diff options
Diffstat (limited to 'usr.sbin/httpd/htdocs/manual/mod')
50 files changed, 1376 insertions, 1392 deletions
diff --git a/usr.sbin/httpd/htdocs/manual/mod/core.html b/usr.sbin/httpd/htdocs/manual/mod/core.html index 1dd8bf35b69..dd4ebb14c15 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/core.html +++ b/usr.sbin/httpd/htdocs/manual/mod/core.html @@ -145,7 +145,8 @@ as configuration files. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AccessFileName <EM>filename filename ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AccessFileName <EM>filename</em> +[<em>filename</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -176,11 +177,16 @@ for directives, unless they have been disabled with <BLOCKQUOTE><CODE> <Directory /><BR> AllowOverride None<BR> -</Directory></CODE></BLOCKQUOTE><P><HR> +</Directory></CODE> +</BLOCKQUOTE><P> + +<P><STRONG>See Also:</STRONG> +<A HREF="#allowoverride">AllowOverride</a></P> +<HR> <H2><A NAME="adddefaultcharset">AddDefaultCharset directive</A></H2> <A HREF="directive-dict.html#Syntax" REL="Help"><STRONG>Syntax:</STRONG></A> -AddDefaultCharset <EM>Off / On / charset</EM><BR> +AddDefaultCharset On|Off|<em>charset</em><BR> <A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A> all<BR> <A HREF="directive-dict.html#Status" REL="Help" ><STRONG>Status:</STRONG></A> @@ -197,7 +203,7 @@ in the body of the document via a <CODE>META</CODE> tag. A setting of <CODE>AddDefaultCharset Off</CODE> disables this functionality. <CODE>AddDefaultCharset On</CODE> enables Apache's internal default charset of <code>iso-8859-1</code> as required by the -directive. You can also specify an alternate charset to be used; +directive. You can also specify an alternate <em>charset</em> to be used; e.g. <code>AddDefaultCharset utf-8</code>. <P><HR> @@ -206,7 +212,7 @@ e.g. <code>AddDefaultCharset utf-8</code>. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddModule <EM>module module ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddModule <EM>module</em> [<em>module</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -232,7 +238,8 @@ directive.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AllowOverride <EM>override override ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AllowOverride All|None|<EM>directive-type</em> +[<em>directive-type</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -246,13 +253,21 @@ directive.<P><HR> REL="Help" ><STRONG>Status:</STRONG></A> core<P> -When the server finds an .htaccess file (as specified by +<p>When the server finds an .htaccess file (as specified by <A HREF="#accessfilename">AccessFileName</A>) it needs to know which -directives declared in that file can override earlier access information.<P> +directives declared in that file can override earlier access information.</p> + +<p>When this directive is set to <code>None</code>, then +.htaccess files are completely ignored. In this case, the server +will not even attempt to read .htaccess files in the filesystem.</p> -<EM>Override</EM> can be set to <CODE>None</CODE>, in which case the server -will not read the file, <CODE>All</CODE> in which case the server will -allow all the directives, or one or more of the following: +<p>When this directive is set to <code>All</code>, then any directive +which has the .htaccess <a +href="directive-dict.html#Context">Context</a> is allowed in .htaccess +files.</p> + +<p>The <em>directive-type</em> can be one of the following groupings +of directives.</p> <DL> <DT>AuthConfig <DD> @@ -299,7 +314,11 @@ Allow use of the directives controlling host access (Allow, Deny and Order). Allow use of the directives controlling specific directory features (<A HREF="#options">Options</A> and <A HREF="mod_include.html#xbithack">XBitHack</A>). -</DL><P><HR> +</DL><P> + +<P><STRONG>See Also:</STRONG> +<A HREF="#accessfilename">AccessFileName</A></P> +<HR> <H2><A NAME="authname">AuthName directive</A></H2> <!--%plaintext <?INDEX {\tt AuthName} directive> --> @@ -334,7 +353,7 @@ It must be accompanied by <A HREF="#authtype">AuthType</A> and <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthType <EM>type</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthType Basic|Digest<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -361,7 +380,8 @@ It must be accompanied by <A HREF="#authname">AuthName</A> and <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> BindAddress <EM>saddr</EM><BR> +><STRONG>Syntax:</STRONG></A> BindAddress +*|<em>IP-address</em>|<EM>domain-name</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -375,28 +395,22 @@ It must be accompanied by <A HREF="#authname">AuthName</A> and REL="Help" ><STRONG>Status:</STRONG></A> core<P> -A Unix® http server can either listen for connections to every +<p>A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server -machine. <EM>Saddr</EM> can be - -<MENU> -<LI>* -<LI>An IP address -<LI>A fully-qualified Internet domain name -</MENU> -If the value is *, then the server will listen for connections on -every IP address, otherwise it will only listen on the IP address -specified. <P> +machine. If the argument to this directive is *, then the +server will listen for connections on every IP address. Otherwise, +the server can listen to only a specific <em>IP-address</em> +or a fully-qualified Internet <em>domain-name</em>.</p> -Only one <CODE>BindAddress</CODE> directive can be used. For more +<p>Only one <CODE>BindAddress</CODE> directive can be used. For more control over which address and ports Apache listens to, use the <CODE><A HREF="#listen">Listen</A></CODE> directive instead of -<CODE>BindAddress</CODE>.<P> +<CODE>BindAddress</CODE>.</P> -<CODE>BindAddress</CODE> can be used as an alternative method for -supporting <A HREF="../vhosts/index.html">virtual hosts</A> using +<p><CODE>BindAddress</CODE> can be used as an alternative method for +supporting <A HREF="../vhosts/">virtual hosts</A> using multiple independent servers, instead of using <CODE><A -HREF="#virtualhost"><VirtualHost></A></CODE> sections. +HREF="#virtualhost"><VirtualHost></A></CODE> sections.</p> <P><STRONG>See Also:</STRONG> <A HREF="../dns-caveats.html">DNS Issues</A><BR> @@ -473,7 +487,7 @@ re-populated using the <A HREF="#addmodule">AddModule</A> directive.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ContentDigest <EM>on|off</EM><BR> +><STRONG>Syntax:</STRONG></A> ContentDigest on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -824,8 +838,8 @@ one of four things, using the <CODE>ErrorDocument</CODE> directive, which is followed by the HTTP response code and a message or URL. -<P><EM>Messages</EM> in this context begin with a single quote -(<CODE>"</CODE>), which does not form part of the message itself. +<P><EM>Messages</EM> in this context begin with a single double-quote +character (<CODE>"</CODE>), which does not form part of the message itself. Apache will sometimes offer additional information regarding the problem/error. @@ -860,7 +874,7 @@ responses.</A><P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ErrorLog <EM>filename</EM>|<CODE>syslog[:facility]</CODE> +><STRONG>Syntax:</STRONG></A> ErrorLog <EM>filename</EM>|syslog[:<em>facility</em>] <BR> <A HREF="directive-dict.html#Default" @@ -1055,7 +1069,7 @@ considerations.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> HostNameLookups <EM>on | off | double</EM><BR> +><STRONG>Syntax:</STRONG></A> HostNameLookups on|off|double<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1103,18 +1117,19 @@ versions of Apache prior to 1.3. It was changed to <CODE>off</CODE> in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup -entails. -Heavily loaded sites should leave this directive <CODE>off</CODE>, since DNS -lookups can take considerable amounts of time. The utility <EM>logresolve</EM>, -provided in the <EM>/support</EM> directory, can be used to look up host names -from logged IP addresses offline.<P><HR> +entails. Heavily loaded sites should leave this directive +<CODE>off</CODE>, since DNS lookups can take considerable amounts of +time. The utility <a +href="../programs/logresolve.html">logresolve</a>, provided in the +<EM>/support</EM> directory, can be used to look up host names from +logged IP addresses offline.<P><HR> <H2><A NAME="identitycheck">IdentityCheck directive</A></H2> <!--%plaintext <?INDEX {\tt IdentityCheck} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> IdentityCheck <EM>boolean</EM><BR> +><STRONG>Syntax:</STRONG></A> IdentityCheck on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1285,12 +1300,17 @@ and later. This directive allows inclusion of other configuration files from within the server configuration files. +<P>New in Apache 1.3.13 is the feature that if <CODE>Include</CODE> +points to a directory, rather than a file, Apache will read all +files in that directory, and any subdirectory, and parse those +as configuration files. + <P> <HR> <H2><A NAME="keepalive">KeepAlive directive</A></H2> <STRONG>Syntax: (Apache 1.1)</STRONG> KeepAlive <EM>max-requests</EM><BR> <STRONG>Default: (Apache 1.1)</STRONG> <CODE>KeepAlive 5</CODE><BR> -<STRONG>Syntax: (Apache 1.2)</STRONG> KeepAlive <EM>on/off</EM><BR> +<STRONG>Syntax: (Apache 1.2)</STRONG> KeepAlive on|off<BR> <STRONG>Default: (Apache 1.2)</STRONG> <CODE>KeepAlive On</CODE><BR> <A HREF="directive-dict.html#Context" @@ -1306,18 +1326,36 @@ server configuration files. ><STRONG>Compatibility:</STRONG></A> KeepAlive is only available in Apache 1.1 and later.<P> -This directive enables -<A HREF="../keepalive.html">Keep-Alive</A> -support. - -<P><STRONG>Apache 1.1</STRONG>: Set <EM>max-requests</EM> +<p>The Keep-Alive extension to HTTP/1.0 and the persistent connection +feature of HTTP/1.1 provide long-lived HTTP sessions which allow +multiple requests to be sent over the same TCP connection. In some +cases this has been shown to result in an almost 50% speedup in +latency times for HTML documents with many images. To enable +Keep-Alive connections in Apache 1.2 and later, set <code>KeepAlive +On</code>.</p> + +<p>For HTTP/1.0 clients, Keep-Alive connections will only be used if +they are specifically requested by a client. In addition, a +Keep-Alive connection with an HTTP/1.0 client can only be used when +the length of the content is known in advance. This implies that +dynamic content such as CGI output, SSI pages, and server-generated +directory listings will generally not use Keep-Alive connections to +HTTP/1.0 clients. For HTTP/1.1 clients, persistent connections are +the default unless otherwise specified. If the client requests it, +chunked encoding will be used in order to send content of unknown +length over persistent connections.</p> + +<P><STRONG>Apache 1.1 only</STRONG>: Set <EM>max-requests</EM> to the maximum number of requests you want Apache to entertain per -request. A limit is imposed to prevent a client from hogging your -server resources. Set this to <CODE>0</CODE> to disable support. +connection. A limit is imposed to prevent a client from hogging your +server resources. Set this to <CODE>0</CODE> to disable support. In +Apache 1.2 and 1.3, this is controlled through the +MaxKeepAliveRequests directive instead.</p> -<P><STRONG>Apache 1.2 and later</STRONG>: Set to "On" to enable -persistent connections, "Off" to disable. See also the <A -HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A> directive.</P><HR> +<p>See also <A +HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A>.</P> + +<HR> <H2><A NAME="keepalivetimeout">KeepAliveTimeout directive</A></H2> <A @@ -1342,11 +1380,17 @@ HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A> directive.</P><HR> ><STRONG>Compatibility:</STRONG></A> KeepAliveTimeout is only available in Apache 1.1 and later.<P> -The number of seconds Apache will wait for a subsequent request before -closing the connection. Once a request has been received, the timeout -value specified by the <A -HREF="#timeout"><CODE>Timeout</CODE></A> directive -applies. +<p>The number of seconds Apache will wait for a subsequent request +before closing the connection. Once a request has been received, the +timeout value specified by the <A +HREF="#timeout"><CODE>Timeout</CODE></A> directive applies.</p> + +<p>Setting <code>KeepAliveTimeout</code> to a high value may +cause performance problems in heavily loaded servers. The +higher the timeout, the more server processes will be kept +occupied waiting on connections with idle clients.</p> + + <HR> <H2><A NAME="limit"><Limit> directive</A></H2> @@ -1355,7 +1399,7 @@ applies. HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> - <Limit <EM>method method</EM> ... > ... </Limit><BR> + <Limit <EM>method</em> [<em>method</EM>] ... > ... </Limit><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -1396,7 +1440,7 @@ requests. HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> - <LimitExcept <EM>method method</EM> ... > ... </LimitExcept><BR> + <LimitExcept <EM>method</em> [<em>method</EM>] ... > ... </LimitExcept><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -1424,7 +1468,7 @@ standard and nonstandard/unrecognized methods. See the documentation for <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestBody <EM>number</EM><BR> +><STRONG>Syntax:</STRONG></A> LimitRequestBody <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1445,8 +1489,9 @@ standard and nonstandard/unrecognized methods. See the documentation for Apache 1.3.2 and later. <P> -<EM>Number</EM> is a long integer from 0 (meaning unlimited) to 2147483647 -(2GB). The default value is defined by the compile-time constant +<p>This directive specifies the number of <em>bytes</em> from 0 +(meaning unlimited) to 2147483647 (2GB) that are allowed in a request +body. The default value is defined by the compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_BODY</CODE> (0 as distributed). <P> @@ -1495,7 +1540,7 @@ of denial-of-service attacks. Apache 1.3.2 and later. <P> -<EM>Number</EM> is an integer from 0 (meaning unlimited) to 32767. +<p><em>Number</em> is an integer from 0 (meaning unlimited) to 32767. The default value is defined by the compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_FIELDS</CODE> (100 as distributed). <P> @@ -1523,7 +1568,7 @@ fields were sent in the request.<P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestFieldsize <EM>number</EM><BR> +><STRONG>Syntax:</STRONG></A> LimitRequestFieldsize <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1543,9 +1588,10 @@ fields were sent in the request.<P> Apache 1.3.2 and later. <P> -<EM>Number</EM> is an integer size in bytes from 0 to the value of the -compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_FIELDSIZE</CODE> -(8190 as distributed). +This directive specifies the number of <em>bytes</em> from 0 to the +value of the compile-time constant +<CODE>DEFAULT_LIMIT_REQUEST_FIELDSIZE</CODE> (8190 as distributed) +that will be allowed in an HTTP request header. <P> The LimitRequestFieldsize directive allows the server administrator to reduce @@ -1570,7 +1616,7 @@ not be changed from the default.<P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestLine <EM>number</EM><BR> +><STRONG>Syntax:</STRONG></A> LimitRequestLine <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1590,9 +1636,9 @@ not be changed from the default.<P> Apache 1.3.2 and later. <P> -<EM>Number</EM> is an integer size in bytes from 0 to the value of the -compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_LINE</CODE> -(8190 as distributed). +This directive sets the number of <em>bytes</em> from 0 to the value +of the compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_LINE</CODE> +(8190 as distributed) that will be allowed on the HTTP request-line. <P> The LimitRequestLine directive allows the server administrator to reduce @@ -1617,7 +1663,7 @@ not be changed from the default.<P> HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> -Listen [<EM>IP address</EM>:]<EM>port number</EM><BR> +Listen [<EM>IP-address</EM>:]<EM>port</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -2010,7 +2056,9 @@ end of a different request, the connection will then be serviced. allowed per connection when <A HREF="#keepalive">KeepAlive</A> is on. If it is set to "<CODE>0</CODE>", unlimited requests will be allowed. We recommend that this setting be kept to a high value for -maximum server performance.</P><HR> +maximum server performance. In Apache 1.1, this is controlled through an option to the KeepAlive directive.</P> + +<HR> <H2><A NAME="maxrequestsperchild">MaxRequestsPerChild directive</A></H2> <!--%plaintext <?INDEX {\tt MaxRequestsPerChild} directive> --> @@ -2147,10 +2195,10 @@ See also <A HREF="#maxspareservers">MaxSpareServers</A> and Apache 1.3 and later<P> The NameVirtualHost directive is a required directive if you want to configure -<A HREF="../vhosts/index.html">name-based virtual hosts</A>.<P> +<A HREF="../vhosts/">name-based virtual hosts</A>.<P> Although <EM>addr</EM> can be hostname it is recommended that you always use -an IP address, <EM>e.g.</EM> +an IP address or wildcard, <EM>e.g.</EM> <BLOCKQUOTE><CODE>NameVirtualHost 111.22.33.44</CODE></BLOCKQUOTE> @@ -2183,14 +2231,14 @@ if you want only name-based virtual hosts and you don't want to hard-code the server's IP address into the configuration file.<P> <STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> +<A HREF="../vhosts/">Apache Virtual Host documentation</A> <HR> <H2><A NAME="options">Options directive</A></H2> <!--%plaintext <?INDEX {\tt Options} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Options <EM>[+|-]option [+|-]option ...</EM><BR> +><STRONG>Syntax:</STRONG></A> Options [+|-]<em>option</em> [[+|-]<em>option</em>] ...</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -2368,7 +2416,7 @@ Apache).<P> In the absence of any <A HREF="#listen">Listen</A> or <A HREF="#bindaddress">BindAddress</A> directives specifying a port number, a Port directive given in the "main server" -(<EM>i.e.</EM>, outside any <A HREF="#virtualhost"><VirtualHost></A> section) +(<EM>i.e.</EM>, outside any <A HREF="#virtualhost"><VirtualHost></A> section) sets the network port on which the server listens. If there are any Listen or BindAddress directives specifying <CODE>:number</CODE> then Port has no effect on what address the server @@ -2413,7 +2461,7 @@ attack.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Require <EM>entity-name entity entity...</EM><BR> +><STRONG>Syntax:</STRONG></A> Require <EM>entity-name</em> [<em>entity-name</em>] ...</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -2430,9 +2478,9 @@ attack.<P><HR> This directive selects which authenticated users can access a directory. The allowed syntaxes are: <UL> -<LI>Require user <EM>userid userid ...</EM><P> +<LI>Require user <EM>userid</em> [<em>userid</em>] ...<P> Only the named users can access the directory.<P> -<LI>Require group <EM>group-name group-name ...</EM><P> +<LI>Require group <EM>group-name</em> [<em>group-name</em>] ...<P> Only users in the named groups can access the directory.<P> <LI>Require valid-user<P> All valid users can access the directory. @@ -2503,8 +2551,8 @@ as configuration files. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitCPU <EM># or 'max'</EM> - <EM>[# or 'max']</EM> +><STRONG>Syntax:</STRONG></A> RLimitCPU <EM>number</EM>|max + [<em>number</em>|max] <BR> <A HREF="directive-dict.html#Default" @@ -2527,7 +2575,7 @@ and later<P> Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. -Either parameter can be a number, or <EM>max</EM> to indicate to the server +Either parameter can be a number, or <code>max</code> to indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.<P> @@ -2547,8 +2595,8 @@ See also <A HREF="#rlimitmem">RLimitMEM</A> or <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitMEM <EM># or 'max'</EM> - <EM>[# or 'max']</EM><BR> +><STRONG>Syntax:</STRONG></A> RLimitMEM <EM>number</em>|max + [<em>number</em>|max]<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2568,12 +2616,13 @@ See also <A HREF="#rlimitmem">RLimitMEM</A> or ><STRONG>Compatibility:</STRONG></A> RLimitMEM is only available in Apache 1.2 and later<P> -Takes 1 or 2 parameters. The first parameter sets the soft resource limit for -all processes and the second parameter sets the maximum resource limit. Either -parameter can be a number, or <EM>max</EM> to indicate to the server that the -limit should be set to the maximum allowed by the operating system -configuration. Raising the maximum resource limit requires that the -server is running as root, or in the initial startup phase.<P> +Takes 1 or 2 parameters. The first parameter sets the soft resource +limit for all processes and the second parameter sets the maximum +resource limit. Either parameter can be a number, or <code>max</code> +to indicate to the server that the limit should be set to the maximum +allowed by the operating system configuration. Raising the maximum +resource limit requires that the server is running as root, or in the +initial startup phase.<P> This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI @@ -2590,8 +2639,8 @@ See also <A HREF="#rlimitcpu">RLimitCPU</A> or <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitNPROC <EM># or 'max'</EM> - <EM>[# or 'max']</EM><BR> +><STRONG>Syntax:</STRONG></A> RLimitNPROC <EM>number</em>|max + [<em>number</EM>|max]<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2611,12 +2660,13 @@ See also <A HREF="#rlimitcpu">RLimitCPU</A> or ><STRONG>Compatibility:</STRONG></A> RLimitNPROC is only available in Apache 1.2 and later<P> -Takes 1 or 2 parameters. The first parameter sets the soft resource limit -for all processes and the second parameter sets the maximum resource limit. -Either parameter can be a number, or <EM>max</EM> to indicate to the server -that the limit should be set to the maximum allowed by the operating system -configuration. Raising the maximum resource limit requires that the server -is running as root, or in the initial startup phase.<P> +Takes 1 or 2 parameters. The first parameter sets the soft resource +limit for all processes and the second parameter sets the maximum +resource limit. Either parameter can be a number, or <code>max</code> +to indicate to the server that the limit should be set to the maximum +allowed by the operating system configuration. Raising the maximum +resource limit requires that the server is running as root, or in the +initial startup phase.