> -page for more details. In short +The utility <a href="../programs/htpasswd.html">htpasswd</a> which is +installed as part of the binary distribution, or which can be found in +<code>src/support</code>, is used to maintain this password file. See +the <code>man</code> page for more details. In short <p> <blockquote> <code>htpasswd -c Filename username</code><br> @@ -170,8 +170,11 @@ See also <A HREF="core.html#authname">AuthName</A>, <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthAuthoritative < - <STRONG> on</STRONG>(default) | off > <BR> +><STRONG>Syntax:</STRONG></A> AuthAuthoritative on|off<BR> +<A + HREF="directive-dict.html#Default" + REL="Help" +><STRONG>Default:</STRONG></A> <CODE>AuthAuthoritative on</CODE><BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html index 8b3c5387764..3bf2feebedf 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html @@ -93,27 +93,27 @@ the error log file </UL> <P> Excerpt of access.conf: -<BLOCKQUOTE><CODE> -Anonymous_NoUserId off<BR> -Anonymous_MustGiveEmail on<BR> -Anonymous_VerifyEmail on<BR> -Anonymous_LogEmail on<BR> -Anonymous anonymous guest www test welcome<P> -<P> -AuthName "Use 'anonymous' & Email address for guest entry"<BR> +<BLOCKQUOTE><pre> +Anonymous_NoUserId off +Anonymous_MustGiveEmail on +Anonymous_VerifyEmail on +Anonymous_LogEmail on +Anonymous anonymous guest www test welcome + +AuthName "Use 'anonymous' & Email address for guest entry" AuthType basic -<P> -# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<BR> -# directive must be specified, or use<BR> -# Anonymous_Authoritative for public access.<BR> -# In the .htaccess for the public directory, add:<BR> -<Files *><BR> -Order Deny,Allow <BR> -Allow from all <BR> -<P> -Require valid-user <BR> -</Files><BR> -</CODE></BLOCKQUOTE> + +# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile +# directive must be specified, or use +# Anonymous_Authoritative for public access. +# In the .htaccess for the public directory, add: +<Files *> +Order Deny,Allow +Allow from all + +Require valid-user +</Files> +</pre></BLOCKQUOTE> <HR> @@ -122,7 +122,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous <EM>user user ...</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous <EM>user</em> [<em>user</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -167,7 +167,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_Authoritative <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_Authoritative on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -204,7 +204,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_LogEmail <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_LogEmail on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -235,8 +235,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_MustGiveEmail <EM>on</EM> - | <EM>off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_MustGiveEmail on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -266,7 +265,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_NoUserID <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_NoUserID on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -300,7 +299,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_VerifyEmail <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_VerifyEmail on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html index 3a5c74ac53f..41290a20ff2 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html @@ -184,6 +184,11 @@ rely upon the string being NULL-appended, so if you are having trouble using DB files interchangeably between applications this may be a part of the problem. <P> +<p>A perl script called +href="../programs/dbmmanage.html">dbmmanage</a> is included with +Apache. This program can be used to create and update DB format +password files for use with this module.</p> + See also <A HREF="core.html#authname">AuthName</A>, <A HREF="core.html#authtype">AuthType</A> and <A HREF="#authdbgroupfile">AuthDBGroupFile</A>.<P> @@ -193,8 +198,7 @@ See also <A HREF="core.html#authname">AuthName</A>, <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDBAuthoritative < - <STRONG> on</STRONG>| off > <BR> +><STRONG>Syntax:</STRONG></A> AuthDBAuthoritative on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html index 6f144f566c3..b726596bb26 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html @@ -170,6 +170,11 @@ rely upon the string being NULL-appended, so if you are having trouble using DBM files interchangeably between applications this may be a part of the problem. <P> +<p>A perl script called +href="../programs/dbmmanage.html">dbmmanage</a> is included with +Apache. This program can be used to create and update DBM format +password files for use with this module.</p> + See also <A HREF="core.html#authname">AuthName</A>, <A HREF="core.html#authtype">AuthType</A> and <A HREF="#authdbmgroupfile">AuthDBMGroupFile</A>.<P> @@ -180,7 +185,7 @@ See also <A HREF="core.html#authname">AuthName</A>, <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDBMAuthoritative < <STRONG> on</STRONG> | off > <BR> +><STRONG>Syntax:</STRONG></A> AuthDBMAuthoritative on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html index af233e6f7cb..4377c04d2ea 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html @@ -131,8 +131,8 @@ the list of users and encoded passwords for digest authentication. <EM>Filename</EM> is the absolute path to the user file. <P>The digest file uses a special format. Files in this format can be -created using the "htdigest" utility found in the support/ subdirectory of -the Apache distribution. +created using the <a href="../programs/htdigest.html">htdigest</a> +utility found in the support/ subdirectory of the Apache distribution. <HR> @@ -182,7 +182,8 @@ AuthGroupFile. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestQop <EM>none | 1*{ auth | auth-int }</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestQop none|auth|auth-int +[auth|auth-int]<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -227,7 +228,7 @@ directive</H2> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestNonceLifetime <EM><time></EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestNonceLifetime <EM>seconds</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -256,13 +257,13 @@ directive</H2> <P>The AuthDigestNonceLifetime directive controls how long the server nonce is valid. When the client contacts the server using an expired nonce the server will send back a 401 with <code>stale=true</code>. If -<EM><time></EM> is greater than 0 then it specifies the number of -seconds the nonce is valid; this should probably never be set to less -than 10 seconds. If <EM><time></EM> is less than 0 then the nonce -never expires. +<EM>seconds</EM> is greater than 0 then it specifies the amount of +time for which the nonce is valid; this should probably never be set +to less than 10 seconds. If <EM>seconds</EM> is less than 0 then +the nonce never expires. <!-- Not implemented yet -If <EM><time></EM> is 0 then the nonce may be used exactly once +If <EM>seconds</EM> is 0 then the nonce may be used exactly once by the client. Note that while one-time-nonces provide higher security against replay attacks, they also have significant performance implications, as the browser cannot pipeline or multiple connections @@ -318,7 +319,7 @@ generated. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestNcCheck <EM>On/Off</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestNcCheck On|Off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -363,7 +364,7 @@ impact performance. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestAlgorithm <EM>MD5 | MD5-sess</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestAlgorithm MD5|MD5-sess<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -403,7 +404,8 @@ the challenge and response hashes. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestDomain <EM>URI URI ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestDomain <EM>URI</em> +[<em>URI</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html index 1a96ccd0872..0e849931d2a 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html @@ -117,7 +117,8 @@ HREF="mod_dir.html#directoryindex">DirectoryIndex</A>.</p> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddAlt <EM>string file file...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddAlt <EM>string file</em> +[<em>file</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -149,8 +150,8 @@ image-incapable or has image loading disabled. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddAltByEncoding <EM>string MIME-encoding - MIME-encoding...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddAltByEncoding <EM>string MIME-encoding</em> + [<em>MIME-encoding</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -182,8 +183,8 @@ image-incapable or has image loading disabled. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddAltByType <EM>string MIME-type MIME-type - ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddAltByType <EM>string MIME-type</em> + [<em>MIME-type</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -216,7 +217,8 @@ image-incapable or has image loading disabled. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddDescription <EM>string file file...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddDescription <EM>string file</em> + [<em>file</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -259,7 +261,7 @@ may contain HTML markup, such as tags and character entities. If the width of the description column should happen to truncate a tagged element (such as cutting off the end of a bolded phrase), the results may affect the rest of the directory listing. -</P> + <HR> <H2><A NAME="addicon">AddIcon</A> directive</H2> @@ -267,7 +269,8 @@ may affect the rest of the directory listing. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddIcon <EM>icon name name ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddIcon <EM>icon name</em> + [<em>name</em>] ...</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -308,8 +311,8 @@ AddIcon, when possible.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddIconByEncoding <EM>icon MIME-encoding - MIME-encoding ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddIconByEncoding <EM>icon MIME-encoding</em> + [<em>MIME-encoding</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -345,8 +348,8 @@ AddIconByEncoding /icons/compressed.gif x-compress <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddIconByType <EM>icon MIME-type MIME-type - ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddIconByType <EM>icon MIME-type</em> + [<em>MIME-type</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -412,7 +415,7 @@ DefaultIcon /icon/unknown.xbm <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> FancyIndexing <EM>boolean</EM><BR> +><STRONG>Syntax:</STRONG></A> FancyIndexing on|off<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -432,8 +435,7 @@ DefaultIcon /icon/unknown.xbm ><STRONG>Module:</STRONG></A> mod_autoindex <P> The FancyIndexing directive sets the FancyIndexing option for a directory. -<EM>Boolean</EM> can be <CODE>on</CODE> or <CODE>off</CODE>. The -<A HREF="#indexoptions">IndexOptions</A> directive should be used in +The <A HREF="#indexoptions">IndexOptions</A> directive should be used in preference. </P> <BLOCKQUOTE> @@ -523,7 +525,7 @@ See also <A HREF="#readmename">ReadmeName</A>. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> IndexIgnore <EM>file file ...</EM><BR> +><STRONG>Syntax:</STRONG></A> IndexIgnore <EM>file</em> [<em>file</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -556,15 +558,14 @@ IndexIgnore README .htaccess *~ <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> IndexOptions <EM>option option ...</EM> - (Apache 1.3.2 and earlier) +><STRONG>Syntax:</STRONG></A> IndexOptions <EM>option</em> + [<em>option</em>] ... (Apache 1.3.2 and earlier) <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> IndexOptions <EM>[+|-]option [+|-]option - ...</EM> - (Apache 1.3.3 and later) +><STRONG>Syntax:</STRONG></A> IndexOptions [+|-]<em>option</em> + [[+|-]<em>option</em>] ... (Apache 1.3.3 and later) <BR> <A HREF="directive-dict.html#Context" @@ -591,7 +592,8 @@ IndexIgnore README .htaccess *~ <SAMP>IndexOptions</SAMP> directives is only available with Apache 1.3.3 and later; the <samp>FoldersFirst</samp> and <samp>DescriptionWidth</samp> options are only - available with Apache 1.3.10 and later + available with Apache 1.3.10 and later; the <samp>TrackModified</samp> +option is only available with Apache 1.3.15 and later <P> The IndexOptions directive specifies the behavior of the directory indexing. @@ -706,6 +708,18 @@ indexing listings. <DD> <!--%plaintext <?INDEX {\tt SuppressSize} index option> --> This will suppress the file size in fancy indexing listings. +<DT><A NAME="indexoptions:trackmodified">TrackModified +(<EM>Apache 1.3.15 and later</EM>)</A> +<DD> +<!--%plaintext <?INDEX {\tt TrackModified} index option> --> +This returns the Last-Modified and ETag values for the listed directory +in the HTTP header. It is only valid if the operating system and file +system return legitimate stat() results. Most Unix systems do so, as +do OS2's JFS and Win32's NTFS volumes. OS2 and Win32 FAT volumes, +for example, do not. Once this feature is enabled, the client or proxy +can track changes to the list of files when they perform a HEAD request. +Note some operating systems correctly track new and removed files, but +do not track changes for sizes or dates of the files within the directory. </DL> <P> There are some noticeable differences in the behaviour of this @@ -728,7 +742,7 @@ the options are not merged. For example: </pre></BLOCKQUOTE> then only <CODE>ScanHTMLTitles</CODE> will be set for the /web/docs/spec directory. -</P> + </DD> <DT>Apache 1.3.3 and later:</DT> <DD> @@ -781,7 +795,7 @@ keywords without either '+' or '-' prefixes. HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> IndexOrderDefault - <EM>Ascending|Descending</EM> <EM>Name|Date|Size|Description</EM> + Ascending|Descending Name|Date|Size|Description <BR> <A HREF="directive-dict.html#Context" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html index db65436f2a6..c351ec35e67 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html @@ -75,7 +75,7 @@ who can exploit this module. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> MetaFiles <EM>on/off</EM><BR> +><STRONG>Syntax:</STRONG></A> MetaFiles on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -106,7 +106,7 @@ Turns on/off Meta file processing on a per-directory basis. This option was intr <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> MetaDir <EM>directory name</EM><BR> +><STRONG>Syntax:</STRONG></A> MetaDir <EM>directory</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html index 02236694911..4b6d77b4c30 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html @@ -65,6 +65,10 @@ When the server invokes a CGI script, it will add a variable called value of the <A HREF="core.html#documentroot">DocumentRoot</A> configuration variable. +<p>For an introduction to using CGI scripts with Apache, see +our tutorial on <a href="../howto/cgi.html">Dynamic Content +with CGI</a>.</p> + <h2>Directives</h2> <ul> @@ -99,8 +103,6 @@ totally useless. </DL> <P> -<HR> - <H2><A NAME="cgi_debug">CGI Debugging</A></H2> Debugging CGI scripts has traditionally been difficult, mainly because @@ -112,8 +114,6 @@ which are failing to run properly. These directives, included in Apache 1.2 and later, provide more detailed logging of errors when they occur. -<HR> - <H2>CGI Logfile Format</H2> When configured, the CGI error log logs any CGI which does not execute @@ -204,7 +204,7 @@ it was designed.</P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ScriptLogLength <EM>size</EM><BR> +><STRONG>Syntax:</STRONG></A> ScriptLogLength <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -233,7 +233,7 @@ exceeds this size, no more information will be written to it. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ScriptLogBuffer <EM>size</EM><BR> +><STRONG>Syntax:</STRONG></A> ScriptLogBuffer <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html b/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html index 43beb8f145c..1f8859b3c21 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html @@ -15,209 +15,87 @@ <DIV ALIGN="CENTER"> <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> <H3> - Apache HTTP Server Version 1.2 + Apache HTTP Server Version 1.3 </H3> </DIV> <H1 ALIGN="CENTER">Module mod_dir</H1> -This module is contained in the <code>mod_dir.c</code> file, and -is compiled in by default. It provides for directory indexing. - -<h2>Summary</h2> -This module controls the directory indexing. The index of a directory -can come from one of two sources: -<ul> -<li>A file written by the user, typically called <code>index.html</code>. -The <A HREF="#directoryindex">DirectoryIndex</A> directive sets the name -of this file. -<li>Otherwise, a listing generated by the server. The other directives -control the format of this listing. The <A HREF="#addicon">AddIcon</A>, -<A HREF="#addiconbyencoding">AddIconByEncoding</A> and -<A HREF="#addiconbytype">AddIconByType</A> are used to set a list of -icons to display for various file types; for each file listed, the -first icon listed that matches the file is displayed. -</ul> - - -<h2>Directives</h2> - -<menu> -<li><A HREF="#addalt">AddAlt</A> -<li><A HREF="#addaltbyencoding">AddAltByEncoding</A> -<li><A HREF="#addaltbytype">AddAltByType</A> -<li><A HREF="#adddescription">AddDescription</A> -<li><A HREF="#addicon">AddIcon</A> -<li><A HREF="#addiconbyencoding">AddIconByEncoding</A> -<li><A HREF="#addiconbytype">AddIconByType</A> -<li><A HREF="#defaulticon">DefaultIcon</A> -<li><A HREF="#directoryindex">DirectoryIndex</A> -<li><A HREF="#fancyindexing">FancyIndexing</A> -<li><A HREF="#headername">HeaderName</A> -<li><A HREF="#indexignore">IndexIgnore</A> -<li><A HREF="#indexoptions">IndexOptions</A> -<li><A HREF="#readmename">ReadmeName</A> -</menu> -<hr> - -<A name="addalt"><h2>AddAlt</h2></A> -<!--%plaintext <?INDEX {\tt AddAlt} directive> --> -<strong>Syntax:</strong> AddAlt <em>string file file...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the alternate text to display for a file, instead of an icon, for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>File</em> is a file -extension, partial filename, wild-card expression or full filename for files -to describe. <em>String</em> is enclosed in double quotes -(<code>"</code>). This alternate text is displayed if the client is -image-incapable or has image loading disabled. - -<HR> -<A name="addaltbyencoding"><h2>AddAltByEncoding</h2></A> -<!--%plaintext <?INDEX {\tt AddAltByEncoding} directive> --> -<strong>Syntax:</strong> AddAltByEncoding <em>string MIME-encoding - MIME-encoding...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the alternate text to display for a file, instead of an icon, for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>MIME-encoding</em> is a -valid content-encoding, such as <SAMP>x-compress</SAMP>. -<em>String</em> is enclosed in double quotes -(<code>"</code>). This alternate text is displayed if the client is -image-incapable or has image loading disabled. - +<p>This module provides for "trailing slash" redirects and serving +directory index files.</p> + +<P><A +HREF="module-dict.html#Status" +REL="Help" +><STRONG>Status:</STRONG></A> Base +<BR> +<A +HREF="module-dict.html#SourceFile" +REL="Help" +><STRONG>Source File:</STRONG></A> mod_dir.c +<BR> +<A +HREF="module-dict.html#ModuleIdentifier" +REL="Help" +><STRONG>Module Identifier:</STRONG></A> dir_module +</P> + +<H2>Summary</H2> +The index of a directory can come from one of two sources: +<UL> +<LI>A file written by the user, typically called <CODE>index.html</CODE>. +The <A HREF="#directoryindex">DirectoryIndex</A> directive sets +the name of this file. +This is controlled by <CODE>mod_dir</CODE>. +<LI>Otherwise, a listing generated by the server. This is provided by +<A HREF="mod_autoindex.html"><CODE>mod_autoindex</CODE></A>. +</UL> +The two functions are separated so that you can completely remove +(or replace) automatic index generation should you want to. +<P>A "trailing slash" redirect is issued when the server receives a +request for a URL <SAMP>http://servername/foo/dirname</SAMP> where +<SAMP>dirname</SAMP> is a directory. Directories require a trailing +slash, so <CODE>mod_dir</CODE> issues a redirect to +<SAMP>http://servername/foo/dirname/</SAMP>. + +<H2>Directives</H2> + +<MENU> +<LI><A HREF="#directoryindex">DirectoryIndex</A> +</MENU> <HR> -<A name="addaltbytype"><h2>AddAltByType</h2></A> -<!--%plaintext <?INDEX {\tt AddAltByType} directive> --> -<strong>Syntax:</strong> AddAltByType <em>string MIME-type MIME-type...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the alternate text to display for a file, instead of an icon, for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>MIME-type</em> is a -valid content-type, such as <SAMP>text/html</SAMP>. -<em>String</em> is enclosed in double quotes -(<code>"</code>). This alternate text is displayed if the client is -image-incapable or has image loading disabled. - -<HR> - -<A name="adddescription"><h2>AddDescription</h2></A> -<!--%plaintext <?INDEX {\tt AddDescription} directive> --> -<strong>Syntax:</strong> AddDescription <em>string file file...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the description to display for a file, for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>File</em> is a file -extension, partial filename, wild-card expression or full filename for files -to describe. <em>String</em> is enclosed in double quotes -(<code>"</code>). Example: -<blockquote><code>AddDescription "The planet Mars" /web/pics/mars.gif -</code></blockquote><p><hr> - -<A name="addicon"><h2>AddIcon</h2></A> -<!--%plaintext <?INDEX {\tt AddIcon} directive> --> -<strong>Syntax:</strong> AddIcon <em>icon name name ...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the icon to display next to a file ending in <em>name</em> for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>Icon</em> is either a -(%-escaped) relative URL to the icon, or of the format -(<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the text tag given -for an icon for non-graphical browsers.<p> - -<em>Name</em> is either ^^DIRECTORY^^ for directories, ^^BLANKICON^^ for -blank lines (to format the list correctly), a file extension, a wildcard -expression, a partial filename or a complete filename. Examples: -<blockquote><code> -AddIcon (IMG,/icons/image.xbm) .gif .jpg .xbm <br> -AddIcon /icons/dir.xbm ^^DIRECTORY^^ <br> -AddIcon /icons/backup.xbm *~ -</code></blockquote> -<A HREF="#addiconbytype">AddIconByType</A> should be used in preference to -AddIcon, when possible.<p><hr> - -<A name="addiconbyencoding"><h2>AddIconByEncoding</h2></A> -<!--%plaintext <?INDEX {\tt AddIconByEncoding} directive> --> -<strong>Syntax:</strong> AddIconByEncoding <em>icon mime-encoding mime-encoding -...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the icon to display next to files with -<em>mime-encoding</em> for <A HREF="#fancyindexing">FancyIndexing</A>. -<em>Icon</em> is either a (%-escaped) relative URL to the icon, or of the -format (<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the text tag -given for an icon for non-graphical browsers.<p> -<em>Mime-encoding</em> is a wildcard expression matching required the -content-encoding. Examples: -<blockquote><code> -AddIconByEncoding /icons/compress.xbm x-compress -</code></blockquote><p><hr> - -<A name="addiconbytype"><h2>AddIconByType</h2></A> -<!--%plaintext <?INDEX {\tt AddIconByType} directive> --> -<strong>Syntax:</strong> AddIconByType <em>icon mime-type mime-type ...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the icon to display next to files of type <em>mime-type</em> for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>Icon</em> is either a -(%-escaped) relative URL to the icon, or of the format -(<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the text tag given -for an icon for non-graphical browsers.<p> -<em>Mime-type</em> is a wildcard expression matching required the mime types. -Examples: -<blockquote><code> -AddIconByType (IMG,/icons/image.xbm) image/* -</code></blockquote><p><hr> - -<A name="defaulticon"><h2>DefaultIcon</h2></A> -<!--%plaintext <?INDEX {\tt DefaultIcon} directive> --> -<strong>Syntax:</strong> DefaultIcon <em>url</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The DefaultIcon directive sets the icon to display for files when no -specific icon is known, for <A HREF="#fancyindexing">FancyIndexing</A>. -<em>Url</em> is a (%-escaped) relative URL to the icon. Examples: -<blockquote><code> -DefaultIcon /icon/unknown.xbm -</code></blockquote><p><hr> - -<A name="directoryindex"><h2>DirectoryIndex</h2></A> +<H2><A NAME="directoryindex">DirectoryIndex</A> directive</H2> <!--%plaintext <?INDEX {\tt DirectoryIndex} directive> --> -<strong>Syntax:</strong> DirectoryIndex <em>local-url local-url ...</em><br> -<strong>Default:</strong> <code>DirectoryIndex index.html</code><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> +<A + HREF="directive-dict.html#Syntax" + REL="Help" +><STRONG>Syntax:</STRONG></A> DirectoryIndex <EM>local-url</em> + [<em>local-url</em>] ...<BR> +<A + HREF="directive-dict.html#Default" + REL="Help" +><STRONG>Default:</STRONG></A> <CODE>DirectoryIndex index.html</CODE><BR> +<A + HREF="directive-dict.html#Context" + REL="Help" +><STRONG>Context:</STRONG></A> server config, virtual host, directory, .htaccess<BR> +<A + HREF="directive-dict.html#Override" + REL="Help" +><STRONG>Override:</STRONG></A> Indexes<BR> +<A + HREF="directive-dict.html#Status" + REL="Help" +><STRONG>Status:</STRONG></A> Base<BR> +<A + HREF="directive-dict.html#Module" + REL="Help" +><STRONG>Module:</STRONG></A> mod_dir<P> The DirectoryIndex directive sets the list of resources to look for, when the client requests an index of the directory by specifying a / -at the end of the a directory name. <em>Local-url</em> is the +at the end of the a directory name. <EM>Local-url</EM> is the (%-encoded) URL of a document on the server relative to the requested directory; it is usually the name of a file in the directory. Several URLs may be given, in which case the server will return the first one @@ -227,149 +105,24 @@ listing of the directory. <P> Example: -<blockquote><code> +<BLOCKQUOTE><CODE> DirectoryIndex index.html -</code></blockquote> -then a request for <code>http://myserver/docs/</code> would return -<code>http://myserver/docs/index.html</code> if it exists, or would list -the directory if it did not. <p> +</CODE></BLOCKQUOTE> +then a request for <CODE>http://myserver/docs/</CODE> would return +<CODE>http://myserver/docs/index.html</CODE> if it exists, or would list +the directory if it did not. <P> Note that the documents do not need to be relative to the directory; -<blockquote><code> -DirectoryIndex index.html index.txt /cgi-bin/index.pl</code></blockquote> -would cause the CGI script <code>/cgi-bin/index.pl</code> to be executed -if neither <code>index.html</code> or <code>index.txt</code> existed in -a directory.<p><hr> - -<A name="fancyindexing"><h2>FancyIndexing</h2></A> -<!--%plaintext <?INDEX {\tt FancyIndexing} directive> --> -<strong>Syntax:</strong> FancyIndexing <em>boolean</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The FancyIndexing directive sets the FancyIndexing option for a directory. -<em>Boolean</em> can be <code>on</code> or <code>off</code>. The -<A HREF="#indexoptions">IndexOptions</A> directive should be used in -preference.<p><hr> - -<A name="headername"><h2>HeaderName</h2></A> -<!--%plaintext <?INDEX {\tt HeaderName} directive> --> -<strong>Syntax:</strong> HeaderName <em>filename</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The HeaderName directive sets the name of the file that will be inserted -at the top of the index listing. <em>Filename</em> is the name of the file -to include, and is taken to be relative to the directory being indexed. -The server first attempts to include <em>filename</em><code>.html</code> -as an HTML document, otherwise it will include <em>filename</em> as plain -text. Example: -<blockquote><code>HeaderName HEADER</code></blockquote> -when indexing the directory <code>/web</code>, the server will first look for -the HTML file <code>/web/HEADER.html</code> and include it if found, otherwise -it will include the plain text file <code>/web/HEADER</code>, if it exists. - -<p>See also <A HREF="#readmename">ReadmeName</A>.