<P> This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI @@ -2641,7 +2691,7 @@ See also <A HREF="#rlimitmem">RLimitMEM</A> or <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Satisfy <EM>'any' or 'all'</EM><BR> +><STRONG>Syntax:</STRONG></A> Satisfy any|all<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2673,7 +2723,7 @@ password. This can be used to password restrict an area, but to let clients from particular addresses in without prompting for a password. <P> See also <A HREF="#require">Require</A> and -<A HREF="mod_access.html">mod_access</A>. +<A HREF="mod_access.html#allow">Allow</A>. <P><HR> @@ -2734,7 +2784,7 @@ release. (Prior to 1.3b4, <CODE>HAVE_SHMGET</CODE> would have sufficed.)<P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ScriptInterpreterSource <EM>'registry' or 'script'</EM><BR> +><STRONG>Syntax:</STRONG></A> ScriptInterpreterSource registry|script<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2803,7 +2853,7 @@ as users do not always mention that they are talking about the server!<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ServerAlias <EM>host1 host2 ...</EM><BR> +><STRONG>Syntax:</STRONG></A> ServerAlias <EM>hostname</em> [<em>hostname</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -2823,7 +2873,7 @@ with <A HREF="../vhosts/name-based.html">name-based virtual hosts</A>. <P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> +<A HREF="../vhosts/">Apache Virtual Host documentation</A> <HR> @@ -2832,7 +2882,7 @@ with <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ServerName <EM>fully-qualified domain name</EM> +><STRONG>Syntax:</STRONG></A> ServerName <EM>fully-qualified-domain-name</EM> <BR> <A HREF="directive-dict.html#Context" @@ -2859,7 +2909,7 @@ section specifies what hostname must appear in the request's <P><STRONG>See Also</STRONG>:<BR> <A HREF="../dns-caveats.html">DNS Issues</A><BR> -<A HREF="../vhosts/index.html">Apache virtual host documentation</A><BR> +<A HREF="../vhosts/">Apache virtual host documentation</A><BR> <A HREF="#usecanonicalname">UseCanonicalName</A><BR> <A HREF="#namevirtualhost">NameVirtualHost</A><BR> <A HREF="#serveralias">ServerAlias</A><BR> @@ -2887,10 +2937,10 @@ section specifies what hostname must appear in the request's 1.1 and later.<P> The ServerPath directive sets the legacy URL pathname for a host, for -use with <A HREF="../vhosts/index.html">name-based virtual hosts</A>. +use with <A HREF="../vhosts/">name-based virtual hosts</A>. <P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> +<A HREF="../vhosts/">Apache Virtual Host documentation</A> <HR> @@ -2929,7 +2979,7 @@ for information on how to properly set permissions on the ServerRoot.<P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ServerSignature <EM>Off | On | EMail</EM><BR> +><STRONG>Syntax:</STRONG></A> ServerSignature On|Off|EMail<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -2972,7 +3022,7 @@ referenced document. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ServerTokens <EM>Minimal|ProductOnly|OS|Full</EM><BR> +><STRONG>Syntax:</STRONG></A> ServerTokens Minimal|ProductOnly|OS|Full<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -3208,7 +3258,7 @@ a packet is sent. <H2><A NAME="usecanonicalname">UseCanonicalName directive</A></H2> <!--%plaintext <?INDEX {\tt UseCanonicalName} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help"> -<STRONG>Syntax:</STRONG></A> UseCanonicalName <EM>on|off|dns</EM><BR> +<STRONG>Syntax:</STRONG></A> UseCanonicalName on|off|dns<BR> <A HREF="directive-dict.html#Default" REL="Help"> <STRONG>Default:</STRONG></A> <CODE>UseCanonicalName on</CODE><BR> <A HREF="directive-dict.html#Context" REL="Help"> @@ -3325,7 +3375,7 @@ dangers are.<P><HR> HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> <VirtualHost <EM>addr</EM>[:<EM>port</EM>] - ...> ... +[<EM>addr</EM>[:<EM>port</EM>]] ...> ... </VirtualHost> <BR> <A HREF="directive-dict.html#Context" @@ -3416,7 +3466,7 @@ either <A HREF="#bindaddress">BindAddress</A> or <A HREF="#listen">Listen</A>. <P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A><BR> +<A HREF="../vhosts/">Apache Virtual Host documentation</A><BR> <STRONG>See also:</STRONG> <A HREF="../dns-caveats.html">Warnings about DNS and Apache</A><BR> <STRONG>See also:</STRONG> diff --git a/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html b/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html index 7e5297ef0e0..13acf60ba58 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html +++ b/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html @@ -24,7 +24,7 @@ <P> Below is a list of all of the modules that come as part of the Apache distribution. See also the list of modules <A -HREF="index.html">sorted alphabetically</A> and the complete +HREF="./">sorted alphabetically</A> and the complete alphabetical list of <A HREF="directives.html" >all Apache directives</A>. For modules that are not part of the Apache distribution, please see @@ -35,7 +35,7 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="core.html">Core</A> -<DD>Core Apache features. +<DD>Core Apache features </DL> <H2>Environment Creation</H2> @@ -53,11 +53,11 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_mime.html">mod_mime</A> -<DD>Determining document types using file extensions. +<DD>Determining document types using file extensions <DT><A HREF="mod_mime_magic.html">mod_mime_magic</A> -<DD>Determining document types using "magic numbers". +<DD>Determining document types using "magic numbers" <DT><A HREF="mod_negotiation.html">mod_negotiation</A> -<DD>Content negotiation. +<DD>Content negotiation </DL> <H2>URL Mapping</H2> @@ -65,11 +65,11 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_alias.html">mod_alias</A> <DD>Mapping different parts of the host filesystem in the document tree, - and URL redirection. + and URL redirection <DT><A HREF="mod_rewrite.html">mod_rewrite</A> Apache 1.2 and up <DD>Powerful URI-to-filename mapping using regular expressions <DT><A HREF="mod_userdir.html">mod_userdir</A> -<DD>User home directories. +<DD>User home directories <DT><A HREF="mod_speling.html">mod_speling</A> Apache 1.3 and up <DD>Automatically correct minor typos in URLs <DT><A HREF="mod_vhost_alias.html">mod_vhost_alias</A> Apache 1.3.7 and up @@ -80,26 +80,26 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_dir.html">mod_dir</A> -<DD>Basic directory handling. +<DD>Basic directory handling <DT><A HREF="mod_autoindex.html">mod_autoindex</A> -<DD>Automatic directory listings. +<DD>Automatic directory listings </DL> <H2>Access Control</H2> <DL> <DT><A HREF="mod_access.html">mod_access</A> -<DD>Access control based on client hostname or IP address. +<DD>Access control based on client hostname or IP address <DT><A HREF="mod_auth.html">mod_auth</A> -<DD>User authentication using text files. +<DD>User authentication using text files <DT><A HREF="mod_auth_dbm.html">mod_auth_dbm</A> -<DD>User authentication using DBM files. +<DD>User authentication using DBM files <DT><A HREF="mod_auth_db.html">mod_auth_db</A> -<DD>User authentication using Berkeley DB files. +<DD>User authentication using Berkeley DB files <DT><A HREF="mod_auth_anon.html">mod_auth_anon</A> Apache 1.1 and up -<DD>Anonymous user access to authenticated areas. +<DD>Anonymous user access to authenticated areas <DT><A HREF="mod_auth_digest.html">mod_auth_digest</A> Apache 1.3.8 and up -<DD>MD5 authentication +<DD>Experimental MD5 authentication <DT><A HREF="mod_digest.html">mod_digest</A> Apache 1.1 and up <DD>MD5 authentication @@ -111,22 +111,22 @@ For modules that are not part of the Apache distribution, please see <DT><A HREF="mod_headers.html">mod_headers</A> Apache 1.2 and up <DD>Add arbitrary HTTP headers to resources <DT><A HREF="mod_cern_meta.html">mod_cern_meta</A> Apache 1.1 and up -<DD>Support for HTTP header metafiles. +<DD>Support for HTTP header metafiles <DT><A HREF="mod_expires.html">mod_expires</A> Apache 1.2 and up <DD>Apply Expires: headers to resources <DT><A HREF="mod_asis.html">mod_asis</A> -<DD>Sending files which contain their own HTTP headers. +<DD>Sending files which contain their own HTTP headers </DL> <H2>Dynamic Content</H2> <DL> <DT><A HREF="mod_include.html">mod_include</A> -<DD>Server-parsed documents. +<DD>Server-parsed documents <DT><A HREF="mod_cgi.html">mod_cgi</A> -<DD>Invoking CGI scripts. +<DD>Invoking CGI scripts <DT><A HREF="mod_actions.html">mod_actions</A> Apache 1.1 and up -<DD>Executing CGI scripts based on media type or request method. +<DD>Executing CGI scripts based on media type or request method <DT><A HREF="mod_isapi.html">mod_isapi</A> WIN32 only <DD>Windows ISAPI Extension support </DL> @@ -144,11 +144,11 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_log_config.html">mod_log_config</A> -<DD>User-configurable logging replacement for mod_log_common. +<DD>User-configurable logging replacement for mod_log_common <DT><A HREF="mod_log_agent.html">mod_log_agent</A> -<DD>Logging of User Agents. +<DD>Logging of User Agents <DT><A HREF="mod_log_referer.html">mod_log_referer</A> -<DD>Logging of document references. +<DD>Logging of document references <DT><A HREF="mod_usertrack.html">mod_usertrack</A> Apache 1.2 and up <DD>User tracking using Cookies (replacement for mod_cookies.c) </DL> @@ -157,13 +157,13 @@ For modules that are not part of the Apache distribution, please see <DL> <DT><A HREF="mod_imap.html">mod_imap</A> Apache 1.1 and up -<DD>The imagemap file handler. +<DD>The imagemap file handler <DT><A HREF="mod_proxy.html">mod_proxy</A> Apache 1.1 and up <DD>Caching proxy abilities <DT><A HREF="mod_so.html">mod_so</A> Apache 1.3 and up -<DD>Experimental support for loading modules (DLLs on Windows) at runtime +<DD>Support for loading modules (DLLs on Windows) at runtime <DT><A HREF="mod_mmap_static.html">mod_mmap_static</A> Apache 1.3 and up -<DD>Mapping files into memory for faster serving. +<DD><DD>Experimental file caching, mapping files into memory to improve performace <DT><A HREF="mod_ssl/index.html">mod_ssl</A> Apache 1.3 with mod_ssl applied <DD>Apache SSL interface to OpenSSL </DL> @@ -188,8 +188,6 @@ For modules that are not part of the Apache distribution, please see mod_usertrack <DT><A HREF="mod_dld.html">mod_dld</A> Apache 1.2.* and earlier <DD>Start-time linking with the GNU libdld. Replaced in Apache 1.3 by mod_so -<DT><A HREF="mod_dll.html">mod_dll</A> Apache 1.3b1 to 1.3b5 only -<DD>Replaced in 1.3b6 by mod_so <DT><A HREF="mod_log_common.html">mod_log_common</A> up to Apache 1.1.1 <DD>Standard logging in the Common Logfile Format. Replaced by the mod_log_config module in Apache 1.2 and up diff --git a/usr.sbin/httpd/htdocs/manual/mod/index.html b/usr.sbin/httpd/htdocs/manual/mod/index.html index 38ee8100311..d43dd5e4251 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/index.html +++ b/usr.sbin/httpd/htdocs/manual/mod/index.html @@ -33,35 +33,35 @@ distribution, please see <DL> <DT><A HREF="core.html">Core</A> -<DD>Core Apache features. +<DD>Core Apache features <DT><A HREF="mod_access.html">mod_access</A> -<DD>Access control based on client hostname or IP address. +<DD>Access control based on client hostname or IP address <DT><A HREF="mod_actions.html">mod_actions</A> Apache 1.1 and up -<DD>Executing CGI scripts based on media type or request method. +<DD>Executing CGI scripts based on media type or request method <DT><A HREF="mod_alias.html">mod_alias</A> <DD>Mapping different parts of the host filesystem in the document tree, - and URL redirection. + and URL redirection <DT><A HREF="mod_asis.html">mod_asis</A> -<DD>Sending files which contain their own HTTP headers. +<DD>Sending files which contain their own HTTP headers <DT><A HREF="mod_auth.html">mod_auth</A> -<DD>User authentication using text files. +<DD>User authentication using text files <DT><A HREF="mod_auth_anon.html">mod_auth_anon</A> Apache 1.1 and up -<DD>Anonymous user access to authenticated areas. +<DD>Anonymous user access to authenticated areas <DT><A HREF="mod_auth_db.html">mod_auth_db</A> Apache 1.1 and up -<DD>User authentication using Berkeley DB files. +<DD>User authentication using Berkeley DB files <DT><A HREF="mod_auth_dbm.html">mod_auth_dbm</A> -<DD>User authentication using DBM files. +<DD>User authentication using DBM files <DT><A HREF="mod_auth_digest.html">mod_auth_digest</A> Apache 1.3.8 and up -<DD>MD5 authentication (experimental) +<DD>Experimental MD5 authentication <DT><A HREF="mod_autoindex.html">mod_autoindex</A> -<DD>Automatic directory listings. +<DD>Automatic directory listings <DT><A HREF="mod_browser.html">mod_browser</A> Apache 1.2.* only <DD>Set environment variables based on User-Agent strings. Replaced by mod_setenvif in Apache 1.3 and up <DT><A HREF="mod_cern_meta.html">mod_cern_meta</A> Apache 1.1 and up -<DD>Support for HTTP header metafiles. +<DD>Support for HTTP header metafiles <DT><A HREF="mod_cgi.html">mod_cgi</A> -<DD>Invoking CGI scripts. +<DD>Invoking CGI scripts <DT><A HREF="mod_cookies.html">mod_cookies</A> up to Apache 1.1.1 <DD>Support for Netscape-like cookies. Replaced in Apache 1.2 by mod_usertrack @@ -70,11 +70,9 @@ mod_usertrack <DT><A HREF="mod_digest.html">mod_digest</A> Apache 1.1 and up <DD>MD5 authentication <DT><A HREF="mod_dir.html">mod_dir</A> -<DD>Basic directory handling. +<DD>Basic directory handling <DT><A HREF="mod_dld.html">mod_dld</A> Apache 1.2.* and earlier <DD>Start-time linking with the GNU libdld. Replaced in Apache 1.3 by mod_so -<DT><A HREF="mod_dll.html">mod_dll</A> Apache 1.3b1 to 1.3b5 only -<DD>Replaced in 1.3b6 by mod_so <DT><A HREF="mod_env.html">mod_env</A> Apache 1.1 and up <DD>Passing of environments to CGI scripts <DT><A HREF="mod_example.html">mod_example</A> Apache 1.2 and up @@ -84,30 +82,30 @@ mod_usertrack <DT><A HREF="mod_headers.html">mod_headers</A> Apache 1.2 and up <DD>Add arbitrary HTTP headers to resources <DT><A HREF="mod_imap.html">mod_imap</A> Apache 1.1 and up -<DD>The imagemap file handler. +<DD>The imagemap file handler <DT><A HREF="mod_include.html">mod_include</A> -<DD>Server-parsed documents. +<DD>Server-parsed documents <DT><A HREF="mod_info.html">mod_info</A> Apache 1.1 and up <DD>Server configuration information <DT><A HREF="mod_isapi.html">mod_isapi</A> WIN32 only <DD>Windows ISAPI Extension support <DT><A HREF="mod_log_agent.html">mod_log_agent</A> -<DD>Logging of User Agents. +<DD>Logging of User Agents <DT><A HREF="mod_log_common.html">mod_log_common</A> up to Apache 1.1.1 <DD>Standard logging in the Common Logfile Format. Replaced by the mod_log_config module in Apache 1.2 and up <DT><A HREF="mod_log_config.html">mod_log_config</A> -<DD>User-configurable logging replacement for mod_log_common. +<DD>User-configurable logging replacement for mod_log_common <DT><A HREF="mod_log_referer.html">mod_log_referer</A> -<DD>Logging of document references. +<DD>Logging of document references <DT><A HREF="mod_mime.html">mod_mime</A> -<DD>Determining document types using file extensions. +<DD>Determining document types using file extensions <DT><A HREF="mod_mime_magic.html">mod_mime_magic</A> -<DD>Determining document types using "magic numbers". +<DD>Determining document types using "magic numbers" <DT><A HREF="mod_mmap_static.html">mod_mmap_static</A> Apache 1.3 and up -<DD>Mapping files into memory for faster serving. +<DD>Experimental file caching, mapping files into memory to improve performance <DT><A HREF="mod_negotiation.html">mod_negotiation</A> -<DD>Content negotiation. +<DD>Content negotiation <DT><A HREF="mod_proxy.html">mod_proxy</A> Apache 1.1 and up <DD>Caching proxy abilities <DT><A HREF="mod_rewrite.html">mod_rewrite</A> Apache 1.2 and up @@ -115,7 +113,7 @@ mod_log_config module in Apache 1.2 and up <DT><A HREF="mod_setenvif.html">mod_setenvif</A> Apache 1.3 and up <DD>Set environment variables based on client information <DT><A HREF="mod_so.html">mod_so</A> Apache 1.3 and up -<DD>Experimental support for loading modules (DLLs on Windows) at runtime +<DD>Support for loading modules (.so's on Unix, .dll's on Win32) at runtime <DT><A HREF="mod_speling.html">mod_speling</A> Apache 1.3 and up <DD>Automatically correct minor typos in URLs <DT><A HREF="mod_ssl/index.html">mod_ssl</A> Apache 1.3 with mod_ssl applied @@ -123,7 +121,7 @@ mod_log_config module in Apache 1.2 and up <DT><A HREF="mod_status.html">mod_status</A> Apache 1.1 and up <DD>Server status display <DT><A HREF="mod_userdir.html">mod_userdir</A> -<DD>User home directories. +<DD>User home directories <DT><A HREF="mod_unique_id.html">mod_unique_id</A> Apache 1.3 and up <DD>Generate unique request identifier for every request <DT><A HREF="mod_usertrack.html">mod_usertrack</A> Apache 1.2 and up diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html index babc2923db2..c5bf586b058 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html @@ -22,8 +22,8 @@ <H1 ALIGN="CENTER">Module mod_access</H1> <P> -This module provides access control based on client hostname or IP -address. +This module provides access control based on client hostname, IP +address, or other characteristics of the client request. </P> <P><A @@ -42,14 +42,42 @@ REL="Help" ><STRONG>Module Identifier:</STRONG></A> access_module </P> +<h2>Summary</h2> + +<p>The directives provided by mod_access are used in <CODE><A +HREF="core.html#directory"><Directory></A>, <A +HREF="core.html#files"><Files></A>,</code> and <code> <A +HREF="core.html#location"><Location></A></code> sections as +well as <code><a +href="core.html#accessfilename">.htaccess</a></code> files +to control access to particular parts of the server. Access +can be controlled based on the client hostname, IP address, +or other characteristics of the client request, as captured +in <a href="../env.html">environment variables</a>. The +<code>Allow</code> and <code>Deny</code> directives are used +to specify which clients are or are not allowed access to the +server, while the <code>Order</code> directive sets the +default access state, and configures how the <code>Allow</code> +and <code>Deny</code> directives interact with each other.</p> + +<p>Both host-based access restrictions and password-based +authentication may be implemented simultaneously. In +that case, the <a href="core.html#satsify">Satisfy</a> directive +is used to determine how the two sets of restrictions +interact.</p> + +<p>In general, access restriction directives apply to all access +methods (<code>GET</code>, <code>PUT</code>, <code>POST</code>, etc). +This is the desired behavior in most cases. However, it is possible +to restrict some methods, while leaving other methods unrestricted, by +enclosing the directives in a <a +href="core.html#limit"><Limit></a> section.</p> <H2>Directives</H2> <UL> <LI><A HREF="#allow">Allow</A> -<LI><A HREF="#allowfromenv">Allow from env=</A> <LI><A HREF="#deny">Deny</A> -<LI><A HREF="#denyfromenv">Deny from env=</A> <LI><A HREF="#order">Order</A> </UL> @@ -59,13 +87,15 @@ REL="Help" <HR> -<H2><A NAME="allow">Allow directive</A></H2> +<H2><A NAME="allow">Allow</a> <a name="allowfromenv">directive</A></H2> <P> <!--%plaintext <?INDEX {\tt Allow} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Allow from <EM>host host ...</EM><BR> +><STRONG>Syntax:</STRONG></A> Allow from + all|<EM>host</em>|env=<em>variablename</em> + [<em>host</em>|env=<em>variablename</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -83,75 +113,67 @@ REL="Help" REL="Help" ><STRONG>Module:</STRONG></A> mod_access </P> + <P> -The Allow directive affects which hosts can access a given directory. -<EM>Host</EM> is one of the following: -</P> +The <code>Allow</code> directive affects which hosts can access an +area of the server. Access can be controlled by hostname, IP Address, +IP Address range, or by other characteristics of the client +request captured in environment variables.</p> + +<p>The first argument to this directive is always <code>from</code>. +The subsequent arguments can take three different forms. If +<code>Allow from all</code> is specified, then all hosts are allowed +access, subject to the configuration of the <code>Deny</code> and +<code>Order</code> directives as discussed below. To allow only +particular hosts or groups of hosts to access the server, the +<em>host</em> can be specified in any of the following formats:</p> <DL> -<DT><CODE>all</CODE> -<DD>All hosts are allowed access -<DT>A (partial) domain-name -<DD>Hosts whose names match, or end in, this string are allowed access. -<DT>A full IP address -<DD>An IP address of a host allowed access -<DT>A partial IP address -<DD>The first 1 to 3 bytes of an IP address, for subnet restriction. -<DT>A network/netmask pair (<STRONG>Apache 1.3 and later</STRONG>) -<DD>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet - restriction. (<EM>i.e.</EM>, 10.1.0.0/255.255.0.0) -<DT>A network/nnn CIDR specification (<STRONG>Apache 1.3 and later</STRONG>) -<DD>Similar to the previous case, except the netmask consists of nnn - high-order 1 bits. (<EM>i.e.</EM>, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0) + +<DT>A (partial) domain-name</dt> <dd>Example: <code>Allow from +apache.org</code><br> Hosts whose names match, or end in, this string +are allowed access. Only complete components are matched, so the +above example will match <code>foo.apache.org</code> but it will not +match <code>fooapache.org</code>. This configuration will cause the +server to perform a reverse DNS lookup on the client IP address, +regardless of the setting of the <a +href="core.html#hostnamelookups">HostNameLookups</a> directive.</dd> + +<DT>A full IP address</dt> +<DD>Example: <code>Allow from 10.1.2.3</code><br> +An IP address of a host allowed access</dd> + +<DT>A partial IP address</dt> +<dd>Example: <code>Allow from 10.1</code><br> +The first 1 to 3 bytes of an IP address, for subnet restriction.</dd> + +<DT>A network/netmask pair</dt> +<dd>Example: <code>Allow from 10.1.0.0/255.255.0.0</code><br> + A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet + restriction. (Apache 1.3 and later)</dd> + +<DT>A network/nnn CIDR specification</dt> <dd>Example: <code>Allow +from 10.1.0.0/16</code><br> Similar to the previous case, except the +netmask consists of nnn high-order 1 bits. (Apache 1.3 and +later)</dd> </DL> -<P> -Example: -</P> -<BLOCKQUOTE><CODE>Allow from .ncsa.uiuc.edu</CODE></BLOCKQUOTE> -<P> -All hosts in the specified domain are allowed access. -</P> -<P> -Note that this compares whole components; <CODE>bar.edu</CODE> -would not match <CODE>foobar.edu</CODE>. -</P> -<P> -See also <A HREF="#allowfromenv">Allow from env=</A>, <A -HREF="#deny">Deny</A> and <A HREF="#order">Order</A>. -</P> -<HR> +<p>Note that the last three examples above match exactly the +same set of hosts.</p> -<H2><A NAME="allowfromenv">Allow from env= directive</A></H2> +<p>The third format of the arguments to the <code>Allow</code> +directive allows access to the server to be controlled based on the +existence of an <a href="../env.html">environment variable</a>. When +<code>Allow from env=</code><em>variablename</em> is specified, then +the request is allowed access if the environment variable +<em>variablename</em> exists. The server provides the ability to set +environment variables in a flexible way based on characteristics of +the client request using the directives provided by <a +href="mod_setenvif.html">mod_setenvif</a>. Therefore, this directive +can be used to allow access based on such factors as the clients +<code>User-Agent</code> (browser type), <code>Referer</code>, or other +HTTP request header fields.</P> <P> -<STRONG>Syntax:</STRONG> Allow from - env=<EM>variablename</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> Limit<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Base<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_access<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Apache 1.2 and above -</P> -<P> -The <CODE>Allow from env</CODE> directive controls access to a directory by the -existence (or non-existence) of an environment variable. -</P> -<P> Example: </P> <BLOCKQUOTE><PRE> @@ -162,21 +184,25 @@ SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in Allow from env=let_me_in </Directory> </PRE></BLOCKQUOTE> -In this case browsers with the user-agent string <TT>KnockKnock/2.0</TT> will -be allowed access, and all others will be denied. + +<p>In this case, browsers with a user-agent string beginning with +<TT>KnockKnock/2.0</TT> will be allowed access, and all others will be +denied.</p> <P> -See also <A HREF="#denyfromenv">Deny from env=</A>, <A HREF="#order">Order</A> +See also <a href="#deny">Deny</a>, <A HREF="#order">Order</A> and <A HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>. </P> <HR> -<H2><A NAME="deny">Deny directive</A></H2> +<H2><A NAME="deny">Deny</a> <a name="denyfromenv">directive</A></H2> <P> <!--%plaintext <?INDEX {\tt Deny} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Deny from <EM>host host ...</EM><BR> +><STRONG>Syntax:</STRONG></A> Deny from + all|<EM>host</em>|env=<em>variablename</em> + [<em>host</em>|env=<em>variablename</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -194,93 +220,14 @@ and <A HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>. REL="Help" ><STRONG>Module:</STRONG></A> mod_access </P> -<P> -The <CODE>Deny</CODE> directive affects which hosts can access a given directory. -<EM>Host</EM> is one of the following: -</P> -<DL> -<DT><CODE>all</CODE> -<DD>all hosts are denied access -<DT>A (partial) domain-name -<DD>host whose name is, or ends in, this string are denied access. -<DT>A full IP address -<DD>An IP address of a host denied access -<DT>A partial IP address -<DD>The first 1 to 3 bytes of an IP address, for subnet restriction. -<DT>A network/netmask pair (<STRONG>Apache 1.3 and later</STRONG>) -<DD>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet - restriction. (<EM>i.e.</EM>, 10.1.0.0/255.255.0.0) -<DT>A network/nnn CIDR specification (<STRONG>Apache 1.3 and later</STRONG>) -<DD>Similar to the previous case, except the netmask consists of nnn - high-order 1 bits. (<EM>i.e.</EM>, 10.1.0.0/16 is the same as 10.1.0.0/255.255.0.0) -</DL> -<P> -Example: -</P> -<BLOCKQUOTE><CODE>Deny from 16</CODE></BLOCKQUOTE> -<P> -All hosts in the specified network are denied access. -</P> -<P> -Note that this compares whole components; <CODE>bar.edu</CODE> -would not match <CODE>foobar.edu</CODE>. -</P> -<P> -See also <A HREF="#denyfromenv">Deny from env=</A>, <A -HREF="#allow">Allow</A> and <A HREF="#order">Order</A>. -</P> - -<HR> -<H2><A NAME="denfromenv">Deny from env= directive</A></H2> +<p>This directive allows access to the server to be restricted based +on hostname, IP address, or environment variables. The arguments for +the <code>Deny</code> directive are identical to the arguments for the +<a href="#allow">Allow</a> directive.</p> -<P> -<STRONG>Syntax:</STRONG> Deny from - env=<EM>variablename</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> Limit<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Base<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_access<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Apache 1.2 and above -</P> -<P> -The <CODE>Deny from env</CODE> directive controls access to a directory by the -existence (or non-existence) of an environment variable. -</P> -<P> -Example: -</P> -<BLOCKQUOTE><PRE> -SetEnvIf User-Agent ^BadRobot/0.9 go_away -<Directory /docroot> - Order Allow,Deny - Allow from all - Deny from env=go_away -</Directory> -</PRE></BLOCKQUOTE> -In this case browsers with the user-agent string <TT>BadRobot/0.9</TT> will -be denied access, and all others will be allowed. - -<P> -See also <A HREF="#allowfromenv">Allow from env=</A>, <A -HREF="#order">Order</A> and <A -HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>. -</P> +<p>See also <a href="#allow">Allow</a>, <A HREF="#order">Order</A> +and <A HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>.</p> <HR> <H2><A NAME="order">Order directive</A></H2> @@ -312,43 +259,94 @@ HREF="mod_setenvif.html#SetEnvIf">SetEnvIf</A>. ><STRONG>Module:</STRONG></A> mod_access </P> <P> -The <CODE>Order</CODE> directive controls the order in which -<A HREF="#allow">Allow</A> and <A HREF="#deny">Deny</A> directives are -evaluated. <EM>Ordering</EM> is one -of +The <CODE>Order</CODE> directive controls the default access state and +the order in which <A HREF="#allow">Allow</A> and <A +HREF="#deny">Deny</A> directives are evaluated. <EM>Ordering</EM> is +one of </P> <DL> -<DT>Deny,Allow -<DD>the <CODE>Deny</CODE> directives are evaluated before the <CODE>Allow</CODE> -directives. (The initial state is OK.) -<DT>Allow,Deny -<DD>the <CODE>Allow</CODE> directives are evaluated before the <CODE>Deny</CODE> -directives. (The initial state is FORBIDDEN.) -<DT>Mutual-failure -<DD>Only those hosts which appear on the <CODE>Allow</CODE> list and do not -appear on the <CODE>Deny</CODE> list are granted access. (The initial state is -irrelevant.) This ordering has the same effect as <code>Order Allow,Deny</code> -and is deprecated in favor of that configuration. +<DT>Deny,Allow</dt> <DD>The <CODE>Deny</CODE> directives are evaluated +before the <CODE>Allow</CODE> directives. Access is allowed +by default. Any client which does not match a <code>Deny</code> +directive or does match an <code>Allow</code> directive will be +allowed access to the server.</dd> + +<DT>Allow,Deny</dt> <DD>The <CODE>Allow</CODE> directives are +evaluated before the <CODE>Deny</CODE> directives. Access is +denied by default. Any client which does not match +an <code>Allow</code> directive or does match a <code>Deny</code> +directive will be denied access to the server.</dd> + +<DT>Mutual-failure</dt> <DD>Only those hosts which appear on the +<CODE>Allow</CODE> list and do not appear on the <CODE>Deny</CODE> +list are granted access. This ordering has the same effect as +<code>Order Allow,Deny</code> and is deprecated in favor of that +configuration.</dd> </DL> -<P> -Keywords may only be separated by a comma; no whitespace is allowed between -them. -<STRONG>Note that in all cases every <CODE>Allow</CODE> and <CODE>Deny</CODE> -statement is evaluated, there is no "short-circuiting".</STRONG> -</P> -<P> -Example: + +<P>Keywords may only be separated by a comma; no whitespace is allowed +between them. Note that in all cases every <CODE>Allow</CODE> +and <CODE>Deny</CODE> statement is evaluated.</P> + +<P>In the following example, all hosts in the apache.org domain are +allowed access; all other hosts are denied access. </P> + <BLOCKQUOTE><CODE> Order Deny,Allow<BR> Deny from all<BR> - Allow from .ncsa.uiuc.edu<BR> + Allow from apache.org<BR> </CODE></BLOCKQUOTE> -<P> -Hosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are -denied access. + +<P>In the next example, all hosts in the apache.org domain are allowed +access, except for the hosts which are in the foo.apache.org +subdomain, who are denied access. All hosts not in the apache.org +domain are denied access because the default state is to deny access +to the server. </P> +<blockquote><code> + Order Allow,Deny<br> + Allow from apache.org<br> + Deny from foo.apache.org<br> +</code></blockquote> + +<p>On the other hand, if the <code>Order</code> in the last example is +changed to <code>Deny,Allow</code>, all hosts will be allowed access. +This happens because, regardless of the actual ordering of the +directives in the configuration file, the <code>Allow from +apache.org</code> will be evaluated last and will override the +<code>Deny from foo.apache.org</code>. All hosts not in the +<code>apache.org</code> domain will also be allowed access because the +default state will change to <em>allow</em>.</p> + +<p>The presence of an <code>Order</code> directive can +affect access to a part of the server even in the absence +of accompanying <code>Allow</code> and <code>Deny</code> +directives because of its effect on the default access state. +For example,</p> + +<blockquote><code> +<Directory /www><br> + Order Allow,Deny<br> +</Directory> +</code></blockquote> + +<p>will deny all access to the <code>/www</code> directory because +the default access state will be set to <em>deny</em>.</p> + +<p>The <code>Order</code> directive controls the order of access +directive processing only within each phase of the server's +configuration processing. This implies, for example, that an +<code>Allow</code> or <code>Deny</code> directive occurring +in a <Location> section will always be evaluated after +an <code>Allow</code> or <code>Deny</code> directive occurring +in a <Directory> section or <code>.htaccess</code> file, +regardless of the setting of the <code>Order</code> directive. +For details on the merging of configuration sections, +see the documentation on <a href="../sections.html">How Directory, +Location and Files sections work</a>.</p> + <P>See also: <A HREF="#deny">Deny</A> and <A HREF="#allow">Allow</A>. <HR> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html b/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html index 5ab919643d0..70d2fa87a43 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html @@ -163,7 +163,6 @@ to activate the <CODE>/icons</CODE> directory, one might use: <PRE> AliasMatch ^/icons(.*) /usr/local/apache/icons$1 </PRE> -</P> <HR> @@ -173,7 +172,7 @@ to activate the <CODE>/icons</CODE> directory, one might use: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Redirect [ <EM>status</EM> ] +><STRONG>Syntax:</STRONG></A> Redirect [<EM>status</EM>] <EM>url-path url</EM><BR> <A HREF="directive-dict.html#Context" @@ -293,7 +292,6 @@ one might use: <PRE> RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg </PRE> -</P> <HR> @@ -440,7 +438,6 @@ to activate the standard <CODE>/cgi-bin</CODE>, one might use: <PRE> ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1 </PRE> -</P> <HR> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html index d69871ab454..b9d33dccca1 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html @@ -139,10 +139,10 @@ slash), it is treated as relative to the ServerRoot. by a colon, followed by the crypt() encrypted password. The behavior of multiple occurrences of the same user is undefined. <P> -The utility <code>htpasswd</code> which is installed as part of the -binary distribution, or which can be found in <code>src/support</code>, -is used to maintain this password file. See the <code>man</code> -page for more details. In short +The utility <a href="../programs/htpasswd.html">htpasswd</a> which is +installed as part of the binary distribution, or which can be found in +<code>src/support</code>, is used to maintain this password file. See +the <code>man</code> page for more details. In short <p> <blockquote> <code>htpasswd -c Filename username</code><br> @@ -170,8 +170,11 @@ See also <A HREF="core.html#authname">AuthName</A>, <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthAuthoritative < - <STRONG> on</STRONG>(default) | off > <BR> +><STRONG>Syntax:</STRONG></A> AuthAuthoritative on|off<BR> +<A + HREF="directive-dict.html#Default" + REL="Help" +><STRONG>Default:</STRONG></A> <CODE>AuthAuthoritative on</CODE><BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html index 8b3c5387764..3bf2feebedf 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html @@ -93,27 +93,27 @@ the error log file </UL> <P> Excerpt of access.conf: -<BLOCKQUOTE><CODE> -Anonymous_NoUserId off<BR> -Anonymous_MustGiveEmail on<BR> -Anonymous_VerifyEmail on<BR> -Anonymous_LogEmail on<BR> -Anonymous anonymous guest www test welcome<P> -<P> -AuthName "Use 'anonymous' & Email address for guest entry"<BR> +<BLOCKQUOTE><pre> +Anonymous_NoUserId off +Anonymous_MustGiveEmail on +Anonymous_VerifyEmail on +Anonymous_LogEmail on +Anonymous anonymous guest www test welcome + +AuthName "Use 'anonymous' & Email address for guest entry" AuthType basic -<P> -# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<BR> -# directive must be specified, or use<BR> -# Anonymous_Authoritative for public access.<BR> -# In the .htaccess for the public directory, add:<BR> -<Files *><BR> -Order Deny,Allow <BR> -Allow from all <BR> -<P> -Require valid-user <BR> -</Files><BR> -</CODE></BLOCKQUOTE> + +# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile +# directive must be specified, or use +# Anonymous_Authoritative for public access. +# In the .htaccess for the public directory, add: +<Files *> +Order Deny,Allow +Allow from all + +Require valid-user +</Files> +</pre></BLOCKQUOTE> <HR> @@ -122,7 +122,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous <EM>user user ...</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous <EM>user</em> [<em>user</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -167,7 +167,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_Authoritative <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_Authoritative on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -204,7 +204,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_LogEmail <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_LogEmail on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -235,8 +235,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_MustGiveEmail <EM>on</EM> - | <EM>off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_MustGiveEmail on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -266,7 +265,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_NoUserID <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_NoUserID on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -300,7 +299,7 @@ Require valid-user <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Anonymous_VerifyEmail <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> Anonymous_VerifyEmail on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html index 3a5c74ac53f..41290a20ff2 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html @@ -184,6 +184,11 @@ rely upon the string being NULL-appended, so if you are having trouble using DB files interchangeably between applications this may be a part of the problem. <P> +<p>A perl script called +href="../programs/dbmmanage.html">dbmmanage</a> is included with +Apache. This program can be used to create and update DB format +password files for use with this module.</p> + See also <A HREF="core.html#authname">AuthName</A>, <A HREF="core.html#authtype">AuthType</A> and <A HREF="#authdbgroupfile">AuthDBGroupFile</A>.<P> @@ -193,8 +198,7 @@ See also <A HREF="core.html#authname">AuthName</A>, <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDBAuthoritative < - <STRONG> on</STRONG>| off > <BR> +><STRONG>Syntax:</STRONG></A> AuthDBAuthoritative on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html index 6f144f566c3..b726596bb26 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html @@ -170,6 +170,11 @@ rely upon the string being NULL-appended, so if you are having trouble using DBM files interchangeably between applications this may be a part of the problem. <P> +<p>A perl script called +href="../programs/dbmmanage.html">dbmmanage</a> is included with +Apache. This program can be used to create and update DBM format +password files for use with this module.</p> + See also <A HREF="core.html#authname">AuthName</A>, <A HREF="core.html#authtype">AuthType</A> and <A HREF="#authdbmgroupfile">AuthDBMGroupFile</A>.<P> @@ -180,7 +185,7 @@ See also <A HREF="core.html#authname">AuthName</A>, <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDBMAuthoritative < <STRONG> on</STRONG> | off > <BR> +><STRONG>Syntax:</STRONG></A> AuthDBMAuthoritative on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html index af233e6f7cb..4377c04d2ea 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html @@ -131,8 +131,8 @@ the list of users and encoded passwords for digest authentication. <EM>Filename</EM> is the absolute path to the user file. <P>The digest file uses a special format. Files in this format can be -created using the "htdigest" utility found in the support/ subdirectory of -the Apache distribution. +created using the <a href="../programs/htdigest.html">htdigest</a> +utility found in the support/ subdirectory of the Apache distribution. <HR> @@ -182,7 +182,8 @@ AuthGroupFile. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestQop <EM>none | 1*{ auth | auth-int }</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestQop none|auth|auth-int +[auth|auth-int]<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -227,7 +228,7 @@ directive</H2> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestNonceLifetime <EM><time></EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestNonceLifetime <EM>seconds</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -256,13 +257,13 @@ directive</H2> <P>The AuthDigestNonceLifetime directive controls how long the server nonce is valid. When the client contacts the server using an expired nonce the server will send back a 401 with <code>stale=true</code>. If -<EM><time></EM> is greater than 0 then it specifies the number of -seconds the nonce is valid; this should probably never be set to less -than 10 seconds. If <EM><time></EM> is less than 0 then the nonce -never expires. +<EM>seconds</EM> is greater than 0 then it specifies the amount of +time for which the nonce is valid; this should probably never be set +to less than 10 seconds. If <EM>seconds</EM> is less than 0 then +the nonce never expires. <!-- Not implemented yet -If <EM><time></EM> is 0 then the nonce may be used exactly once +If <EM>seconds</EM> is 0 then the nonce may be used exactly once by the client. Note that while one-time-nonces provide higher security against replay attacks, they also have significant performance implications, as the browser cannot pipeline or multiple connections @@ -318,7 +319,7 @@ generated. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestNcCheck <EM>On/Off</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestNcCheck On|Off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -363,7 +364,7 @@ impact performance. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestAlgorithm <EM>MD5 | MD5-sess</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestAlgorithm MD5|MD5-sess<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -403,7 +404,8 @@ the challenge and response hashes. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDigestDomain <EM>URI URI ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AuthDigestDomain <EM>URI</em> +[<em>URI</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html index 1a96ccd0872..0e849931d2a 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html @@ -117,7 +117,8 @@ HREF="mod_dir.html#directoryindex">DirectoryIndex</A>.</p> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddAlt <EM>string file file...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddAlt <EM>string file</em> +[<em>file</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -149,8 +150,8 @@ image-incapable or has image loading disabled. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddAltByEncoding <EM>string MIME-encoding - MIME-encoding...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddAltByEncoding <EM>string MIME-encoding</em> + [<em>MIME-encoding</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -182,8 +183,8 @@ image-incapable or has image loading disabled. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddAltByType <EM>string MIME-type MIME-type - ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddAltByType <EM>string MIME-type</em> + [<em>MIME-type</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -216,7 +217,8 @@ image-incapable or has image loading disabled. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddDescription <EM>string file file...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddDescription <EM>string file</em> + [<em>file</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -259,7 +261,7 @@ may contain HTML markup, such as tags and character entities. If the width of the description column should happen to truncate a tagged element (such as cutting off the end of a bolded phrase), the results may affect the rest of the directory listing. -</P> + <HR> <H2><A NAME="addicon">AddIcon</A> directive</H2> @@ -267,7 +269,8 @@ may affect the rest of the directory listing. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddIcon <EM>icon name name ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddIcon <EM>icon name</em> + [<em>name</em>] ...</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -308,8 +311,8 @@ AddIcon, when possible.<P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddIconByEncoding <EM>icon MIME-encoding - MIME-encoding ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddIconByEncoding <EM>icon MIME-encoding</em> + [<em>MIME-encoding</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -345,8 +348,8 @@ AddIconByEncoding /icons/compressed.gif x-compress <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddIconByType <EM>icon MIME-type MIME-type - ...