<p><hr> - -<A name="indexignore"><h2>IndexIgnore</h2></A> -<!--%plaintext <?INDEX {\tt IndexIgnore} directive> --> -<strong>Syntax:</strong> IndexIgnore <em>file file ...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The IndexIgnore directive adds to the list of files to hide when listing -a directory. <em>File</em> is a file extension, partial filename, -wildcard expression or full filename for files to ignore. Multiple -IndexIgnore directives add to the list, rather than the replacing the list -of ignored files. By default, the list contains `<code>.</code>'. Example: -<blockquote><code> -IndexIgnore README .htaccess *~ -</code></blockquote><p><hr> - -<A name="indexoptions"><h2>IndexOptions</h2></A> -<!--%plaintext <?INDEX {\tt IndexOptions} directive> --> -<strong>Syntax:</strong> IndexOptions <em>option option ...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The IndexOptions directive specifies the behavior of the directory indexing. -<em>Option</em> can be one of -<dl> -<dt>FancyIndexing -<dd><!--%plaintext <?INDEX {\tt FancyIndexing} index option> --> -This turns on fancy indexing of directories. -<dt>IconsAreLinks -<dd> -<!--%plaintext <?INDEX {\tt IconsAreLinks} index option> --> -This makes the icons part of the anchor for the filename, for -fancy indexing. -<dt>ScanHTMLTitles -<dd><!--%plaintext <?INDEX {\tt ScanHTMLTitles} index option> --> -This enables the extraction of the title from HTML documents for fancy -indexing. If the file does not have a description given by -<A HREF="#adddescription">AddDescription</A> then httpd will read the -document for the value of the TITLE tag. This is CPU and disk intensive. -<dt>SuppressLastModified -<dd> -<!--%plaintext <?INDEX {\tt SuppressLastModified} index option> --> -This will suppress the display of the last modification date, in fancy -indexing listings. -<dt>SuppressSize -<dd> -<!--%plaintext <?INDEX {\tt SuppressSize} index option> --> -This will suppress the file size in fancy indexing listings. -<dt>SuppressDescription -<dd> -<!--%plaintext <?INDEX {\tt SuppressDescription} index option> --> -This will suppress the file description in fancy indexing listings. -</dl> -This default is that no options are enabled. If multiple IndexOptions -could apply to a directory, then the most specific one is taken complete; -the options are not merged. For example: -<blockquote><code> -<Directory /web/docs> <br> -IndexOptions FancyIndexing <br> -</Directory><br> -<Directory /web/docs/spec> <br> -IndexOptions ScanHTMLTitles <br> -</Directory> -</code></blockquote> -then only <code>ScanHTMLTitles</code> will be set for the /web/docs/spec -directory.<p><hr> - -<A name="readmename"><h2>ReadmeName</h2></A> -<!--%plaintext <?INDEX {\tt ReadmeName} directive> --> -<strong>Syntax:</strong> ReadmeName <em>filename</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The ReadmeName directive sets the name of the file that will be appended -to the end of the index listing. <em>Filename</em> is the name of the file -to include, and is taken to be relative to the directory being indexed. -The server first attempts to include <em>filename</em><code>.html</code> -as an HTML document, otherwise it will include <em>filename</em> as plain -text. Example: -<blockquote><code>ReadmeName README</code></blockquote> -when indexing the directory <code>/web</code>, the server will first look for -the HTML file <code>/web/README.html</code> and include it if found, otherwise -it will include the plain text file <code>/web/README</code>, if it exists. - -<p>See also <A HREF="#headername">HeaderName</A>.<p> - +<BLOCKQUOTE><CODE> +DirectoryIndex index.html index.txt /cgi-bin/index.pl</CODE></BLOCKQUOTE> +would cause the CGI script <CODE>/cgi-bin/index.pl</CODE> to be executed +if neither <CODE>index.html</CODE> or <CODE>index.txt</CODE> existed in +a directory.<P> <HR> + <H3 ALIGN="CENTER"> - Apache HTTP Server Version 1.2 + Apache HTTP Server Version 1.3 </H3> <A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html b/usr.sbin/httpd/htdocs/manual/mod/mod_env.html index d48d12e0c6a..c16443d48c4 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_env.html @@ -21,8 +21,8 @@ <H1 ALIGN="CENTER">Apache module mod_env</H1> -<p>This module provides for -passing environment variables to CGI/SSI scripts.</p> +<p>This module provides for modifying the environment which +is passed to CGI scripts and SSI pages.</p> <P><A HREF="module-dict.html#Status" @@ -46,12 +46,15 @@ REL="Help" </P> <H2>Summary</H2> -<!-- XXX: Should mention mod_setenvif and the effect of suexec --> -<p>This module allows Apache's CGI and SSI environment to inherit -environment variables from the shell which invoked the httpd process. -CERN web-servers are able to do this, so this module is especially -useful to web-admins who wish to migrate from CERN to Apache without -rewriting all their scripts</p> + +<p>This module allows for control of the environment that will be +provided to CGI scripts and SSI pages. Environment variables may be +passed from the shell which invoked the httpd process. Alternatively, +environment variables may be set or unset within the configuration +process.</p> + +<p>For additional information, we provide a document on +<a href="../env.html">Environment Variables in Apache</a>.</p> <H2>Directives</H2> <UL> @@ -66,7 +69,8 @@ rewriting all their scripts</p> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> PassEnv <EM>variable variable ...</EM><BR> +><STRONG>Syntax:</STRONG></A> PassEnv <EM>variable</em> + [<em>variable</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -86,7 +90,8 @@ rewriting all their scripts</p> Apache 1.1 and later.<P> Specifies one or more environment variables to pass to CGI scripts -from the server's own environment. Example: +and SSI pages from the environment of the shell which invoked +the httpd process. Example: <PRE> PassEnv LD_LIBRARY_PATH </PRE> @@ -117,7 +122,7 @@ from the server's own environment. Example: Apache 1.1 and later.<P> Sets an environment variable, which is then passed on to CGI -scripts. Example: +scripts and SSI pages. Example: <PRE> SetEnv SPECIAL_PATH /foo/bin </PRE> @@ -128,7 +133,8 @@ scripts. Example: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> UnsetEnv <EM>variable variable ...</EM><BR> +><STRONG>Syntax:</STRONG></A> UnsetEnv <EM>variable</em> + [<em>variable</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -148,14 +154,11 @@ scripts. Example: Apache 1.1 and later.<P> Removes one or more environment variables from those passed on to -CGI scripts. Example: +CGI scripts and SSI pages. Example: <PRE> UnsetEnv LD_LIBRARY_PATH </PRE> - - -<P> <HR> <H3 ALIGN="CENTER"> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_example.html b/usr.sbin/httpd/htdocs/manual/mod/mod_example.html index e2ca6b283f1..f4663b96510 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_example.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_example.html @@ -77,7 +77,6 @@ REL="Help" <LI><A HREF="#example">Example</A> </LI> </UL> - </P> <h2>Compiling the example module</h2> <P> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html b/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html index b15dd950204..20c6444eff6 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html @@ -38,6 +38,11 @@ REL="Help" HREF="module-dict.html#ModuleIdentifier" REL="Help" ><STRONG>Module Identifier:</STRONG></A> expires_module +<BR> +<A +HREF="module-dict.html#Compatibility" +REL="Help" +><STRONG>Compatibility:</STRONG></A> Available in Apache 1.2 and later. </P> @@ -164,7 +169,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> ExpiresActive <EM>boolean</EM> + ><STRONG>Syntax:</STRONG></A> ExpiresActive on|off <BR> <A HREF="directive-dict.html#Context" @@ -273,7 +278,6 @@ REL="Help" <P> <STRONG>Example:</STRONG> </P> - <P> <PRE> ExpiresActive On # enable expirations ExpiresByType image/gif A2592000 # expire GIF images after a month @@ -282,7 +286,6 @@ REL="Help" # week from the time they were # changed, period </PRE> - </P> <P> Note that this directive only has effect if <CODE>ExpiresActive On</CODE> has been specified. It overrides, for the specified MIME diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html b/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html index d328f6660ff..44e88d66d84 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html @@ -38,6 +38,11 @@ REL="Help" HREF="module-dict.html#ModuleIdentifier" REL="Help" ><STRONG>Module Identifier:</STRONG></A> headers_module +<BR> +<A +HREF="module-dict.html#Compatibility" +REL="Help" +><STRONG>Compatibility:</STRONG></A> Available in Apache 1.2 and later. </P> <h2>Summary</h2> @@ -56,7 +61,7 @@ headers. Headers can be merged, replaced or removed. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Header [ set | append | add ] +><STRONG>Syntax:</STRONG></A> Header set|append|add <EM>header</EM> <EM>value</EM><BR> <A HREF="directive-dict.html#Syntax" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html b/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html index 9dfe66914b3..86325982220 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html @@ -236,8 +236,8 @@ rect mailto:nate@tripod.com 100,150 200,0 "Bugs?" <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ImapMenu <CODE>{none, formatted, semiformatted, - unformatted}</CODE><BR> +><STRONG>Syntax:</STRONG></A> ImapMenu + none|formatted|semiformatted|unformatted<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -289,8 +289,8 @@ is called without valid coordinates. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ImapDefault <CODE>{error, nocontent, - map, referer, URL}</CODE><BR> +><STRONG>Syntax:</STRONG></A> ImapDefault + error|nocontent|map|referer|<em>URL</em><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -323,7 +323,7 @@ case, the client should continue to display the original page. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ImapBase <CODE>{map, referer, URL}</CODE><BR> +><STRONG>Syntax:</STRONG></A> ImapBase map|referer|<em>URL</em><BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html b/usr.sbin/httpd/htdocs/manual/mod/mod_include.html index 7d695873d0e..0339d1f161b 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_include.html @@ -21,7 +21,7 @@ <H1 ALIGN="CENTER">Module mod_include</H1> -<p>This module provides for server-parsed html documents.</p> +<p>This module provides for documents with Server Side Includes (SSI).</p> <P><A HREF="module-dict.html#Status" @@ -36,7 +36,7 @@ REL="Help" <A HREF="module-dict.html#ModuleIdentifier" REL="Help" -><STRONG>Module Identifier:</STRONG></A> include_module +><STRONG>Module Identifier:</STRONG></A> includes_module </P> <h2>Summary</h2> @@ -48,6 +48,10 @@ elements allow conditional text, the inclusion other files or programs, as well as the setting and printing of environment variables.</p> +<p>For an introduction to this topic, we also provide a +<a href="../howto/ssi.html">tutorial on Server Side Includes</a>.</p> + + <H2>Directives</H2> <UL> <LI><A HREF="#xbithack">XBitHack</A> @@ -378,7 +382,7 @@ elements are: <DD>true if <EM>test_condition</EM> is true <DT>! <EM>test_condition</EM> <DD>true if <EM>test_condition</EM> is false -<DT><EM>test_condition1</EM> && <EM>test_condition2</EM> +<DT><EM>test_condition1</EM> && <EM>test_condition2</EM> <DD>true if both <EM>test_condition1</EM> and <EM>test_condition2</EM> are true <DT><EM>test_condition1</EM> || <EM>test_condition2</EM> @@ -386,13 +390,13 @@ elements are: <EM>test_condition2</EM> is true </DL> -<P> "<EM>=</EM>" and "<EM>!=</EM>" bind more tightly than "<EM>&&</EM>" and +<P> "<EM>=</EM>" and "<EM>!=</EM>" bind more tightly than "<EM>&&</EM>" and "<EM>||</EM>". "<EM>!</EM>" binds most tightly. Thus, the following are equivalent: <PRE> - <!--#if expr="$a = test1 && $b = test2" --> - <!--#if expr="($a = test1) && ($b = test2)" --> + <!--#if expr="$a = test1 && $b = test2" --> + <!--#if expr="($a = test1) && ($b = test2)" --> </PRE> <P> Anything that's not recognized as a variable or an operator is @@ -421,7 +425,7 @@ customized server error documents. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> XBitHack <EM>status</EM><BR> +><STRONG>Syntax:</STRONG></A> XBitHack on|off|full<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -445,8 +449,7 @@ customized server error documents. The XBitHack directives controls the parsing of ordinary html documents. This directive only affects files associated with the MIME type -<CODE>text/html</CODE>. -<EM>Status</EM> can have the following values: +<CODE>text/html</CODE>. XBitHack can take on the following values: <DL> <DT>off <DD>No special treatment of executable files. diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html index 23d31df32a3..a80e0074da3 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html @@ -74,7 +74,7 @@ directive to limit access to your server configuration information.<P> Once configured, the server information is obtained by accessing <TT>http://your.host.dom/server-info</TT><P> <BLOCKQUOTE> - <STRONG> + <p><STRONG> Note that the configuration files are read by the module at run-time, and therefore the display may <EM>not</EM> reflect the running server's active configuration if the files have been changed since the @@ -84,14 +84,14 @@ Once configured, the server information is obtained by accessing HREF="core.html#user" ><SAMP>User</SAMP></A> directive), or else the directive settings will not be listed. - <P> + </strong></p> + <p><strong> It should also be noted that if <SAMP>mod_info</SAMP> is compiled into the server, its handler capability is available in <EM>all</EM> configuration files, including <EM>per</EM>-directory files (<EM>e.g.</EM>, <SAMP>.htaccess</SAMP>). This may have security-related ramifications for your site. - </P> - </STRONG> + </strong></p> </BLOCKQUOTE> <HR> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_isapi.html b/usr.sbin/httpd/htdocs/manual/mod/mod_isapi.html index a7cefcfdd3e..231e5d4647c 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_isapi.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_isapi.html @@ -57,6 +57,14 @@ REL="Help" problems running their ISAPI extention. <STRONG>Please <EM>do not</EM> post such problems to Apache's lists or bug reporting pages.</STRONG></P> +<H2>Directives</H2> +<UL> +<LI><A HREF="#isapireadaheadbuffer">ISAPIReadAheadBuffer</A> +<LI><A HREF="#isapilognotsupported">ISAPILogNotSupported</A> +<LI><A HREF="#isapiappendlogtoerrors">ISAPIAppendLogToErrors</A> +<LI><A HREF="#isapiappendlogtoquery">ISAPIAppendLogToQuery</A> +</UL> + <H2>Usage</H2> <P>In the server configuration file, use the AddHandler directive to @@ -66,7 +74,7 @@ REL="Help" following line:</P> <PRE> - AddHandler isapi-isa dll + AddHandler isapi-isa .dll </PRE> <P>ISAPI extensions are governed by the same permissions and restrictions @@ -77,13 +85,102 @@ REL="Help" <A HREF="#journal">Programmer's Journal</A> for additional details and clarification of the specific ISAPI support offered by mod_isapi.</P> -<H2>Directives</H2> -<UL> -<LI><A HREF="#isapireadaheadbuffer">ISAPIReadAheadBuffer</A> -<LI><A HREF="#isapilognotsupported">ISAPILogNotSupported</A> -<LI><A HREF="#isapiappendlogtoerrors">ISAPIAppendLogToErrors</A> -<LI><A HREF="#isapiappendlogtoquery">ISAPIAppendLogToQuery</A> -</UL> +<H2><A NAME="notes">Additional Notes</A></H2> + +<P>Apache's ISAPI implementation conforms to all of the ISAPI 2.0 + specification, except for the "Microsoft-specific" extensions dealing + with asynchronous I/O. Apache's I/O model does not allow asynchronous + reading and writing in a manner that the ISAPI could access. If an ISA + tries to access unsupported features, including async I/O, a message is + placed in the error log to help with debugging. Since these messages + can become a flood, a new directive; + <CODE>ISAPILogNotSupported Off</CODE>, is introduced in Apache 1.3.13.</P> + +<P>Some servers, like Microsoft IIS, load the ISA into the server, and + keep it loaded until memory usage is too high, or specific configuration + options are used. Apache currently loads and unloads the ISA for each + request. This is inefficient, but Apache's request model makes this + method the only method that currently works. Apache 2.0 is expected to + support more effective loading and caching methods, with more precise + control over individual ISAPI modules and directories.</P> + +<P>Also, remember that while Apache supports ISAPI Extensions, it + <STRONG>does not support ISAPI Filters.</STRONG> Support for filters may + be added at a later date, but no support is planned at this time.</P> + +<H2><A NAME="journal">Programmer's Journal</A></H2> + +<P>If you are programming Apache 1.3 mod_isapi modules, you must limit your + calls to ServerSupportFunction to the following directives:</P> + +<DL> + <DT>HSE_REQ_SEND_URL_REDIRECT_RESP + <DD>Redirect the user to another location.<BR> + This must be a fully qualified URL (e.g. http://server/location). + <DT>HSE_REQ_SEND_URL + <DD>Redirect the user to another location.<BR> + This cannot be a fully qualified URL, you are not allowed + to pass the protocol or a server name (e.g. simply /location).<BR> + This redirection is handled by the server, not the browser.<BR> + <STRONG>Warning:</STRONG> in their recent documentation, Microsoft + appears to have abandoned the distinction between the two + HSE_REQ_SEND_URL functions. Apache continues to treat them as two + distinct functions with different requirements and behaviors. + <DT>HSE_REQ_SEND_RESPONSE_HEADER + <DD>Apache accepts a response body following the header if it follows + the blank line (two consecutive newlines) in the headers string + argument. This body cannot contain NULLs, since the headers + argument is NULL terminated. + <DT>HSE_REQ_DONE_WITH_SESSION + <DD>Apache considers this a no-op, since the session will be finished + when the ISAPI returns from processing. + <DT>HSE_REQ_MAP_URL_TO_PATH + <DD>Apache will translate a virtual name to a physical name. + <DT>HSE_APPEND_LOG_PARAMETER <EM>Apache 1.3.13 and later</EM> + <DD>This logged message may be captured in any of the following logs: + <UL> + <LI>in the \"%{isapi-parameter}n\" component in a CustomLog directive + <LI>in the %q log component with the ISAPIAppendLogToQuery On directive + <LI>in the error log with the ISAPIAppendLogToErrors On directive + </UL> + The first option, the %{isapi-parameter}n component, is always available + and prefered. + <DT>HSE_REQ_IS_KEEP_CONN <EM>Apache 1.3.13 and later</EM> + <DD>Will return the negotiated Keep-Alive status. + <DT>HSE_REQ_SEND_RESPONSE_HEADER_EX <EM>Apache 1.3.13 and later</EM> + <DD>Will behave as documented, although the fKeepConn flag is ignored. + <DT>HSE_REQ_IS_CONNECTED <EM>Apache 1.3.13 and later</EM> + <DD>Will report false if the request has been aborted. +</DL> + +<P>Apache returns FALSE to any unsupported call to ServerSupportFunction, and + sets the GetLastError value to ERROR_INVALID_PARAMETER.</P> + +<P>Prior to Apache 1.3.13, ReadClient was a noop, and any request with a request + body greater than 48kb was rejected by mod_isapi. As of Apache 1.3.13, + ReadClient now retrieves the request body exceeding the initial buffer + (defined by ISAPIReadAheadBuffer). Based on the ISAPIReadAheadBuffer + setting (number of bytes to buffer prior to calling the ISAPI handler) + shorter requests are sent complete to the extension when it is invoked. + If the request is longer, the ISAPI extension must use ReadClient to + retrieve the remaining request body.</P> + +<P>WriteClient is supported, but only with the HSE_IO_SYNC flag or + no option flag (value of 0). Any other WriteClient request will + be rejected with a return value of FALSE, and a GetLastError + value of ERROR_INVALID_PARAMETER.</P> + +<P>GetServerVariable is supported, although extended server variables do not + exist (as defined by other servers.) All the usual Apache CGI environment + variables are available from GetServerVariable. As of Apache 1.3.13, + the ALL_HTTP and ALL_RAW and variables are now available.</P> + +<P>Apache 2.0 mod_isapi may support additional features introduced in later + versions of the ISAPI specification, as well as limited emulation of + async I/O and the TransmitFile semantics. Apache 2.0 may also support + caching of ISAPI .dlls for performance. No further enhancements to the + Apache 1.3 mod_isapi features are anticipated.</P> + <HR> <H2><A NAME="isapireadaheadbuffer">ISAPIReadAheadBuffer directive</A></H2> @@ -132,7 +229,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ISAPILogNotSupported <EM>on|off</EM><BR> +><STRONG>Syntax:</STRONG></A> ISAPILogNotSupported on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -170,7 +267,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ISAPIAppendLogToErrors <EM>on|off</EM><BR> +><STRONG>Syntax:</STRONG></A> ISAPIAppendLogToErrors on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -206,7 +303,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ISAPIAppendLogToQuery <EM>on|off</EM><BR> +><STRONG>Syntax:</STRONG></A> ISAPIAppendLogToQuery on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -235,103 +332,7 @@ REL="Help" Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extentions to the query field (appended to the CustomLog %q component). <P> -<HR> - -<H2><A NAME="notes">Additional Notes</A></H2> - -<P>Apache's ISAPI implementation conforms to all of the ISAPI 2.0 - specification, except for the "Microsoft-specific" extensions dealing - with asynchronous I/O. Apache's I/O model does not allow asynchronous - reading and writing in a manner that the ISAPI could access. If an ISA - tries to access unsupported features, including async I/O, a message is - placed in the error log to help with debugging. Since these messages - can become a flood, a new directive; - <CODE>ISAPILogNotSupported Off</CODE>, is introduced in Apache 1.3.13.</P> - -<P>Some servers, like Microsoft IIS, load the ISA into the server, and - keep it loaded until memory usage is too high, or specific configuration - options are used. Apache currently loads and unloads the ISA for each - request. This is inefficient, but Apache's request model makes this - method the only method that currently works. Apache 2.0 is expected to - support more effective loading and caching methods, with more precise - control over individual ISAPI modules and directories.</P> - -<P>Also, remember that while Apache supports ISAPI Extensions, it - <STRONG>does not support ISAPI Filters.</STRONG> Support for filters may - be added at a later date, but no support is planned at this time.</P> - -<H2><A NAME="journal">Programmer's Journal</A></H2> -<P>If you are programming Apache 1.3 mod_isapi modules, you must limit your - calls to ServerSupportFunction to the following directives:</P> - -<DL> - <DT>HSE_REQ_SEND_URL_REDIRECT_RESP - <DD>Redirect the user to another location.<BR> - This must be a fully qualified URL (e.g. http://server/location). - <DT>HSE_REQ_SEND_URL - <DD>Redirect the user to another location.<BR> - This cannot be a fully qualified URL, you are not allowed - to pass the protocol or a server name (e.g. simply /location).<BR> - This redirection is handled by the server, not the browser.<BR> - <STRONG>Warning:</STRONG> in their recent documentation, Microsoft - appears to have abandoned the distinction between the two - HSE_REQ_SEND_URL functions. Apache continues to treat them as two - distinct functions with different requirements and behaviors. - <DT>HSE_REQ_SEND_RESPONSE_HEADER - <DD>Apache accepts a response body following the header if it follows - the blank line (two consecutive newlines) in the headers string - argument. This body cannot contain NULLs, since the headers - argument is NULL terminated. - <DT>HSE_REQ_DONE_WITH_SESSION - <DD>Apache considers this a no-op, since the session will be finished - when the ISAPI returns from processing. - <DT>HSE_REQ_MAP_URL_TO_PATH - <DD>Apache will translate a virtual name to a physical name. - <DT>HSE_APPEND_LOG_PARAMETER <EM>Apache 1.3.13 and later</EM> - <DD>This logged message may be captured in any of the following logs: - <UL> - <LI>in the \"%{isapi-parameter}n\" component in a CustomLog directive - <LI>in the %q log component with the ISAPIAppendLogToQuery On directive - <LI>in the error log with the ISAPIAppendLogToErrors On directive - </UL> - The first option, the %{isapi-parameter}n component, is always available - and prefered. - <DT>HSE_REQ_IS_KEEP_CONN <EM>Apache 1.3.13 and later</EM> - <DD>Will return the negotiated Keep-Alive status. - <DT>HSE_REQ_SEND_RESPONSE_HEADER_EX <EM>Apache 1.3.13 and later</EM> - <DD>Will behave as documented, although the fKeepConn flag is ignored. - <DT>HSE_REQ_IS_CONNECTED <EM>Apache 1.3.13 and later</EM> - <DD>Will report false if the request has been aborted. -</DL> - -<P>Apache returns FALSE to any unsupported call to ServerSupportFunction, and - sets the GetLastError value to ERROR_INVALID_PARAMETER.</P> - -<P>Prior to Apache 1.3.13, ReadClient was a noop, and any request with a request - body greater than 48kb was rejected by mod_isapi. As of Apache 1.3.13, - ReadClient now retrieves the request body exceeding the initial buffer - (defined by ISAPIReadAheadBuffer). Based on the ISAPIReadAheadBuffer - setting (number of bytes to buffer prior to calling the ISAPI handler) - shorter requests are sent complete to the extension when it is invoked. - If the request is longer, the ISAPI extension must use ReadClient to - retrieve the remaining request body.</P> - -<P>WriteClient is supported, but only with the HSE_IO_SYNC flag or - no option flag (value of 0). Any other WriteClient request will - be rejected with a return value of FALSE, and a GetLastError - value of ERROR_INVALID_PARAMETER.</P> - -<P>GetServerVariable is supported, although extended server variables do not - exist (as defined by other servers.) All the usual Apache CGI environment - variables are available from GetServerVariable. As of Apache 1.3.13, - the ALL_HTTP and ALL_RAW and variables are now available.</P> - -<P>Apache 2.0 mod_isapi may support additional features introduced in later - versions of the ISAPI specification, as well as limited emulation of - async I/O and the TransmitFile semantics. Apache 2.0 may also support - caching of ISAPI .dlls for performance. No further enhancements to the - Apache 1.3 mod_isapi features are anticipated.</P> <HR> <H3 ALIGN="CENTER"> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html index 404951c12fd..47355c51082 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html @@ -41,17 +41,24 @@ REL="Help" ><STRONG>Module Identifier:</STRONG></A> config_log_module <BR> <A -HREF="module-dict.html#compatibility" +HREF="module-dict.html#Compatibility" REL="Help" ><STRONG>Compatibility:</STRONG></A> Was an extension module prior to Apache 1.2. </P> <H2>Summary</H2> + +<p>This module provides for flexible logging of client requests. Logs +are written in a customizable format, and may be written directly to a +file, or to an external program. Conditional logging is provided so +that individual requests may be included or excluded from the logs +based on characteristics of the request.