</EM><BR> +><STRONG>Syntax:</STRONG></A> AddIconByType <EM>icon MIME-type</em> + [<em>MIME-type</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -412,7 +415,7 @@ DefaultIcon /icon/unknown.xbm <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> FancyIndexing <EM>boolean</EM><BR> +><STRONG>Syntax:</STRONG></A> FancyIndexing on|off<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -432,8 +435,7 @@ DefaultIcon /icon/unknown.xbm ><STRONG>Module:</STRONG></A> mod_autoindex <P> The FancyIndexing directive sets the FancyIndexing option for a directory. -<EM>Boolean</EM> can be <CODE>on</CODE> or <CODE>off</CODE>. The -<A HREF="#indexoptions">IndexOptions</A> directive should be used in +The <A HREF="#indexoptions">IndexOptions</A> directive should be used in preference. </P> <BLOCKQUOTE> @@ -523,7 +525,7 @@ See also <A HREF="#readmename">ReadmeName</A>. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> IndexIgnore <EM>file file ...</EM><BR> +><STRONG>Syntax:</STRONG></A> IndexIgnore <EM>file</em> [<em>file</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -556,15 +558,14 @@ IndexIgnore README .htaccess *~ <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> IndexOptions <EM>option option ...</EM> - (Apache 1.3.2 and earlier) +><STRONG>Syntax:</STRONG></A> IndexOptions <EM>option</em> + [<em>option</em>] ... (Apache 1.3.2 and earlier) <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> IndexOptions <EM>[+|-]option [+|-]option - ...</EM> - (Apache 1.3.3 and later) +><STRONG>Syntax:</STRONG></A> IndexOptions [+|-]<em>option</em> + [[+|-]<em>option</em>] ... (Apache 1.3.3 and later) <BR> <A HREF="directive-dict.html#Context" @@ -591,7 +592,8 @@ IndexIgnore README .htaccess *~ <SAMP>IndexOptions</SAMP> directives is only available with Apache 1.3.3 and later; the <samp>FoldersFirst</samp> and <samp>DescriptionWidth</samp> options are only - available with Apache 1.3.10 and later + available with Apache 1.3.10 and later; the <samp>TrackModified</samp> +option is only available with Apache 1.3.15 and later <P> The IndexOptions directive specifies the behavior of the directory indexing. @@ -706,6 +708,18 @@ indexing listings. <DD> <!--%plaintext <?INDEX {\tt SuppressSize} index option> --> This will suppress the file size in fancy indexing listings. +<DT><A NAME="indexoptions:trackmodified">TrackModified +(<EM>Apache 1.3.15 and later</EM>)</A> +<DD> +<!--%plaintext <?INDEX {\tt TrackModified} index option> --> +This returns the Last-Modified and ETag values for the listed directory +in the HTTP header. It is only valid if the operating system and file +system return legitimate stat() results. Most Unix systems do so, as +do OS2's JFS and Win32's NTFS volumes. OS2 and Win32 FAT volumes, +for example, do not. Once this feature is enabled, the client or proxy +can track changes to the list of files when they perform a HEAD request. +Note some operating systems correctly track new and removed files, but +do not track changes for sizes or dates of the files within the directory. </DL> <P> There are some noticeable differences in the behaviour of this @@ -728,7 +742,7 @@ the options are not merged. For example: </pre></BLOCKQUOTE> then only <CODE>ScanHTMLTitles</CODE> will be set for the /web/docs/spec directory. -</P> + </DD> <DT>Apache 1.3.3 and later:</DT> <DD> @@ -781,7 +795,7 @@ keywords without either '+' or '-' prefixes. HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> IndexOrderDefault - <EM>Ascending|Descending</EM> <EM>Name|Date|Size|Description</EM> + Ascending|Descending Name|Date|Size|Description <BR> <A HREF="directive-dict.html#Context" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html index db65436f2a6..c351ec35e67 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html @@ -75,7 +75,7 @@ who can exploit this module. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> MetaFiles <EM>on/off</EM><BR> +><STRONG>Syntax:</STRONG></A> MetaFiles on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -106,7 +106,7 @@ Turns on/off Meta file processing on a per-directory basis. This option was intr <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> MetaDir <EM>directory name</EM><BR> +><STRONG>Syntax:</STRONG></A> MetaDir <EM>directory</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html index 02236694911..4b6d77b4c30 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html @@ -65,6 +65,10 @@ When the server invokes a CGI script, it will add a variable called value of the <A HREF="core.html#documentroot">DocumentRoot</A> configuration variable. +<p>For an introduction to using CGI scripts with Apache, see +our tutorial on <a href="../howto/cgi.html">Dynamic Content +with CGI</a>.</p> + <h2>Directives</h2> <ul> @@ -99,8 +103,6 @@ totally useless. </DL> <P> -<HR> - <H2><A NAME="cgi_debug">CGI Debugging</A></H2> Debugging CGI scripts has traditionally been difficult, mainly because @@ -112,8 +114,6 @@ which are failing to run properly. These directives, included in Apache 1.2 and later, provide more detailed logging of errors when they occur. -<HR> - <H2>CGI Logfile Format</H2> When configured, the CGI error log logs any CGI which does not execute @@ -204,7 +204,7 @@ it was designed.</P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ScriptLogLength <EM>size</EM><BR> +><STRONG>Syntax:</STRONG></A> ScriptLogLength <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -233,7 +233,7 @@ exceeds this size, no more information will be written to it. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ScriptLogBuffer <EM>size</EM><BR> +><STRONG>Syntax:</STRONG></A> ScriptLogBuffer <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html b/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html index 43beb8f145c..1f8859b3c21 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html @@ -15,209 +15,87 @@ <DIV ALIGN="CENTER"> <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]"> <H3> - Apache HTTP Server Version 1.2 + Apache HTTP Server Version 1.3 </H3> </DIV> <H1 ALIGN="CENTER">Module mod_dir</H1> -This module is contained in the <code>mod_dir.c</code> file, and -is compiled in by default. It provides for directory indexing. - -<h2>Summary</h2> -This module controls the directory indexing. The index of a directory -can come from one of two sources: -<ul> -<li>A file written by the user, typically called <code>index.html</code>. -The <A HREF="#directoryindex">DirectoryIndex</A> directive sets the name -of this file. -<li>Otherwise, a listing generated by the server. The other directives -control the format of this listing. The <A HREF="#addicon">AddIcon</A>, -<A HREF="#addiconbyencoding">AddIconByEncoding</A> and -<A HREF="#addiconbytype">AddIconByType</A> are used to set a list of -icons to display for various file types; for each file listed, the -first icon listed that matches the file is displayed. -</ul> - - -<h2>Directives</h2> - -<menu> -<li><A HREF="#addalt">AddAlt</A> -<li><A HREF="#addaltbyencoding">AddAltByEncoding</A> -<li><A HREF="#addaltbytype">AddAltByType</A> -<li><A HREF="#adddescription">AddDescription</A> -<li><A HREF="#addicon">AddIcon</A> -<li><A HREF="#addiconbyencoding">AddIconByEncoding</A> -<li><A HREF="#addiconbytype">AddIconByType</A> -<li><A HREF="#defaulticon">DefaultIcon</A> -<li><A HREF="#directoryindex">DirectoryIndex</A> -<li><A HREF="#fancyindexing">FancyIndexing</A> -<li><A HREF="#headername">HeaderName</A> -<li><A HREF="#indexignore">IndexIgnore</A> -<li><A HREF="#indexoptions">IndexOptions</A> -<li><A HREF="#readmename">ReadmeName</A> -</menu> -<hr> - -<A name="addalt"><h2>AddAlt</h2></A> -<!--%plaintext <?INDEX {\tt AddAlt} directive> --> -<strong>Syntax:</strong> AddAlt <em>string file file...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the alternate text to display for a file, instead of an icon, for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>File</em> is a file -extension, partial filename, wild-card expression or full filename for files -to describe. <em>String</em> is enclosed in double quotes -(<code>"</code>). This alternate text is displayed if the client is -image-incapable or has image loading disabled. - -<HR> -<A name="addaltbyencoding"><h2>AddAltByEncoding</h2></A> -<!--%plaintext <?INDEX {\tt AddAltByEncoding} directive> --> -<strong>Syntax:</strong> AddAltByEncoding <em>string MIME-encoding - MIME-encoding...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the alternate text to display for a file, instead of an icon, for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>MIME-encoding</em> is a -valid content-encoding, such as <SAMP>x-compress</SAMP>. -<em>String</em> is enclosed in double quotes -(<code>"</code>). This alternate text is displayed if the client is -image-incapable or has image loading disabled. - +<p>This module provides for "trailing slash" redirects and serving +directory index files.</p> + +<P><A +HREF="module-dict.html#Status" +REL="Help" +><STRONG>Status:</STRONG></A> Base +<BR> +<A +HREF="module-dict.html#SourceFile" +REL="Help" +><STRONG>Source File:</STRONG></A> mod_dir.c +<BR> +<A +HREF="module-dict.html#ModuleIdentifier" +REL="Help" +><STRONG>Module Identifier:</STRONG></A> dir_module +</P> + +<H2>Summary</H2> +The index of a directory can come from one of two sources: +<UL> +<LI>A file written by the user, typically called <CODE>index.html</CODE>. +The <A HREF="#directoryindex">DirectoryIndex</A> directive sets +the name of this file. +This is controlled by <CODE>mod_dir</CODE>. +<LI>Otherwise, a listing generated by the server. This is provided by +<A HREF="mod_autoindex.html"><CODE>mod_autoindex</CODE></A>. +</UL> +The two functions are separated so that you can completely remove +(or replace) automatic index generation should you want to. +<P>A "trailing slash" redirect is issued when the server receives a +request for a URL <SAMP>http://servername/foo/dirname</SAMP> where +<SAMP>dirname</SAMP> is a directory. Directories require a trailing +slash, so <CODE>mod_dir</CODE> issues a redirect to +<SAMP>http://servername/foo/dirname/</SAMP>. + +<H2>Directives</H2> + +<MENU> +<LI><A HREF="#directoryindex">DirectoryIndex</A> +</MENU> <HR> -<A name="addaltbytype"><h2>AddAltByType</h2></A> -<!--%plaintext <?INDEX {\tt AddAltByType} directive> --> -<strong>Syntax:</strong> AddAltByType <em>string MIME-type MIME-type...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the alternate text to display for a file, instead of an icon, for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>MIME-type</em> is a -valid content-type, such as <SAMP>text/html</SAMP>. -<em>String</em> is enclosed in double quotes -(<code>"</code>). This alternate text is displayed if the client is -image-incapable or has image loading disabled. - -<HR> - -<A name="adddescription"><h2>AddDescription</h2></A> -<!--%plaintext <?INDEX {\tt AddDescription} directive> --> -<strong>Syntax:</strong> AddDescription <em>string file file...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the description to display for a file, for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>File</em> is a file -extension, partial filename, wild-card expression or full filename for files -to describe. <em>String</em> is enclosed in double quotes -(<code>"</code>). Example: -<blockquote><code>AddDescription "The planet Mars" /web/pics/mars.gif -</code></blockquote><p><hr> - -<A name="addicon"><h2>AddIcon</h2></A> -<!--%plaintext <?INDEX {\tt AddIcon} directive> --> -<strong>Syntax:</strong> AddIcon <em>icon name name ...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the icon to display next to a file ending in <em>name</em> for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>Icon</em> is either a -(%-escaped) relative URL to the icon, or of the format -(<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the text tag given -for an icon for non-graphical browsers.<p> - -<em>Name</em> is either ^^DIRECTORY^^ for directories, ^^BLANKICON^^ for -blank lines (to format the list correctly), a file extension, a wildcard -expression, a partial filename or a complete filename. Examples: -<blockquote><code> -AddIcon (IMG,/icons/image.xbm) .gif .jpg .xbm <br> -AddIcon /icons/dir.xbm ^^DIRECTORY^^ <br> -AddIcon /icons/backup.xbm *~ -</code></blockquote> -<A HREF="#addiconbytype">AddIconByType</A> should be used in preference to -AddIcon, when possible.<p><hr> - -<A name="addiconbyencoding"><h2>AddIconByEncoding</h2></A> -<!--%plaintext <?INDEX {\tt AddIconByEncoding} directive> --> -<strong>Syntax:</strong> AddIconByEncoding <em>icon mime-encoding mime-encoding -...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the icon to display next to files with -<em>mime-encoding</em> for <A HREF="#fancyindexing">FancyIndexing</A>. -<em>Icon</em> is either a (%-escaped) relative URL to the icon, or of the -format (<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the text tag -given for an icon for non-graphical browsers.<p> -<em>Mime-encoding</em> is a wildcard expression matching required the -content-encoding. Examples: -<blockquote><code> -AddIconByEncoding /icons/compress.xbm x-compress -</code></blockquote><p><hr> - -<A name="addiconbytype"><h2>AddIconByType</h2></A> -<!--%plaintext <?INDEX {\tt AddIconByType} directive> --> -<strong>Syntax:</strong> AddIconByType <em>icon mime-type mime-type ...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -This sets the icon to display next to files of type <em>mime-type</em> for -<A HREF="#fancyindexing">FancyIndexing</A>. <em>Icon</em> is either a -(%-escaped) relative URL to the icon, or of the format -(<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the text tag given -for an icon for non-graphical browsers.<p> -<em>Mime-type</em> is a wildcard expression matching required the mime types. -Examples: -<blockquote><code> -AddIconByType (IMG,/icons/image.xbm) image/* -</code></blockquote><p><hr> - -<A name="defaulticon"><h2>DefaultIcon</h2></A> -<!--%plaintext <?INDEX {\tt DefaultIcon} directive> --> -<strong>Syntax:</strong> DefaultIcon <em>url</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The DefaultIcon directive sets the icon to display for files when no -specific icon is known, for <A HREF="#fancyindexing">FancyIndexing</A>. -<em>Url</em> is a (%-escaped) relative URL to the icon. Examples: -<blockquote><code> -DefaultIcon /icon/unknown.xbm -</code></blockquote><p><hr> - -<A name="directoryindex"><h2>DirectoryIndex</h2></A> +<H2><A NAME="directoryindex">DirectoryIndex</A> directive</H2> <!--%plaintext <?INDEX {\tt DirectoryIndex} directive> --> -<strong>Syntax:</strong> DirectoryIndex <em>local-url local-url ...</em><br> -<strong>Default:</strong> <code>DirectoryIndex index.html</code><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> +<A + HREF="directive-dict.html#Syntax" + REL="Help" +><STRONG>Syntax:</STRONG></A> DirectoryIndex <EM>local-url</em> + [<em>local-url</em>] ...<BR> +<A + HREF="directive-dict.html#Default" + REL="Help" +><STRONG>Default:</STRONG></A> <CODE>DirectoryIndex index.html</CODE><BR> +<A + HREF="directive-dict.html#Context" + REL="Help" +><STRONG>Context:</STRONG></A> server config, virtual host, directory, .htaccess<BR> +<A + HREF="directive-dict.html#Override" + REL="Help" +><STRONG>Override:</STRONG></A> Indexes<BR> +<A + HREF="directive-dict.html#Status" + REL="Help" +><STRONG>Status:</STRONG></A> Base<BR> +<A + HREF="directive-dict.html#Module" + REL="Help" +><STRONG>Module:</STRONG></A> mod_dir<P> The DirectoryIndex directive sets the list of resources to look for, when the client requests an index of the directory by specifying a / -at the end of the a directory name. <em>Local-url</em> is the +at the end of the a directory name. <EM>Local-url</EM> is the (%-encoded) URL of a document on the server relative to the requested directory; it is usually the name of a file in the directory. Several URLs may be given, in which case the server will return the first one @@ -227,149 +105,24 @@ listing of the directory. <P> Example: -<blockquote><code> +<BLOCKQUOTE><CODE> DirectoryIndex index.html -</code></blockquote> -then a request for <code>http://myserver/docs/</code> would return -<code>http://myserver/docs/index.html</code> if it exists, or would list -the directory if it did not. <p> +</CODE></BLOCKQUOTE> +then a request for <CODE>http://myserver/docs/</CODE> would return +<CODE>http://myserver/docs/index.html</CODE> if it exists, or would list +the directory if it did not. <P> Note that the documents do not need to be relative to the directory; -<blockquote><code> -DirectoryIndex index.html index.txt /cgi-bin/index.pl</code></blockquote> -would cause the CGI script <code>/cgi-bin/index.pl</code> to be executed -if neither <code>index.html</code> or <code>index.txt</code> existed in -a directory.<p><hr> - -<A name="fancyindexing"><h2>FancyIndexing</h2></A> -<!--%plaintext <?INDEX {\tt FancyIndexing} directive> --> -<strong>Syntax:</strong> FancyIndexing <em>boolean</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The FancyIndexing directive sets the FancyIndexing option for a directory. -<em>Boolean</em> can be <code>on</code> or <code>off</code>. The -<A HREF="#indexoptions">IndexOptions</A> directive should be used in -preference.<p><hr> - -<A name="headername"><h2>HeaderName</h2></A> -<!--%plaintext <?INDEX {\tt HeaderName} directive> --> -<strong>Syntax:</strong> HeaderName <em>filename</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The HeaderName directive sets the name of the file that will be inserted -at the top of the index listing. <em>Filename</em> is the name of the file -to include, and is taken to be relative to the directory being indexed. -The server first attempts to include <em>filename</em><code>.html</code> -as an HTML document, otherwise it will include <em>filename</em> as plain -text. Example: -<blockquote><code>HeaderName HEADER</code></blockquote> -when indexing the directory <code>/web</code>, the server will first look for -the HTML file <code>/web/HEADER.html</code> and include it if found, otherwise -it will include the plain text file <code>/web/HEADER</code>, if it exists. - -<p>See also <A HREF="#readmename">ReadmeName</A>.<p><hr> - -<A name="indexignore"><h2>IndexIgnore</h2></A> -<!--%plaintext <?INDEX {\tt IndexIgnore} directive> --> -<strong>Syntax:</strong> IndexIgnore <em>file file ...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The IndexIgnore directive adds to the list of files to hide when listing -a directory. <em>File</em> is a file extension, partial filename, -wildcard expression or full filename for files to ignore. Multiple -IndexIgnore directives add to the list, rather than the replacing the list -of ignored files. By default, the list contains `<code>.</code>'. Example: -<blockquote><code> -IndexIgnore README .htaccess *~ -</code></blockquote><p><hr> - -<A name="indexoptions"><h2>IndexOptions</h2></A> -<!--%plaintext <?INDEX {\tt IndexOptions} directive> --> -<strong>Syntax:</strong> IndexOptions <em>option option ...</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The IndexOptions directive specifies the behavior of the directory indexing. -<em>Option</em> can be one of -<dl> -<dt>FancyIndexing -<dd><!--%plaintext <?INDEX {\tt FancyIndexing} index option> --> -This turns on fancy indexing of directories. -<dt>IconsAreLinks -<dd> -<!--%plaintext <?INDEX {\tt IconsAreLinks} index option> --> -This makes the icons part of the anchor for the filename, for -fancy indexing. -<dt>ScanHTMLTitles -<dd><!--%plaintext <?INDEX {\tt ScanHTMLTitles} index option> --> -This enables the extraction of the title from HTML documents for fancy -indexing. If the file does not have a description given by -<A HREF="#adddescription">AddDescription</A> then httpd will read the -document for the value of the TITLE tag. This is CPU and disk intensive. -<dt>SuppressLastModified -<dd> -<!--%plaintext <?INDEX {\tt SuppressLastModified} index option> --> -This will suppress the display of the last modification date, in fancy -indexing listings. -<dt>SuppressSize -<dd> -<!--%plaintext <?INDEX {\tt SuppressSize} index option> --> -This will suppress the file size in fancy indexing listings. -<dt>SuppressDescription -<dd> -<!--%plaintext <?INDEX {\tt SuppressDescription} index option> --> -This will suppress the file description in fancy indexing listings. -</dl> -This default is that no options are enabled. If multiple IndexOptions -could apply to a directory, then the most specific one is taken complete; -the options are not merged. For example: -<blockquote><code> -<Directory /web/docs> <br> -IndexOptions FancyIndexing <br> -</Directory><br> -<Directory /web/docs/spec> <br> -IndexOptions ScanHTMLTitles <br> -</Directory> -</code></blockquote> -then only <code>ScanHTMLTitles</code> will be set for the /web/docs/spec -directory.<p><hr> - -<A name="readmename"><h2>ReadmeName</h2></A> -<!--%plaintext <?INDEX {\tt ReadmeName} directive> --> -<strong>Syntax:</strong> ReadmeName <em>filename</em><br> -<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br> -<Strong>Override:</strong> Indexes<br> -<strong>Status:</strong> Base<br> -<strong>Module:</strong> mod_dir<p> - -The ReadmeName directive sets the name of the file that will be appended -to the end of the index listing. <em>Filename</em> is the name of the file -to include, and is taken to be relative to the directory being indexed. -The server first attempts to include <em>filename</em><code>.html</code> -as an HTML document, otherwise it will include <em>filename</em> as plain -text. Example: -<blockquote><code>ReadmeName README</code></blockquote> -when indexing the directory <code>/web</code>, the server will first look for -the HTML file <code>/web/README.html</code> and include it if found, otherwise -it will include the plain text file <code>/web/README</code>, if it exists. - -<p>See also <A HREF="#headername">HeaderName</A>.<p> - +<BLOCKQUOTE><CODE> +DirectoryIndex index.html index.txt /cgi-bin/index.pl</CODE></BLOCKQUOTE> +would cause the CGI script <CODE>/cgi-bin/index.pl</CODE> to be executed +if neither <CODE>index.html</CODE> or <CODE>index.txt</CODE> existed in +a directory.<P> <HR> + <H3 ALIGN="CENTER"> - Apache HTTP Server Version 1.2 + Apache HTTP Server Version 1.3 </H3> <A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html b/usr.sbin/httpd/htdocs/manual/mod/mod_env.html index d48d12e0c6a..c16443d48c4 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_env.html @@ -21,8 +21,8 @@ <H1 ALIGN="CENTER">Apache module mod_env</H1> -<p>This module provides for -passing environment variables to CGI/SSI scripts.</p> +<p>This module provides for modifying the environment which +is passed to CGI scripts and SSI pages.</p> <P><A HREF="module-dict.html#Status" @@ -46,12 +46,15 @@ REL="Help" </P> <H2>Summary</H2> -<!