</p> + <P> Three directives are provided by this module: <CODE>TransferLog</CODE> to create a log file, <CODE>LogFormat</CODE> to set a custom format, -and <CODE>CustomLog</CODE> to define a log file and format in one go. +and <CODE>CustomLog</CODE> to define a log file and format in one step. The <CODE>TransferLog</CODE> and <CODE>CustomLog</CODE> directives can be used multiple times in each server to cause each request to be logged to multiple files. @@ -60,56 +67,25 @@ logged to multiple files. <H2>Directives</H2> <UL> -<LI><A HREF="#cookielog">CookieLog</A> -<LI><A HREF="#customlog">CustomLog</A> -<LI><A HREF="#customlog-conditional">CustomLog (conditional)</A> -<LI><A HREF="#logformat">LogFormat</A> -<LI><A HREF="#transferlog">TransferLog</A> -</UL> - -<H3>Compatibility notes</H3> - -<UL> -<LI>This module is based on mod_log_config distributed with -previous Apache releases, now updated to handle multiple logs. -There is now no need to re-configure Apache to use configuration log -formats. - -<LI>The module also implements the <CODE>CookieLog</CODE> directive, -used to log user-tracking information created by <A -HREF="mod_usertrack.html">mod_usertrack</A>. The use of -<CODE>CookieLog</CODE> is deprecated, and a <CODE>CustomLog</CODE> -should be defined to log user-tracking information instead. - -<LI>As of Apache 1.3.5, this module allows conditional logging -based upon the setting of environment variables. That is, -you can control whether a request should be logged or not -based upon whether an arbitrary environment variable is -defined or not. This is settable on a <EM>per</EM>-logfile -basis. - -<LI>Beginning with Apache 1.3.5, the mod_log_config module has -also subsumed the <CODE>RefererIgnore</CODE> functionality from -<A HREF="mod_log_referer.html">mod_log_referer</A>. The effect -of <CODE>RefererIgnore</CODE> can be achieved by combinations of -<A HREF="mod_setenvif.html"><CODE>SetEnvIf</CODE></A> directives -and conditional <CODE>CustomLog</CODE> definitions. - +<LI><A HREF="#cookielog">CookieLog</A></LI> +<LI><A HREF="#customlog">CustomLog</A></LI> +<LI><A HREF="#logformat">LogFormat</A></LI> +<LI><A HREF="#transferlog">TransferLog</A></LI> </UL> <H2>Log File Formats</H2> -Unless told otherwise with <TT>LogFormat</TT> the log files created by -<TT>TransferLog</TT> will be in standard "Common Log Format" -(CLF). The contents of each line in a CLF file are explained +<p>Unless told otherwise with <TT>LogFormat</TT>, the log files +created by <TT>TransferLog</TT> will be in standard "Common Log +Format" (CLF). The contents of each line in a CLF file are explained below. Alternatively, the log file can be customized (and if multiple log files are used, each can have a different format). Custom formats -are set with <CODE>LogFormat</CODE> and <CODE>CustomLog</CODE>. +are set with <CODE>LogFormat</CODE> and <CODE>CustomLog</CODE>.</p> <H3>Common Log Format</H3> -The Common Log Format (CLF) file contains a separate line for each -request. A line is composed of several tokens separated by spaces: +<p>The Common Log Format (CLF) file contains a separate line for each +request. A line is composed of several tokens separated by spaces:</p> <BLOCKQUOTE> host ident authuser date request status bytes @@ -149,11 +125,16 @@ any headers. <H3><A NAME="formats">Custom Log Formats</A></H3> -The format argument to the <CODE>LogFormat</CODE> and -<CODE>CustomLog</CODE> is a string. This string is logged to the log -file for each request. It can contain literal characters copied into -the log files, and `%' directives which are replaced in the log file -by the values as follows: +<p>The format argument to the <CODE>LogFormat</CODE> and +<CODE>CustomLog</CODE> directives is a string. This string is logged +to the log file for each request. It can contain literal characters +copied into the log files and the c-type control characters "\n" and +"\t" to represent new-lines and tabs. Literal quotes and back-slashes +should be escaped with back-slashes.</p> + +<p>The characteristics of the request itself are logged by placing +"%" directives in the format string, which are replaced in the log file +by the values as follows:</p> <PRE> %...a: Remote IP-address @@ -161,6 +142,10 @@ by the values as follows: %...B: Bytes sent, excluding HTTP headers. %...b: Bytes sent, excluding HTTP headers. In CLF format i.e. a '-' rather than a 0 when no bytes are sent. +%...c: Connection status when response is completed. + 'X' = connection aborted before the response completed. + '+' = connection may be kept alive after the response is sent. + '-' = connection will be closed after the response is sent. %...{FOOBAR}e: The contents of the environment variable FOOBAR %...f: Filename %...h: Remote host @@ -180,7 +165,7 @@ by the values as follows: the status of the *original* request --- %...>s for the last. %...t: Time, in common log format time format (standard english format) %...{format}t: The time, in the form given by format, which should - be in strftime(3) format. (potentially localised) + be in strftime(3) format. (potentially localized) %...T: The time taken to serve the request, in seconds. %...u: Remote user (from auth; may be bogus if return status (%s) is 401) %...U: The URL path requested. @@ -188,73 +173,134 @@ by the values as follows: %...V: The server name according to the UseCanonicalName setting. </PRE> -The `...' can be nothing at all (<EM>e.g.</EM>, <CODE>"%h %u %r %s %b"</CODE>), or it can -indicate conditions for inclusion of the item (which will cause it -to be replaced with `-' if the condition is not met). Note that -there is no escaping performed on the strings from %r, %...i and -%...o; some with long memories may remember that I thought this was -a bad idea, once upon a time, and I'm still not comfortable with -it, but it is difficult to see how to `do the right thing' with all -of `%..i', unless we URL-escape everything and break with CLF. +<p>The "..." can be nothing at all (<EM>e.g.</EM>, <CODE>"%h %u %r %s +%b"</CODE>), or it can indicate conditions for inclusion of the item +(which will cause it to be replaced with "-" if the condition is not +met). The forms of condition are a list of HTTP status codes, which +may or may not be preceded by "!". Thus, "%400,501{User-agent}i" logs +User-agent: on 400 errors and 501 errors (Bad Request, Not +Implemented) only; "%!200,304,302{Referer}i" logs Referer: on all +requests which did <STRONG>not</STRONG> return some sort of normal +status.</p> -<P> +<p>Note that there is no escaping performed on the strings from +%...r, %...i and %...o. This is mainly to comply with the requirements +of the Common Log Format. This implies that clients can insert +control characters into the log, so care should be taken when dealing +with raw log files.</p> -The forms of condition are a list of HTTP status codes, which may -or may not be preceded by `!'. Thus, `%400,501{User-agent}i' logs -User-agent: on 400 errors and 501 errors (Bad Request, Not -Implemented) only; `%!200,304,302{Referer}i' logs Referer: on all -requests which did <STRONG>not</STRONG> return some sort of normal status. +<p>Some commonly used log format strings are:</p> -<P> +<dl> +<dt>Common Log Format (CLF)</dt> +<dd><CODE>"%h %l %u %t \"%r\" %>s %b"</CODE></dd> -Note that the common log format is defined by the string <CODE>"%h %l -%u %t \"%r\" %>s %b"</CODE>, which can be used as the basis for -extending for format if desired (<EM>e.g.</EM>, to add extra fields at the end). -NCSA's extended/combined log format would be <CODE>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""</CODE>. +<dt>Common Log Format with Virtual Host</dt> +<dd><code>"%v %h %l %u %t \"%r\" %>s %b"</CODE></dd> -<P> +<dt>NCSA extended/combined log format</dt> +<dd> <CODE>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""</CODE></dd> + +<dt>Referer log format</dt> +<dd><code>"%{Referer}i -> %U"</code></dd> -Note that the canonical <A HREF="core.html#servername">ServerName</A> -and <A HREF="core.html#port">Port</A> of the server serving the request -are used for <CODE>%v</CODE> and <CODE>%p</CODE> respectively. This -happens regardless of the -<A HREF="core.html#usecanonicalname">UseCanonicalName</A> setting because +<dt>Agent (Browser) log format</dt> +<dd><code>"%{User-agent}i"</code></dd> +</dl> + +<P>Note that the canonical <A +HREF="core.html#servername">ServerName</A> and <A +HREF="core.html#port">Port</A> of the server serving the request are +used for <CODE>%v</CODE> and <CODE>%p</CODE> respectively. This +happens regardless of the <A +HREF="core.html#usecanonicalname">UseCanonicalName</A> setting because otherwise log analysis programs would have to duplicate the entire vhost matching algorithm in order to decide what host really served -the request. +the request.</p> <H2>Using Multiple Log Files</H2> -The <CODE>TransferLog</CODE> and <CODE>CustomLog</CODE> directives can -be given more than once to log requests to multiple log files. Each +<p>The <CODE>TransferLog</CODE> and <CODE>CustomLog</CODE> directives can +be given more than once to log requests to multiple log files. Unless +the conditional form of <code>CustomLog</code> is used, each request will be logged to all the log files defined by either of these -directives. +directives.</p> <H3>Use with Virtual Hosts</H3> -If a <VirtualHost> section does not contain any +<p>If a <VirtualHost> section does not contain any <TT>TransferLog</TT> or <TT>CustomLog</TT> directives, the logs defined for the main server will be used. If it does contain one or more of these directives, requests serviced by this virtual host will only be logged in the log files defined within its definition, not in any of the main server's log files. -See the examples below. -<P> +See the examples below.</p> <H2>Security Considerations</H2> -See the <A HREF="../misc/security_tips.html#security">security tips</A> +<p>See the <A HREF="../misc/security_tips.html#serverroot">security tips</A> document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than -the user that starts the server. -<P> +the user that starts the server.</p> -<HR> +<h2>Resetting the Log Files</h2> + +<p>The access log file typically grows 1MB or more for each 10,000 +requests. It will probably be necessary to move or delete the log +file on a regular basis. This cannot be done while the server is +still running, because Apache will continue writing to the old log +file. Instead, the server must be <a +href="../stopping.html">restarted</a> after the log file is moved or +deleted so that it will open a new log.</p> + +<p>A typical scenario is:</p> + +<pre> + mv access_log access_log.old + apachectl graceful + # wait for all requests to the old server to complete + # before doing anything with access_log.old +</pre> + +<p>Alternatively, log files can be <a +href="../misc/FAQ.html#rotate">rotated automatically</a> be writing +them through a pipe to a program designed for that purpose such +as <a href="../programs/rotatelogs.html">rotatelogs</a>.</p> + +<H2>Compatibility notes</H2> + +<UL> +<LI>This module is based on mod_log_config distributed with +previous Apache releases, now updated to handle multiple logs. +There is now no need to re-configure Apache to use configuration log +formats.</li> + +<LI>The module also implements the <CODE>CookieLog</CODE> directive, +used to log user-tracking information created by <A +HREF="mod_usertrack.html">mod_usertrack</A>. The use of +<CODE>CookieLog</CODE> is deprecated, and a <CODE>CustomLog</CODE> +should be defined to log user-tracking information instead.</li> + +<LI>As of Apache 1.3.5, this module allows conditional logging based +upon the setting of <a href="../env.html">environment variables</a>. +That is, you can control whether a request should be logged or not +based upon whether an arbitrary environment variable is defined or +not. This is configurable on a <EM>per</EM>-logfile basis.</li> + +<LI>Beginning with Apache 1.3.5, the mod_log_config module has +also subsumed the <CODE>RefererIgnore</CODE> functionality from +<A HREF="mod_log_referer.html">mod_log_referer</A>. The effect +of <CODE>RefererIgnore</CODE> can be achieved by combinations of +<A HREF="mod_setenvif.html"><CODE>SetEnvIf</CODE></A> directives +and conditional <CODE>CustomLog</CODE> definitions.</li> +</UL> + +<hr> <H2><A NAME="cookielog">CookieLog</A> directive</H2> <!--%plaintext <?INDEX {\tt CookieLog} directive> --> -<A +<p><A HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> CookieLog <EM>filename</EM><BR> @@ -269,22 +315,22 @@ the user that starts the server. <A HREF="directive-dict.html#Compatibility" REL="Help" -><STRONG>Compatibility:</STRONG></A> Only available in Apache 1.2 and above<P> +><STRONG>Compatibility:</STRONG></A> Only available in Apache 1.2 and above</p> -The CookieLog directive sets the filename for logging of cookies. +<p>The CookieLog directive sets the filename for logging of cookies. The filename is relative to the <A HREF="core.html#serverroot">ServerRoot</A>. This directive is included -only for compatibility with -<A HREF="mod_cookies.html">mod_cookies</A>, and is deprecated. -<P> +only for compatibility with <A +HREF="mod_cookies.html">mod_cookies</A>, and is deprecated.</p> <HR> -<H2><A NAME="customlog">CustomLog</A> directive</H2> -<A +<H2><A NAME="customlog">CustomLog</A> +<a NAME="#customlog-conditional">directive</a></H2> +<p><A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CustomLog <EM>file-pipe</EM> - <EM>format-or-nickname</EM><BR> +><STRONG>Syntax:</STRONG></A> CustomLog <EM>file</em>|<em>pipe</EM> + <EM>format</em>|<em>nickname</EM> [env=[!]<EM>environment-variable</EM>]<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -297,81 +343,66 @@ only for compatibility with HREF="directive-dict.html#Compatibility" REL="Help" ><STRONG>Compatibility:</STRONG></A> Nickname only available in Apache 1.3 - or later + or later. Conditional logging available in 1.3.5 or later. <BR> <A HREF="directive-dict.html#Module" REL="Help" -><STRONG>Module:</STRONG></A> mod_log_config -<P> -The first argument is the filename to which log records should be -written. This is used -exactly like the argument to -<A - HREF="#transferlog" -><SAMP>TransferLog</SAMP></A>; -that is, it is either a full path or relative to the current -server root. -</P> -<P> -The format argument specifies a format for each line of the log file. -The options available for the format are exactly the same as for -the argument of the <TT>LogFormat</TT> directive. If the format -includes any spaces (which it will do in almost all cases) it -should be enclosed in double quotes. -</P> -<P> -Instead of an actual format string, you can use a format nickname defined with -the -<A - HREF="#logformat" -><SAMP>LogFormat</SAMP></A> -directive. -</P> - -<HR> -<H2><A NAME="customlog-conditional">CustomLog (conditional)</A> directive</H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> CustomLog <EM>file-pipe</EM> - <EM>format-or-nickname</EM> - env=[!]<EM>environment-variable</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Base<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Only available in Apache 1.3.5 - or later -<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_log_config -<P> - -The behaviour of this form of the <SAMP>CustomLog</SAMP> directive is almost -identical to the <A HREF="#customlog">standard <CODE>CustomLog</CODE></A> -directive. The difference is that the '<CODE>env=</CODE>' clause controls -whether a particular request will be logged in the specified file or -not. If the specified environment variable is set for the -request (or is not set, in the case of a '<CODE>env=!<EM>name</EM></CODE>' -clause), then the request will be logged. -</P> -<P> -Environment variables can be set on a <EM>per</EM>-request basis -using the <A HREF="mod_setenvif.html">mod_setenvif</A> and/or -<A HREF="mod_rewrite.html">mod_rewrite</A> modules. For example, -if you don't want to record requests for all GIF images on -your server in a separate logfile but not your main log, you -can use: +><STRONG>Module:</STRONG></A> mod_log_config</p> + +<p>The <code>CustomLog</code> directive is used to log requests +to the server. A log format is specified, and the logging can +optionally be made conditional on request characteristics +using environment variables.</p> + +<P>The first argument, which specifies the location to which the +logs will be written, can take on one of the following two +types of values:</p> + +<dl> +<dt><em>file</em> +<dd>A filename, relative to the +<a href="core.html#serverroot">ServerRoot</a>.</dd> + +<dt><em>pipe</em> +<dd>The pipe character "<code>|</code>", followed by the path to a +program to receive the log information on its standard input. +<STRONG>Security:</STRONG> if a program is used, then it will be run +under the user who started httpd. This will be root if the server was +started by root; be sure that the program is secure.</dd> +</dl> + +<P>The second argument specifies what will be written to the +log file. It can specify either a <em>nickname</em> +defined by a previous <a href="#logformat">LogFormat</a> +directive, or it can be an explicit <em>format</em> string +as described in the <a href="#formats">log formats</a> section.</p> + +<p>For example, the following two sets of directives have exactly +the same effect:</p> + +<pre> + # CustomLog with format nickname + LogFormat "%h %l %u %t \"%r\" %>s %b" common + CustomLog logs/access_log common + + # CustomLog with explicit format string + CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b" +</pre> + +<p>The third argument is optional and allows the decision on whether +or not to log a particular request to be based on the presence or +absence of a particular variable in the server environment. If the +specified <a href="../env.html">environment variable</a> is set for +the request (or is not set, in the case of a +'<CODE>env=!<EM>name</EM></CODE>' clause), then the request will be +logged.</P> + +<P>Environment variables can be set on a <EM>per</EM>-request basis +using the <A HREF="mod_setenvif.html">mod_setenvif</A> and/or <A +HREF="mod_rewrite.html">mod_rewrite</A> modules. For example, if you +don't want to record requests for all GIF images on your server in a +separate logfile but not your main log, you can use: </P> <PRE> SetEnvIf Request_URI \.gif$ gif-image @@ -382,16 +413,17 @@ can use: <HR> <H2><A NAME="logformat">LogFormat</A> directive</H2> <!--%plaintext <?INDEX {\tt LogFormat} directive> --> -<A +<p><A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LogFormat <EM>format</EM> [<EM>nickname</EM>] +><STRONG>Syntax:</STRONG></A> LogFormat <EM>format</em>|<em>nickname</EM> + [<EM>nickname</EM>] <BR> <A HREF="directive-dict.html#Default" REL="Help" ><STRONG>Default:</STRONG></A> <CODE>LogFormat "%h %l %u %t \"%r\" -%>s %b"</CODE><BR> +%>s %b"</CODE><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -409,37 +441,39 @@ can use: <A HREF="directive-dict.html#Module" REL="Help" -><STRONG>Module:</STRONG></A> mod_log_config -<P> -This sets the format of the default logfile named by the -<A - HREF="#transferlog" -><SAMP>TransferLog</SAMP></A> -directive . See the section on -<A HREF="#formats">Custom Log Formats</A> for details on the format -arguments. -</P> -<P> -If you include a nickname for the format on the directive line, you can -use it in other <SAMP>LogFormat</SAMP> and -<A HREF="#customlog"><SAMP>CustomLog</SAMP></A> -directives rather than repeating the entire format string. -</P> -<P> -A +><STRONG>Module:</STRONG></A> mod_log_config</p> + +<p>This directive specifies the format of the access log file.</p> + +<p>The <code>LogFormat</code> directive can take one of two forms. In +the first form, where only one argument is specified, this directive +sets the log format which will be used by logs specified in subsequent +<a href="#transferlog">TransferLog</a> directives. The single +argument can specify an explicit <em>format</em> as discussed in <a +href="#formats">custom log formats</a> section above. Alternatively, +it can use a <em>nickname</em> to refer to a log format defined +in a previous <code>LogFormat</code> directive as described below.</p> + +<p>The second form of the <code>LogFormat</code> directive associates +an explicit <em>format</em> with a <em>nickname</em>. This +<em>nickname</em> can then be used in subsequent +<code>LogFormat</code> or <a href="#customlog">CustomLog</a> +directives rather than repeating the entire format string. A <SAMP>LogFormat</SAMP> directive which defines a nickname <STRONG>does -nothing else</STRONG> -- that is, it <EM>only</EM> defines the nickname, -it doesn't actually apply the format and make it the default. +nothing else</STRONG> -- that is, it <EM>only</EM> defines the +nickname, it doesn't actually apply the format and make it the +default. Therefore, it will not affect subsequent <a +href="#transferlog">TransferLog</a> directives. </P> <HR> <H2><A NAME="transferlog">TransferLog</A> directive</H2> <!--%plaintext <?INDEX {\tt TransferLog} directive> --> -<A +<p><A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> TransferLog <EM>file-pipe</EM><BR> +><STRONG>Syntax:</STRONG></A> TransferLog <EM>file</em>|<em>pipe</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -455,27 +489,23 @@ it doesn't actually apply the format and make it the default. <A HREF="directive-dict.html#Module" REL="Help" -><STRONG>Module:</STRONG></A> mod_log_config<P> - -The TransferLog directive adds a log file in the format defined by the -most recent -<A - HREF="#logformat" -><SAMP>LogFormat</SAMP></A> -directive, or Common Log Format if no other default format has been -specified. -<EM>File-pipe</EM> is one -of -<DL><DT>A filename -<DD>A filename relative to the <A HREF="core.html#serverroot">ServerRoot</A>. -<DT> `|' followed by a command -<DD>A program to receive the agent log information on its standard input. -Note the a new program will not be started for a VirtualHost if it inherits -the TransferLog from the main server. -</DL> -<STRONG>Security:</STRONG> if a program is used, then it will be -run under the user who started httpd. This will be root if the server -was started by root; be sure that the program is secure.<P> +><STRONG>Module:</STRONG></A> mod_log_config</p> + +<p>This directive has exactly the same arguments and effect as the <a +href="#customlog">CustomLog</a> directive, with the exception that it +does not allow the log format to be specified explicitly or for +conditional logging of requests. Instead, the log format is +determined by the most recently specified specified <a +href="#logformat">LogFormat</a> directive (that does not define a +nickname). Common Log Format is used if no other format has been +specified.</p> + +<p>Example:</p> + +<pre> + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" + TransferLog logs/access_log +</pre> <HR> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html index 6c7ea277813..7fe4473d5af 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html @@ -74,7 +74,8 @@ local URL to the document being referred to. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RefererIgnore <EM>string string ...</EM><BR> +><STRONG>Syntax:</STRONG></A> RefererIgnore <EM>string</em> + [<em>string</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html index b1ab4e9ab0f..77a65462041 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html @@ -129,8 +129,8 @@ mod_imap imagemap file. <H2><A NAME="addcharset">AddCharset</A> directive</H2> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddCharset <i>charset extension - [extension...]</i><br> +><STRONG>Syntax:</STRONG></A> AddCharset <em>charset extension</em> + [<em>extension</em>] ...<br> <A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A> server config, virtual host, directory, .htaccess<BR> <A @@ -176,6 +176,10 @@ for <A HREF="../content-negotiation.html">content negotiation</A>, where the server returns one from several documents based on the client's charset preference. </P> + +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="mod_negotiation.html">mod_negotiation</A> </P> @@ -187,7 +191,8 @@ charset preference. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddEncoding <EM>MIME-enc extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> AddEncoding <EM>MIME-enc extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -212,7 +217,9 @@ to any already in force, overriding any mappings that already exist for the same <EM>extension</EM>. Example: -<BLOCKQUOTE><CODE> AddEncoding x-gzip gz<BR> AddEncoding x-compress Z +<BLOCKQUOTE><CODE> +AddEncoding x-gzip .gz<BR> +AddEncoding x-compress .Z </CODE></BLOCKQUOTE> This will cause filenames containing the .gz extension to be marked as @@ -231,6 +238,9 @@ you should always use <CODE>x-gzip</CODE> and <CODE>x-compress</CODE> for these two specific encodings. More recent encodings, such as <CODE>deflate</CODE> should be specified without the <CODE>x-</CODE>. +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="#multipleext">Files with @@ -243,7 +253,8 @@ multiple extensions</A> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddHandler <EM>handler-name extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> AddHandler <EM>handler-name extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -274,13 +285,16 @@ already exist for the same <EM>extension</EM>. For example, to activate CGI scripts with the file extension "<CODE>.cgi</CODE>", you might use: <PRE> - AddHandler cgi-script cgi + AddHandler cgi-script .cgi </PRE> <P>Once that has been put into your srm.conf or httpd.conf file, any file containing the "<CODE>.cgi</CODE>" extension will be treated as a CGI program.</P> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="#multipleext">Files with @@ -293,7 +307,8 @@ multiple extensions</A> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddLanguage <EM>MIME-lang extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> AddLanguage <EM>MIME-lang extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -312,17 +327,19 @@ multiple extensions</A> ><STRONG>Module:</STRONG></A> mod_mime <P> -The AddLanguage directive maps the given filename extension tos the +The AddLanguage directive maps the given filename extension to the specified content language. <EM>MIME-lang</EM> is the MIME language of filenames containing <EM>extension</EM>. This mapping is added to any already in force, overriding any mappings that already exist for the same <EM>extension</EM>. </P> <P> -Example: <BLOCKQUOTE><CODE> -AddEncoding x-compress Z<BR> AddLanguage en .en<BR> AddLanguage fr +Example: +</p> +<BLOCKQUOTE><CODE> +AddEncoding x-compress .Z<BR> AddLanguage en .en<BR> AddLanguage fr .fr<BR> </CODE></BLOCKQUOTE> -</P> + <P> Then the document <CODE>xxxx.en.Z</CODE> will be treated as being a compressed English document (as will the document @@ -347,6 +364,10 @@ case of: documents with the extension "<CODE>.en</CODE>" would be treated as being "<CODE>en-us</CODE>". </P> + +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="#multipleext">Files with multiple extensions</A> @@ -362,7 +383,8 @@ HREF="./mod_negotiation.html">mod_negotiation</A> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddType <EM>MIME-type extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> AddType <EM>MIME-type extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -390,13 +412,16 @@ HREF="#typesconfig">TypesConfig</A></CODE> directive). Example: <BLOCKQUOTE><CODE> -AddType image/gif GIF +AddType image/gif .gif </CODE></BLOCKQUOTE> It is recommended that new MIME types be added using the AddType directive rather than changing the <A HREF="#typesconfig">TypesConfig</A> file.<P> Note that, unlike the NCSA httpd, this directive cannot be used to set the type of particular files.<P> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="#multipleext">Files with @@ -465,7 +490,7 @@ multiple extensions</A> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ForceType <EM>media type</EM><BR> +><STRONG>Syntax:</STRONG></A> ForceType <EM>media-type</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -501,7 +526,8 @@ the media type.</P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RemoveEncoding <i>extension [extension ...]</i><BR> +><STRONG>Syntax:</STRONG></A> RemoveEncoding <em>extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -548,6 +574,9 @@ gzip method, but <code>foo.gz.asc</code> as an unencoded plaintext file. AddEncoding directives, so it is possible they may undo the effects of the latter if both occur within the same directory configuration. </p> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <HR> <H2><A NAME="removehandler">RemoveHandler</A> directive</H2> @@ -555,7 +584,8 @@ of the latter if both occur within the same directory configuration. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RemoveHandler <EM>extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> RemoveHandler <EM>extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -593,6 +623,9 @@ This has the effect of returning <SAMP>.html</SAMP> files in the files, rather than as candidates for parsing (see the <A HREF="mod_include.html"><SAMP>mod_include</SAMP></A> module). </P> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <HR> <H2><A NAME="removetype">RemoveType</A> directive</H2> @@ -600,7 +633,8 @@ files, rather than as candidates for parsing (see the <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RemoveType <i>extension [extension ...]</i><BR> +><STRONG>Syntax:</STRONG></A> RemoveType <em>extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -640,6 +674,9 @@ treated as being of the <a href="core.html#defaulttype">default type</a>. <code>AddType</code> directives, so it is possible they may undo the effects of the latter if both occur within the same directory configuration. </p> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <HR> <H2><A NAME="sethandler">SetHandler</A> directive</H2> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html index cffa5dec462..21472f72a6a 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html @@ -57,12 +57,11 @@ REL="Help" <H2>Directives</H2> - <P> + <UL> <LI><A HREF="#mimemagicfile">MimeMagicFile</A> </LI> </UL> - </P> <h2>Format of the Magic File</h2> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html index a455e829557..ead10fccf86 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html @@ -84,7 +84,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> MMapFile <EM>filename ...</EM> + ><STRONG>Syntax:</STRONG></A> MMapFile <EM>filename</em> + [<em>filename</em>] ... <BR> <A HREF="directive-dict.html#Default" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html b/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html index 7a3b9048bb2..58bdd70649b 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html @@ -184,7 +184,7 @@ since the user's bookmark files will then contain fully qualified hosts.</P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyRequests <EM>on/off</EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyRequests on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -221,7 +221,7 @@ HREF="#proxypass">ProxyPass</A> directive. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyRemote <EM><match> <remote-server></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyRemote <EM>match remote-server</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -248,17 +248,17 @@ HREF="#proxypass">ProxyPass</A> directive. ><STRONG>Compatibility:</STRONG></A> ProxyRemote is only available in Apache 1.1 and later.<P> -This defines remote proxies to this proxy. <match> is either the +This defines remote proxies to this proxy. <em>match</em> is either the name of a URL-scheme that the remote server supports, or a partial URL for which the remote server should be used, or '*' to indicate the -server should be contacted for all requests. <remote-server> is a +server should be contacted for all requests. <em>remote-server</em> is a partial URL for the remote server. Syntax: <PRE> - <remote-server> = <protocol>://<hostname>[:port] + remote-server = protocol://hostname[:port] </PRE> -<protocol> is the protocol that should be used to communicate +<em>protocol</em> is the protocol that should be used to communicate with the remote server; only "http" is supported by this module. <P> Example: @@ -278,7 +278,7 @@ them. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyPass <EM><path> <url></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyPass <EM>path url</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -307,8 +307,8 @@ Apache 1.1 and later.<P> This directive allows remote servers to be mapped into the space of the local server; the local server does not act as a proxy in the conventional sense, -but appears to be a mirror of the remote server. <path> is the name of -a local virtual path; <url> is a partial URL for the remote server. +but appears to be a mirror of the remote server. <em>path</em> is the name of +a local virtual path; <em>url</em> is a partial URL for the remote server. <P> Suppose the local server has address <SAMP>http://wibble.org/</SAMP>; then <PRE> @@ -325,7 +325,7 @@ internally converted into a proxy request to <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyPassReverse <EM><path> <url></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyPassReverse <EM>path url</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -357,8 +357,8 @@ HTTP redirect responses. For instance this is essential when Apache is used as a reverse proxy to avoid by-passing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy. <P> -<path> is the name of a local virtual path.<BR> -<url> is a partial URL for the remote server - the same way they are +<em>path</em> is the name of a local virtual path.<BR> +<em>url</em> is a partial URL for the remote server - the same way they are used for the <TT>ProxyPass</TT> directive. <P> Example:<BR> @@ -390,7 +390,8 @@ conjunction with the proxy pass-through feature ("<SAMP>RewriteRule ... <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AllowCONNECT <EM><port list></EM><BR> +><STRONG>Syntax:</STRONG></A> AllowCONNECT <EM>port</EM> + [<em>port</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -432,7 +433,8 @@ listed ports only. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyBlock <EM><word/host/domain list></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyBlock *|<EM>word|host|domain</EM> + [<em>word|host|domain</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -488,7 +490,7 @@ blocks connections to all sites. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyReceiveBufferSize <EM><bytes></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyReceiveBufferSize <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -533,11 +535,15 @@ Example: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> NoProxy { <A HREF="#domain"><EM><Domain></EM></A> - | <A HREF="#subnet"><EM><SubNet></EM></A> - | <A HREF="#ipaddr"><EM><IpAddr></EM></A> - | <A HREF="#hostname"><EM><Hostname></EM></A> - } <BR> +><STRONG>Syntax:</STRONG></A> NoProxy + <A HREF="#domain"><EM>Domain</EM></A>|<A + HREF="#subnet"><EM>SubNet</EM></A>|<A + HREF="#ipaddr"><EM>IpAddr</EM></A>|<A + HREF="#hostname"><EM>Hostname</EM></A> +[<A HREF="#domain"><EM>Domain</EM></A>|<A + HREF="#subnet"><EM>SubNet</EM></A>|<A + HREF="#ipaddr"><EM>IpAddr</EM></A>|<A + HREF="#hostname"><EM>Hostname</EM></A>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -579,8 +585,7 @@ Example: The arguments to the NoProxy directive are one of the following type list: <DL> <!-- ===================== Domain ======================= --> - <A NAME="domain"> - <DT><EM>Domain</EM></A> + <DT><A NAME="domain"><EM>Domain</EM></A> <DD>A <EM>Domain</EM> is a partially qualified DNS domain name, preceded by a period. It represents a list of hosts which logically belong to the same DNS @@ -599,8 +604,7 @@ The arguments to the NoProxy directive are one of the following type list: lookup, it is much more efficient than subnet comparison. <!-- ===================== SubNet ======================= --> - <A NAME="subnet"> - <DT><EM>SubNet</EM></A> + <DT><A NAME="subnet"><EM>SubNet</EM></A> <DD>A <EM>SubNet</EM> is a partially qualified internet address in numeric (dotted quad) form, optionally followed by a slash and the netmask, specified as the number of significant bits in the @@ -624,8 +628,7 @@ The arguments to the NoProxy directive are one of the following type list: <EM>_Default_</EM>, matching any IP address. <!-- ===================== IPAddr ======================= --> - <A NAME="ipaddr"> - <DT><EM>IPAddr</EM></A> + <DT><A NAME="ipaddr"><EM>IPAddr</EM></A> <DD>A <EM>IPAddr</EM> represents a fully qualified internet address in numeric (dotted quad) form. Usually, this address represents a host, but there need not necessarily be a DNS domain name @@ -637,8 +640,7 @@ The arguments to the NoProxy directive are one of the following type list: <A HREF="../dns-caveats.html">DNS Issues</A></P> <!-- ===================== Hostname ======================= --> - <A NAME="hostname"> - <DT><EM>Hostname</EM></A> + <DT><A NAME="hostname"><EM>Hostname</EM></A> <DD>A <EM>Hostname</EM> is a fully qualified DNS domain name which can be resolved to one or more <A HREF="#ipaddr"><EM>IPAddrs</EM></A> via the DNS domain name service. @@ -670,7 +672,7 @@ The arguments to the NoProxy directive are one of the following type list: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyDomain <EM><Domain></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyDomain <EM>Domain</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -717,11 +719,7 @@ Example: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyVia { <EM>off</EM> - | <EM>on</EM> - | <EM>full</EM> - | <EM>block</EM> - }<BR> +><STRONG>Syntax:</STRONG></A> ProxyVia on|off|full|block<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -769,7 +767,7 @@ additionally have the Apache server version shown as a <SAMP>Via:</SAMP> comment <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheForceCompletion <EM><percentage></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheForceCompletion <EM>percentage</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -810,7 +808,7 @@ was allowed to complete. A number between 60 and 90 is recommended. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheRoot <EM><directory></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheRoot <EM>directory</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -851,7 +849,7 @@ cacheing will be available. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheSize <EM><size></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheSize <EM>kilobytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -890,7 +888,7 @@ use a value which is at least 20 to 40 % lower than the available space. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheGcInterval <EM><time></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheGcInterval <EM>hours</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -917,17 +915,17 @@ use a value which is at least 20 to 40 % lower than the available space. ><STRONG>Compatibility:</STRONG></A> CacheGcinterval is only available in Apache 1.1 and later.<P> -Check the cache every <time> hours, and delete files if the space -usage is greater than that set by CacheSize. Note that <time> accepts a -float value, you could for example use <CODE>CacheGcInterval 1.5</CODE> to -check the cache every 90 minutes. (If unset, no garbage collection will -be performed, and the cache will grow indefinitely.) -Note also that the larger the <CODE>CacheGcInterval</CODE>, the more -extra space beyond the configured <CODE>CacheSize</CODE> will be -needed for the cache between garbage collections.<BR> <!-- -Note that due to a design flaw, Apache does not automatically force a -garbage collection when the available space on the file system where -the cache resides is exhausted. --> +Check the cache after the specified number of <em>hours</em>, and +delete files if the space usage is greater than that set by +CacheSize. Note that <em>hours</em> accepts a float value, you could for +example use <CODE>CacheGcInterval 1.5</CODE> to check the cache every +90 minutes. (If unset, no garbage collection will be performed, and +the cache will grow indefinitely.) Note also that the larger the +<CODE>CacheGcInterval</CODE>, the more extra space beyond the +configured <CODE>CacheSize</CODE> will be needed for the cache between +garbage collections.<BR> <!-- Note that due to a design flaw, Apache +does not automatically force a garbage collection when the available +space on the file system where the cache resides is exhausted. --> <HR> @@ -935,7 +933,7 @@ the cache resides is exhausted. --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheMaxExpire <EM><time></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheMaxExpire <EM>hours</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -962,10 +960,11 @@ the cache resides is exhausted. --> ><STRONG>Compatibility:</STRONG></A> CacheMaxExpire is only available in Apache 1.1 and later.<P> -Cachable HTTP documents will be retained for at most <time> hours without -checking the origin server. Thus documents can be at most <time> -hours out of date. This restriction is enforced even if an expiry date -was supplied with the document. +<p>Specifies the maximum number of <em>hours</em> for which cachable HTTP +documents will be retained without checking the origin server. Thus, +documents will be out of date at most this number of <em>hours</em> +This restriction is enforced even if an expiry date was supplied with +the document.</p> <HR> @@ -973,7 +972,7 @@ was supplied with the document. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheLastModifiedFactor <EM><factor></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheLastModifiedFactor <EM>factor</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1003,10 +1002,10 @@ Apache 1.1 and later.<P> If the origin HTTP server did not supply an expiry date for the document, then estimate one using the formula <PRE> - expiry-period = time-since-last-modification * <factor> + expiry-period = time-since-last-modification * <em>factor</em> </PRE> For example, if the document was last modified 10 hours ago, and -<factor> is 0.1, then the expiry period will be set to 10*0.1 = 1 hour. +<em>factor</em> is 0.1, then the expiry period will be set to 10*0.1 = 1 hour. <P>If the expiry-period would be longer than that set by CacheMaxExpire, then the latter takes precedence. @@ -1017,7 +1016,7 @@ then the latter takes precedence. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheDirLevels <EM><levels></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheDirLevels <EM>levels</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1044,8 +1043,9 @@ then the latter takes precedence. ><STRONG>Compatibility:</STRONG></A> CacheDirLevels is only available in Apache 1.1 and later.<P> -CacheDirLevels sets the number of levels of subdirectories in the cache. -Cached data will be saved this many directory levels below CacheRoot. +CacheDirLevels sets the number of <em>levels</em> of subdirectories in +the cache. Cached data will be saved this many directory levels below +CacheRoot. <HR> @@ -1053,7 +1053,7 @@ Cached data will be saved this many directory levels below CacheRoot. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheDirLength <EM><length></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheDirLength <EM>length</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1088,7 +1088,7 @@ CacheDirLength sets the number of characters in proxy cache subdirectory names. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheDefaultExpire <EM><time></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheDefaultExpire <EM>hours</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1116,7 +1116,7 @@ CacheDirLength sets the number of characters in proxy cache subdirectory names. Apache 1.1 and later.<P> If the document is fetched via a protocol that does not support expiry times, -then use <time> hours as the expiry time. +then use the specified number of <em>hours</em> as the expiry time. <A HREF="#cachemaxexpire">CacheMaxExpire</A> does <STRONG>not</STRONG> override this setting. @@ -1126,7 +1126,8 @@ override this setting. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> NoCache <EM><word/host/domain list></EM><BR> +><STRONG>Syntax:</STRONG></A> NoCache *|<EM>word|host|domain</EM> + [<em>word|host|domain</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html b/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html index fb497be9c46..486511a9833 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html @@ -328,12 +328,12 @@ of the available directives. HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> - <CODE>RewriteEngine</CODE> {<CODE>on,off</CODE>}<BR> + RewriteEngine on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" ><STRONG>Default:</STRONG></A> - <STRONG><CODE>RewriteEngine off</CODE></STRONG><BR> + <CODE>RewriteEngine off</CODE><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -379,7 +379,7 @@ directive for each virtual host in which you wish to use it. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteOptions</CODE> <EM>Option</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteOptions <EM>Option</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -428,7 +428,7 @@ strings can be one of the following: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteLog</CODE> <EM>Filename</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteLog <EM>Filename</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -502,11 +502,11 @@ RewriteLog "/usr/local/var/apache/logs/rewrite.log" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteLogLevel</CODE> <EM>Level</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteLogLevel <EM>Level</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" -><STRONG>Default:</STRONG></A> <STRONG><CODE>RewriteLogLevel 0</CODE></STRONG> +><STRONG>Default:</STRONG></A> <CODE>RewriteLogLevel 0</CODE> <BR> <A HREF="directive-dict.html#Context" @@ -565,7 +565,7 @@ RewriteLogLevel 3 <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteLock</CODE> <EM>Filename</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteLock <EM>Filename</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -606,8 +606,8 @@ other types of rewriting maps. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteMap</CODE> <EM>MapName </EM> - <EM>MapType</EM><CODE>:</CODE><EM>MapSource</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteMap <EM>MapName </EM> + <EM>MapType</EM>:<EM>MapSource</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -850,7 +850,7 @@ external lookup only happens once! <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteBase</CODE> <EM>BaseURL</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteBase <EM>BaseURL</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -981,7 +981,7 @@ sure the design and implementation is correct. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteCond</CODE> <EM>TestString</EM> +><STRONG>Syntax:</STRONG></A> RewriteCond <EM>TestString</EM> <EM>CondPattern</EM><BR> <A HREF="directive-dict.html#Default" @@ -1047,6 +1047,15 @@ the pattern from the last matched <CODE>RewriteCond</CODE> directive in the current bunch of conditions. <P> +<LI><STRONG>RewriteMap expansions</STRONG>: These are expansions of the form + +<BLOCKQUOTE><STRONG> +<CODE>${mapname:key|default}</CODE> +</STRONG></BLOCKQUOTE> + +See <A HREF="#mapfunc">the documentation for RewriteMap</A> for more details. + +<P> <LI><STRONG>Server-Variables</STRONG>: These are variables of the form @@ -1281,6 +1290,9 @@ is a comma-separated list of the following flags: This makes the test case-insensitive, <EM>i.e.</EM>, there is no difference between 'A-Z' and 'a-z' both in the expanded <EM>TestString</EM> and the <EM>CondPattern</EM>. + This flag is effective only for comparisons between + <EM>TestString</EM> and <EM>CondPattern</EM>. It has no + effect on filesystem and subrequest checks. <P> <LI>'<STRONG><CODE>ornext|OR</CODE></STRONG>' (<STRONG>or</STRONG> next condition)<BR> Use this to combine rule conditions with a local OR instead of the @@ -1327,7 +1339,7 @@ use any other browser you get the standard homepage. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteRule</CODE> <EM>Pattern</EM> <EM>Substitution</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteRule <EM>Pattern</EM> <EM>Substitution</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1702,7 +1714,7 @@ external redirect or proxy throughput (if flag <STRONG>P</STRONG> is used!) is f <TR><TD> <STRONG>Note:</STRONG> To enable the rewriting engine for per-directory configuration files you need to set ``<CODE>RewriteEngine On</CODE>'' in these files <STRONG>and</STRONG> -``<CODE>Option FollowSymLinks</CODE>'' must be enabled. If your administrator has +``<CODE>Options FollowSymLinks</CODE>'' must be enabled. If your administrator has disabled override of <CODE>FollowSymLinks</CODE> for a user's directory, then you cannot use the rewriting engine. This restriction is needed for security reasons. diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html index 379ee78ea83..d67f75b6427 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html @@ -49,18 +49,23 @@ REL="Help" <P> The <SAMP>mod_setenvif</SAMP> module allows you to set environment variables according to whether different aspects of the request match - regular expressions you specify. These envariables can be used by + <a href="../misc/FAQ.html#regex">regular expressions</a> + you specify. These environment variables can be used by other parts of the server to make decisions about actions to be taken. </P> <P>The directives are considered in the order they appear in the configuration files. So more complex sequences can be used, such as this example, which sets <CODE>netscape</CODE> if the browser is mozilla but not MSIE. + </P> + <BLOCKQUOTE><PRE> BrowserMatch ^Mozilla netscape BrowserMatch MSIE !netscape </PRE></BLOCKQUOTE> - </P> + + <p>For additional information, we proved a document on + <a href="../env.html">Environment Variables in Apache</a>.</p> <H2>Directives</H2> <UL> @@ -80,7 +85,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> BrowserMatch <EM>regex envar[=value] [...]</EM> + ><STRONG>Syntax:</STRONG></A> BrowserMatch <EM>regex + envar</em>[=<em>value</em>] [<em>envar</em>[=<em>value</em>]] ... <BR> <A HREF="directive-dict.html#Default" @@ -182,8 +188,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> BrowserMatchNoCase <EM>regex envar[=value] - [...]</EM> + ><STRONG>Syntax:</STRONG></A> BrowserMatchNoCase <EM>regex + envar</em>[=<em>value</em>] [<em>envar</em>[=<em>value</em>]] ... <BR> <A HREF="directive-dict.html#Default" @@ -256,8 +262,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> SetEnvIf <EM> attribute regex envar[=value] - [...]</EM> + ><STRONG>Syntax:</STRONG></A> SetEnvIf <EM> attribute regex + envar</em>[=<em>value</em>] [<em>envar</em>[=<em>value</em>]] ... <BR> <A HREF="directive-dict.html#Default" @@ -353,7 +359,7 @@ REL="Help" SetEnvIf object_is_image xbm XBIT_PROCESSING=1 </PRE> <P> - The first three will set the envariable <SAMP>object_is_image</SAMP> if the + The first three will set the environment variable <SAMP>object_is_image</SAMP> if the request was for an image file, and the fourth sets <SAMP>intra_site_referral</SAMP> if the referring page was somewhere on the <SAMP>www.mydomain.com</SAMP> Web site. @@ -368,8 +374,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> SetEnvIfNoCase - <EM> attribute regex envar[=value] [...]</EM> + ><STRONG>Syntax:</STRONG></A> SetEnvIfNoCase <EM> attribute regex + envar</em>[=<em>value</em>] [<em>envar</em>[=<em>value</em>]] ... <BR> <A HREF="directive-dict.html#Default" @@ -417,7 +423,7 @@ REL="Help" SetEnvIfNoCase Host Apache\.Org site=apache </PRE> <P> - This will cause the <SAMP>site</SAMP> envariable to be set to + This will cause the <SAMP>site</SAMP> environment variable to be set to "<SAMP>apache</SAMP>" if the HTTP request header field <SAMP>Host:</SAMP> was included and contained <SAMP>Apache.Org</SAMP>, <SAMP>apache.org</SAMP>, or any other combination. diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html index eb28de1a0f5..b65fcef159b 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html @@ -127,7 +127,8 @@ two modules into a single module for all operating systems. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LoadFile <EM>filename filename ...</EM><BR> +><STRONG>Syntax:</STRONG></A> LoadFile <EM>filename</em> + [<em>filename</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -166,24 +167,29 @@ HREF="core.html#serverroot">ServerRoot</A>.<P><HR> REL="Help" ><STRONG>Module:</STRONG></A> mod_so<P> -The LoadModule directive links in the object file or library <EM>filename</EM> -and adds the module structure named <EM>module</EM> to the list of active -modules. <EM>Module</EM> is the name of the external variable of type -<CODE>module</CODE> in the file. Example (Unix): +The LoadModule directive links in the object file or library +<EM>filename</EM> and adds the module structure named <EM>module</EM> +to the list of active modules. <EM>Module</EM> is the name of the +external variable of type <CODE>module</CODE> in the file, and is +listed as the <a href="module-dict.html#ModuleIdentifier">Module +Identifier</a> in the module documentation. Example (Unix, and for +Windows as of Apache 1.3.15): <BLOCKQUOTE><CODE> LoadModule status_module modules/mod_status.so </CODE></BLOCKQUOTE> -<P> - -Example (Windows): +<P>Example (Windows prior to Apache 1.3.15, and some 3rd party modules): <BLOCKQUOTE><CODE> -LoadModule status_module modules/ApacheModuleStatus.dll<BR> +LoadModule foo_module modules/ApacheModuleFoo.dll<BR> </CODE></BLOCKQUOTE> -loads the named module from the modules subdirectory of the -ServerRoot.<P> +<P><STRONG>Note that all modules bundled with the Apache Win32 binary +distribution were renamed as of Apache version 1.3.15</STRONG>.</P> +<P>Win32 Apache modules are often distributed with the old style names, +or even a name such as libfoo.dll. Whatever the name of the module, +it must be the LoadModule directive requires the exact filename, no +assumption is made about the filename extension.</P> <HR> @@ -196,4 +202,3 @@ ServerRoot.<P> </BODY> </HTML> - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html b/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html index 5caf12b3576..89405645d58 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html @@ -60,6 +60,8 @@ REL="Help" </P> <P> If, after scanning the directory, + </P> + <UL> <LI>no matching document was found, Apache will proceed as usual and return a "document not found" error. @@ -69,7 +71,6 @@ REL="Help" the list of the matches is returned to the client, and the client can select the correct candidate. </UL> - </P> <H2>Directives</H2> @@ -83,7 +84,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> CheckSpelling <EM>on/off</EM><BR> + ><STRONG>Syntax:</STRONG></A> CheckSpelling on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html index 1effbdd2f35..fb39a4440b0 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html @@ -3,7 +3,7 @@ <title>mod_ssl: Title Page</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -174,7 +174,7 @@ if (document.images) { </tr> <tr> <td align="right"> - <font face="Arial,Helvetica">mod_ssl version 2.7</font> + <font face="Arial,Helvetica">mod_ssl version 2.8</font> </td> </tr> </table> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html index c34e6c27f44..391c0668c60 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html @@ -3,7 +3,7 @@ <title>mod_ssl: Compatibility</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -528,12 +528,12 @@ are listed in <a href="#table3">Table 3</a>. <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover.wml index dbae33ef263..812d5823198 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover.wml @@ -17,7 +17,7 @@ </tr> <tr> <td align=right> - <font face="Arial,Helvetica">mod_ssl version 2.7</font> + <font face="Arial,Helvetica">mod_ssl version 2.8</font> </td> </tr> </table> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html index 0777e724ad5..5b6edb6a510 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html @@ -3,7 +3,7 @@ <title>mod_ssl: F.A.Q.</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -322,21 +322,22 @@ author. <a href="#ToC38"><strong>Global IDs or SGC?</strong></a><br> <a href="#ToC39"><strong>Global IDs and Cert Chain?</strong></a><br> <a href="#ToC40"><strong>About SSL Protocol</strong></a><br> - <a href="#ToC41"><strong>Why has the server a higher load?</strong></a><br> - <a href="#ToC42"><strong>Why are connections horribly slow?</strong></a><br> - <a href="#ToC43"><strong>Which ciphers are supported?</strong></a><br> - <a href="#ToC44"><strong>How to use Anonymous-DH ciphers</strong></a><br> - <a href="#ToC45"><strong>Why do I get 'no shared ciphers'?</strong></a><br> - <a href="#ToC46"><strong>HTTPS and name-based vhosts</strong></a><br> - <a href="#ToC47"><strong>The lock icon in Netscape locks very late</strong></a><br> - <a href="#ToC48"><strong>Why do I get I/O errors with MSIE clients?</strong></a><br> - <a href="#ToC49"><strong>Why do I get I/O errors with NS clients?</strong></a><br> - <a href="#ToC50"><strong>About Support</strong></a><br> - <a href="#ToC51"><strong>Resources in case of problems?</strong></a><br> - <a href="#ToC52"><strong>Support in case of problems?</strong></a><br> - <a href="#ToC53"><strong>How to write a problem report?</strong></a><br> - <a href="#ToC54"><strong>I got a core dump, can you help me?</strong></a><br> - <a href="#ToC55"><strong>How to get a backtrace?</strong></a><br> + <a href="#ToC41"><strong>Random SSL errors under heavy load?