-- XXX: Should mention mod_setenvif and the effect of suexec --> -<p>This module allows Apache's CGI and SSI environment to inherit -environment variables from the shell which invoked the httpd process. -CERN web-servers are able to do this, so this module is especially -useful to web-admins who wish to migrate from CERN to Apache without -rewriting all their scripts</p> + +<p>This module allows for control of the environment that will be +provided to CGI scripts and SSI pages. Environment variables may be +passed from the shell which invoked the httpd process. Alternatively, +environment variables may be set or unset within the configuration +process.</p> + +<p>For additional information, we provide a document on +<a href="../env.html">Environment Variables in Apache</a>.</p> <H2>Directives</H2> <UL> @@ -66,7 +69,8 @@ rewriting all their scripts</p> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> PassEnv <EM>variable variable ...</EM><BR> +><STRONG>Syntax:</STRONG></A> PassEnv <EM>variable</em> + [<em>variable</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -86,7 +90,8 @@ rewriting all their scripts</p> Apache 1.1 and later.<P> Specifies one or more environment variables to pass to CGI scripts -from the server's own environment. Example: +and SSI pages from the environment of the shell which invoked +the httpd process. Example: <PRE> PassEnv LD_LIBRARY_PATH </PRE> @@ -117,7 +122,7 @@ from the server's own environment. Example: Apache 1.1 and later.<P> Sets an environment variable, which is then passed on to CGI -scripts. Example: +scripts and SSI pages. Example: <PRE> SetEnv SPECIAL_PATH /foo/bin </PRE> @@ -128,7 +133,8 @@ scripts. Example: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> UnsetEnv <EM>variable variable ...</EM><BR> +><STRONG>Syntax:</STRONG></A> UnsetEnv <EM>variable</em> + [<em>variable</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -148,14 +154,11 @@ scripts. Example: Apache 1.1 and later.<P> Removes one or more environment variables from those passed on to -CGI scripts. Example: +CGI scripts and SSI pages. Example: <PRE> UnsetEnv LD_LIBRARY_PATH </PRE> - - -<P> <HR> <H3 ALIGN="CENTER"> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_example.html b/usr.sbin/httpd/htdocs/manual/mod/mod_example.html index e2ca6b283f1..f4663b96510 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_example.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_example.html @@ -77,7 +77,6 @@ REL="Help" <LI><A HREF="#example">Example</A> </LI> </UL> - </P> <h2>Compiling the example module</h2> <P> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html b/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html index b15dd950204..20c6444eff6 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html @@ -38,6 +38,11 @@ REL="Help" HREF="module-dict.html#ModuleIdentifier" REL="Help" ><STRONG>Module Identifier:</STRONG></A> expires_module +<BR> +<A +HREF="module-dict.html#Compatibility" +REL="Help" +><STRONG>Compatibility:</STRONG></A> Available in Apache 1.2 and later. </P> @@ -164,7 +169,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> ExpiresActive <EM>boolean</EM> + ><STRONG>Syntax:</STRONG></A> ExpiresActive on|off <BR> <A HREF="directive-dict.html#Context" @@ -273,7 +278,6 @@ REL="Help" <P> <STRONG>Example:</STRONG> </P> - <P> <PRE> ExpiresActive On # enable expirations ExpiresByType image/gif A2592000 # expire GIF images after a month @@ -282,7 +286,6 @@ REL="Help" # week from the time they were # changed, period </PRE> - </P> <P> Note that this directive only has effect if <CODE>ExpiresActive On</CODE> has been specified. It overrides, for the specified MIME diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html b/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html index d328f6660ff..44e88d66d84 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html @@ -38,6 +38,11 @@ REL="Help" HREF="module-dict.html#ModuleIdentifier" REL="Help" ><STRONG>Module Identifier:</STRONG></A> headers_module +<BR> +<A +HREF="module-dict.html#Compatibility" +REL="Help" +><STRONG>Compatibility:</STRONG></A> Available in Apache 1.2 and later. </P> <h2>Summary</h2> @@ -56,7 +61,7 @@ headers. Headers can be merged, replaced or removed. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> Header [ set | append | add ] +><STRONG>Syntax:</STRONG></A> Header set|append|add <EM>header</EM> <EM>value</EM><BR> <A HREF="directive-dict.html#Syntax" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html b/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html index 9dfe66914b3..86325982220 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html @@ -236,8 +236,8 @@ rect mailto:nate@tripod.com 100,150 200,0 "Bugs?" <BR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ImapMenu <CODE>{none, formatted, semiformatted, - unformatted}</CODE><BR> +><STRONG>Syntax:</STRONG></A> ImapMenu + none|formatted|semiformatted|unformatted<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -289,8 +289,8 @@ is called without valid coordinates. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ImapDefault <CODE>{error, nocontent, - map, referer, URL}</CODE><BR> +><STRONG>Syntax:</STRONG></A> ImapDefault + error|nocontent|map|referer|<em>URL</em><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -323,7 +323,7 @@ case, the client should continue to display the original page. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ImapBase <CODE>{map, referer, URL}</CODE><BR> +><STRONG>Syntax:</STRONG></A> ImapBase map|referer|<em>URL</em><BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html b/usr.sbin/httpd/htdocs/manual/mod/mod_include.html index 7d695873d0e..0339d1f161b 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_include.html @@ -21,7 +21,7 @@ <H1 ALIGN="CENTER">Module mod_include</H1> -<p>This module provides for server-parsed html documents.</p> +<p>This module provides for documents with Server Side Includes (SSI).</p> <P><A HREF="module-dict.html#Status" @@ -36,7 +36,7 @@ REL="Help" <A HREF="module-dict.html#ModuleIdentifier" REL="Help" -><STRONG>Module Identifier:</STRONG></A> include_module +><STRONG>Module Identifier:</STRONG></A> includes_module </P> <h2>Summary</h2> @@ -48,6 +48,10 @@ elements allow conditional text, the inclusion other files or programs, as well as the setting and printing of environment variables.</p> +<p>For an introduction to this topic, we also provide a +<a href="../howto/ssi.html">tutorial on Server Side Includes</a>.</p> + + <H2>Directives</H2> <UL> <LI><A HREF="#xbithack">XBitHack</A> @@ -378,7 +382,7 @@ elements are: <DD>true if <EM>test_condition</EM> is true <DT>! <EM>test_condition</EM> <DD>true if <EM>test_condition</EM> is false -<DT><EM>test_condition1</EM> && <EM>test_condition2</EM> +<DT><EM>test_condition1</EM> && <EM>test_condition2</EM> <DD>true if both <EM>test_condition1</EM> and <EM>test_condition2</EM> are true <DT><EM>test_condition1</EM> || <EM>test_condition2</EM> @@ -386,13 +390,13 @@ elements are: <EM>test_condition2</EM> is true </DL> -<P> "<EM>=</EM>" and "<EM>!=</EM>" bind more tightly than "<EM>&&</EM>" and +<P> "<EM>=</EM>" and "<EM>!=</EM>" bind more tightly than "<EM>&&</EM>" and "<EM>||</EM>". "<EM>!</EM>" binds most tightly. Thus, the following are equivalent: <PRE> - <!--#if expr="$a = test1 && $b = test2" --> - <!--#if expr="($a = test1) && ($b = test2)" --> + <!--#if expr="$a = test1 && $b = test2" --> + <!--#if expr="($a = test1) && ($b = test2)" --> </PRE> <P> Anything that's not recognized as a variable or an operator is @@ -421,7 +425,7 @@ customized server error documents. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> XBitHack <EM>status</EM><BR> +><STRONG>Syntax:</STRONG></A> XBitHack on|off|full<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -445,8 +449,7 @@ customized server error documents. The XBitHack directives controls the parsing of ordinary html documents. This directive only affects files associated with the MIME type -<CODE>text/html</CODE>. -<EM>Status</EM> can have the following values: +<CODE>text/html</CODE>. XBitHack can take on the following values: <DL> <DT>off <DD>No special treatment of executable files. diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html index 23d31df32a3..a80e0074da3 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html @@ -74,7 +74,7 @@ directive to limit access to your server configuration information.<P> Once configured, the server information is obtained by accessing <TT>http://your.host.dom/server-info</TT><P> <BLOCKQUOTE> - <STRONG> + <p><STRONG> Note that the configuration files are read by the module at run-time, and therefore the display may <EM>not</EM> reflect the running server's active configuration if the files have been changed since the @@ -84,14 +84,14 @@ Once configured, the server information is obtained by accessing HREF="core.html#user" ><SAMP>User</SAMP></A> directive), or else the directive settings will not be listed. - <P> + </strong></p> + <p><strong> It should also be noted that if <SAMP>mod_info</SAMP> is compiled into the server, its handler capability is available in <EM>all</EM> configuration files, including <EM>per</EM>-directory files (<EM>e.g.</EM>, <SAMP>.htaccess</SAMP>). This may have security-related ramifications for your site. - </P> - </STRONG> + </strong></p> </BLOCKQUOTE> <HR> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_isapi.html b/usr.sbin/httpd/htdocs/manual/mod/mod_isapi.html index a7cefcfdd3e..231e5d4647c 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_isapi.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_isapi.html @@ -57,6 +57,14 @@ REL="Help" problems running their ISAPI extention. <STRONG>Please <EM>do not</EM> post such problems to Apache's lists or bug reporting pages.</STRONG></P> +<H2>Directives</H2> +<UL> +<LI><A HREF="#isapireadaheadbuffer">ISAPIReadAheadBuffer</A> +<LI><A HREF="#isapilognotsupported">ISAPILogNotSupported</A> +<LI><A HREF="#isapiappendlogtoerrors">ISAPIAppendLogToErrors</A> +<LI><A HREF="#isapiappendlogtoquery">ISAPIAppendLogToQuery</A> +</UL> + <H2>Usage</H2> <P>In the server configuration file, use the AddHandler directive to @@ -66,7 +74,7 @@ REL="Help" following line:</P> <PRE> - AddHandler isapi-isa dll + AddHandler isapi-isa .dll </PRE> <P>ISAPI extensions are governed by the same permissions and restrictions @@ -77,13 +85,102 @@ REL="Help" <A HREF="#journal">Programmer's Journal</A> for additional details and clarification of the specific ISAPI support offered by mod_isapi.</P> -<H2>Directives</H2> -<UL> -<LI><A HREF="#isapireadaheadbuffer">ISAPIReadAheadBuffer</A> -<LI><A HREF="#isapilognotsupported">ISAPILogNotSupported</A> -<LI><A HREF="#isapiappendlogtoerrors">ISAPIAppendLogToErrors</A> -<LI><A HREF="#isapiappendlogtoquery">ISAPIAppendLogToQuery</A> -</UL> +<H2><A NAME="notes">Additional Notes</A></H2> + +<P>Apache's ISAPI implementation conforms to all of the ISAPI 2.0 + specification, except for the "Microsoft-specific" extensions dealing + with asynchronous I/O. Apache's I/O model does not allow asynchronous + reading and writing in a manner that the ISAPI could access. If an ISA + tries to access unsupported features, including async I/O, a message is + placed in the error log to help with debugging. Since these messages + can become a flood, a new directive; + <CODE>ISAPILogNotSupported Off</CODE>, is introduced in Apache 1.3.13.</P> + +<P>Some servers, like Microsoft IIS, load the ISA into the server, and + keep it loaded until memory usage is too high, or specific configuration + options are used. Apache currently loads and unloads the ISA for each + request. This is inefficient, but Apache's request model makes this + method the only method that currently works. Apache 2.0 is expected to + support more effective loading and caching methods, with more precise + control over individual ISAPI modules and directories.</P> + +<P>Also, remember that while Apache supports ISAPI Extensions, it + <STRONG>does not support ISAPI Filters.</STRONG> Support for filters may + be added at a later date, but no support is planned at this time.</P> + +<H2><A NAME="journal">Programmer's Journal</A></H2> + +<P>If you are programming Apache 1.3 mod_isapi modules, you must limit your + calls to ServerSupportFunction to the following directives:</P> + +<DL> + <DT>HSE_REQ_SEND_URL_REDIRECT_RESP + <DD>Redirect the user to another location.<BR> + This must be a fully qualified URL (e.g. http://server/location). + <DT>HSE_REQ_SEND_URL + <DD>Redirect the user to another location.<BR> + This cannot be a fully qualified URL, you are not allowed + to pass the protocol or a server name (e.g. simply /location).<BR> + This redirection is handled by the server, not the browser.<BR> + <STRONG>Warning:</STRONG> in their recent documentation, Microsoft + appears to have abandoned the distinction between the two + HSE_REQ_SEND_URL functions. Apache continues to treat them as two + distinct functions with different requirements and behaviors. + <DT>HSE_REQ_SEND_RESPONSE_HEADER + <DD>Apache accepts a response body following the header if it follows + the blank line (two consecutive newlines) in the headers string + argument. This body cannot contain NULLs, since the headers + argument is NULL terminated. + <DT>HSE_REQ_DONE_WITH_SESSION + <DD>Apache considers this a no-op, since the session will be finished + when the ISAPI returns from processing. + <DT>HSE_REQ_MAP_URL_TO_PATH + <DD>Apache will translate a virtual name to a physical name. + <DT>HSE_APPEND_LOG_PARAMETER <EM>Apache 1.3.13 and later</EM> + <DD>This logged message may be captured in any of the following logs: + <UL> + <LI>in the \"%{isapi-parameter}n\" component in a CustomLog directive + <LI>in the %q log component with the ISAPIAppendLogToQuery On directive + <LI>in the error log with the ISAPIAppendLogToErrors On directive + </UL> + The first option, the %{isapi-parameter}n component, is always available + and prefered. + <DT>HSE_REQ_IS_KEEP_CONN <EM>Apache 1.3.13 and later</EM> + <DD>Will return the negotiated Keep-Alive status. + <DT>HSE_REQ_SEND_RESPONSE_HEADER_EX <EM>Apache 1.3.13 and later</EM> + <DD>Will behave as documented, although the fKeepConn flag is ignored. + <DT>HSE_REQ_IS_CONNECTED <EM>Apache 1.3.13 and later</EM> + <DD>Will report false if the request has been aborted. +</DL> + +<P>Apache returns FALSE to any unsupported call to ServerSupportFunction, and + sets the GetLastError value to ERROR_INVALID_PARAMETER.</P> + +<P>Prior to Apache 1.3.13, ReadClient was a noop, and any request with a request + body greater than 48kb was rejected by mod_isapi. As of Apache 1.3.13, + ReadClient now retrieves the request body exceeding the initial buffer + (defined by ISAPIReadAheadBuffer). Based on the ISAPIReadAheadBuffer + setting (number of bytes to buffer prior to calling the ISAPI handler) + shorter requests are sent complete to the extension when it is invoked. + If the request is longer, the ISAPI extension must use ReadClient to + retrieve the remaining request body.</P> + +<P>WriteClient is supported, but only with the HSE_IO_SYNC flag or + no option flag (value of 0). Any other WriteClient request will + be rejected with a return value of FALSE, and a GetLastError + value of ERROR_INVALID_PARAMETER.</P> + +<P>GetServerVariable is supported, although extended server variables do not + exist (as defined by other servers.) All the usual Apache CGI environment + variables are available from GetServerVariable. As of Apache 1.3.13, + the ALL_HTTP and ALL_RAW and variables are now available.</P> + +<P>Apache 2.0 mod_isapi may support additional features introduced in later + versions of the ISAPI specification, as well as limited emulation of + async I/O and the TransmitFile semantics. Apache 2.0 may also support + caching of ISAPI .dlls for performance. No further enhancements to the + Apache 1.3 mod_isapi features are anticipated.</P> + <HR> <H2><A NAME="isapireadaheadbuffer">ISAPIReadAheadBuffer directive</A></H2> @@ -132,7 +229,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ISAPILogNotSupported <EM>on|off</EM><BR> +><STRONG>Syntax:</STRONG></A> ISAPILogNotSupported on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -170,7 +267,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ISAPIAppendLogToErrors <EM>on|off</EM><BR> +><STRONG>Syntax:</STRONG></A> ISAPIAppendLogToErrors on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -206,7 +303,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ISAPIAppendLogToQuery <EM>on|off</EM><BR> +><STRONG>Syntax:</STRONG></A> ISAPIAppendLogToQuery on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -235,103 +332,7 @@ REL="Help" Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extentions to the query field (appended to the CustomLog %q component). <P> -<HR> - -<H2><A NAME="notes">Additional Notes</A></H2> - -<P>Apache's ISAPI implementation conforms to all of the ISAPI 2.0 - specification, except for the "Microsoft-specific" extensions dealing - with asynchronous I/O. Apache's I/O model does not allow asynchronous - reading and writing in a manner that the ISAPI could access. If an ISA - tries to access unsupported features, including async I/O, a message is - placed in the error log to help with debugging. Since these messages - can become a flood, a new directive; - <CODE>ISAPILogNotSupported Off</CODE>, is introduced in Apache 1.3.13.</P> - -<P>Some servers, like Microsoft IIS, load the ISA into the server, and - keep it loaded until memory usage is too high, or specific configuration - options are used. Apache currently loads and unloads the ISA for each - request. This is inefficient, but Apache's request model makes this - method the only method that currently works. Apache 2.0 is expected to - support more effective loading and caching methods, with more precise - control over individual ISAPI modules and directories.</P> - -<P>Also, remember that while Apache supports ISAPI Extensions, it - <STRONG>does not support ISAPI Filters.</STRONG> Support for filters may - be added at a later date, but no support is planned at this time.</P> - -<H2><A NAME="journal">Programmer's Journal</A></H2> -<P>If you are programming Apache 1.3 mod_isapi modules, you must limit your - calls to ServerSupportFunction to the following directives:</P> - -<DL> - <DT>HSE_REQ_SEND_URL_REDIRECT_RESP - <DD>Redirect the user to another location.<BR> - This must be a fully qualified URL (e.g. http://server/location). - <DT>HSE_REQ_SEND_URL - <DD>Redirect the user to another location.<BR> - This cannot be a fully qualified URL, you are not allowed - to pass the protocol or a server name (e.g. simply /location).<BR> - This redirection is handled by the server, not the browser.<BR> - <STRONG>Warning:</STRONG> in their recent documentation, Microsoft - appears to have abandoned the distinction between the two - HSE_REQ_SEND_URL functions. Apache continues to treat them as two - distinct functions with different requirements and behaviors. - <DT>HSE_REQ_SEND_RESPONSE_HEADER - <DD>Apache accepts a response body following the header if it follows - the blank line (two consecutive newlines) in the headers string - argument. This body cannot contain NULLs, since the headers - argument is NULL terminated. - <DT>HSE_REQ_DONE_WITH_SESSION - <DD>Apache considers this a no-op, since the session will be finished - when the ISAPI returns from processing. - <DT>HSE_REQ_MAP_URL_TO_PATH - <DD>Apache will translate a virtual name to a physical name. - <DT>HSE_APPEND_LOG_PARAMETER <EM>Apache 1.3.13 and later</EM> - <DD>This logged message may be captured in any of the following logs: - <UL> - <LI>in the \"%{isapi-parameter}n\" component in a CustomLog directive - <LI>in the %q log component with the ISAPIAppendLogToQuery On directive - <LI>in the error log with the ISAPIAppendLogToErrors On directive - </UL> - The first option, the %{isapi-parameter}n component, is always available - and prefered. - <DT>HSE_REQ_IS_KEEP_CONN <EM>Apache 1.3.13 and later</EM> - <DD>Will return the negotiated Keep-Alive status. - <DT>HSE_REQ_SEND_RESPONSE_HEADER_EX <EM>Apache 1.3.13 and later</EM> - <DD>Will behave as documented, although the fKeepConn flag is ignored. - <DT>HSE_REQ_IS_CONNECTED <EM>Apache 1.3.13 and later</EM> - <DD>Will report false if the request has been aborted. -</DL> - -<P>Apache returns FALSE to any unsupported call to ServerSupportFunction, and - sets the GetLastError value to ERROR_INVALID_PARAMETER.</P> - -<P>Prior to Apache 1.3.13, ReadClient was a noop, and any request with a request - body greater than 48kb was rejected by mod_isapi. As of Apache 1.3.13, - ReadClient now retrieves the request body exceeding the initial buffer - (defined by ISAPIReadAheadBuffer). Based on the ISAPIReadAheadBuffer - setting (number of bytes to buffer prior to calling the ISAPI handler) - shorter requests are sent complete to the extension when it is invoked. - If the request is longer, the ISAPI extension must use ReadClient to - retrieve the remaining request body.</P> - -<P>WriteClient is supported, but only with the HSE_IO_SYNC flag or - no option flag (value of 0). Any other WriteClient request will - be rejected with a return value of FALSE, and a GetLastError - value of ERROR_INVALID_PARAMETER.</P> - -<P>GetServerVariable is supported, although extended server variables do not - exist (as defined by other servers.) All the usual Apache CGI environment - variables are available from GetServerVariable. As of Apache 1.3.13, - the ALL_HTTP and ALL_RAW and variables are now available.</P> - -<P>Apache 2.0 mod_isapi may support additional features introduced in later - versions of the ISAPI specification, as well as limited emulation of - async I/O and the TransmitFile semantics. Apache 2.0 may also support - caching of ISAPI .dlls for performance. No further enhancements to the - Apache 1.3 mod_isapi features are anticipated.</P> <HR> <H3 ALIGN="CENTER"> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html index 404951c12fd..47355c51082 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html @@ -41,17 +41,24 @@ REL="Help" ><STRONG>Module Identifier:</STRONG></A> config_log_module <BR> <A -HREF="module-dict.html#compatibility" +HREF="module-dict.html#Compatibility" REL="Help" ><STRONG>Compatibility:</STRONG></A> Was an extension module prior to Apache 1.2. </P> <H2>Summary</H2> + +<p>This module provides for flexible logging of client requests. Logs +are written in a customizable format, and may be written directly to a +file, or to an external program. Conditional logging is provided so +that individual requests may be included or excluded from the logs +based on characteristics of the request.