</strong></a><br> + <a href="#ToC42"><strong>Why has the server a higher load?</strong></a><br> + <a href="#ToC43"><strong>Why are connections horribly slow?</strong></a><br> + <a href="#ToC44"><strong>Which ciphers are supported?</strong></a><br> + <a href="#ToC45"><strong>How to use Anonymous-DH ciphers</strong></a><br> + <a href="#ToC46"><strong>Why do I get 'no shared ciphers'?</strong></a><br> + <a href="#ToC47"><strong>HTTPS and name-based vhosts</strong></a><br> + <a href="#ToC48"><strong>The lock icon in Netscape locks very late</strong></a><br> + <a href="#ToC49"><strong>Why do I get I/O errors with MSIE clients?</strong></a><br> + <a href="#ToC50"><strong>Why do I get I/O errors with NS clients?</strong></a><br> + <a href="#ToC51"><strong>About Support</strong></a><br> + <a href="#ToC52"><strong>Resources in case of problems?</strong></a><br> + <a href="#ToC53"><strong>Support in case of problems?</strong></a><br> + <a href="#ToC54"><strong>How to write a problem report?</strong></a><br> + <a href="#ToC55"><strong>I got a core dump, can you help me?</strong></a><br> + <a href="#ToC56"><strong>How to get a backtrace?</strong></a><br> </font> </td> </tr> @@ -353,7 +354,7 @@ author. <strong id="faq"> What is the history of mod_ssl? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#history"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#history"><b>L</b></a>] <p> The mod_ssl v1 package was initially created in April 1998 by <a href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> via porting <a @@ -380,7 +381,7 @@ What is the history of mod_ssl? What are the functional differences between mod_ssl and Apache-SSL, from where it is originally derived? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#apssl-diff"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>] <p> This neither can be answered in short (there were too many code changes) nor can be answered at all by the author (there would immediately be flame @@ -421,7 +422,7 @@ it is originally derived? What are the major differences between mod_ssl and the commercial alternatives like Raven or Stronghold? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#apssl-diff"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>] <p> In the past (until September 20th, 2000) the major difference was the RSA license which one received (very cheaply in contrast to @@ -470,7 +471,7 @@ the commercial alternatives like Raven or Stronghold? <strong id="faq"> How do I know which mod_ssl version is for which Apache version? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#what-version"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-version"><b>L</b></a>] <p> That's trivial: mod_ssl uses version strings of the syntax <em><mod_ssl-version></em>-<em><apache-version></em>, for @@ -485,7 +486,7 @@ How do I know which mod_ssl version is for which Apache version? <strong id="faq"> Is mod_ssl Year 2000 compliant? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#y2k"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#y2k"><b>L</b></a>] <p> Yes, mod_ssl is Year 2000 compliant. <p> @@ -510,7 +511,7 @@ Is mod_ssl Year 2000 compliant? <strong id="faq"> What about mod_ssl and the Wassenaar Arrangement? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#wassenaar"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#wassenaar"><b>L</b></a>] <p> First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and @@ -569,7 +570,7 @@ What about mod_ssl and the Wassenaar Arrangement? <strong id="faq"> When I access my website the first time via HTTPS I get a core dump? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#core-dbm"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dbm"><b>L</b></a>] <p> There can be a lot of reasons why a core dump can occur, of course. Ranging from buggy third-party modules, over buggy vendor libraries up to @@ -585,7 +586,7 @@ When I access my website the first time via HTTPS I get a core dump? <strong id="faq"> My Apache dumps core when I add both mod_ssl and PHP3? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#core-php3"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-php3"><b>L</b></a>] <p> Make sure you add mod_ssl to the Apache source tree first and then do a fresh configuration and installation of PHP3. For SSL support EAPI patches @@ -598,7 +599,7 @@ My Apache dumps core when I add both mod_ssl and PHP3? <strong id="faq"> When I startup Apache I get errors about undefined symbols like ap_global_ctx? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#dso-sym"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#dso-sym"><b>L</b></a>] <p> This actually means you installed mod_ssl as a DSO, but without rebuilding Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an @@ -611,7 +612,7 @@ When I startup Apache I get errors about undefined symbols like ap_global_ctx? <strong id="faq"> When I startup Apache I get permission errors related to SSLMutex? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#mutex-perm"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mutex-perm"><b>L</b></a>] <p> When you receive entries like ``<code>mod_ssl: Child could not open SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows) @@ -628,7 +629,7 @@ When I startup Apache I get permission errors related to SSLMutex? When I use the MM library and the shared memory cache each process grows 1.5MB according to `top' although I specified 512000 as the cache size? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#mm"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mm"><b>L</b></a>] <p> The additional 1MB are caused by the global shared memory pool EAPI allocates for all modules and which is not used by mod_ssl for @@ -647,7 +648,7 @@ Apache creates files in a directory declared by the internal EAPI_MM_CORE_PATH define. Is there a way to override the path using a configuration directive? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#mmpath"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mmpath"><b>L</b></a>] <p> No, there is not configuration directive, because for technical bootstrapping reasons, a directive not possible at all. Instead @@ -662,7 +663,7 @@ When I fire up the server, mod_ssl stops with the error "Failed to generate temporary 512 bit RSA private key", why? And a "PRNG not seeded" error occurs if I try "make certificate". </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#entropy"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#entropy"><b>L</b></a>] <p> Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide @@ -691,7 +692,7 @@ And a "PRNG not seeded" error occurs if I try "make certificate". <strong id="faq"> Is it possible to provide HTTP and HTTPS with a single server?</strong> </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#https-parallel"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-parallel"><b>L</b></a>] <p> Yes, HTTP and HTTPS use different server ports, so there is no direct conflict between them. Either run two separate server instances (one binds @@ -705,7 +706,7 @@ Is it possible to provide HTTP and HTTPS with a single server?</strong> <strong id="faq"> I know that HTTP is on port 80, but where is HTTPS? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#https-port"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-port"><b>L</b></a>] <p> You can run HTTPS on any port, but the standards specify port 443, which is where any HTTPS compliant browser will look by default. You can force @@ -717,7 +718,7 @@ I know that HTTP is on port 80, but where is HTTPS? <strong id="faq"> How can I speak HTTPS manually for testing purposes? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#https-test"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-test"><b>L</b></a>] <p> While you usually just use <p> @@ -748,7 +749,7 @@ How can I speak HTTPS manually for testing purposes? <strong id="faq"> Why does the connection hang when I connect to my SSL-aware Apache server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#hang"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>] <p> Because you connected with HTTP to the HTTPS port, i.e. you used an URL of the form ``<code>http://</code>'' instead of ``<code>https://</code>''. @@ -764,7 +765,7 @@ Why does the connection hang when I connect to my SSL-aware Apache server? Why do I get ``Connection Refused'' messages when trying to access my freshly installed Apache+mod_ssl server via HTTPS? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#hang"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>] <p> There can be various reasons. Some of the common mistakes is that people start Apache with just ``<tt>apachectl start</tt>'' (or @@ -781,7 +782,7 @@ installed Apache+mod_ssl server via HTTPS? In my CGI programs and SSI scripts the various documented <code>SSL_XXX</code> variables do not exists. Why? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#env-vars"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#env-vars"><b>L</b></a>] <p> Just make sure you have ``<code>SSLOptions +StdEnvVars</code>'' enabled for the context of your CGI/SSI requests. @@ -791,7 +792,7 @@ In my CGI programs and SSI scripts the various documented <strong id="faq"> How can I use relative hyperlinks to switch between HTTP and HTTPS? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#relative-links"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#relative-links"><b>L</b></a>] <p> Usually you have to use fully-qualified hyperlinks because you have to change the URL scheme. But with the help of some URL @@ -817,7 +818,7 @@ How can I use relative hyperlinks to switch between HTTP and HTTPS? <strong id="faq"> What are RSA Private Keys, CSRs and Certificates?</strong> </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#what-is"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-is"><b>L</b></a>] <p> The RSA private key file is a digital file that you can use to decrypt messages sent to you. It has a public component which you distribute (via @@ -837,7 +838,7 @@ What are RSA Private Keys, CSRs and Certificates?</strong> <strong id="faq"> Seems like there is a difference on startup between the original Apache and an SSL-aware Apache? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#startup"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#startup"><b>L</b></a>] <p> Yes, in general, starting Apache with a built-in mod_ssl is just like starting an unencumbered Apache, except for the fact that when you have a @@ -855,7 +856,7 @@ Seems like there is a difference on startup between the original Apache and an S <strong id="faq"> How can I create a dummy SSL server Certificate for testing purposes? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cert-dummy"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy"><b>L</b></a>] <p> A Certificate does not have to be signed by a public CA. You can use your private key to sign the Certificate which contains your public key. You @@ -880,7 +881,7 @@ How can I create a dummy SSL server Certificate for testing purposes? Ok, I've got my server installed and want to create a real SSL server Certificate for it. How do I do it? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cert-real"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real"><b>L</b></a>] <p> Here is a step-by-step description: <p> @@ -977,7 +978,7 @@ server Certificate for it. How do I do it? <strong id="faq"> How can I create and use my own Certificate Authority (CA)? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cert-ownca"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-ownca"><b>L</b></a>] <p> The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code> script provided by OpenSSL. The long and manual answer is this: @@ -1029,7 +1030,7 @@ How can I create and use my own Certificate Authority (CA)? <strong id="faq"> How can I change the pass-phrase on my private key file? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#change-passphrase"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#change-passphrase"><b>L</b></a>] <p> You simply have to read it with the old pass-phrase and write it again by specifying the new pass-phrase. You can accomplish this with the following @@ -1047,7 +1048,7 @@ How can I change the pass-phrase on my private key file? <strong id="faq"> How can I get rid of the pass-phrase dialog at Apache startup time? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#remove-passphrase"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#remove-passphrase"><b>L</b></a>] <p> The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your server.key file is stored in @@ -1084,7 +1085,7 @@ How can I get rid of the pass-phrase dialog at Apache startup time? <strong id="faq"> How do I verify that a private key matches its Certificate? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#verify-key"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verify-key"><b>L</b></a>] <p> The private key contains a series of numbers. Two of those numbers form the "public key", the others are part of your "private key". The "public @@ -1117,7 +1118,7 @@ How do I verify that a private key matches its Certificate? What does it mean when my connections fail with an "alert bad certificate" error? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#keysize1"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize1"><b>L</b></a>] <p> Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate</tt>'' in the SSL @@ -1130,7 +1131,7 @@ error? <strong id="faq"> Why does my 2048-bit private key not work? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#keysize2"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize2"><b>L</b></a>] <p> The private key sizes for SSL must be either 512 or 1024 for compatibility with certain web browsers. A keysize of 1024 bits is recommended because @@ -1144,7 +1145,7 @@ Why does my 2048-bit private key not work? Why is client authentication broken after upgrading from SSLeay version 0.8 to 0.9? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#hash-symlinks"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hash-symlinks"><b>L</b></a>] <p> The CA certificates under the path you configured with <code>SSLCACertificatePath</code> are found by SSLeay through hash @@ -1159,7 +1160,7 @@ SSLeay version 0.8 to 0.9? <strong id="faq"> How can I convert a certificate from PEM to DER format? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#pem-to-der"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#pem-to-der"><b>L</b></a>] <p> The default certificate format for SSLeay/OpenSSL is PEM, which actually is Base64 encoded DER with header and footer lines. For some applications @@ -1174,7 +1175,7 @@ How can I convert a certificate from PEM to DER format? I try to install a Verisign certificate. Why can't I find neither the <code>getca</code> nor <code>getverisign</code> programs Verisign mentions? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#verisign-getca"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verisign-getca"><b>L</b></a>] <p> This is because Verisign has never provided specific instructions for Apache+mod_ssl. Rather they tell you what you should do @@ -1194,7 +1195,7 @@ I try to install a Verisign certificate. Why can't I find neither the Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global ID) also with mod_ssl? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#gid"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>] <p> Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have to configure anything special for this, just use a Global ID as your @@ -1208,7 +1209,7 @@ ID) also with mod_ssl? After I have installed my new Verisign Global ID server certificate, the browsers complain that they cannot verify the server certificate? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#gid"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>] <p> That is because Verisign uses an intermediate CA certificate between the root CA certificate (which is installed in the browsers) and @@ -1225,36 +1226,49 @@ browsers complain that they cannot verify the server certificate? <ul> <p> <li><a name="ToC41"></a> + <a name="random-errors"></a> + <strong id="faq"> +Why do I get lots of random SSL protocol errors under heavy server load? +</strong> + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random-errors"><b>L</b></a>] + <p> + There can be a number of reasons for this, but the main one + is problems with the SSL session Cache specified by the + <tt>SSLSessionCache</tt> directive. The DBM session cache is most + likely the source of the problem, so trying the SHM session cache or + no cache at all may help. +<p> +<li><a name="ToC42"></a> <a name="load"></a> <strong id="faq"> Why has my webserver a higher load now that I run SSL there? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#load"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#load"><b>L</b></a>] <p> Because SSL uses strong cryptographic encryption and this needs a lot of number crunching. And because when you request a webpage via HTTPS even the images are transfered encrypted. So, when you have a lot of HTTPS traffic the load increases. <p> -<li><a name="ToC42"></a> +<li><a name="ToC43"></a> <a name="random"></a> <strong id="faq"> Often HTTPS connections to my server require up to 30 seconds for establishing the connection, although sometimes it works faster? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#random"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random"><b>L</b></a>] <p> Usually this is caused by using a <code>/dev/random</code> device for <code>SSLRandomSeed</code> which is blocking in read(2) calls if not enough entropy is available. Read more about this problem in the refernce chapter under <code>SSLRandomSeed</code>. <p> -<li><a name="ToC43"></a> +<li><a name="ToC44"></a> <a name="ciphers"></a> <strong id="faq"> What SSL Ciphers are supported by mod_ssl? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#ciphers"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#ciphers"><b>L</b></a>] <p> Usually just all SSL ciphers which are supported by the version of OpenSSL in use (can depend on the way you built @@ -1275,13 +1289,13 @@ What SSL Ciphers are supported by mod_ssl? <p> <code><strong>$ openssl ciphers -v</strong></code><br> <p> -<li><a name="ToC44"></a> +<li><a name="ToC45"></a> <a name="cipher-adh"></a> <strong id="faq"> I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no shared cipher'' errors? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cipher-adh"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-adh"><b>L</b></a>] <p> In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough to just put ``<code>ADH</code>'' into your <code>SSLCipherSuite</code>. @@ -1290,13 +1304,13 @@ shared cipher'' errors? allow ADH ciphers for security reasons. So if you are actually enabling these ciphers make sure you are informed about the side-effects. <p> -<li><a name="ToC45"></a> +<li><a name="ToC46"></a> <a name="cipher-shared"></a> <strong id="faq"> I always just get a 'no shared ciphers' error if I try to connect to my freshly installed server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cipher-shared"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-shared"><b>L</b></a>] <p> Either you have messed up your <code>SSLCipherSuite</code> directive (compare it with the pre-configured example in @@ -1310,12 +1324,12 @@ I try to connect to my freshly installed server? this, regenerate your server certificate/key pair and this time choose the RSA algorithm. <p> -<li><a name="ToC46"></a> +<li><a name="ToC47"></a> <a name="vhosts"></a> <strong id="faq"> Why can't I use SSL with name-based/non-IP-based virtual hosts? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#vhosts"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts"><b>L</b></a>] <p> The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer @@ -1329,14 +1343,14 @@ Why can't I use SSL with name-based/non-IP-based virtual hosts? handshake is finished. But the information is already needed at the SSL handshake phase. Bingo! <p> -<li><a name="ToC47"></a> +<li><a name="ToC48"></a> <a name="lock-icon"></a> <strong id="faq"> When I use Basic Authentication over HTTPS the lock icon in Netscape browsers still show the unlocked state when the dialog pops up. Does this mean the username/password is still transmitted unencrypted? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#lock-icon"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#lock-icon"><b>L</b></a>] <p> No, the username/password is already transmitted encrypted. The icon in Netscape browsers is just not really synchronized with the SSL/TLS layer @@ -1348,13 +1362,13 @@ username/password is still transmitted unencrypted? handshake phase and switched to encrypted communication. So, don't get confused by this icon. <p> -<li><a name="ToC48"></a> +<li><a name="ToC49"></a> <a name="io-ie"></a> <strong id="faq"> When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet Explorer (MSIE) I get various I/O errors. What is the reason? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#io-ie"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie"><b>L</b></a>] <p> The first reason is that the SSL implementation in some MSIE versions has some subtle bugs related to the HTTP keep-alive facility and the SSL close @@ -1401,15 +1415,21 @@ Explorer (MSIE) I get various I/O errors. What is the reason? Cryptography (SGC) facility. This can only be avoided by using the fully qualified domain name (FQDN) of the website in hyperlinks instead, because MSIE 5.x has an error in the way it handles the SGC negotiation. + <p> + And finally there are versions of MSIE which seem to require that + an SSL session can be reused (a totally non standard-conforming + behaviour, of course). Connection with those MSIE versions only work + if a SSL session cache is used. So, as a work-around, make sure you + are using a session cache (see <tt>SSLSessionCache</tt> directive). <p> -<li><a name="ToC49"></a> +<li><a name="ToC50"></a> <a name="io-ns"></a> <strong id="faq"> When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I get I/O errors and the message "Netscape has encountered bad data from the server" What's the reason? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#io-ns"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ns"><b>L</b></a>] <p> The problem usually is that you had created a new server certificate with the same DN, but you had told your browser to accept forever the old @@ -1420,29 +1440,29 @@ server" What's the reason? </ul> <p> <br> -<h2><a name="ToC50">About Support</a></h2> +<h2><a name="ToC51">About Support</a></h2> <ul> <p> -<li><a name="ToC51"></a> +<li><a name="ToC52"></a> <a name="resources"></a> <strong id="faq"> What information resources are available in case of mod_ssl problems? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#resources"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#resources"><b>L</b></a>] <p> The following information resources are available. In case of problems you should search here first. <p> <ol> <li><em>Answers in the User Manual's F.A.Q. List (this)</em><br> - <a href="http://www.modssl.org/docs/2.7/ssl_faq.html"> - http://www.modssl.org/docs/2.7/ssl_faq.html</a><br> + <a href="http://www.modssl.org/docs/2.8/ssl_faq.html"> + http://www.modssl.org/docs/2.8/ssl_faq.html</a><br> First look inside the F.A.Q. (this text), perhaps your problem is such popular that it was already answered a lot of times in the past. <p> <li><em>Postings from the modssl-users Support Mailing List</em> - <a href="http://www.modssl.org/news/list.html"> - http://www.modssl.org/news/list.html</a><br> + <a href="http://www.modssl.org/support/"> + http://www.modssl.org/support/</a><br> Second search for your problem in one of the existing archives of the modssl-users mailing list. Perhaps your problem popped up at least once for another user, too. @@ -1454,12 +1474,12 @@ In case of problems you should search here first. someone else already has reported the problem. </ol> <p> -<li><a name="ToC52"></a> +<li><a name="ToC53"></a> <a name="contact"></a> <strong id="faq"> What support contacts are available in case of mod_ssl problems? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#contact"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#contact"><b>L</b></a>] <p> The following lists all support possibilities for mod_ssl, in order of preference, i.e. start in this order and do not pick the support possibility @@ -1490,13 +1510,13 @@ you just like most, please. usually not processed as fast as a posting on modssl-users. </ol> <p> -<li><a name="ToC53"></a> +<li><a name="ToC54"></a> <a name="report-details"></a> <strong id="faq"> What information and details I've to provide to the author when writing a bug report? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#report-details"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-details"><b>L</b></a>] <p> You have to at least always provide the following information: <p> @@ -1530,12 +1550,12 @@ You have to at least always provide the following information: course. </ul> <p> -<li><a name="ToC54"></a> +<li><a name="ToC55"></a> <a name="core-dumped"></a> <strong id="faq"> I got a core dump, can you help me? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#core-dumped"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dumped"><b>L</b></a>] <p> In general no, at least not unless you provide more details about the code location where Apache dumped core. What is usually always required in @@ -1543,12 +1563,12 @@ I got a core dump, can you help me? information it is mostly impossible to find the problem and help you in fixing it. <p> -<li><a name="ToC55"></a> +<li><a name="ToC56"></a> <a name="report-backtrace"></a> <strong id="faq"> Ok, I got a core dump but how do I get a backtrace to find out the reason for it? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#report-backtrace"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-backtrace"><b>L</b></a>] <p> Follow the following steps: <p> @@ -1600,12 +1620,12 @@ Follow the following steps: <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml index 5683974ecb3..e3d169317d2 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml @@ -69,7 +69,7 @@ author. <a name="<get-var ref>"></a> <strong id="faq">%body</strong>\ - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#<get-var ref>"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#<get-var ref>"><b>L</b></a>] <p> <restore toc> <restore ref> @@ -922,6 +922,16 @@ browsers complain that they cannot verify the server certificate? <ul> +<faq ref="random-errors" toc="Random SSL errors under heavy load?"> +Why do I get lots of random SSL protocol errors under heavy server load? +</faq> + + There can be a number of reasons for this, but the main one + is problems with the SSL session Cache specified by the + <tt>SSLSessionCache</tt> directive. The DBM session cache is most + likely the source of the problem, so trying the SHM session cache or + no cache at all may help. + <faq ref="load" toc="Why has the server a higher load?"> Why has my webserver a higher load now that I run SSL there? </faq> @@ -1087,6 +1097,13 @@ Explorer (MSIE) I get various I/O errors. What is the reason? qualified domain name (FQDN) of the website in hyperlinks instead, because MSIE 5.x has an error in the way it handles the SGC negotiation. + <p> + And finally there are versions of MSIE which seem to require that + an SSL session can be reused (a totally non standard-conforming + behaviour, of course). Connection with those MSIE versions only work + if a SSL session cache is used. So, as a work-around, make sure you + are using a session cache (see <tt>SSLSessionCache</tt> directive). + <faq ref="io-ns" toc="Why do I get I/O errors with NS clients?"> When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I get I/O errors and the message "Netscape has encountered bad data from the @@ -1118,14 +1135,14 @@ In case of problems you should search here first. <p> <ol> <li><em>Answers in the User Manual's F.A.Q. List (this)</em><br> - <a href="http://www.modssl.org/docs/2.7/ssl_faq.html"> - http://www.modssl.org/docs/2.7/ssl_faq.html</a><br> + <a href="http://www.modssl.org/docs/2.8/ssl_faq.html"> + http://www.modssl.org/docs/2.8/ssl_faq.html</a><br> First look inside the F.A.Q. (this text), perhaps your problem is such popular that it was already answered a lot of times in the past. <p> <li><em>Postings from the modssl-users Support Mailing List</em> - <a href="http://www.modssl.org/news/list.html"> - http://www.modssl.org/news/list.html</a><br> + <a href="http://www.modssl.org/support/"> + http://www.modssl.org/support/</a><br> Second search for your problem in one of the existing archives of the modssl-users mailing list. Perhaps your problem popped up at least once for another user, too. diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html index f3a6618c72d..6c50706867f 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html @@ -3,7 +3,7 @@ <title>mod_ssl: Glossary</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -390,12 +390,12 @@ Richard Nixon <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html index 31178f3d593..01ff7a99ac1 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html @@ -3,7 +3,7 @@ <title>mod_ssl: HowTo</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -303,7 +303,7 @@ coherences. <strong id="howto"> How can I create a real SSLv2-only server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#cipher-sslv2"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sslv2"><b>L</b></a>] <p> The following creates an SSL server which speaks only the SSLv2 protocol and its ciphers. @@ -352,7 +352,7 @@ SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP <strong id="howto"> How can I create an SSL server which accepts strong encryption only? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#cipher-strong"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-strong"><b>L</b></a>] <p> The following enables only the seven strongest ciphers: <p> @@ -401,7 +401,7 @@ SSLCipherSuite HIGH:MEDIUM How can I create an SSL server which accepts strong encryption only, but allows export browsers to upgrade to stronger encryption? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#cipher-sgc"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sgc"><b>L</b></a>] <p> This facility is called Server Gated Cryptography (SGC) and details you can find in the <code>README.GlobalID</code> document in the mod_ssl distribution. @@ -465,7 +465,7 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 How can I create an SSL server which accepts all types of ciphers in general, but requires a strong ciphers for access to a particular URL? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#cipher-perdir"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-perdir"><b>L</b></a>] <p> Obviously you cannot just use a server-wide <code>SSLCipherSuite</code> which restricts the ciphers to the strong variants. But mod_ssl allows you to @@ -525,7 +525,7 @@ SSLCipherSuite HIGH:MEDIUM How can I authenticate clients based on certificates when I know all my clients? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#auth-simple"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-simple"><b>L</b></a>] <p> When you know your user community (i.e. a closed user group situation), as it's the case for instance in an Intranet, you can use plain certificate @@ -581,7 +581,7 @@ SSLCACertificateFile conf/ssl.crt/ca.crt How can I authenticate my clients for a particular URL based on certificates but still allow arbitrary clients to access the remaining parts of the server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#auth-selective"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-selective"><b>L</b></a>] <p> For this we again use the per-directory reconfiguration feature of mod_ssl: <p> @@ -635,7 +635,7 @@ How can I authenticate only particular clients for a some URLs based on certificates but still allow arbitrary clients to access the remaining parts of the server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#auth-particular"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular"><b>L</b></a>] <p> The key is to check for various ingredients of the client certficate. Usually this means to check the whole or part of the Distinguished Name (DN) of the @@ -797,7 +797,7 @@ certificates for access to a subarea on the Intranet website for clients coming from the Internet but still allow plain HTTP access for clients on the Intranet? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#auth-intranet"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-intranet"><b>L</b></a>] <p> Let us assume the Intranet can be distinguished through the IP network 192.160.1.0/24 and the subarea on the Intranet website has the URL @@ -828,11 +828,13 @@ host (so it applies to both HTTPS and HTTP): <td> <pre> +SSLCACertificateFile conf/ssl.crt/company-ca.crt + <Directory /usr/local/apache/htdocs> # Outside the subarea only Intranet access is granted Order deny,allow Deny from all -Allow 192.160.1.0/24 +Allow from 192.168.1.0/24 </Directory> <Directory /usr/local/apache/htdocs/subarea> @@ -844,7 +846,6 @@ Allow 192.160.1.0/24 # Additionally allow client certs as alternative to basic auth. SSLVerifyClient optional SSLVerifyDepth 1 -SSLCACertificateFile conf/ssl.crt/company-ca.crt SSLOptions +FakeBasicAuth +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 @@ -860,7 +861,7 @@ Satisfy any # Network Access Control Order deny,allow Deny from all -Allow 192.160.1.0/24 +Allow 192.168.1.0/24 # HTTP Basic Authentication AuthType basic @@ -905,12 +906,12 @@ Require valid-user <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml index 7bb3932b6bf..7ce00b04d06 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml @@ -63,7 +63,7 @@ coherences. <a name="<get-var ref>"></a> <strong id="howto">%body</strong>\ - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#<get-var ref>"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#<get-var ref>"><b>L</b></a>] <p> <restore toc> <restore ref> @@ -278,11 +278,13 @@ host (so it applies to both HTTPS and HTTP): <p> <config> +SSLCACertificateFile conf/ssl.crt/company-ca.crt + <Directory /usr/local/apache/htdocs> \# Outside the subarea only Intranet access is granted Order deny,allow Deny from all -Allow 192.160.1.0/24 +Allow from 192.168.1.0/24 </Directory> <Directory /usr/local/apache/htdocs/subarea> @@ -294,7 +296,6 @@ Allow 192.160.1.0/24 \# Additionally allow client certs as alternative to basic auth. SSLVerifyClient optional SSLVerifyDepth 1 -SSLCACertificateFile conf/ssl.crt/company-ca.crt SSLOptions +FakeBasicAuth +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 @@ -310,7 +311,7 @@ Satisfy any \# Network Access Control Order deny,allow Deny from all -Allow 192.160.1.0/24 +Allow 192.168.1.0/24 \# HTTP Basic Authentication AuthType basic diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html index 4db11be91ec..fae805f07a4 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html @@ -3,7 +3,7 @@ <title>mod_ssl: Introduction</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -737,7 +737,7 @@ choices, including the choice to perform no encryption: <ul> <li>RC2 with 40 bit key <li>DES with 40 bit key - <li>DES with 54 bit key + <li>DES with 56 bit key <li>Triple-DES with 168 bit key <li>Idea (128 bit key) <li>Fortezza (96 bit key) @@ -896,12 +896,12 @@ is what mod_ssl provides to you for the Apache webserver... <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.wml index 8c2d46ddb2c..2d943826a6e 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.wml @@ -505,7 +505,7 @@ choices, including the choice to perform no encryption: <ul> <li>RC2 with 40 bit key <li>DES with 40 bit key - <li>DES with 54 bit key + <li>DES with 56 bit key <li>Triple-DES with 168 bit key <li>Idea (128 bit key) <li>Fortezza (96 bit key) diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html index 5cf96253ee1..be48d6c77fd 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html @@ -3,7 +3,7 @@ <title>mod_ssl: Preface</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -453,12 +453,12 @@ Not all platform support this. <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html index 4bb6375deff..f7ecb633ffe 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html @@ -3,7 +3,7 @@ <title>mod_ssl: Reference</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -1107,8 +1107,8 @@ specify the preference and order for the ciphers (see <a href="#table1">Table <tr id="H"><td><code>SSLv3</code></td> <td>all SSL version 3.0 ciphers</td> </tr> <tr id="D"><td><code>TLSv1</code></td> <td>all TLS version 1.0 ciphers</td> </tr> <tr id="H"><td><code>EXP</code></td> <td>all export ciphers</td> </tr> -<tr id="D"><td><code>EXP40</code></td> <td>all 40-bit export ciphers only</td> </tr> -<tr id="H"><td><code>EXP56</code></td> <td>all 56-bit export ciphers only</td> </tr> +<tr id="D"><td><code>EXPORT40</code></td> <td>all 40-bit export ciphers only</td> </tr> +<tr id="H"><td><code>EXPORT56</code></td> <td>all 56-bit export ciphers only</td> </tr> <tr id="D"><td><code>LOW</code></td> <td>all low strength ciphers (no export, single DES)</td></tr> <tr id="H"><td><code>MEDIUM</code></td> <td>all ciphers with 128 bit encryption</td> </tr> <tr id="D"><td><code>HIGH</code></td> <td>all ciphers using Triple-DES</td> </tr> @@ -2516,12 +2516,12 @@ CustomLog logs/ssl_request_log \ <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.wml index a1be5bbb4c2..db6ad65f532 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.wml @@ -618,8 +618,8 @@ specify the preference and order for the ciphers (see <a href="#table1">Table <tr id=H><td><code>SSLv3</code></td> <td>all SSL version 3.0 ciphers</td> </tr> <tr id=D><td><code>TLSv1</code></td> <td>all TLS version 1.0 ciphers</td> </tr> <tr id=H><td><code>EXP</code></td> <td>all export ciphers</td> </tr> -<tr id=D><td><code>EXP40</code></td> <td>all 40-bit export ciphers only</td> </tr> -<tr id=H><td><code>EXP56</code></td> <td>all 56-bit export ciphers only</td> </tr> +<tr id=D><td><code>EXPORT40</code></td> <td>all 40-bit export ciphers only</td> </tr> +<tr id=H><td><code>EXPORT56</code></td> <td>all 56-bit export ciphers only</td> </tr> <tr id=D><td><code>LOW</code></td> <td>all low strength ciphers (no export, single DES)</td></tr> <tr id=H><td><code>MEDIUM</code></td> <td>all ciphers with 128 bit encryption</td> </tr> <tr id=D><td><code>HIGH</code></td> <td>all ciphers using Triple-DES</td> </tr> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc index d1a656cb250..f799d40dc4c 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc @@ -1,6 +1,6 @@ ## ## ssl_template.inc -- mod_ssl User Manual: The Heart -## Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved. +## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. ## #use wml::std::page @@ -16,7 +16,7 @@ <head>\ <protect> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -232,13 +232,13 @@ H4 { <tr> <td align=left>\ <font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align=right>\ <font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_status.html b/usr.sbin/httpd/htdocs/manual/mod/mod_status.html index 8cf0ae1a550..da68288f114 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_status.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_status.html @@ -132,7 +132,7 @@ directory of Apache, <CODE>log_server_status</CODE>. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ExtendedStatus <EM>On|Off</EM><BR> +><STRONG>Syntax:</STRONG></A> ExtendedStatus On|Off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html b/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html index ebe8f19044c..42727528ba2 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html @@ -52,7 +52,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> UserDir <EM>directory/filename</EM><BR> +><STRONG>Syntax:</STRONG></A> UserDir <EM>directory-filename</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -79,7 +79,7 @@ list of usernames, is only available in Apache 1.3 and above.<P> The UserDir directive sets the real directory in a user's home directory to use when a request for a document for a user is received. -<EM>Directory/filename</EM> is one of the following: +<EM>Directory-filename</EM> is one of the following: </P> <UL> <LI>The name of a directory or a pattern such as those shown below. @@ -105,18 +105,24 @@ keywords appear in the <SAMP>Userdir</SAMP> directive, the argument is treated as a filename pattern, and is used to turn the name into a directory specification. A request for <CODE>http://www.foo.com/~bob/one/two.html</CODE> will be translated to: +</P> + <PRE> UserDir public_html -> ~bob/public_html/one/two.html UserDir /usr/web -> /usr/web/bob/one/two.html UserDir /home/*/www -> /home/bob/www/one/two.html </PRE> + +<p> The following directives will send redirects to the client: +</p> + <PRE> UserDir http://www.foo.com/users -> http://www.foo.com/users/bob/one/two.html UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html </PRE> -</P> + <BLOCKQUOTE> <STRONG> Be careful when using this directive; for instance, diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html b/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html index d0c2056951e..44563d06aae 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html @@ -199,7 +199,7 @@ include A-Z, a-z, 0-9, "_", and "-". <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CookieTracking <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> CookieTracking on|off<BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html b/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html index b402b6f8bca..b63c8aa261b 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html @@ -78,6 +78,8 @@ directive for details on how this is determined) or the IP address of the virtual host on the server in dotted-quad format. The interpolation is controlled by specifiers inspired by <CODE>printf</CODE> which have a number of formats: +</P> + <DL> <DT><CODE>%%</CODE> <DD>insert a <CODE>%</CODE> @@ -86,7 +88,6 @@ interpolation is controlled by specifiers inspired by <DT><CODE>%N.M</CODE> <DD>insert (part of) the name </DL> -</P> <P> <CODE>N</CODE> and <CODE>M</CODE> are used to specify substrings of @@ -113,6 +114,8 @@ to zero if it isn't present; the dot must be present if and only if <DT><CODE>1+</CODE> and <CODE>-1+</CODE> <DD>the same as <CODE>0</CODE> </DL> + +<p> If <CODE>N</CODE> or <CODE>M</CODE> is greater than the number of parts available a single underscore is interpolated. </P> @@ -122,10 +125,13 @@ parts available a single underscore is interpolated. <P> For simple name-based virtual hosts you might use the following directives in your server configuration file: +</p> <PRE> UseCanonicalName Off VirtualDocumentRoot /usr/local/apache/vhosts/%0 </PRE> + +<p> A request for <CODE>http://www.example.com/directory/file.html</CODE> will be satisfied by the file <CODE>/usr/local/apache/vhosts/www.example.com/directory/file.html</CODE>. @@ -153,7 +159,8 @@ Alternatively you might use: <PRE> VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2.4+ </PRE> -The example request would come from + +<p>The example request would come from <CODE>/usr/local/apache/vhosts/isp.com/e/x/a/mple/directory/file.html</CODE>. </P> @@ -165,6 +172,8 @@ configuration file: VirtualDocumentRootIP /usr/local/apache/vhosts/%1/%2/%3/%4/docs VirtualScriptAliasIP /usr/local/apache/vhosts/%1/%2/%3/%4/cgi-bin </PRE> + +<p> A request for <CODE>http://www.example.isp.com/directory/file.html</CODE> would be satisfied by the file <CODE>/usr/local/apache/vhosts/10/20/30/40/docs/directory/file.html</CODE> if @@ -182,6 +191,8 @@ following way: <PRE> VirtualDocumentRoot /usr/local/apache/vhosts/%2.0.%3.0 </PRE> + +<p> A request for <CODE>http://www.example.isp.com/directory/file.html</CODE> will be satisfied by the file <CODE>/usr/local/apache/vhosts/example.isp/directory/file.html</CODE>. @@ -229,7 +240,7 @@ name. The result of expanding <EM>interpolated-directory</EM> is used as the root of the document tree in a similar manner to the <A HREF="core.html#documentroot"><CODE>DocumentRoot</CODE></A> directive's argument. If <EM>interpolated-directory</EM> is -<CODE>none</CODE> then <CODE>VirtaulDocumentRoot</CODE> is turned off. +<CODE>none</CODE> then <CODE>VirtualDocumentRoot</CODE> is turned off. This directive cannot be used in the same context as <A HREF="#virtualdocumentrootip"><CODE>VirtualDocumentRootIP</CODE></A>. </P> diff --git a/usr.sbin/httpd/htdocs/manual/new_features_1_0.html b/usr.sbin/httpd/htdocs/manual/new_features_1_0.html index daec48f3faf..c2fb44d0b4b 100644 --- a/usr.sbin/httpd/htdocs/manual/new_features_1_0.html +++ b/usr.sbin/httpd/htdocs/manual/new_features_1_0.html @@ -67,7 +67,7 @@ minimal forking. <P> -<LI> <A HREF="vhosts/index.html"><VirtualHost> (the configuration +<LI> <A HREF="vhosts/"><VirtualHost> (the configuration directive for multiple-homed servers)</A> is more general now. Just about any srm.conf or httpd.conf command can go in a <Virtualhost> section, with the diff --git a/usr.sbin/httpd/htdocs/manual/new_features_1_1.html b/usr.sbin/httpd/htdocs/manual/new_features_1_1.html index 557be0f2f8d..fca67542f91 100644 --- a/usr.sbin/httpd/htdocs/manual/new_features_1_1.html +++ b/usr.sbin/httpd/htdocs/manual/new_features_1_1.html @@ -53,7 +53,7 @@ supported by a number of current HTTP servers and browsers (including Netscape Navigator 2.0) has been shown to increase speed of document transfer by up to 50% in certain cases. -<LI><STRONG><A HREF="vhosts/index.html">New non-IP Intensive VirtualHost +<LI><STRONG><A HREF="vhosts/">New non-IP Intensive-VirtualHost Support</A></STRONG><BR> Apache's support for virtual hosts has been enhanced to be able to use information sent by some new Web browsers to determine the server diff --git a/usr.sbin/httpd/htdocs/manual/programs/apachectl.html b/usr.sbin/httpd/htdocs/manual/programs/apachectl.html new file mode 100644 index 00000000000..42ce09a5aaf --- /dev/null +++ b/usr.sbin/httpd/htdocs/manual/programs/apachectl.html @@ -0,0 +1,112 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<html> +<head> + <title>Manual Page: apachectl - Apache HTTP Server</title> +</head> + + <!-- Background white, links blue (unvisited), navy (visited), red (active) --> + <body + bgcolor="#ffffff" + text="#000000" + link="#0000ff" + vlink="#000080" + alink="#ff0000" + > + <DIV ALIGN="CENTER"> + <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> + <H3> + Apache HTTP Server Version 1.3 + </H3> +</DIV> + + + + <h1 align="center">Manual Page: apachectl</h1> + +<!-- This document was autogenerated from the man page --> +<pre> +<strong>NAME</strong> + apachectl - Apache HTTP server control interface + +<strong>SYNOPSIS</strong> + <strong>apachectl </strong><em>command </em>[...] + +<strong>DESCRIPTION</strong> + <strong>apachectl </strong>is a front end to the Apache HyperText Transfer + Protocol (HTTP) server. It is designed to help the adminis- + trator control the functioning of the Apache <strong>httpd </strong>daemon. + + <strong>NOTE: </strong>If your Apache installation uses non-standard paths, + you will need to edit the <strong>apachectl </strong>script to set the + appropriate paths to your PID file and your <strong>httpd </strong>binary. + See the comments in the script for details. + + The <strong>apachectl </strong>script returns a 0 exit value on success, and + >0 if an error occurs. For more details, view the comments + in the script. + + Full documentation for Apache is available at + <strong>http://www.apache.org/</strong> + +<strong>OPTIONS</strong> + The <em>command </em>can be any one or more of the following options: + + <strong>start </strong>Start the Apache daemon. Gives an error if it + is already running. + + <strong>stop </strong>Stops the Apache daemon. + + <strong>restart </strong>Restarts the Apache daemon by sending it a + SIGHUP. If the daemon is not running, it is + started. This command automatically checks the + configuration files via <strong>configtest </strong>before ini- + tiating the restart to make sure Apache doesn't + die. + + <strong>fullstatus </strong>Displays a full status report from <strong>mod_status.</strong> + For this to work, you need to have mod_status + enabled on your server and a text-based browser + such as <em>lynx </em>available on your system. The URL + used to access the status report can be set by + editing the <strong>STATUSURL </strong>variable in the script. + + <strong>status </strong>Displays a brief status report. Similar to the + fullstatus option, except that the list of + requests currently being served is omitted. + + <strong>graceful </strong>Gracefully restarts the Apache daemon by sending + it a SIGUSR1. If the daemon is not running, it + is started. This differs from a normal restart + in that currently open connections are not + aborted. A side effect is that old log files + will not be closed immediately. This means that + if used in a log rotation script, a substantial + delay may be necessary to ensure that the old + log files are closed before processing them. + This command automatically checks the configura- + tion files via <strong>configtest </strong>before initiating the + restart to make sure Apache doesn't die. + + <strong>configtest </strong>Run a configuration file syntax test. It parses + the configuration files and either reports <strong>Syn-</strong> + <strong>tax Ok </strong>or detailed information about the partic- + ular syntax error. + + <strong>help </strong>Displays a short help message. + +<strong>SEE ALSO</strong> + <strong>httpd(8)</strong> + +</pre> + + +<HR> + +<H3 ALIGN="CENTER"> + Apache HTTP Server Version 1.3 +</H3> + +<A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> +<A HREF="../"><IMG SRC="../images/home.gif" ALT="Home"></A> + +</body></html> diff --git a/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html b/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html new file mode 100644 index 00000000000..9f816b68601 --- /dev/null +++ b/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html @@ -0,0 +1,192 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<html> +<head> + <title>Manual Page: htpasswd - Apache HTTP Server</title> +</head> + + <!-- Background white, links blue (unvisited), navy (visited), red (active) --> + <body + bgcolor="#ffffff" + text="#000000" + link="#0000ff" + vlink="#000080" + alink="#ff0000" + > + <DIV ALIGN="CENTER"> + <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> + <H3> + Apache HTTP Server Version 1.3 + </H3> +</DIV> + + + + <h1 align="center">Manual Page: htpasswd</h1> + +<!-- This document was autogenerated from the man page --> +<pre> +<strong>NAME</strong> + htpasswd - Create and update user authentication files + +<strong>SYNOPSIS</strong> + <strong>htpasswd </strong>[ -<strong>c </strong>] [ -<strong>m </strong>| -<strong>d </strong>| -<strong>s </strong>| -<strong>p </strong>] <em>passwdfile username</em> + <strong>htpasswd </strong>-<strong>b </strong>[ -<strong>c </strong>] [ -<strong>m </strong>| -<strong>d </strong>| -<strong>s </strong>| -<strong>p </strong>] <em>passwdfile username</em> + <em>password</em> + <strong>htpasswd </strong>-<strong>n </strong>[ -<strong>m </strong>| -<strong>d </strong>| -<strong>s </strong>| -<strong>p </strong>] <em>username</em> + <strong>htpasswd </strong>-<strong>nb </strong>[ -<strong>m </strong>| -<strong>d </strong>| -<strong>s </strong>| -<strong>p </strong>] <em>username password</em> + +<strong>DESCRIPTION</strong> + <strong>htpasswd </strong>is used to create and update the flat-files used to + store usernames and password for basic authentication of + HTTP users. If <strong>htpasswd </strong>cannot access a file, such as not + being able to write to the output file or not being able to + read the file in order to update it, it returns an error + status and makes no changes. + + Resources available from the <strong>httpd </strong>Apache web server can be + restricted to just the users listed in the files created by + <strong>htpasswd. </strong>This program can only manage usernames and pass- + words stored in a flat-file. It can encrypt and display + password information for use in other types of data stores, + though. To use a DBM database see <strong>dbmmanage</strong>. + + <strong>htpasswd </strong>encrypts passwords using either a version of MD5 + modified for Apache, or the system's <em>crypt</em>() routine. Files + managed by <strong>htpasswd </strong>may contain both types of passwords; + some user records may have MD5-encrypted passwords while + others in the same file may have passwords encrypted with + <em>crypt</em>(). + + This manual page only lists the command line arguments. For + details of the directives necessary to configure user + authentication in <strong>httpd </strong>see the Apache manual, which is part + of the Apache distribution or can be found at + <URL:http://www.apache.org/>. + +<strong>OPTIONS</strong> + -b Use batch mode; <em>i</em>.<em>e</em>., get the password from the command + line rather than prompting for it. <strong>This option should</strong> + <strong>be used with extreme care, since the password is</strong> + <strong>clearly visible on the command line.</strong> + + -c Create the <em>passwdfile</em>. If <em>passwdfile </em>already exists, it + is rewritten and truncated. This option cannot be com- + bined with the <strong>-n </strong>option. + + -n Display the results on standard output rather than + updating a file. This is useful for generating pass- + word records acceptable to Apache for inclusion in + non-text data stores. This option changes the syntax + of the command line, since the <em>passwdfile </em>argument + (usually the first one) is omitted. It cannot be com- + bined with the <strong>-c </strong>option. + + -m Use Apache's modified MD5 algorithm for passwords. + Passwords encrypted with this algorithm are transport- + able to any platform (Windows, Unix, BeOS, et cetera) + running Apache 1.3.9 or later. On Windows and TPF, + this flag is the default. + + -d Use crypt() encryption for passwords. The default on + all platforms but Windows and TPF. Though possibly sup- + ported by <strong>htpasswd </strong>on all platforms, it is not sup- + ported by the <strong>httpd </strong>server on Windows and TPF. + + -s Use SHA encryption for passwords. Faciliates migration + from/to Netscape servers using the LDAP Directory + Interchange Format (ldif). + + -p Use plaintext passwords. Though <strong>htpasswd </strong>will support + creation on all platforms, the <strong>httpd </strong>deamon will only + accept plain text passwords on Windows and TPF. + + <em>passwdfile</em> + Name of the file to contain the user name and password. + If -c is given, this file is created if it does not + already exist, or rewritten and truncated if it does + exist. + + <em>username</em> + The username to create or update in <strong>passwdfile</strong>. If + <em>username </em>does not exist in this file, an entry is + added. If it does exist, the password is changed. + + <em>password</em> + The plaintext password to be encrypted and stored in + the file. Only used with the -<em>b </em>flag. + +<strong>EXIT STATUS</strong> + <strong>htpasswd </strong>returns a zero status ("true") if the username and + password have been successfully added or updated in the + <em>passwdfile</em>. <strong>htpasswd </strong>returns 1 if it encounters some prob- + lem accessing files, 2 if there was a syntax problem with + the command line, 3 if the password was entered interac- + tively and the verification entry didn't match, 4 if its + operation was interrupted, 5 if a value is too long (user- + name, filename, password, or final computed record), and 6 + if the username contains illegal characters (see the <strong>RES-</strong> + <strong>TRICTIONS </strong>section). + +<strong>EXAMPLES</strong> + <strong>htpasswd /usr/local/etc/apache/.htpasswd-users jsmith</strong> + + Adds or modifies the password for user <em>jsmith</em>. The user + is prompted for the password. If executed on a Windows + system, the password will be encrypted using the modi- + fied Apache MD5 algorithm; otherwise, the system's + <em>crypt</em>() routine will be used. If the file does not + exist, <strong>htpasswd </strong>will do nothing except return an error. + + <strong>htpasswd -c /home/doe/public_html/.htpasswd jane</strong> + + Creates a new file and stores a record in it for user + <em>jane</em>. The user is prompted for the password. If the + file exists and cannot be read, or cannot be written, + it is not altered and <strong>htpasswd </strong>will display a message + and return an error status. + + <strong>htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve</strong> + + Encrypts the password from the command line (<em>Pwd4Steve</em>) + using the MD5 algorithm, and stores it in the specified + file. + +<strong>SECURITY CONSIDERATIONS</strong> + Web password files such as those managed by <strong>htpasswd </strong>should + <strong>not </strong>be within the Web server's URI space -- that is, they + should not be fetchable with a browser. + + The use of the -<em>b </em>option is discouraged, since when it is + used the unencrypted password appears on the command line. + +<strong>RESTRICTIONS</strong> + On the Windows and MPE platforms, passwords encrypted with + <strong>htpasswd </strong>are limited to no more than 255 characters in + length. Longer passwords will be truncated to 255 charac- + ters. + + The MD5 algorithm used by <strong>htpasswd </strong>is specific to the Apache + software; passwords encrypted using it will not be usable + with other Web servers. + + Usernames are limited to 255 bytes and may not include the + character ':'. + +<strong>SEE ALSO</strong> + <strong>httpd(8) </strong>and the scripts in support/SHA1 which come with the + distribution. + +</pre> + + +<HR> + +<H3 ALIGN="CENTER"> + Apache HTTP Server Version 1.3 +</H3> + +<A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> +<A HREF="../"><IMG SRC="../images/home.gif" ALT="Home"></A> + +</body> +</html> diff --git a/usr.sbin/httpd/htdocs/manual/programs/httpd.html b/usr.sbin/httpd/htdocs/manual/programs/httpd.html new file mode 100644 index 00000000000..8fa0a7c5336 --- /dev/null +++ b/usr.sbin/httpd/htdocs/manual/programs/httpd.html @@ -0,0 +1,147 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<html> +<head> + <title>Manual Page: httpd - Apache HTTP Server</title> +</head> + + <!