</p> + <P> Three directives are provided by this module: <CODE>TransferLog</CODE> to create a log file, <CODE>LogFormat</CODE> to set a custom format, -and <CODE>CustomLog</CODE> to define a log file and format in one go. +and <CODE>CustomLog</CODE> to define a log file and format in one step. The <CODE>TransferLog</CODE> and <CODE>CustomLog</CODE> directives can be used multiple times in each server to cause each request to be logged to multiple files. @@ -60,56 +67,25 @@ logged to multiple files. <H2>Directives</H2> <UL> -<LI><A HREF="#cookielog">CookieLog</A> -<LI><A HREF="#customlog">CustomLog</A> -<LI><A HREF="#customlog-conditional">CustomLog (conditional)</A> -<LI><A HREF="#logformat">LogFormat</A> -<LI><A HREF="#transferlog">TransferLog</A> -</UL> - -<H3>Compatibility notes</H3> - -<UL> -<LI>This module is based on mod_log_config distributed with -previous Apache releases, now updated to handle multiple logs. -There is now no need to re-configure Apache to use configuration log -formats. - -<LI>The module also implements the <CODE>CookieLog</CODE> directive, -used to log user-tracking information created by <A -HREF="mod_usertrack.html">mod_usertrack</A>. The use of -<CODE>CookieLog</CODE> is deprecated, and a <CODE>CustomLog</CODE> -should be defined to log user-tracking information instead. - -<LI>As of Apache 1.3.5, this module allows conditional logging -based upon the setting of environment variables. That is, -you can control whether a request should be logged or not -based upon whether an arbitrary environment variable is -defined or not. This is settable on a <EM>per</EM>-logfile -basis. - -<LI>Beginning with Apache 1.3.5, the mod_log_config module has -also subsumed the <CODE>RefererIgnore</CODE> functionality from -<A HREF="mod_log_referer.html">mod_log_referer</A>. The effect -of <CODE>RefererIgnore</CODE> can be achieved by combinations of -<A HREF="mod_setenvif.html"><CODE>SetEnvIf</CODE></A> directives -and conditional <CODE>CustomLog</CODE> definitions. - +<LI><A HREF="#cookielog">CookieLog</A></LI> +<LI><A HREF="#customlog">CustomLog</A></LI> +<LI><A HREF="#logformat">LogFormat</A></LI> +<LI><A HREF="#transferlog">TransferLog</A></LI> </UL> <H2>Log File Formats</H2> -Unless told otherwise with <TT>LogFormat</TT> the log files created by -<TT>TransferLog</TT> will be in standard "Common Log Format" -(CLF). The contents of each line in a CLF file are explained +<p>Unless told otherwise with <TT>LogFormat</TT>, the log files +created by <TT>TransferLog</TT> will be in standard "Common Log +Format" (CLF). The contents of each line in a CLF file are explained below. Alternatively, the log file can be customized (and if multiple log files are used, each can have a different format). Custom formats -are set with <CODE>LogFormat</CODE> and <CODE>CustomLog</CODE>. +are set with <CODE>LogFormat</CODE> and <CODE>CustomLog</CODE>.</p> <H3>Common Log Format</H3> -The Common Log Format (CLF) file contains a separate line for each -request. A line is composed of several tokens separated by spaces: +<p>The Common Log Format (CLF) file contains a separate line for each +request. A line is composed of several tokens separated by spaces:</p> <BLOCKQUOTE> host ident authuser date request status bytes @@ -149,11 +125,16 @@ any headers. <H3><A NAME="formats">Custom Log Formats</A></H3> -The format argument to the <CODE>LogFormat</CODE> and -<CODE>CustomLog</CODE> is a string. This string is logged to the log -file for each request. It can contain literal characters copied into -the log files, and `%' directives which are replaced in the log file -by the values as follows: +<p>The format argument to the <CODE>LogFormat</CODE> and +<CODE>CustomLog</CODE> directives is a string. This string is logged +to the log file for each request. It can contain literal characters +copied into the log files and the c-type control characters "\n" and +"\t" to represent new-lines and tabs. Literal quotes and back-slashes +should be escaped with back-slashes.</p> + +<p>The characteristics of the request itself are logged by placing +"%" directives in the format string, which are replaced in the log file +by the values as follows:</p> <PRE> %...a: Remote IP-address @@ -161,6 +142,10 @@ by the values as follows: %...B: Bytes sent, excluding HTTP headers. %...b: Bytes sent, excluding HTTP headers. In CLF format i.e. a '-' rather than a 0 when no bytes are sent. +%...c: Connection status when response is completed. + 'X' = connection aborted before the response completed. + '+' = connection may be kept alive after the response is sent. + '-' = connection will be closed after the response is sent. %...{FOOBAR}e: The contents of the environment variable FOOBAR %...f: Filename %...h: Remote host @@ -180,7 +165,7 @@ by the values as follows: the status of the *original* request --- %...>s for the last. %...t: Time, in common log format time format (standard english format) %...{format}t: The time, in the form given by format, which should - be in strftime(3) format. (potentially localised) + be in strftime(3) format. (potentially localized) %...T: The time taken to serve the request, in seconds. %...u: Remote user (from auth; may be bogus if return status (%s) is 401) %...U: The URL path requested. @@ -188,73 +173,134 @@ by the values as follows: %...V: The server name according to the UseCanonicalName setting. </PRE> -The `...' can be nothing at all (<EM>e.g.</EM>, <CODE>"%h %u %r %s %b"</CODE>), or it can -indicate conditions for inclusion of the item (which will cause it -to be replaced with `-' if the condition is not met). Note that -there is no escaping performed on the strings from %r, %...i and -%...o; some with long memories may remember that I thought this was -a bad idea, once upon a time, and I'm still not comfortable with -it, but it is difficult to see how to `do the right thing' with all -of `%..i', unless we URL-escape everything and break with CLF. +<p>The "..." can be nothing at all (<EM>e.g.</EM>, <CODE>"%h %u %r %s +%b"</CODE>), or it can indicate conditions for inclusion of the item +(which will cause it to be replaced with "-" if the condition is not +met). The forms of condition are a list of HTTP status codes, which +may or may not be preceded by "!". Thus, "%400,501{User-agent}i" logs +User-agent: on 400 errors and 501 errors (Bad Request, Not +Implemented) only; "%!200,304,302{Referer}i" logs Referer: on all +requests which did <STRONG>not</STRONG> return some sort of normal +status.</p> -<P> +<p>Note that there is no escaping performed on the strings from +%...r, %...i and %...o. This is mainly to comply with the requirements +of the Common Log Format. This implies that clients can insert +control characters into the log, so care should be taken when dealing +with raw log files.</p> -The forms of condition are a list of HTTP status codes, which may -or may not be preceded by `!'. Thus, `%400,501{User-agent}i' logs -User-agent: on 400 errors and 501 errors (Bad Request, Not -Implemented) only; `%!200,304,302{Referer}i' logs Referer: on all -requests which did <STRONG>not</STRONG> return some sort of normal status. +<p>Some commonly used log format strings are:</p> -<P> +<dl> +<dt>Common Log Format (CLF)</dt> +<dd><CODE>"%h %l %u %t \"%r\" %>s %b"</CODE></dd> -Note that the common log format is defined by the string <CODE>"%h %l -%u %t \"%r\" %>s %b"</CODE>, which can be used as the basis for -extending for format if desired (<EM>e.g.</EM>, to add extra fields at the end). -NCSA's extended/combined log format would be <CODE>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""</CODE>. +<dt>Common Log Format with Virtual Host</dt> +<dd><code>"%v %h %l %u %t \"%r\" %>s %b"</CODE></dd> -<P> +<dt>NCSA extended/combined log format</dt> +<dd> <CODE>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""</CODE></dd> + +<dt>Referer log format</dt> +<dd><code>"%{Referer}i -> %U"</code></dd> -Note that the canonical <A HREF="core.html#servername">ServerName</A> -and <A HREF="core.html#port">Port</A> of the server serving the request -are used for <CODE>%v</CODE> and <CODE>%p</CODE> respectively. This -happens regardless of the -<A HREF="core.html#usecanonicalname">UseCanonicalName</A> setting because +<dt>Agent (Browser) log format</dt> +<dd><code>"%{User-agent}i"</code></dd> +</dl> + +<P>Note that the canonical <A +HREF="core.html#servername">ServerName</A> and <A +HREF="core.html#port">Port</A> of the server serving the request are +used for <CODE>%v</CODE> and <CODE>%p</CODE> respectively. This +happens regardless of the <A +HREF="core.html#usecanonicalname">UseCanonicalName</A> setting because otherwise log analysis programs would have to duplicate the entire vhost matching algorithm in order to decide what host really served -the request. +the request.</p> <H2>Using Multiple Log Files</H2> -The <CODE>TransferLog</CODE> and <CODE>CustomLog</CODE> directives can -be given more than once to log requests to multiple log files. Each +<p>The <CODE>TransferLog</CODE> and <CODE>CustomLog</CODE> directives can +be given more than once to log requests to multiple log files. Unless +the conditional form of <code>CustomLog</code> is used, each request will be logged to all the log files defined by either of these -directives. +directives.</p> <H3>Use with Virtual Hosts</H3> -If a <VirtualHost> section does not contain any +<p>If a <VirtualHost> section does not contain any <TT>TransferLog</TT> or <TT>CustomLog</TT> directives, the logs defined for the main server will be used. If it does contain one or more of these directives, requests serviced by this virtual host will only be logged in the log files defined within its definition, not in any of the main server's log files. -See the examples below. -<P> +See the examples below.</p> <H2>Security Considerations</H2> -See the <A HREF="../misc/security_tips.html#security">security tips</A> +<p>See the <A HREF="../misc/security_tips.html#serverroot">security tips</A> document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than -the user that starts the server. -<P> +the user that starts the server.</p> -<HR> +<h2>Resetting the Log Files</h2> + +<p>The access log file typically grows 1MB or more for each 10,000 +requests. It will probably be necessary to move or delete the log +file on a regular basis. This cannot be done while the server is +still running, because Apache will continue writing to the old log +file. Instead, the server must be <a +href="../stopping.html">restarted</a> after the log file is moved or +deleted so that it will open a new log.</p> + +<p>A typical scenario is:</p> + +<pre> + mv access_log access_log.old + apachectl graceful + # wait for all requests to the old server to complete + # before doing anything with access_log.old +</pre> + +<p>Alternatively, log files can be <a +href="../misc/FAQ.html#rotate">rotated automatically</a> be writing +them through a pipe to a program designed for that purpose such +as <a href="../programs/rotatelogs.html">rotatelogs</a>.</p> + +<H2>Compatibility notes</H2> + +<UL> +<LI>This module is based on mod_log_config distributed with +previous Apache releases, now updated to handle multiple logs. +There is now no need to re-configure Apache to use configuration log +formats.</li> + +<LI>The module also implements the <CODE>CookieLog</CODE> directive, +used to log user-tracking information created by <A +HREF="mod_usertrack.html">mod_usertrack</A>. The use of +<CODE>CookieLog</CODE> is deprecated, and a <CODE>CustomLog</CODE> +should be defined to log user-tracking information instead.</li> + +<LI>As of Apache 1.3.5, this module allows conditional logging based +upon the setting of <a href="../env.html">environment variables</a>. +That is, you can control whether a request should be logged or not +based upon whether an arbitrary environment variable is defined or +not. This is configurable on a <EM>per</EM>-logfile basis.</li> + +<LI>Beginning with Apache 1.3.5, the mod_log_config module has +also subsumed the <CODE>RefererIgnore</CODE> functionality from +<A HREF="mod_log_referer.html">mod_log_referer</A>. The effect +of <CODE>RefererIgnore</CODE> can be achieved by combinations of +<A HREF="mod_setenvif.html"><CODE>SetEnvIf</CODE></A> directives +and conditional <CODE>CustomLog</CODE> definitions.</li> +</UL> + +<hr> <H2><A NAME="cookielog">CookieLog</A> directive</H2> <!--%plaintext <?INDEX {\tt CookieLog} directive> --> -<A +<p><A HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> CookieLog <EM>filename</EM><BR> @@ -269,22 +315,22 @@ the user that starts the server. <A HREF="directive-dict.html#Compatibility" REL="Help" -><STRONG>Compatibility:</STRONG></A> Only available in Apache 1.2 and above<P> +><STRONG>Compatibility:</STRONG></A> Only available in Apache 1.2 and above</p> -The CookieLog directive sets the filename for logging of cookies. +<p>The CookieLog directive sets the filename for logging of cookies. The filename is relative to the <A HREF="core.html#serverroot">ServerRoot</A>. This directive is included -only for compatibility with -<A HREF="mod_cookies.html">mod_cookies</A>, and is deprecated. -<P> +only for compatibility with <A +HREF="mod_cookies.html">mod_cookies</A>, and is deprecated.</p> <HR> -<H2><A NAME="customlog">CustomLog</A> directive</H2> -<A +<H2><A NAME="customlog">CustomLog</A> +<a NAME="#customlog-conditional">directive</a></H2> +<p><A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CustomLog <EM>file-pipe</EM> - <EM>format-or-nickname</EM><BR> +><STRONG>Syntax:</STRONG></A> CustomLog <EM>file</em>|<em>pipe</EM> + <EM>format</em>|<em>nickname</EM> [env=[!]<EM>environment-variable</EM>]<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -297,81 +343,66 @@ only for compatibility with HREF="directive-dict.html#Compatibility" REL="Help" ><STRONG>Compatibility:</STRONG></A> Nickname only available in Apache 1.3 - or later + or later. Conditional logging available in 1.3.5 or later. <BR> <A HREF="directive-dict.html#Module" REL="Help" -><STRONG>Module:</STRONG></A> mod_log_config -<P> -The first argument is the filename to which log records should be -written. This is used -exactly like the argument to -<A - HREF="#transferlog" -><SAMP>TransferLog</SAMP></A>; -that is, it is either a full path or relative to the current -server root. -</P> -<P> -The format argument specifies a format for each line of the log file. -The options available for the format are exactly the same as for -the argument of the <TT>LogFormat</TT> directive. If the format -includes any spaces (which it will do in almost all cases) it -should be enclosed in double quotes. -</P> -<P> -Instead of an actual format string, you can use a format nickname defined with -the -<A - HREF="#logformat" -><SAMP>LogFormat</SAMP></A> -directive. -</P> - -<HR> -<H2><A NAME="customlog-conditional">CustomLog (conditional)</A> directive</H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> CustomLog <EM>file-pipe</EM> - <EM>format-or-nickname</EM> - env=[!]<EM>environment-variable</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Base<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Only available in Apache 1.3.5 - or later -<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_log_config -<P> - -The behaviour of this form of the <SAMP>CustomLog</SAMP> directive is almost -identical to the <A HREF="#customlog">standard <CODE>CustomLog</CODE></A> -directive. The difference is that the '<CODE>env=</CODE>' clause controls -whether a particular request will be logged in the specified file or -not. If the specified environment variable is set for the -request (or is not set, in the case of a '<CODE>env=!<EM>name</EM></CODE>' -clause), then the request will be logged. -</P> -<P> -Environment variables can be set on a <EM>per</EM>-request basis -using the <A HREF="mod_setenvif.html">mod_setenvif</A> and/or -<A HREF="mod_rewrite.html">mod_rewrite</A> modules. For example, -if you don't want to record requests for all GIF images on -your server in a separate logfile but not your main log, you -can use: +><STRONG>Module:</STRONG></A> mod_log_config</p> + +<p>The <code>CustomLog</code> directive is used to log requests +to the server. A log format is specified, and the logging can +optionally be made conditional on request characteristics +using environment variables.</p> + +<P>The first argument, which specifies the location to which the +logs will be written, can take on one of the following two +types of values:</p> + +<dl> +<dt><em>file</em> +<dd>A filename, relative to the +<a href="core.html#serverroot">ServerRoot</a>.</dd> + +<dt><em>pipe</em> +<dd>The pipe character "<code>|</code>", followed by the path to a +program to receive the log information on its standard input. +<STRONG>Security:</STRONG> if a program is used, then it will be run +under the user who started httpd. This will be root if the server was +started by root; be sure that the program is secure.</dd> +</dl> + +<P>The second argument specifies what will be written to the +log file. It can specify either a <em>nickname</em> +defined by a previous <a href="#logformat">LogFormat</a> +directive, or it can be an explicit <em>format</em> string +as described in the <a href="#formats">log formats</a> section.</p> + +<p>For example, the following two sets of directives have exactly +the same effect:</p> + +<pre> + # CustomLog with format nickname + LogFormat "%h %l %u %t \"%r\" %>s %b" common + CustomLog logs/access_log common + + # CustomLog with explicit format string + CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b" +</pre> + +<p>The third argument is optional and allows the decision on whether +or not to log a particular request to be based on the presence or +absence of a particular variable in the server environment. If the +specified <a href="../env.html">environment variable</a> is set for +the request (or is not set, in the case of a +'<CODE>env=!<EM>name</EM></CODE>' clause), then the request will be +logged.</P> + +<P>Environment variables can be set on a <EM>per</EM>-request basis +using the <A HREF="mod_setenvif.html">mod_setenvif</A> and/or <A +HREF="mod_rewrite.html">mod_rewrite</A> modules. For example, if you +don't want to record requests for all GIF images on your server in a +separate logfile but not your main log, you can use: </P> <PRE> SetEnvIf Request_URI \.gif$ gif-image @@ -382,16 +413,17 @@ can use: <HR> <H2><A NAME="logformat">LogFormat</A> directive</H2> <!--%plaintext <?INDEX {\tt LogFormat} directive> --> -<A +<p><A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LogFormat <EM>format</EM> [<EM>nickname</EM>] +><STRONG>Syntax:</STRONG></A> LogFormat <EM>format</em>|<em>nickname</EM> + [<EM>nickname</EM>] <BR> <A HREF="directive-dict.html#Default" REL="Help" ><STRONG>Default:</STRONG></A> <CODE>LogFormat "%h %l %u %t \"%r\" -%>s %b"</CODE><BR> +%>s %b"</CODE><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -409,37 +441,39 @@ can use: <A HREF="directive-dict.html#Module" REL="Help" -><STRONG>Module:</STRONG></A> mod_log_config -<P> -This sets the format of the default logfile named by the -<A - HREF="#transferlog" -><SAMP>TransferLog</SAMP></A> -directive . See the section on -<A HREF="#formats">Custom Log Formats</A> for details on the format -arguments. -</P> -<P> -If you include a nickname for the format on the directive line, you can -use it in other <SAMP>LogFormat</SAMP> and -<A HREF="#customlog"><SAMP>CustomLog</SAMP></A> -directives rather than repeating the entire format string. -</P> -<P> -A +><STRONG>Module:</STRONG></A> mod_log_config</p> + +<p>This directive specifies the format of the access log file.</p> + +<p>The <code>LogFormat</code> directive can take one of two forms. In +the first form, where only one argument is specified, this directive +sets the log format which will be used by logs specified in subsequent +<a href="#transferlog">TransferLog</a> directives. The single +argument can specify an explicit <em>format</em> as discussed in <a +href="#formats">custom log formats</a> section above. Alternatively, +it can use a <em>nickname</em> to refer to a log format defined +in a previous <code>LogFormat</code> directive as described below.</p> + +<p>The second form of the <code>LogFormat</code> directive associates +an explicit <em>format</em> with a <em>nickname</em>. This +<em>nickname</em> can then be used in subsequent +<code>LogFormat</code> or <a href="#customlog">CustomLog</a> +directives rather than repeating the entire format string. A <SAMP>LogFormat</SAMP> directive which defines a nickname <STRONG>does -nothing else</STRONG> -- that is, it <EM>only</EM> defines the nickname, -it doesn't actually apply the format and make it the default. +nothing else</STRONG> -- that is, it <EM>only</EM> defines the +nickname, it doesn't actually apply the format and make it the +default. Therefore, it will not affect subsequent <a +href="#transferlog">TransferLog</a> directives. </P> <HR> <H2><A NAME="transferlog">TransferLog</A> directive</H2> <!--%plaintext <?INDEX {\tt TransferLog} directive> --> -<A +<p><A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> TransferLog <EM>file-pipe</EM><BR> +><STRONG>Syntax:</STRONG></A> TransferLog <EM>file</em>|<em>pipe</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -455,27 +489,23 @@ it doesn't actually apply the format and make it the default. <A HREF="directive-dict.html#Module" REL="Help" -><STRONG>Module:</STRONG></A> mod_log_config<P> - -The TransferLog directive adds a log file in the format defined by the -most recent -<A - HREF="#logformat" -><SAMP>LogFormat</SAMP></A> -directive, or Common Log Format if no other default format has been -specified. -<EM>File-pipe</EM> is one -of -<DL><DT>A filename -<DD>A filename relative to the <A HREF="core.html#serverroot">ServerRoot</A>. -<DT> `|' followed by a command -<DD>A program to receive the agent log information on its standard input. -Note the a new program will not be started for a VirtualHost if it inherits -the TransferLog from the main server. -</DL> -<STRONG>Security:</STRONG> if a program is used, then it will be -run under the user who started httpd. This will be root if the server -was started by root; be sure that the program is secure.<P> +><STRONG>Module:</STRONG></A> mod_log_config</p> + +<p>This directive has exactly the same arguments and effect as the <a +href="#customlog">CustomLog</a> directive, with the exception that it +does not allow the log format to be specified explicitly or for +conditional logging of requests. Instead, the log format is +determined by the most recently specified specified <a +href="#logformat">LogFormat</a> directive (that does not define a +nickname). Common Log Format is used if no other format has been +specified.