-- Background white, links blue (unvisited), navy (visited), red (active) --> + <body + bgcolor="#ffffff" + text="#000000" + link="#0000ff" + vlink="#000080" + alink="#ff0000" + > + <DIV ALIGN="CENTER"> + <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> + <H3> + Apache HTTP Server Version 1.3 + </H3> +</DIV> + + + + <h1 align="center">Manual Page: httpd</h1> + +<!-- This document was autogenerated from the man page --> +<pre> +<strong>NAME</strong> + httpd - Apache hypertext transfer protocol server + +<strong>SYNOPSIS</strong> + <strong>httpd </strong>[ -<strong>X </strong>] [ -<strong>R </strong><em>libexecdir </em>] [ -<strong>d </strong><em>serverroot </em>] [ -<strong>f </strong><em>config</em> + ] [ -<strong>C </strong><em>directive </em>] [ -<strong>c </strong><em>directive </em>] [ -<strong>D </strong><em>parameter </em>] + + <strong>httpd </strong>[ -<strong>h </strong>] [ -<strong>l </strong>] [ -<strong>L </strong>] [ -<strong>v </strong>] [ -<strong>V </strong>] [ -<strong>S </strong>] [ -<strong>t </strong>] [ -<strong>T</strong> + ] + +<strong>DESCRIPTION</strong> + <strong>httpd </strong>is the Apache HyperText Transfer Protocol (HTTP) + server program. It is designed to be run as a standalone + daemon process. When used like this it will create a pool of + child processes to handle requests. To stop it, send a TERM + signal to the initial (parent) process. The PID of this pro- + cess is written to a file as given in the configuration + file. Alternatively <strong>httpd </strong>may be invoked by the Internet + daemon inetd(8) each time a connection to the HTTP service + is made. + + This manual page only lists the command line arguments. For + details of the directives necessary to configure <strong>httpd </strong>see + the Apache manual, which is part of the Apache distribution + or can be found at http://www.apache.org/. Paths in this + manual may not reflect those compiled into <strong>httpd.</strong> + +<strong>OPTIONS</strong> + -<strong>R </strong><em>libexecdir</em> + This option is only available if Apache was + built with the <em>SHARED</em>_<em>CORE </em>rule enabled which + forces the Apache core code to be placed into a + dynamic shared object (DSO) file. This file is + searched in a hardcoded path under ServerRoot + per default. Use this option if you want to + override it. + + -<strong>d </strong><em>serverroot</em> + Set the initial value for the ServerRoot direc- + tive to <em>serverroot</em>. This can be overridden by + the ServerRoot command in the configuration + file. The default is <strong>/usr/local/apache</strong>. + + -<strong>f </strong><em>config </em>Execute the commands in the file <em>config </em>on + startup. If <em>config </em>does not begin with a /, then + it is taken to be a path relative to the Server- + Root. The default is <strong>conf/httpd.conf</strong>. + + -<strong>C </strong><em>directive</em> + Process the configuration <em>directive </em>before read- + ing config files. + + -<strong>c </strong><em>directive</em> + Process the configuration <em>directive </em>after read- + ing config files. + + -<strong>D </strong><em>parameter</em> + Sets a configuration <em>parameter </em>which can be used + with <IfDefine>...</IfDefine> sections in the + configuration files to conditionally skip or + process commands. + + -<strong>h </strong>Output a short summary of available command line + options. + + -<strong>l </strong>Output a list of modules compiled into the + server. + + -<strong>L </strong>Output a list of directives together with + expected arguments and places where the direc- + tive is valid. + + -<strong>S </strong>Show the settings as parsed from the config file + (currently only shows the virtualhost settings). + + -<strong>t </strong>Run syntax tests for configuration files only. + The program immediately exits after these syntax + parsing with either a return code of 0 (Syntax + OK) or return code not equal to 0 (Syntax + Error). + + -<strong>T </strong>Same as option -<strong>t </strong>but does not check the config- + ured document roots. + + -<strong>X </strong>Run in single-process mode, for internal debug- + ging purposes only; the daemon does not detach + from the terminal or fork any children. Do NOT + use this mode to provide ordinary web service. + + -<strong>v </strong>Print the version of <strong>httpd </strong>, and then exit. + + -<strong>V </strong>Print the version and build parameters of <strong>httpd</strong> + , and then exit. + +<strong>FILES</strong> + <strong>/usr/local/apache/conf/httpd.conf</strong> + <strong>/usr/local/apache/conf/srm.conf</strong> + <strong>/usr/local/apache/conf/access.conf</strong> + <strong>/usr/local/apache/conf/mime.types</strong> + <strong>/usr/local/apache/conf/magic</strong> + <strong>/usr/local/apache/logs/error_log</strong> + <strong>/usr/local/apache/logs/access_log</strong> + <strong>/usr/local/apache/logs/httpd.pid</strong> + +<strong>SEE ALSO</strong> + <strong>inetd</strong>(8). + +</pre> + + +<HR> + +<H3 ALIGN="CENTER"> + Apache HTTP Server Version 1.3 +</H3> + +<A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> +<A HREF="../"><IMG SRC="../images/home.gif" ALT="Home"></A> + +</body></html> diff --git a/usr.sbin/httpd/htdocs/manual/programs/index.html b/usr.sbin/httpd/htdocs/manual/programs/index.html new file mode 100644 index 00000000000..3a5dd34d3a9 --- /dev/null +++ b/usr.sbin/httpd/htdocs/manual/programs/index.html @@ -0,0 +1,77 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<html> + <head> + <title>Apache HTTP Server and Supporting Programs</title> + </head> + + <!-- Background white, links blue (unvisited), navy (visited), red (active) --> + <body + bgcolor="#ffffff" + text="#000000" + link="#0000ff" + vlink="#000080" + alink="#ff0000" + > + <DIV ALIGN="CENTER"> + <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> + <H3> + Apache HTTP Server Version 1.3 + </H3> +</DIV> + + + + <h1 align="center">Server and Supporting Programs</h1> + +<p>This page documents all the executable programs included with the +Apache HTTP Server.</p> + +<dl> + + <dt><a href="httpd.html">httpd</a></dt> + <dd>Apache hypertext transfer protocol server</dd> + + <dt><a href="apachectl.html">apachectl</a></dt> + <dd>Apache HTTP server control interface</dd> + + <dt><a href="ab.html">ab</a></dt> + <dd>Apache HTTP server benchmarking tool</dd> + + <dt><a href="apxs.html">apxs</a></dt> + <dd>APache eXtenSion tool</dd> + + <dt><a href="dbmmanage.html">dbmmanage</a></dt> + <dd>Create and update user authentication files in DBM format for basic + authentication</dd> + + <dt><a href="htdigest.html">htdigest</a></dt> + <dd>Create and update user authentication files for digest authentication</dd> + + <dt><a href="htpasswd.html">htpasswd</a></dt> + <dd>Create and update user authentication files for basic authentication</dd> + + <dt><a href="logresolve.html">logresolve</a></dt> + <dd>Resolve hostnames for IP-addresses in Apache logfiles</dd> + + <dt><a href="rotatelogs.html">rotatelogs</a></dt> + <dd>Rotate Apache logs without having to kill the server</dd> + + <dt><a href="suexec.html">suexec</a></dt> + <dd>Switch User For Exec</dd> + + <dt><a href="other.html">Other Programs</a></dt> + +</dl> + + + <HR> + +<H3 ALIGN="CENTER"> + Apache HTTP Server Version 1.3 +</H3> + +<A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> +<A HREF="../"><IMG SRC="../images/home.gif" ALT="Home"></A> + + </body> +</html> diff --git a/usr.sbin/httpd/htdocs/manual/programs/suexec.html b/usr.sbin/httpd/htdocs/manual/programs/suexec.html new file mode 100644 index 00000000000..b33e048ed07 --- /dev/null +++ b/usr.sbin/httpd/htdocs/manual/programs/suexec.html @@ -0,0 +1,58 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<html> +<head> + <title>Manual Page: suexec - Apache HTTP Server</title> +</head> + + <!-- Background white, links blue (unvisited), navy (visited), red (active) --> + <body + bgcolor="#ffffff" + text="#000000" + link="#0000ff" + vlink="#000080" + alink="#ff0000" + > + <DIV ALIGN="CENTER"> + <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> + <H3> + Apache HTTP Server Version 1.3 + </H3> +</DIV> + + + + <h1 align="center">Manual Page: suexec</h1> + +<!-- This document was autogenerated from the man page --> +<pre> +<strong>NAME</strong> + suexec - Switch User For Exec + +<strong>SYNOPSIS</strong> + No synopsis for usage, because this program is used inter- + nally by Apache only. + +<strong>DESCRIPTION</strong> + <strong>suexec </strong>is the "wrapper" support program for the suEXEC + behaviour for Apache. It is run from within Apache automat- + ically to switch the user when an external program has to be + run under a different user. For more information about + suEXEC see the document `Apache suEXEC Support' under + http://www.apache.org/docs/suexec.html . + +<strong>SEE ALSO</strong> + <strong>httpd(8)</strong> + +</pre> + +<HR> + +<H3 ALIGN="CENTER"> + Apache HTTP Server Version 1.3 +</H3> + +<A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> +<A HREF="../"><IMG SRC="../images/home.gif" ALT="Home"></A> + +</body> +</html> diff --git a/usr.sbin/httpd/htdocs/manual/search/manual-index.cgi b/usr.sbin/httpd/htdocs/manual/search/manual-index.cgi index 033529937fd..6a3aa67f703 100644 --- a/usr.sbin/httpd/htdocs/manual/search/manual-index.cgi +++ b/usr.sbin/httpd/htdocs/manual/search/manual-index.cgi @@ -1,6 +1,6 @@ #!/usr/local/bin/perl5 -w # ==================================================================== -# Copyright (c) 1995-1997 The Apache Group. All rights reserved. +# Copyright (c) 1995-2000 The Apache Group. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions @@ -17,7 +17,7 @@ # 3. All advertising materials mentioning features or use of this # software must display the following acknowledgment: # "This product includes software developed by the Apache Group -# for use in the Apache HTTP server project (http://www.apache.org/)." +# for use in the Apache HTTP server project (http://httpd.apache.org/)." # # 4. The names "Apache Server" and "Apache Group" must not be used to # endorse or promote products derived from this software without @@ -26,7 +26,7 @@ # 5. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by the Apache Group -# for use in the Apache HTTP server project (http://www.apache.org/)." +# for use in the Apache HTTP server project (http://httpd.apache.org/)." # # THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE diff --git a/usr.sbin/httpd/htdocs/manual/sections.html b/usr.sbin/httpd/htdocs/manual/sections.html index 2cafef83a53..74f7c845321 100644 --- a/usr.sbin/httpd/htdocs/manual/sections.html +++ b/usr.sbin/httpd/htdocs/manual/sections.html @@ -18,9 +18,10 @@ </H3> </DIV> + <H1 ALIGN="CENTER">How Directory, Location and Files sections work</H1> -The sections <A +<p>The sections <A HREF="mod/core.html#directory"><CODE><Directory></CODE></A>, <A HREF="mod/core.html#location"><CODE><Location></CODE></A> and <A HREF="mod/core.html#files"><CODE><Files></CODE></A> can contain @@ -29,31 +30,31 @@ respectively. Also htaccess files can be used inside a directory to apply directives to that directory. This document explains how these different sections differ and how they relate to each other when Apache decides which directives apply for a particular directory or -request URL. +request URL.</p> <H2>Directives allowed in the sections</H2> -Everything that is syntactically allowed in +<p>Everything that is syntactically allowed in <CODE><Directory></CODE> is also allowed in <CODE><Location></CODE> (except a sub-<CODE><Files></CODE> -section). Semantically however some things, and the most -notable are <CODE>AllowOverride</CODE> and the two options +section). Semantically, however some things, most +notably <CODE>AllowOverride</CODE> and the two options <CODE>FollowSymLinks</CODE> and <CODE>SymLinksIfOwnerMatch</CODE>, make no sense in <CODE><Location></CODE>, <CODE><LocationMatch></CODE> or <CODE><DirectoryMatch></CODE>. The same for <CODE><Files></CODE> -- syntactically everything -is fine, but semantically some things are different. +is fine, but semantically some things are different.</p> <H2>How the sections are merged</H2> -The order of merging is: +<p>The order of merging is:</p> <OL> <LI> <CODE><Directory></CODE> (except regular expressions) and - .htaccess done simultaneously (with .htaccess overriding + .htaccess done simultaneously (with .htaccess, if allowed, overriding <CODE><Directory></CODE>) </LI> @@ -74,7 +75,7 @@ The order of merging is: </OL> -Apart from <CODE><Directory></CODE>, each group is processed in +<p>Apart from <CODE><Directory></CODE>, each group is processed in the order that they appear in the configuration files. <CODE><Directory></CODE> (group 1 above) is processed in the order shortest directory component to longest. If multiple @@ -83,22 +84,20 @@ they they are processed in the configuration file order. The configuration files are read in the order httpd.conf, srm.conf and access.conf. Configurations included via the <CODE>Include</CODE> directive will be treated as if they were inside the including file -at the location of the <CODE>Include</CODE> directive. - -<P> +at the location of the <CODE>Include</CODE> directive.</p> -Sections inside <CODE><VirtualHost></CODE> sections are applied +<p>Sections inside <CODE><VirtualHost></CODE> sections are applied <EM>after</EM> the corresponding sections outside the virtual host definition. This allows virtual hosts to override the main server configuration. (Note: this only works correctly from 1.2.2 and 1.3a2 onwards. Before those releases sections inside virtual hosts were -applied <EM>before</EM> the main server). +applied <EM>before</EM> the main server).</p> -<H2>Notes about using sections</H2> +<p>Later sections override earlier ones.</p> -The general guidelines are: +<H2>Notes about using sections</H2> -<P> +<p>The general guidelines are:</p> <UL> <LI> @@ -113,7 +112,7 @@ The general guidelines are: </LI> </UL> -But a notable exception is: +<p>But a notable exception is:</p> <UL> <LI> @@ -125,18 +124,16 @@ But a notable exception is: </LI> </UL> -<P> -Note about .htaccess parsing: -</P> +<p>Note about .htaccess parsing:</p> + <UL> <LI> Modifying .htaccess parsing during Location doesn't do anything because .htaccess parsing has already occurred. </UL> -<P> -<CODE><Location></CODE> and symbolic links: -</P> +<p><CODE><Location></CODE> and symbolic links:</p> + <UL> <LI> It is not possible to use "<CODE>Options FollowSymLinks</CODE>" @@ -148,18 +145,15 @@ Note about .htaccess parsing: <CODE><Directory></CODE> section (or a <CODE>.htaccess</CODE> file). </UL> -<P> -<CODE><Files></CODE> and <CODE>Options</CODE>: -</P> +<p><CODE><Files></CODE> and <CODE>Options</CODE>:</p> + <UL> <LI> Apache won't check for it, but using an <CODE>Options</CODE> directive inside a <CODE><Files></CODE> section has no effect. </UL> -<P> -Another note: -</P> +<p>Another note:</p> <UL> <LI> @@ -179,4 +173,5 @@ Another note: <A HREF="./"><IMG SRC="images/index.gif" ALT="Index"></A> -</BODY></HTML> +</BODY> +</HTML> diff --git a/usr.sbin/httpd/htdocs/manual/stopping.html b/usr.sbin/httpd/htdocs/manual/stopping.html index e96789178a5..f752e194ee9 100644 --- a/usr.sbin/httpd/htdocs/manual/stopping.html +++ b/usr.sbin/httpd/htdocs/manual/stopping.html @@ -48,10 +48,10 @@ Modify those examples to match your <A HREF="mod/core.html#serverroot">ServerRoot</A> and <A HREF="mod/core.html#pidfile">PidFile</A> settings. -<P>As of Apache 1.3 we provide a script <CODE>src/support/apachectl</CODE> -which can be used to start, stop, and restart Apache. It may need a -little customization for your system, see the comments at the top of -the script. +<P>As of Apache 1.3 we provide a script called <a +href="programs/apachectl.html">apachectl</a> which can be used to +start, stop, and restart Apache. It may need a little customization +for your system, see the comments at the top of the script. <H3>TERM Signal: stop now</H3> diff --git a/usr.sbin/httpd/htdocs/manual/suexec.html b/usr.sbin/httpd/htdocs/manual/suexec.html index decb3e3a5fe..03695ff6598 100644 --- a/usr.sbin/httpd/htdocs/manual/suexec.html +++ b/usr.sbin/httpd/htdocs/manual/suexec.html @@ -21,7 +21,6 @@ <H1 ALIGN="CENTER">Apache suEXEC Support</H1> -<P ALIGN="LEFT"> <OL> <LI><BIG><STRONG>CONTENTS</STRONG></BIG></LI> <LI><A HREF="#what">What is suEXEC?</A></LI> @@ -34,7 +33,6 @@ <LI><A HREF="#jabberwock">Beware the Jabberwock: Warnings & Examples</A></LI> </OL> -</P> <H3><A NAME="what">What is suEXEC?</A></H3> <P ALIGN="LEFT"> @@ -131,6 +129,8 @@ user and group IDs under which the program is to execute. The wrapper then employs the following process to determine success or failure -- if any one of these conditions fail, the program logs the failure and exits with an error, otherwise it will continue: +</P> + <OL> <LI><STRONG>Was the wrapper called with the proper number of arguments?</STRONG> @@ -275,7 +275,6 @@ and exits with an error, otherwise it will continue: </BLOCKQUOTE> </LI> </OL> -</P> <P ALIGN="LEFT"> This is the standard operation of the the suEXEC wrapper's security model. @@ -309,6 +308,8 @@ for Apache 1.3 with the AutoConf-style interface (APACI). <P ALIGN="LEFT"> <STRONG>APACI's suEXEC configuration options</STRONG><BR> +</P> + <DL> <DT><CODE>--enable-suexec</CODE> <DD>This option enables the suEXEC feature which is never installed or @@ -364,7 +365,6 @@ for Apache 1.3 with the AutoConf-style interface (APACI). <DD>Define a safe PATH environment to pass to CGI executables. Default value is "/usr/local/bin:/usr/bin:/bin". </DL> -</P> <P ALIGN="LEFT"> <STRONG>Checking your suEXEC setup</STRONG><BR> @@ -372,6 +372,8 @@ Before you compile and install the suEXEC wrapper you can check the configuration with the --layout option. <BR> Example output: +</P> + <PRE> suEXEC setup: suexec binary: /usr/local/apache/sbin/suexec @@ -383,7 +385,6 @@ Example output: minimum user ID: 100 minimum group ID: 100 </PRE> -</P> <P ALIGN="LEFT"> <STRONG>Compiling and installing the suEXEC wrapper</STRONG><BR> @@ -412,9 +413,13 @@ Upon startup of Apache, it looks for the file "suexec" in the "sbin" directory (default is "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured suEXEC wrapper, it will print the following message to the error log: +</P> + <PRE> [notice] suEXEC mechanism enabled (wrapper: <EM>/path/to/suexec</EM>) </PRE> + +<p> If you don't see this message at server startup, the server is most likely not finding the wrapper program where it expects it, or the executable is not installed <EM>setuid root</EM>. @@ -425,7 +430,7 @@ Restarting it with a simple HUP or USR1 signal will not be enough. <BR> If you want to disable suEXEC you should kill and restart Apache after you have removed the "suexec" file. -</P> +</p> <P ALIGN="CENTER"> <STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG> diff --git a/usr.sbin/httpd/htdocs/manual/suexec_1_2.html b/usr.sbin/httpd/htdocs/manual/suexec_1_2.html index 61a8bedf3ea..f6becef04b6 100644 --- a/usr.sbin/httpd/htdocs/manual/suexec_1_2.html +++ b/usr.sbin/httpd/htdocs/manual/suexec_1_2.html @@ -42,6 +42,8 @@ match your local Apache installation. <P ALIGN="LEFT"> <EM>From support/suexec.h</EM> +</P> + <PRE> /* * HTTPD_USER -- Define as the username under which Apache normally @@ -105,7 +107,6 @@ match your local Apache installation. */ #define SAFE_PATH "/usr/local/bin:/usr/bin:/bin" </PRE> -</P> <P ALIGN="LEFT"> <STRONG>COMPILING THE SUEXEC WRAPPER</STRONG><BR> @@ -123,13 +124,14 @@ location. <P ALIGN="LEFT"> <EM>From src/include/httpd.h</EM> +</P> + <PRE> /* The path to the suExec wrapper, can be overridden in Configuration */ #ifndef SUEXEC_BIN #define SUEXEC_BIN HTTPD_ROOT "/sbin/suexec" #endif </PRE> -</P> <P ALIGN="LEFT"> If your installation requires location of the wrapper program in a different @@ -172,6 +174,8 @@ executable, you must kill and restart the Apache server. A simple Upon startup of the web-server, if Apache finds a properly configured <STRONG>suexec</STRONG> wrapper, it will print the following message to the console (Apache 1.2): +</P> + <PRE> Configuring Apache for use with suexec wrapper. </PRE> @@ -180,7 +184,7 @@ error log: <PRE> [notice] suEXEC mechanism enabled (wrapper: <EM>/path/to/suexec</EM>) </PRE> -</P> + <P ALIGN="LEFT"> If you don't see this message at server startup, the server is most likely not finding the wrapper program where it expects it, or the diff --git a/usr.sbin/httpd/htdocs/manual/upgrading_to_1_3.html b/usr.sbin/httpd/htdocs/manual/upgrading_to_1_3.html index 5c4b00dc6e3..9ea0bb98fe7 100644 --- a/usr.sbin/httpd/htdocs/manual/upgrading_to_1_3.html +++ b/usr.sbin/httpd/htdocs/manual/upgrading_to_1_3.html @@ -107,17 +107,17 @@ document, or in the <CODE>src/CHANGES</CODE> file. in <SAMP>.htaccess</SAMP> or server configuration files if they contain blank characters (like spaces). For example, if you use an <SAMP>AuthName</SAMP> directive like this: - <P> + <PRE> AuthName This and That </PRE> - </P> + you will need to change it to - <P> + <PRE> AuthName "This and That" </PRE> - </P> + This change was made for consistency in the config language. <LI><STRONG>As of Apache 1.3.1, methods listed in <SAMP><Limit></SAMP> directives must be uppercase.</STRONG> Method names, such as @@ -152,7 +152,7 @@ document, or in the <CODE>src/CHANGES</CODE> file. Previously this support was given implicitly on the "main server address". Now it has to be explicitly listed so as to avoid many problems that users had. - Please see the <A HREF="vhosts/index.html">Apache Virtual Host + Please see the <A HREF="vhosts/">Apache Virtual Host documentation</A> for further details on configuration. <LI>The precedence of virtual hosts has been reversed (applies mainly to diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/examples.html b/usr.sbin/httpd/htdocs/manual/vhosts/examples.html index 37b7d4e686c..23551270da5 100644 --- a/usr.sbin/httpd/htdocs/manual/vhosts/examples.html +++ b/usr.sbin/httpd/htdocs/manual/vhosts/examples.html @@ -201,6 +201,44 @@ Now requests from both networks will be served from the same <CODE>VirtualHost</CODE> +<LI><STRONG>Setup 4:</STRONG> + You have multiple domains going to the same IP and also want + to serve multiple ports. By defining the + ports in the "NameVirtualHost" tag, you can allow this to + work. If you try using <VirtualHost name:port> without the + NameVirtualHost name:port or you try to use the Port + directive, your configuration will not work. + <P> + + <STRONG>Server configuration:</STRONG> + + <BLOCKQUOTE><PRE> + ... + NameVirtualHost 111.22.33.44:80 + NameVirtualHost 111.22.33.44:8080 + + <VirtualHost 111.22.33.44:80> + ServerName www.domain.tld + DocumentRoot /www/domain-80 + </VirtualHost> + + <VirtualHost 111.22.33.44:8080> + ServerName www.domain.tld + DocumentRoot /www/domain-8080 + </VirtualHost> + + <VirtualHost 111.22.33.44:80> + ServerName www.otherdomain.tld + DocumentRoot /www/otherdomain-80 + </VirtualHost> + + <VirtualHost 111.22.33.44:8080> + ServerName www.otherdomain.tld + DocumentRoot /www/otherdomain-8080 + </VirtualHost> + + </PRE></BLOCKQUOTE> + </UL> <HR> @@ -593,7 +631,6 @@ </UL> -<LI><STRONG>Setup:</STRONG> <HR> <H3 ALIGN="CENTER"> diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html b/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html index 21f44c48dde..2cf98746f58 100644 --- a/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html +++ b/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html @@ -39,12 +39,12 @@ and APNIC).</P> what name it is being addressed as. Apache 1.1 and later support this approach as well as the old IP-address-per-hostname method.</P> -<P>The benefits of using the name-based virtual hosts is a -practically unlimited number of servers, ease of configuration and use, and -requires no additional hardware or software. -The main disadvantage is that the client must support this part of the -protocol. Almost all browsers do, but there are still small numbers of -old browsers in use who do not. This can cause problems, although a possible +<P>The benefits of using the name-based virtual hosts is a practically +unlimited number of servers, ease of configuration and use, and it +requires no additional hardware or software. The main disadvantage is +that the client must support this part of the protocol. Almost all +browsers do, but there are still tiny numbers of very old browsers in +use which do not. This can cause problems, although a possible solution is addressed below.</P> <H2>Using name-based virtual hosts</H2> diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html b/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html index a419be1e738..3aa9fc9a8cc 100644 --- a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html +++ b/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html @@ -199,7 +199,7 @@ of struct rlimit rlp; rlp.rlim_cur = rlp.rlim_max = 512; - if (setrlimit(RLIMIT_NPROC, &rlp)) { + if (setrlimit(RLIMIT_NPROC, &rlp)) { fprintf(stderr, "setrlimit(RLIMIT_NPROC) failed.\n"); exit(1); } diff --git a/usr.sbin/httpd/htdocs/manual/win_compiling.html b/usr.sbin/httpd/htdocs/manual/win_compiling.html index 9cf31642655..3b442fbf7a0 100644 --- a/usr.sbin/httpd/htdocs/manual/win_compiling.html +++ b/usr.sbin/httpd/htdocs/manual/win_compiling.html @@ -27,13 +27,29 @@ before you begin.</P> <P>Compiling Apache requires Microsoft Visual C++ 5.0 or 6.0 to be properly - installed. It is easiest to compile with the command-line tools - (nmake, <EM>etc.</EM>..). Consult the VC++ manual to determine how + installed. It can be built with command-line tools, or within the + Visual Studio environment. Consult the VC++ manual to determine how to install them. Be especially aware that the vcvars32.bat file - from the Program Files/DevStudio/VC/bin folder may be required to - prepare the command-line environment for command-line builds!</P> - -<P>First, unpack the Apache distribution into an appropriate + from the Program Files/DevStudio/VC/bin folder, and the setenv.bat file + from the Platform SDK, may be required to prepare the command-line tools + for command-line builds (e.g. using nmake). To install apache with the + Makefile.win or the InstallBin project in the Visual Studio IDE, the + awk utility is also required.</P> + +<P>First, you should install awk.exe where it can be found in the path and + the DevStudio environment, if you plan to use the IDE. There are many + versions of awk available for Windows; the easiest to install is available + from Brian Kernighan's <a href="http://cm.bell-labs.com/cm/cs/who/bwk/" + >http://cm.bell-labs.com/cm/cs/who/bwk/</a> site. When downloading + <a href="http://cm.bell-labs.com/cm/cs/who/bwk/awk95.exe" + >http://cm.bell-labs.com/cm/cs/who/bwk/awk95.exe</a> from this site, + you must save it with the name awk.exe rather than awk95.exe.</P> + +<P>Note that DevStudio will only find awk.exe if its location is listed + under the <u>T</u>ools menu <u>O</u>ptions... Directories settings + for the Executable files. Add the path for awk.exe to this list, as needed.</P> + +<P>Then unpack the Apache distribution into an appropriate directory. Open a command-line prompt, and change to the <CODE>src</CODE> subdirectory of the Apache distribution.</P> @@ -50,43 +66,69 @@ track down problems.</P> <P>If you get an error such as "the name specified is not recognized..." - then you need to run vcvars32.bat first. Enter the following command; + then you need to run vcvars32.bat first. Enter the following command;</p> + <PRE> "c:\Program Files\DevStudio\VC\Bin\VCVARS32.BAT" </PRE> - (you will need to adjust this command so it matches the directory where - your VC was installed.) Then try the nmake command again.</P> + +<p>(you will need to adjust this command so it matches the directory where + your VC was installed.)</P> + +<P>If you are a Visual C++ 5.0 user, and have installed a recent Platform SDK, + you may also need to enter the following command (adjusted for the install + directory of the Platform SDK update);</p> + +<PRE> + "c:\Program Files\Platform SDK\SETENV.BAT" +</PRE> + +<p>Then try the nmake command again.</P> + +<P><STRONG>Note</STRONG> that the Windows + Platform SDK update is required to enable all supported mod_isapi features. + The SDK files distributed with Microsoft Visual C++ 5.0 are out of date. + Without a recent update, Apache will issue warnings under MSVC++ 5.0 + that some mod_isapi features will be disabled. Look for the update at + <A HREF="http://msdn.microsoft.com/downloads/sdks/platform/platform.asp" + >http://msdn.microsoft.com/downloads/sdks/platform/platform.asp</A>.</P> <P>Apache can also be compiled using VC++'s Visual Studio development environment. To simplify this process, a Visual Studio workspace, Apache.dsw, is provided in the <CODE>src</CODE> folder. This workspace exposes the entire list of working .dsp projects that are required for the complete Apache binary release. It includes dependencies between - the projects to assure that they are built in the appropriate order.</P> + the projects to assure that they are built in the appropriate order. + InstallBin is the top-level project that will build all other projects, + and install the compiled files into their proper locations.</P> <P>These .dsp project files are distributed in Visual C++ 6.0 format. Visual C++ 5.0 (97) will recognize them with the single exception of the /ZI flag, which corresponds to the VC 5.0 /Zi flag for debugging symbols. To quickly prepare the .dsp files for the Visual Studio 5.0 (97), you can use the - perl scripts distributed in the <CODE>src\helpers</CODE> folder: + perl scripts distributed in the <CODE>src\helpers</CODE> folder:</p> + <PRE> cd src\helpers cvstodsp5.pl </PRE> - This command assumes you have a Perl interpreter installed and registered + +<p>This command assumes you have a Perl interpreter installed and registered for files of type .pl. The list of converted .dsp project files will be displayed as they are converted. If you contribute back a patch that offers revised project files, please convert them back with the script dsp5tocvs.pl, which puts the projects back to Visual Studio 6.0 format.</P> -<P>The core .dsp projects that are build by Apache.dsw or makefile.win are:</P> +<P>The core .dsp projects built by Apache.dsw and makefile.win are:</P> <OL> <LI><CODE>os\win32\ApacheOS.dsp</CODE> + <LI><CODE>os\win32\Win9xConHook.dsp</CODE> <LI><CODE>regex\regex.dsp</CODE> <LI><CODE>ap\ap.dsp</CODE> <LI><CODE>lib\expat-lite\xmltok.dsp</CODE> <LI><CODE>lib\expat-lite\xmlparse.dsp <EM>requires xmltok</EM></CODE> + <LI><CODE>lib\sdbm.dsp</CODE> <LI><CODE>main\gen_uri_delims.dsp</CODE> <LI><CODE>main\gen_test_char.dsp</CODE> <LI><CODE>ApacheCore.dsp <EM>requires all of the above</EM></CODE> @@ -97,21 +139,22 @@ project files for the optional modules, all of which require ApacheCore.</P> <OL> - <LI><CODE>os\win32\ApacheModuleAuthAnon.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleAuthDigest.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleCERNMeta.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleDigest.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleExpires.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleHeaders.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleInfo.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleRewrite.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleSpeling.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleStatus.dsp</CODE> - <LI><CODE>os\win32\ApacheModuleUserTrack.dsp</CODE> - <LI><CODE>modules\proxy\ApacheModuleProxy.dsp</CODE> + <LI><CODE>os\win32\mod_auth_anon.dsp</CODE> + <LI><CODE>os\win32\mod_auth_dbm.dsp <EM>also requires sdbm</EM></CODE> + <LI><CODE>os\win32\mod_auth_digest.dsp</CODE> + <LI><CODE>os\win32\mod_cern_meta.dsp</CODE> + <LI><CODE>os\win32\mod_digest.dsp</CODE> + <LI><CODE>os\win32\mod_expires.dsp</CODE> + <LI><CODE>os\win32\mod_headers.dsp</CODE> + <LI><CODE>os\win32\mod_info.dsp</CODE> + <LI><CODE>os\win32\mod_rewrite.dsp</CODE> + <LI><CODE>os\win32\mod_speling.dsp</CODE> + <LI><CODE>os\win32\mod_status.dsp</CODE> + <LI><CODE>os\win32\mod_usertrack.dsp</CODE> + <LI><CODE>os\win32\mod_proxy.dsp</CODE> </OL> - The <CODE>support\</CODE> folder contains project files for additional +<p>The <CODE>support\</CODE> folder contains project files for additional programs that are not part of the Apache runtime, but are used by the administrator to maintain password and log files.</P> @@ -143,57 +186,47 @@ <P>This will install the following:</P> <UL> - <LI><CODE><EM>c:\ServerRoot</EM>\Apache.exe</CODE> - Apache executable - <LI><CODE><EM>c:\ServerRoot</EM>\ApacheCore.dll</CODE> - Main Apache - shared library - <LI><CODE><EM>c:\ServerRoot</EM>\modules\ApacheModule*.dll</CODE> - - Loadable Apache modules - <LI><CODE><EM>c:\ServerRoot</EM>\bin\*.exe</CODE> - Administrator support - executables from support - <LI><CODE><EM>c:\ServerRoot</EM>\conf</CODE> - Empty configuration directory + <LI><CODE><EM>c:\ServerRoot</EM>\Apache.exe</CODE> - Apache program + <LI><CODE><EM>c:\ServerRoot</EM>\ApacheCore.dll</CODE> - Apache runtime + [shared library] + <LI><CODE><EM>c:\ServerRoot</EM>\Win9xConHook.dll</CODE> - Win9x console + fixups [shared library] + <LI><CODE><EM>c:\ServerRoot</EM>\xmlparse.dll</CODE> - XML parser + [shared library] + <LI><CODE><EM>c:\ServerRoot</EM>\xmltok.dll</CODE> - XML token engine + [shared library] + <LI><CODE><EM>c:\ServerRoot</EM>\bin\*.exe</CODE> - Administration programs + <LI><CODE><EM>c:\ServerRoot</EM>\cgi-bin</CODE> - Example CGI scripts + <LI><CODE><EM>c:\ServerRoot</EM>\conf</CODE> - Configuration files directory + <LI><CODE><EM>c:\ServerRoot</EM>\icons</CODE> - Icons for FancyIndexing + <LI><CODE><EM>c:\ServerRoot</EM>\include\*.h</CODE> - Apache header files + <LI><CODE><EM>c:\ServerRoot</EM>\htdocs</CODE> - Welcome index.html pages + <LI><CODE><EM>c:\ServerRoot</EM>\htdocs\manual</CODE> - Apache documentation + <LI><CODE><EM>c:\ServerRoot</EM>\lib</CODE> - Static library files + <LI><CODE><EM>c:\ServerRoot</EM>\libexec</CODE> - Dynamic link libraries <LI><CODE><EM>c:\ServerRoot</EM>\logs</CODE> - Empty logging directory + <LI><CODE><EM>c:\ServerRoot</EM>\modules\mod_*.dll</CODE> - + Loadable Apache modules </UL> <P>If you do not have nmake, or wish to install in a different directory, be sure to use a similar naming scheme.</P> <P>To simplify the process, dependencies between all projects - are defined in the Microsoft VisualStudio workspace file: + are defined in the Microsoft Visual Studio workspace file: <PRE> src/Apache.dsw </PRE> <P>This assures that lower-level sources are rebuilt from within - VisualStudio. The top level project is InstallBin, which invokes + Visual Studio. The top level project is InstallBin, which invokes Makefile.win to move the compiled executables and dlls. You may personalize the INSTDIR= setting by changing the Settings for InstallBin, Build command line entry under the General tab. The default from within the InstallBin.dsp project is one level up - (..) from the src tree.</P> - -<P>Before running the server you must fill out the conf directory. Copy the - *.conf-dist-win from the distribution conf directory and rename them to - *.conf. You will need to copy over the conf/magic and conf/mime.types - files as well. In order to serve documents you will need to create a - htdocs\index.html or just copy over the standard Apache ones (This is a - good idea as then you get the full Apache documentation on line). If you - have previously run Apache from the c:\ServerRoot directory then please make - sure you backup any files you wish to retain or only copy the files you want - replaced. The following commands will copy all the required files to your - c:\ServerRoot directory (***over-writing any that were there***);</P> - -<UL> -<LI><CODE>xcopy ..\conf\*.conf-dist-win <EM>c:\ServerRoot</EM>\conf\*.conf</CODE> -<LI><CODE>xcopy ..\conf\magic <EM>c:\ServerRoot</EM>\conf\</CODE> -<LI><CODE>xcopy ..\conf\mime.types <EM>c:\ServerRoot</EM>\conf\</CODE> -<LI><CODE>xcopy ..\htdocs\*.* <EM>c:\ServerRoot</EM>\htdocs\ /s</CODE> -</UL> -<P>(adjust these so <EM>c:\ServerRoot</EM> matches the INSTDIR used above.)</P> - -<P>Change the @@ServerRoot@@ entries in <EM>c:\ServerRoot</EM>\conf\httpd.conf - to your actual server root (for example "<EM>c:/ServerRoot</EM>" Note: you - must use forward slashes in Apache configuration files!)</P> + (..) from the src tree. Modify the InstallBin settings and edit + the INSTDIR=.. entry to the desired target directory.</P> <HR> <H3 ALIGN="CENTER"> diff --git a/usr.sbin/httpd/htdocs/manual/win_service.html b/usr.sbin/httpd/htdocs/manual/win_service.html index d933a504d3b..545085d0cf9 100644 --- a/usr.sbin/httpd/htdocs/manual/win_service.html +++ b/usr.sbin/httpd/htdocs/manual/win_service.html @@ -62,10 +62,11 @@ <P>See <A HREF="#signal">Controlling Apache as a Service</A> for more information on installing and controlling Apache services.</P> -<P><STRONG>Apache, unlike many other Windows NT/2000 services, logs any - errors to it's own error.log file in the logs folder within the - Apache server root folder. You will <EM>not</EM> find Apache error - details in the Windows NT Event Log.</STRONG></P> +<P><STRONG>Apache, unlike many other Windows NT/2000 services, logs most + errors to its own error.log file, in the logs folder within the + Apache server root folder. You will find few Apache error details in + the Windows NT Event Log. Only errors as Apache attempts to start are + captured in the Event Log.</STRONG></P> <P>After starting Apache as a service (or if you have trouble starting it) you can test it using the same <A HREF="windows.html#test">procedure</a> @@ -75,9 +76,8 @@ apache -n "service name" </PRE> -<P>to assure you are using the service's configuration.</P> - - +<P>to assure you are using the service's default configuration.</P> + <H2><A NAME="service">Running Apache for Windows as a Service</A></H2> <P><STRONG>Note: The -n option to specify a service name is only available @@ -97,6 +97,16 @@ apache -i -n "service name" -f "\my server\conf\my.conf" </PRE> +<P>You can pass any other arguments, such as -d to change the default + server root directory, -D, -C or -c to change config file processing, + etc. Since these are stored in the registry and are difficult to modify, + use this command to clear the options and replace them with a new list + of options;</P> + +<PRE> + apache -k config -n "service name" -f "\my server\conf\my.conf" +</PRE> + <P>To remove an Apache service, use:</P> <PRE> @@ -109,16 +119,24 @@ conjunction with other options, to refer to a service's configuration file. For example:</P> -<P>To test a service's configuration file:</P> +<P>To test a service's configuration file and report the default options for + the service (configured with -i, -k install or -k config) use:</P> <PRE> apache -n "service name" -t </PRE> -<P>To start a console Apache using a service's configuration file:</P> +<P>To start a console Apache using a service's configuration file and its + default options, use:</P> <PRE> apache -n "service name" </PRE> +<P>Effective with Apache release 1.3.15, the -k install option was added + as an alias to -i, and the -k uninstall option was added as an alias + to -u. The original -i and -u options are deprecated in Apache 2.0. + These aliases were added to ease the transition for administrators + running both versions.</P> + <H2><A NAME="depends">Important Note on service dependencies:</A></H2> <P>Prior to Apache release 1.3.13, the dependencies required to @@ -162,7 +180,7 @@ <P>When Apache is first installed as a service (e.g. with the -i option) it will run as user "System" (the LocalSystem account). There should be few issues if all resources for the web server reside on the local - system, but it has broad security privilages to affect the local machine!</P> + system, but it has broad security privileges to affect the local machine!</P> <BLOCKQUOTE> LocalSystem is a very privileged account locally, so @@ -172,10 +190,10 @@ file system, named pipes, DCOM, or secure RPC. </BLOCKQUOTE> -<P><STRONG>NEVER grant network privilages to the SYSTEM account!</STRONG> - Create a new user account instead, grant the appropriate privilages to - that user, and use the the 'Log On As:' option. Select the Start Menu -> - Settings -> Control Panel -> Services -> apache service ... and click +<P><STRONG>NEVER grant network privileges to the SYSTEM account!</STRONG> + Create a new user account instead, grant the appropriate privileges to + that user, and use the 'Log On As:' option. Select the Start Menu -> + Settings -> Control Panel -> Services -> apache service ... and click the "Startup" button to access this setting.</P> <BLOCKQUOTE> @@ -185,7 +203,7 @@ user name, and password) to be used for verification. </BLOCKQUOTE> -<P>The SYSTEM account has no privilages to the network, so shared pages or +<P>The SYSTEM account has no privileges to the network, so shared pages or a shared installation of Apache is invisible to the service. If you intend to use <EM>any</EM> network resources, the following steps should help:</P> @@ -213,13 +231,13 @@ </UL> <P>If you allow the account to log in as a user, then you can log in yourself - and test that the account has the privilages to execute the scripts, read + and test that the account has the privileges to execute the scripts, read the web pages, and that you can start Apache in a console window. If this works, and you have followed the steps above, Apache should execute as a service with no problems.</P> <P><STRONG>Note: error code 2186</STRONG> is a good indication that you need to review the 'Log On As' configuration, since the server can't access a - required network resource.</STRONG></P> + required network resource.</P> <H2><A NAME="trouble">Troubleshooting Apache for Windows as a Service</A></H2> @@ -241,7 +259,7 @@ <P><STRONG>Check the Application Event Log with the Event Viewer in case of any problems, even if no error message pops up to warn you that an error - occured.</STRONG></P> + occurred.</STRONG></P> <H2><A NAME="cmdline">Running Apache for Windows from the Command Line</A></H2> @@ -272,15 +290,35 @@ For details on controlling Apache service from the command line, please refer to recognize the -k shutdown option. Prior to 1.3.3, Apache did not recognize <EM>any</EM> -k options at all!</P> -<P>In addition, you can use the native NT NET command to - start and stop Apache services as follows:</P> +<P>Note that you may specify startup options on the apache -k start command + line, including the -D, -C and -c options. These affect the processing of + the service configuration, and may be used with an <IfDefine> block + to conditionally process directives. You may also override the server root + path or configuration file with the -d or -f options. The options should + also be passed to the -k restart command, but they are ignored if the + service is running, and only processed if the service is started.</P> + +<P>The service also appears in the Service Control applet on Windows NT/2000. + For NT, this is found in the Settings -> Control Panel -> Services entry, + and on 2000 it is found in the Settings -> Control Panel -> Administrative + Tools -> Services entry. Here you can select the desired Apache service + to start or stop it. Pass additional options such as -D, -C and -c, or + override the default -d or -f options in the Start Parameters box before + clicking the Start button. These options behave identically to the + apache -k start command.</P> + +<P>In addition, you can use the native Windows NT/2000 command NET to + start and stop Apache services:</P> <PRE> NET START "service name" NET STOP "service name" </PRE> -<P>Again, quotes are only required if the service name contains spaces.</P> +<P>Again, quotes are only required if the service name contains spaces. There + is no way using the NET START command to pass additional options such as + -D, -c or -C using the NET START command. If options are required, use one + of the other two methods instead.</P> <H2><A NAME="win95svc">HIGHLY EXPERIMENTAL Windows 95/98 Service</A></H2> @@ -290,7 +328,7 @@ For details on controlling Apache service from the command line, please refer to <P>There is some support for Apache on Windows 95/98 to behave in a similar manner as a service on Windows NT/2000. It is <EM>highly experimental</EM>, - if it works (at all) the Apache Sofware Foundation will not attest to it's + if it works (at all) the Apache Software Foundation will not attest to its reliability or future support. Proceed at your own risk!</P> <P>Once you have confirmed that Apache runs correctly at the @@ -300,18 +338,19 @@ For details on controlling Apache service from the command line, please refer to <P>There are, however, significant differences that you should note:</P> <P>Apache will attempt to start and if successful it will run in the - background. If you run the command + background. If you run the command</p> <PRE> Apache -n "service name" -k start </PRE> - via a shortcut on your desktop, for example, then if the service starts +<p>via a shortcut on your desktop, for example, then if the service starts successfully a console window will flash up but immediately disappears. If Apache detects any errors on startup such as a incorrect entries in the - httpd.conf file, then the console window will remain visible. This will + httpd.conf file, then the console window will remain visible. This may display an error message which will be useful in tracking down the cause of - the problem.</P> + the problem, and you should also review the error.log file in the Apache + logs directory.</P> <P>Windows 95/98 does not support NET START or NET STOP commands so you must use Apache's Service Control options at a command prompt. You may wish to @@ -319,7 +358,7 @@ For details on controlling Apache service from the command line, please refer to it from the start menu or desktop to perform the required action.</P> <P>Apache and Windows 95/98 offer no support for running the Apache service - as a specific user with network privilages. In fact, Windows 95/98 offers + as a specific user with network privileges. In fact, Windows 95/98 offers no security on the local machine, either. This is the simple reason that the Apache Software Foundation never endorses the use of Windows 95/98 as a public httpd server. These facilities exist only to assist the user in diff --git a/usr.sbin/httpd/htdocs/manual/windows.html b/usr.sbin/httpd/htdocs/manual/windows.html index 6f20c41aa7e..b638f9eeebf 100644 --- a/usr.sbin/httpd/htdocs/manual/windows.html +++ b/usr.sbin/httpd/htdocs/manual/windows.html @@ -31,7 +31,7 @@ Contributions are welcomed, please submit your code or suggestions to the bug report page, or join the new-httpd mailing list.</P> -<P>The bug reporting page and new-httpd mailing list are <EMP>not</EMP> +<P>The bug reporting page and new-httpd mailing list are <em>not</em> provided to answer questions about configuration or running Apache. Before you submit a bug report or request, first consult this document, the <A HREF="misc/FAQ.html">Frequently Asked Questions</A> page and the other @@ -48,10 +48,10 @@ <P><STRONG>Warning: Apache on NT has not yet been optimized for performance. </STRONG>Apache still performs best, and is most reliable on Unix platforms. - Over time we will improve NT performance, and great progress is being made + Over time NT performance has improved, and great progress is being made in the upcoming version 2.0 of Apache for the Windows platforms. Folks doing - comparative reviews of webserver performance are asked to compare against - Apache on a Unix platform such as Solaris, FreeBSD, or Linux.</P> + comparative reviews of webserver performance are still asked to compare + against Apache on a Unix platform such as Solaris, FreeBSD, or Linux.</P> <P>Most of this document assumes that you are installing Windows from a binary distribution. If you want to compile Apache yourself (possibly @@ -107,33 +107,58 @@ list the current release, any more recent alpha or beta-test releases, together with details of mirror web and anonymous FTP sites.</P> -<P>You should download the version of Apache for Windows with the - <CODE>.exe</CODE> extension. This is a single file containing Apache, - ready to install and run. There may also be a <CODE>.zip</CODE> file - containing the source code, to compile Apache yourself. (If there is - no <SAMP>.zip</SAMP> file, the source will be available in a - <SAMP>.tar.gz</SAMP> file but this will contain Unix line endings. You - will have to convert at least the <SAMP>.mak</SAMP> and - <SAMP>.dsp</SAMP> files to have DOS line endings before MSVC will - understand them).</P> +<P>You should download the binary build of Apache for Windows named as + <CODE>apache_1_3_#-win32-with_src.msi</CODE> if you are interested in + the source code, or simply <CODE>apache_1_3_#-win32-no_src.msi</CODE> + if you don't plan to do anything with the source code and appreciate + a faster download. Each of these files contains the complete Apache + runtime. You must have the Microsoft Installer version 1.10 installed + on your PC before you can install the Apache runtime distributions. + Windows 2000 and Windows ME are both delivered with the Microsoft + Installer support, others will need to download it. Instructions on + locating the Microsoft Installer, as well as the binary distributions + of Apache, are found at <A HREF="http://httpd.apache.org/dist/binaries/win32/" + >http://httpd.apache.org/dist/binaries/win32/</A></P> + +<P>The source code is available in the <CODE>-with_src.msi</CODE> distribution, + or from the <A HREF="http://httpd.apache.org/dist/">http://httpd.apache.org/dist/</A> + distribution directory as a <CODE>.zip</CODE> file. If you plan on compiling + Apache yourself, there is no need to install either <CODE>.msi</CODE> package. + The <CODE>.zip</CODE> file contains only source code, with MS-DOS line endings + (that is cr/lf line endings, instead of the single lf used for Unix files.)</P> + +<P>While the source is also available as a <SAMP>.tar.gz</SAMP> <SAMP>.tar.Z</SAMP> + archive, these contain unix lf line endings that cause grief for Windows users. + To use those archives, you must convert at least the <SAMP>.mak</SAMP> and + <SAMP>.dsp</SAMP> files to have DOS line endings before MSVC can understand them. + Please stick with the <SAMP>.zip</SAMP> file to spare yourself the headache.</P> + +<P>Note: prior to 1.3.17 Apache was distributed as an InstallShield 2.0 <SAMP>.exe</SAMP> + file. With an increasing number of users unable to run the InstallShield package + [on Windows ME or Windows 2000] the binaries were repackaged into the readily + available Microsoft Installer <SAMP>.msi</SAMP> format. <H2><A NAME="inst">Installing Apache for Windows</A></H2> -<P>Run the Apache <SAMP>.exe</SAMP> file you downloaded above. This will - ask for:</P> +<P>Run the Apache <SAMP>.msi</SAMP> file you downloaded above. This will + prompt you for:</P> <UL> - <LI>the directory to install Apache into (the default is - <CODE>\Program Files\Apache Group\Apache</CODE> although you can - change this to any other directory) + <LI>your name and company name, and on Windows NT/2000, whether or not you want + all users to access Apache as a Service, or if you want it installed to run + when you choose the Start Apache shortcut. - <LI>the start menu name (default is "Apache Web Server") + <LI>your Server name, Domain name and administrative email account. - <LI>the installation type. The "Typical" option installs - everything except the source code. The "Minimum" option does not - install the manuals or source code. Choose the "Custom" install if - you want to install the source code. + <LI>the directory to install Apache into (the default is + <CODE>C:\Program Files\Apache Group\Apache</CODE> although you can + change this to any other directory you wish) + + <LI>the installation type. The "Complete" option installs everything, including + the source code if you downloaded the <SAMP>-with_src.msi</SAMP> package. + Choose the "Custom" install if you choose not to install the documentation, + or the source code from that package. </UL> @@ -165,6 +190,14 @@ which should be set before you start really using Apache. However to get started quickly the files should work as installed.</P> +<P>If you eventually uninstall Apache, your configuration files will not + be removed. You will need to delete the installation directory tree + ("C:\Program Files\Apache Group" by default) yourself if you do not + care to keep your configuration and other web files. Since the + httpd.conf file is a your accumulated effort in using Apache, you need + to take the effort to remove it. The same happens for all other files + you may have created, as well as any log files Apache created.</P> + <H2><A NAME="run">Running Apache for Windows</A></H2> <P>There are two ways you can run Apache:</P> @@ -196,8 +229,9 @@ with version 1.3.13, Apache will also gladly stop if you select 'Close' from the system menu (clicking the icon on the top-left corner of the console window) or click the close (X) button on the top-right corner. - But do <EM>not</em> try any of these approaches on earlier versions of the - Apache server, since Apache did not shut down cleanly.</P> + The Close menu item and close (X) button also work on Windows 95/98 as of + Apache version 1.3.15. But do <EM>not</em> try any of these approaches on + earlier versions of the Apache server, since Apache would not clean up.</P> <H2><A NAME="test">Testing Apache for Windows</A></H2> @@ -319,6 +353,14 @@ directive must be used. For example, to active the status module, use the following (in addition to the status-activating directives in <CODE>access.conf</CODE>): +<PRE> + LoadModule status_module modules/mod_status.so +</PRE> + <P>Information on <A HREF="mod/mod_so.html#creating">creating loadable + modules</A> is also available. Note that some 3rd party modules + may be distributed in the old style names, ApacheModuleFoo.dll. + Always set the LoadModule command as directed as documented by the + 3rd party module's own documentation.</P> <LI>Apache for Windows version 1.3 series is implemented in synchronous calls. This poses an enormous problem for CGI authors, who won't see unbuffered results sent immediately to the browser. This is not @@ -326,16 +368,10 @@ the Windows port. Apache 2.0 is making progress to implement the expected asynchronous behavior, and we hope to discover that the NT/2000 implementation allows CGI's to behave as documented. -<PRE> - LoadModule status_module modules/ApacheModuleStatus.dll -</PRE> - <P>Information on <A HREF="mod/mod_so.html#creating">creating loadable - modules</A> is also available.</P> <LI><P>Apache can also load ISAPI Extensions (<EM>i.e.</EM>, Internet Server Applications), such as those used by Microsoft's IIS, and other Windows servers. <A HREF="mod/mod_isapi.html">More information - is available.</A> Note that Apache <EM>CANNOT</EM> load ISAPI - Filters. + is available.</A> Note that Apache <EM>CANNOT</EM> load ISAPI Filters. </UL> |