</p> + +<p>Example:</p> + +<pre> + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" + TransferLog logs/access_log +</pre> <HR> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html index 6c7ea277813..7fe4473d5af 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html @@ -74,7 +74,8 @@ local URL to the document being referred to. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RefererIgnore <EM>string string ...</EM><BR> +><STRONG>Syntax:</STRONG></A> RefererIgnore <EM>string</em> + [<em>string</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html index b1ab4e9ab0f..77a65462041 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html @@ -129,8 +129,8 @@ mod_imap imagemap file. <H2><A NAME="addcharset">AddCharset</A> directive</H2> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddCharset <i>charset extension - [extension...]</i><br> +><STRONG>Syntax:</STRONG></A> AddCharset <em>charset extension</em> + [<em>extension</em>] ...<br> <A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A> server config, virtual host, directory, .htaccess<BR> <A @@ -176,6 +176,10 @@ for <A HREF="../content-negotiation.html">content negotiation</A>, where the server returns one from several documents based on the client's charset preference. </P> + +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="mod_negotiation.html">mod_negotiation</A> </P> @@ -187,7 +191,8 @@ charset preference. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddEncoding <EM>MIME-enc extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> AddEncoding <EM>MIME-enc extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -212,7 +217,9 @@ to any already in force, overriding any mappings that already exist for the same <EM>extension</EM>. Example: -<BLOCKQUOTE><CODE> AddEncoding x-gzip gz<BR> AddEncoding x-compress Z +<BLOCKQUOTE><CODE> +AddEncoding x-gzip .gz<BR> +AddEncoding x-compress .Z </CODE></BLOCKQUOTE> This will cause filenames containing the .gz extension to be marked as @@ -231,6 +238,9 @@ you should always use <CODE>x-gzip</CODE> and <CODE>x-compress</CODE> for these two specific encodings. More recent encodings, such as <CODE>deflate</CODE> should be specified without the <CODE>x-</CODE>. +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="#multipleext">Files with @@ -243,7 +253,8 @@ multiple extensions</A> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddHandler <EM>handler-name extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> AddHandler <EM>handler-name extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -274,13 +285,16 @@ already exist for the same <EM>extension</EM>. For example, to activate CGI scripts with the file extension "<CODE>.cgi</CODE>", you might use: <PRE> - AddHandler cgi-script cgi + AddHandler cgi-script .cgi </PRE> <P>Once that has been put into your srm.conf or httpd.conf file, any file containing the "<CODE>.cgi</CODE>" extension will be treated as a CGI program.</P> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="#multipleext">Files with @@ -293,7 +307,8 @@ multiple extensions</A> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddLanguage <EM>MIME-lang extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> AddLanguage <EM>MIME-lang extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -312,17 +327,19 @@ multiple extensions</A> ><STRONG>Module:</STRONG></A> mod_mime <P> -The AddLanguage directive maps the given filename extension tos the +The AddLanguage directive maps the given filename extension to the specified content language. <EM>MIME-lang</EM> is the MIME language of filenames containing <EM>extension</EM>. This mapping is added to any already in force, overriding any mappings that already exist for the same <EM>extension</EM>. </P> <P> -Example: <BLOCKQUOTE><CODE> -AddEncoding x-compress Z<BR> AddLanguage en .en<BR> AddLanguage fr +Example: +</p> +<BLOCKQUOTE><CODE> +AddEncoding x-compress .Z<BR> AddLanguage en .en<BR> AddLanguage fr .fr<BR> </CODE></BLOCKQUOTE> -</P> + <P> Then the document <CODE>xxxx.en.Z</CODE> will be treated as being a compressed English document (as will the document @@ -347,6 +364,10 @@ case of: documents with the extension "<CODE>.en</CODE>" would be treated as being "<CODE>en-us</CODE>". </P> + +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="#multipleext">Files with multiple extensions</A> @@ -362,7 +383,8 @@ HREF="./mod_negotiation.html">mod_negotiation</A> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AddType <EM>MIME-type extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> AddType <EM>MIME-type extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -390,13 +412,16 @@ HREF="#typesconfig">TypesConfig</A></CODE> directive). Example: <BLOCKQUOTE><CODE> -AddType image/gif GIF +AddType image/gif .gif </CODE></BLOCKQUOTE> It is recommended that new MIME types be added using the AddType directive rather than changing the <A HREF="#typesconfig">TypesConfig</A> file.<P> Note that, unlike the NCSA httpd, this directive cannot be used to set the type of particular files.<P> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <P> <STRONG>See also</STRONG>: <A HREF="#multipleext">Files with @@ -465,7 +490,7 @@ multiple extensions</A> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ForceType <EM>media type</EM><BR> +><STRONG>Syntax:</STRONG></A> ForceType <EM>media-type</EM><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -501,7 +526,8 @@ the media type.</P><HR> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RemoveEncoding <i>extension [extension ...]</i><BR> +><STRONG>Syntax:</STRONG></A> RemoveEncoding <em>extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -548,6 +574,9 @@ gzip method, but <code>foo.gz.asc</code> as an unencoded plaintext file. AddEncoding directives, so it is possible they may undo the effects of the latter if both occur within the same directory configuration. </p> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <HR> <H2><A NAME="removehandler">RemoveHandler</A> directive</H2> @@ -555,7 +584,8 @@ of the latter if both occur within the same directory configuration. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RemoveHandler <EM>extension [extension ...]</EM><BR> +><STRONG>Syntax:</STRONG></A> RemoveHandler <EM>extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -593,6 +623,9 @@ This has the effect of returning <SAMP>.html</SAMP> files in the files, rather than as candidates for parsing (see the <A HREF="mod_include.html"><SAMP>mod_include</SAMP></A> module). </P> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <HR> <H2><A NAME="removetype">RemoveType</A> directive</H2> @@ -600,7 +633,8 @@ files, rather than as candidates for parsing (see the <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> RemoveType <i>extension [extension ...]</i><BR> +><STRONG>Syntax:</STRONG></A> RemoveType <em>extension</em> + [<em>extension</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -640,6 +674,9 @@ treated as being of the <a href="core.html#defaulttype">default type</a>. <code>AddType</code> directives, so it is possible they may undo the effects of the latter if both occur within the same directory configuration. </p> +<p>The <em>extension</em> argument is case-insensitive, and can +be specified with or without a leading dot.</p> + <HR> <H2><A NAME="sethandler">SetHandler</A> directive</H2> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html index cffa5dec462..21472f72a6a 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html @@ -57,12 +57,11 @@ REL="Help" <H2>Directives</H2> - <P> + <UL> <LI><A HREF="#mimemagicfile">MimeMagicFile</A> </LI> </UL> - </P> <h2>Format of the Magic File</h2> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html index a455e829557..ead10fccf86 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html @@ -84,7 +84,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> MMapFile <EM>filename ...</EM> + ><STRONG>Syntax:</STRONG></A> MMapFile <EM>filename</em> + [<em>filename</em>] ... <BR> <A HREF="directive-dict.html#Default" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html b/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html index 7a3b9048bb2..58bdd70649b 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html @@ -184,7 +184,7 @@ since the user's bookmark files will then contain fully qualified hosts.</P> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyRequests <EM>on/off</EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyRequests on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -221,7 +221,7 @@ HREF="#proxypass">ProxyPass</A> directive. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyRemote <EM><match> <remote-server></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyRemote <EM>match remote-server</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -248,17 +248,17 @@ HREF="#proxypass">ProxyPass</A> directive. ><STRONG>Compatibility:</STRONG></A> ProxyRemote is only available in Apache 1.1 and later.<P> -This defines remote proxies to this proxy. <match> is either the +This defines remote proxies to this proxy. <em>match</em> is either the name of a URL-scheme that the remote server supports, or a partial URL for which the remote server should be used, or '*' to indicate the -server should be contacted for all requests. <remote-server> is a +server should be contacted for all requests. <em>remote-server</em> is a partial URL for the remote server. Syntax: <PRE> - <remote-server> = <protocol>://<hostname>[:port] + remote-server = protocol://hostname[:port] </PRE> -<protocol> is the protocol that should be used to communicate +<em>protocol</em> is the protocol that should be used to communicate with the remote server; only "http" is supported by this module. <P> Example: @@ -278,7 +278,7 @@ them. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyPass <EM><path> <url></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyPass <EM>path url</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -307,8 +307,8 @@ Apache 1.1 and later.<P> This directive allows remote servers to be mapped into the space of the local server; the local server does not act as a proxy in the conventional sense, -but appears to be a mirror of the remote server. <path> is the name of -a local virtual path; <url> is a partial URL for the remote server. +but appears to be a mirror of the remote server. <em>path</em> is the name of +a local virtual path; <em>url</em> is a partial URL for the remote server. <P> Suppose the local server has address <SAMP>http://wibble.org/</SAMP>; then <PRE> @@ -325,7 +325,7 @@ internally converted into a proxy request to <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyPassReverse <EM><path> <url></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyPassReverse <EM>path url</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -357,8 +357,8 @@ HTTP redirect responses. For instance this is essential when Apache is used as a reverse proxy to avoid by-passing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy. <P> -<path> is the name of a local virtual path.<BR> -<url> is a partial URL for the remote server - the same way they are +<em>path</em> is the name of a local virtual path.<BR> +<em>url</em> is a partial URL for the remote server - the same way they are used for the <TT>ProxyPass</TT> directive. <P> Example:<BR> @@ -390,7 +390,8 @@ conjunction with the proxy pass-through feature ("<SAMP>RewriteRule ... <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> AllowCONNECT <EM><port list></EM><BR> +><STRONG>Syntax:</STRONG></A> AllowCONNECT <EM>port</EM> + [<em>port</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -432,7 +433,8 @@ listed ports only. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyBlock <EM><word/host/domain list></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyBlock *|<EM>word|host|domain</EM> + [<em>word|host|domain</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -488,7 +490,7 @@ blocks connections to all sites. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyReceiveBufferSize <EM><bytes></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyReceiveBufferSize <EM>bytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -533,11 +535,15 @@ Example: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> NoProxy { <A HREF="#domain"><EM><Domain></EM></A> - | <A HREF="#subnet"><EM><SubNet></EM></A> - | <A HREF="#ipaddr"><EM><IpAddr></EM></A> - | <A HREF="#hostname"><EM><Hostname></EM></A> - } <BR> +><STRONG>Syntax:</STRONG></A> NoProxy + <A HREF="#domain"><EM>Domain</EM></A>|<A + HREF="#subnet"><EM>SubNet</EM></A>|<A + HREF="#ipaddr"><EM>IpAddr</EM></A>|<A + HREF="#hostname"><EM>Hostname</EM></A> +[<A HREF="#domain"><EM>Domain</EM></A>|<A + HREF="#subnet"><EM>SubNet</EM></A>|<A + HREF="#ipaddr"><EM>IpAddr</EM></A>|<A + HREF="#hostname"><EM>Hostname</EM></A>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -579,8 +585,7 @@ Example: The arguments to the NoProxy directive are one of the following type list: <DL> <!-- ===================== Domain ======================= --> - <A NAME="domain"> - <DT><EM>Domain</EM></A> + <DT><A NAME="domain"><EM>Domain</EM></A> <DD>A <EM>Domain</EM> is a partially qualified DNS domain name, preceded by a period. It represents a list of hosts which logically belong to the same DNS @@ -599,8 +604,7 @@ The arguments to the NoProxy directive are one of the following type list: lookup, it is much more efficient than subnet comparison. <!-- ===================== SubNet ======================= --> - <A NAME="subnet"> - <DT><EM>SubNet</EM></A> + <DT><A NAME="subnet"><EM>SubNet</EM></A> <DD>A <EM>SubNet</EM> is a partially qualified internet address in numeric (dotted quad) form, optionally followed by a slash and the netmask, specified as the number of significant bits in the @@ -624,8 +628,7 @@ The arguments to the NoProxy directive are one of the following type list: <EM>_Default_</EM>, matching any IP address. <!-- ===================== IPAddr ======================= --> - <A NAME="ipaddr"> - <DT><EM>IPAddr</EM></A> + <DT><A NAME="ipaddr"><EM>IPAddr</EM></A> <DD>A <EM>IPAddr</EM> represents a fully qualified internet address in numeric (dotted quad) form. Usually, this address represents a host, but there need not necessarily be a DNS domain name @@ -637,8 +640,7 @@ The arguments to the NoProxy directive are one of the following type list: <A HREF="../dns-caveats.html">DNS Issues</A></P> <!-- ===================== Hostname ======================= --> - <A NAME="hostname"> - <DT><EM>Hostname</EM></A> + <DT><A NAME="hostname"><EM>Hostname</EM></A> <DD>A <EM>Hostname</EM> is a fully qualified DNS domain name which can be resolved to one or more <A HREF="#ipaddr"><EM>IPAddrs</EM></A> via the DNS domain name service. @@ -670,7 +672,7 @@ The arguments to the NoProxy directive are one of the following type list: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyDomain <EM><Domain></EM><BR> +><STRONG>Syntax:</STRONG></A> ProxyDomain <EM>Domain</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -717,11 +719,7 @@ Example: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ProxyVia { <EM>off</EM> - | <EM>on</EM> - | <EM>full</EM> - | <EM>block</EM> - }<BR> +><STRONG>Syntax:</STRONG></A> ProxyVia on|off|full|block<BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -769,7 +767,7 @@ additionally have the Apache server version shown as a <SAMP>Via:</SAMP> comment <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheForceCompletion <EM><percentage></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheForceCompletion <EM>percentage</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -810,7 +808,7 @@ was allowed to complete. A number between 60 and 90 is recommended. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheRoot <EM><directory></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheRoot <EM>directory</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -851,7 +849,7 @@ cacheing will be available. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheSize <EM><size></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheSize <EM>kilobytes</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -890,7 +888,7 @@ use a value which is at least 20 to 40 % lower than the available space. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheGcInterval <EM><time></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheGcInterval <EM>hours</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -917,17 +915,17 @@ use a value which is at least 20 to 40 % lower than the available space. ><STRONG>Compatibility:</STRONG></A> CacheGcinterval is only available in Apache 1.1 and later.<P> -Check the cache every <time> hours, and delete files if the space -usage is greater than that set by CacheSize. Note that <time> accepts a -float value, you could for example use <CODE>CacheGcInterval 1.5</CODE> to -check the cache every 90 minutes. (If unset, no garbage collection will -be performed, and the cache will grow indefinitely.) -Note also that the larger the <CODE>CacheGcInterval</CODE>, the more -extra space beyond the configured <CODE>CacheSize</CODE> will be -needed for the cache between garbage collections.<BR> <!-- -Note that due to a design flaw, Apache does not automatically force a -garbage collection when the available space on the file system where -the cache resides is exhausted. --> +Check the cache after the specified number of <em>hours</em>, and +delete files if the space usage is greater than that set by +CacheSize. Note that <em>hours</em> accepts a float value, you could for +example use <CODE>CacheGcInterval 1.5</CODE> to check the cache every +90 minutes. (If unset, no garbage collection will be performed, and +the cache will grow indefinitely.) Note also that the larger the +<CODE>CacheGcInterval</CODE>, the more extra space beyond the +configured <CODE>CacheSize</CODE> will be needed for the cache between +garbage collections.<BR> <!-- Note that due to a design flaw, Apache +does not automatically force a garbage collection when the available +space on the file system where the cache resides is exhausted. --> <HR> @@ -935,7 +933,7 @@ the cache resides is exhausted. --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheMaxExpire <EM><time></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheMaxExpire <EM>hours</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -962,10 +960,11 @@ the cache resides is exhausted. --> ><STRONG>Compatibility:</STRONG></A> CacheMaxExpire is only available in Apache 1.1 and later.<P> -Cachable HTTP documents will be retained for at most <time> hours without -checking the origin server. Thus documents can be at most <time> -hours out of date. This restriction is enforced even if an expiry date -was supplied with the document. +<p>Specifies the maximum number of <em>hours</em> for which cachable HTTP +documents will be retained without checking the origin server. Thus, +documents will be out of date at most this number of <em>hours</em> +This restriction is enforced even if an expiry date was supplied with +the document.</p> <HR> @@ -973,7 +972,7 @@ was supplied with the document. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheLastModifiedFactor <EM><factor></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheLastModifiedFactor <EM>factor</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1003,10 +1002,10 @@ Apache 1.1 and later.<P> If the origin HTTP server did not supply an expiry date for the document, then estimate one using the formula <PRE> - expiry-period = time-since-last-modification * <factor> + expiry-period = time-since-last-modification * <em>factor</em> </PRE> For example, if the document was last modified 10 hours ago, and -<factor> is 0.1, then the expiry period will be set to 10*0.1 = 1 hour. +<em>factor</em> is 0.1, then the expiry period will be set to 10*0.1 = 1 hour. <P>If the expiry-period would be longer than that set by CacheMaxExpire, then the latter takes precedence. @@ -1017,7 +1016,7 @@ then the latter takes precedence. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheDirLevels <EM><levels></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheDirLevels <EM>levels</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1044,8 +1043,9 @@ then the latter takes precedence. ><STRONG>Compatibility:</STRONG></A> CacheDirLevels is only available in Apache 1.1 and later.<P> -CacheDirLevels sets the number of levels of subdirectories in the cache. -Cached data will be saved this many directory levels below CacheRoot. +CacheDirLevels sets the number of <em>levels</em> of subdirectories in +the cache. Cached data will be saved this many directory levels below +CacheRoot. <HR> @@ -1053,7 +1053,7 @@ Cached data will be saved this many directory levels below CacheRoot. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheDirLength <EM><length></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheDirLength <EM>length</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1088,7 +1088,7 @@ CacheDirLength sets the number of characters in proxy cache subdirectory names. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CacheDefaultExpire <EM><time></EM><BR> +><STRONG>Syntax:</STRONG></A> CacheDefaultExpire <EM>hours</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1116,7 +1116,7 @@ CacheDirLength sets the number of characters in proxy cache subdirectory names. Apache 1.1 and later.<P> If the document is fetched via a protocol that does not support expiry times, -then use <time> hours as the expiry time. +then use the specified number of <em>hours</em> as the expiry time. <A HREF="#cachemaxexpire">CacheMaxExpire</A> does <STRONG>not</STRONG> override this setting. @@ -1126,7 +1126,8 @@ override this setting. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> NoCache <EM><word/host/domain list></EM><BR> +><STRONG>Syntax:</STRONG></A> NoCache *|<EM>word|host|domain</EM> + [<em>word|host|domain</em>] ...<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html b/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html index fb497be9c46..486511a9833 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html @@ -328,12 +328,12 @@ of the available directives. HREF="directive-dict.html#Syntax" REL="Help" ><STRONG>Syntax:</STRONG></A> - <CODE>RewriteEngine</CODE> {<CODE>on,off</CODE>}<BR> + RewriteEngine on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" ><STRONG>Default:</STRONG></A> - <STRONG><CODE>RewriteEngine off</CODE></STRONG><BR> + <CODE>RewriteEngine off</CODE><BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -379,7 +379,7 @@ directive for each virtual host in which you wish to use it. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteOptions</CODE> <EM>Option</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteOptions <EM>Option</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -428,7 +428,7 @@ strings can be one of the following: <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteLog</CODE> <EM>Filename</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteLog <EM>Filename</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -502,11 +502,11 @@ RewriteLog "/usr/local/var/apache/logs/rewrite.log" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteLogLevel</CODE> <EM>Level</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteLogLevel <EM>Level</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" -><STRONG>Default:</STRONG></A> <STRONG><CODE>RewriteLogLevel 0</CODE></STRONG> +><STRONG>Default:</STRONG></A> <CODE>RewriteLogLevel 0</CODE> <BR> <A HREF="directive-dict.html#Context" @@ -565,7 +565,7 @@ RewriteLogLevel 3 <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteLock</CODE> <EM>Filename</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteLock <EM>Filename</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -606,8 +606,8 @@ other types of rewriting maps. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteMap</CODE> <EM>MapName </EM> - <EM>MapType</EM><CODE>:</CODE><EM>MapSource</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteMap <EM>MapName </EM> + <EM>MapType</EM>:<EM>MapSource</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -850,7 +850,7 @@ external lookup only happens once! <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteBase</CODE> <EM>BaseURL</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteBase <EM>BaseURL</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -981,7 +981,7 @@ sure the design and implementation is correct. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteCond</CODE> <EM>TestString</EM> +><STRONG>Syntax:</STRONG></A> RewriteCond <EM>TestString</EM> <EM>CondPattern</EM><BR> <A HREF="directive-dict.html#Default" @@ -1047,6 +1047,15 @@ the pattern from the last matched <CODE>RewriteCond</CODE> directive in the current bunch of conditions. <P> +<LI><STRONG>RewriteMap expansions</STRONG>: These are expansions of the form + +<BLOCKQUOTE><STRONG> +<CODE>${mapname:key|default}</CODE> +</STRONG></BLOCKQUOTE> + +See <A HREF="#mapfunc">the documentation for RewriteMap</A> for more details. + +<P> <LI><STRONG>Server-Variables</STRONG>: These are variables of the form @@ -1281,6 +1290,9 @@ is a comma-separated list of the following flags: This makes the test case-insensitive, <EM>i.e.</EM>, there is no difference between 'A-Z' and 'a-z' both in the expanded <EM>TestString</EM> and the <EM>CondPattern</EM>. + This flag is effective only for comparisons between + <EM>TestString</EM> and <EM>CondPattern</EM>. It has no + effect on filesystem and subrequest checks. <P> <LI>'<STRONG><CODE>ornext|OR</CODE></STRONG>' (<STRONG>or</STRONG> next condition)<BR> Use this to combine rule conditions with a local OR instead of the @@ -1327,7 +1339,7 @@ use any other browser you get the standard homepage. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> <CODE>RewriteRule</CODE> <EM>Pattern</EM> <EM>Substitution</EM><BR> +><STRONG>Syntax:</STRONG></A> RewriteRule <EM>Pattern</EM> <EM>Substitution</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -1702,7 +1714,7 @@ external redirect or proxy throughput (if flag <STRONG>P</STRONG> is used!) is f <TR><TD> <STRONG>Note:</STRONG> To enable the rewriting engine for per-directory configuration files you need to set ``<CODE>RewriteEngine On</CODE>'' in these files <STRONG>and</STRONG> -``<CODE>Option FollowSymLinks</CODE>'' must be enabled. If your administrator has +``<CODE>Options FollowSymLinks</CODE>'' must be enabled. If your administrator has disabled override of <CODE>FollowSymLinks</CODE> for a user's directory, then you cannot use the rewriting engine. This restriction is needed for security reasons. diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html index 379ee78ea83..d67f75b6427 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html @@ -49,18 +49,23 @@ REL="Help" <P> The <SAMP>mod_setenvif</SAMP> module allows you to set environment variables according to whether different aspects of the request match - regular expressions you specify. These envariables can be used by + <a href="../misc/FAQ.html#regex">regular expressions</a> + you specify. These environment variables can be used by other parts of the server to make decisions about actions to be taken. </P> <P>The directives are considered in the order they appear in the configuration files. So more complex sequences can be used, such as this example, which sets <CODE>netscape</CODE> if the browser is mozilla but not MSIE. + </P> + <BLOCKQUOTE><PRE> BrowserMatch ^Mozilla netscape BrowserMatch MSIE !netscape </PRE></BLOCKQUOTE> - </P> + + <p>For additional information, we proved a document on + <a href="../env.html">Environment Variables in Apache</a>.</p> <H2>Directives</H2> <UL> @@ -80,7 +85,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> BrowserMatch <EM>regex envar[=value] [...]</EM> + ><STRONG>Syntax:</STRONG></A> BrowserMatch <EM>regex + envar</em>[=<em>value</em>] [<em>envar</em>[=<em>value</em>]] ... <BR> <A HREF="directive-dict.html#Default" @@ -182,8 +188,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> BrowserMatchNoCase <EM>regex envar[=value] - [...]</EM> + ><STRONG>Syntax:</STRONG></A> BrowserMatchNoCase <EM>regex + envar</em>[=<em>value</em>] [<em>envar</em>[=<em>value</em>]] ... <BR> <A HREF="directive-dict.html#Default" @@ -256,8 +262,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> SetEnvIf <EM> attribute regex envar[=value] - [...]</EM> + ><STRONG>Syntax:</STRONG></A> SetEnvIf <EM> attribute regex + envar</em>[=<em>value</em>] [<em>envar</em>[=<em>value</em>]] ... <BR> <A HREF="directive-dict.html#Default" @@ -353,7 +359,7 @@ REL="Help" SetEnvIf object_is_image xbm XBIT_PROCESSING=1 </PRE> <P> - The first three will set the envariable <SAMP>object_is_image</SAMP> if the + The first three will set the environment variable <SAMP>object_is_image</SAMP> if the request was for an image file, and the fourth sets <SAMP>intra_site_referral</SAMP> if the referring page was somewhere on the <SAMP>www.mydomain.com</SAMP> Web site. @@ -368,8 +374,8 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> SetEnvIfNoCase - <EM> attribute regex envar[=value] [...]</EM> + ><STRONG>Syntax:</STRONG></A> SetEnvIfNoCase <EM> attribute regex + envar</em>[=<em>value</em>] [<em>envar</em>[=<em>value</em>]] ... <BR> <A HREF="directive-dict.html#Default" @@ -417,7 +423,7 @@ REL="Help" SetEnvIfNoCase Host Apache\.Org site=apache </PRE> <P> - This will cause the <SAMP>site</SAMP> envariable to be set to + This will cause the <SAMP>site</SAMP> environment variable to be set to "<SAMP>apache</SAMP>" if the HTTP request header field <SAMP>Host:</SAMP> was included and contained <SAMP>Apache.Org</SAMP>, <SAMP>apache.org</SAMP>, or any other combination. diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html index eb28de1a0f5..b65fcef159b 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html @@ -127,7 +127,8 @@ two modules into a single module for all operating systems. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> LoadFile <EM>filename filename ...</EM><BR> +><STRONG>Syntax:</STRONG></A> LoadFile <EM>filename</em> + [<em>filename</em>] ...<BR> <A HREF="directive-dict.html#Context" REL="Help" @@ -166,24 +167,29 @@ HREF="core.html#serverroot">ServerRoot</A>.<P><HR> REL="Help" ><STRONG>Module:</STRONG></A> mod_so<P> -The LoadModule directive links in the object file or library <EM>filename</EM> -and adds the module structure named <EM>module</EM> to the list of active -modules. <EM>Module</EM> is the name of the external variable of type -<CODE>module</CODE> in the file. Example (Unix): +The LoadModule directive links in the object file or library +<EM>filename</EM> and adds the module structure named <EM>module</EM> +to the list of active modules. <EM>Module</EM> is the name of the +external variable of type <CODE>module</CODE> in the file, and is +listed as the <a href="module-dict.html#ModuleIdentifier">Module +Identifier</a> in the module documentation. Example (Unix, and for +Windows as of Apache 1.3.15): <BLOCKQUOTE><CODE> LoadModule status_module modules/mod_status.so </CODE></BLOCKQUOTE> -<P> - -Example (Windows): +<P>Example (Windows prior to Apache 1.3.15, and some 3rd party modules): <BLOCKQUOTE><CODE> -LoadModule status_module modules/ApacheModuleStatus.dll<BR> +LoadModule foo_module modules/ApacheModuleFoo.dll<BR> </CODE></BLOCKQUOTE> -loads the named module from the modules subdirectory of the -ServerRoot.<P> +<P><STRONG>Note that all modules bundled with the Apache Win32 binary +distribution were renamed as of Apache version 1.3.15</STRONG>.</P> +<P>Win32 Apache modules are often distributed with the old style names, +or even a name such as libfoo.dll. Whatever the name of the module, +it must be the LoadModule directive requires the exact filename, no +assumption is made about the filename extension.</P> <HR> @@ -196,4 +202,3 @@ ServerRoot.<P> </BODY> </HTML> - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html b/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html index 5caf12b3576..89405645d58 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html @@ -60,6 +60,8 @@ REL="Help" </P> <P> If, after scanning the directory, + </P> + <UL> <LI>no matching document was found, Apache will proceed as usual and return a "document not found" error. @@ -69,7 +71,6 @@ REL="Help" the list of the matches is returned to the client, and the client can select the correct candidate. </UL> - </P> <H2>Directives</H2> @@ -83,7 +84,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" - ><STRONG>Syntax:</STRONG></A> CheckSpelling <EM>on/off</EM><BR> + ><STRONG>Syntax:</STRONG></A> CheckSpelling on|off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html index 1effbdd2f35..fb39a4440b0 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html @@ -3,7 +3,7 @@ <title>mod_ssl: Title Page</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -174,7 +174,7 @@ if (document.images) { </tr> <tr> <td align="right"> - <font face="Arial,Helvetica">mod_ssl version 2.7</font> + <font face="Arial,Helvetica">mod_ssl version 2.8</font> </td> </tr> </table> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html index c34e6c27f44..391c0668c60 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html @@ -3,7 +3,7 @@ <title>mod_ssl: Compatibility</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -528,12 +528,12 @@ are listed in <a href="#table3">Table 3</a>. <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover.wml index dbae33ef263..812d5823198 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover.wml @@ -17,7 +17,7 @@ </tr> <tr> <td align=right> - <font face="Arial,Helvetica">mod_ssl version 2.7</font> + <font face="Arial,Helvetica">mod_ssl version 2.8</font> </td> </tr> </table> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html index 0777e724ad5..5b6edb6a510 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html @@ -3,7 +3,7 @@ <title>mod_ssl: F.A.Q.</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -322,21 +322,22 @@ author. <a href="#ToC38"><strong>Global IDs or SGC?</strong></a><br> <a href="#ToC39"><strong>Global IDs and Cert Chain?</strong></a><br> <a href="#ToC40"><strong>About SSL Protocol</strong></a><br> - <a href="#ToC41"><strong>Why has the server a higher load?</strong></a><br> - <a href="#ToC42"><strong>Why are connections horribly slow?</strong></a><br> - <a href="#ToC43"><strong>Which ciphers are supported?</strong></a><br> - <a href="#ToC44"><strong>How to use Anonymous-DH ciphers</strong></a><br> - <a href="#ToC45"><strong>Why do I get 'no shared ciphers'?</strong></a><br> - <a href="#ToC46"><strong>HTTPS and name-based vhosts</strong></a><br> - <a href="#ToC47"><strong>The lock icon in Netscape locks very late</strong></a><br> - <a href="#ToC48"><strong>Why do I get I/O errors with MSIE clients?</strong></a><br> - <a href="#ToC49"><strong>Why do I get I/O errors with NS clients?</strong></a><br> - <a href="#ToC50"><strong>About Support</strong></a><br> - <a href="#ToC51"><strong>Resources in case of problems?</strong></a><br> - <a href="#ToC52"><strong>Support in case of problems?</strong></a><br> - <a href="#ToC53"><strong>How to write a problem report?</strong></a><br> - <a href="#ToC54"><strong>I got a core dump, can you help me?</strong></a><br> - <a href="#ToC55"><strong>How to get a backtrace?</strong></a><br> + <a href="#ToC41"><strong>Random SSL errors under heavy load?</strong></a><br> + <a href="#ToC42"><strong>Why has the server a higher load?</strong></a><br> + <a href="#ToC43"><strong>Why are connections horribly slow?</strong></a><br> + <a href="#ToC44"><strong>Which ciphers are supported?</strong></a><br> + <a href="#ToC45"><strong>How to use Anonymous-DH ciphers</strong></a><br> + <a href="#ToC46"><strong>Why do I get 'no shared ciphers'?</strong></a><br> + <a href="#ToC47"><strong>HTTPS and name-based vhosts</strong></a><br> + <a href="#ToC48"><strong>The lock icon in Netscape locks very late</strong></a><br> + <a href="#ToC49"><strong>Why do I get I/O errors with MSIE clients?</strong></a><br> + <a href="#ToC50"><strong>Why do I get I/O errors with NS clients?</strong></a><br> + <a href="#ToC51"><strong>About Support</strong></a><br> + <a href="#ToC52"><strong>Resources in case of problems?</strong></a><br> + <a href="#ToC53"><strong>Support in case of problems?</strong></a><br> + <a href="#ToC54"><strong>How to write a problem report?</strong></a><br> + <a href="#ToC55"><strong>I got a core dump, can you help me?</strong></a><br> + <a href="#ToC56"><strong>How to get a backtrace?</strong></a><br> </font> </td> </tr> @@ -353,7 +354,7 @@ author. <strong id="faq"> What is the history of mod_ssl? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#history"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#history"><b>L</b></a>] <p> The mod_ssl v1 package was initially created in April 1998 by <a href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> via porting <a @@ -380,7 +381,7 @@ What is the history of mod_ssl? What are the functional differences between mod_ssl and Apache-SSL, from where it is originally derived? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#apssl-diff"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>] <p> This neither can be answered in short (there were too many code changes) nor can be answered at all by the author (there would immediately be flame @@ -421,7 +422,7 @@ it is originally derived? What are the major differences between mod_ssl and the commercial alternatives like Raven or Stronghold? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#apssl-diff"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>] <p> In the past (until September 20th, 2000) the major difference was the RSA license which one received (very cheaply in contrast to @@ -470,7 +471,7 @@ the commercial alternatives like Raven or Stronghold? <strong id="faq"> How do I know which mod_ssl version is for which Apache version? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#what-version"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-version"><b>L</b></a>] <p> That's trivial: mod_ssl uses version strings of the syntax <em><mod_ssl-version></em>-<em><apache-version></em>, for @@ -485,7 +486,7 @@ How do I know which mod_ssl version is for which Apache version? <strong id="faq"> Is mod_ssl Year 2000 compliant? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#y2k"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#y2k"><b>L</b></a>] <p> Yes, mod_ssl is Year 2000 compliant. <p> @@ -510,7 +511,7 @@ Is mod_ssl Year 2000 compliant? <strong id="faq"> What about mod_ssl and the Wassenaar Arrangement? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#wassenaar"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#wassenaar"><b>L</b></a>] <p> First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and @@ -569,7 +570,7 @@ What about mod_ssl and the Wassenaar Arrangement? <strong id="faq"> When I access my website the first time via HTTPS I get a core dump? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#core-dbm"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dbm"><b>L</b></a>] <p> There can be a lot of reasons why a core dump can occur, of course. Ranging from buggy third-party modules, over buggy vendor libraries up to @@ -585,7 +586,7 @@ When I access my website the first time via HTTPS I get a core dump? <strong id="faq"> My Apache dumps core when I add both mod_ssl and PHP3? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#core-php3"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-php3"><b>L</b></a>] <p> Make sure you add mod_ssl to the Apache source tree first and then do a fresh configuration and installation of PHP3. For SSL support EAPI patches @@ -598,7 +599,7 @@ My Apache dumps core when I add both mod_ssl and PHP3? <strong id="faq"> When I startup Apache I get errors about undefined symbols like ap_global_ctx? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#dso-sym"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#dso-sym"><b>L</b></a>] <p> This actually means you installed mod_ssl as a DSO, but without rebuilding Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an @@ -611,7 +612,7 @@ When I startup Apache I get errors about undefined symbols like ap_global_ctx? <strong id="faq"> When I startup Apache I get permission errors related to SSLMutex? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#mutex-perm"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mutex-perm"><b>L</b></a>] <p> When you receive entries like ``<code>mod_ssl: Child could not open SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows) @@ -628,7 +629,7 @@ When I startup Apache I get permission errors related to SSLMutex? When I use the MM library and the shared memory cache each process grows 1.5MB according to `top' although I specified 512000 as the cache size? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#mm"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mm"><b>L</b></a>] <p> The additional 1MB are caused by the global shared memory pool EAPI allocates for all modules and which is not used by mod_ssl for @@ -647,7 +648,7 @@ Apache creates files in a directory declared by the internal EAPI_MM_CORE_PATH define. Is there a way to override the path using a configuration directive? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#mmpath"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mmpath"><b>L</b></a>] <p> No, there is not configuration directive, because for technical bootstrapping reasons, a directive not possible at all. Instead @@ -662,7 +663,7 @@ When I fire up the server, mod_ssl stops with the error "Failed to generate temporary 512 bit RSA private key", why? And a "PRNG not seeded" error occurs if I try "make certificate". </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#entropy"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#entropy"><b>L</b></a>] <p> Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide @@ -691,7 +692,7 @@ And a "PRNG not seeded" error occurs if I try "make certificate". <strong id="faq"> Is it possible to provide HTTP and HTTPS with a single server?</strong> </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#https-parallel"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-parallel"><b>L</b></a>] <p> Yes, HTTP and HTTPS use different server ports, so there is no direct conflict between them. Either run two separate server instances (one binds @@ -705,7 +706,7 @@ Is it possible to provide HTTP and HTTPS with a single server?</strong> <strong id="faq"> I know that HTTP is on port 80, but where is HTTPS? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#https-port"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-port"><b>L</b></a>] <p> You can run HTTPS on any port, but the standards specify port 443, which is where any HTTPS compliant browser will look by default. You can force @@ -717,7 +718,7 @@ I know that HTTP is on port 80, but where is HTTPS? <strong id="faq"> How can I speak HTTPS manually for testing purposes? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#https-test"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-test"><b>L</b></a>] <p> While you usually just use <p> @@ -748,7 +749,7 @@ How can I speak HTTPS manually for testing purposes? <strong id="faq"> Why does the connection hang when I connect to my SSL-aware Apache server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#hang"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>] <p> Because you connected with HTTP to the HTTPS port, i.e. you used an URL of the form ``<code>http://</code>'' instead of ``<code>https://</code>''. @@ -764,7 +765,7 @@ Why does the connection hang when I connect to my SSL-aware Apache server? Why do I get ``Connection Refused'' messages when trying to access my freshly installed Apache+mod_ssl server via HTTPS? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#hang"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>] <p> There can be various reasons. Some of the common mistakes is that people start Apache with just ``<tt>apachectl start</tt>'' (or @@ -781,7 +782,7 @@ installed Apache+mod_ssl server via HTTPS? In my CGI programs and SSI scripts the various documented <code>SSL_XXX</code> variables do not exists. Why? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#env-vars"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#env-vars"><b>L</b></a>] <p> Just make sure you have ``<code>SSLOptions +StdEnvVars</code>'' enabled for the context of your CGI/SSI requests. @@ -791,7 +792,7 @@ In my CGI programs and SSI scripts the various documented <strong id="faq"> How can I use relative hyperlinks to switch between HTTP and HTTPS? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#relative-links"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#relative-links"><b>L</b></a>] <p> Usually you have to use fully-qualified hyperlinks because you have to change the URL scheme. But with the help of some URL @@ -817,7 +818,7 @@ How can I use relative hyperlinks to switch between HTTP and HTTPS? <strong id="faq"> What are RSA Private Keys, CSRs and Certificates?</strong> </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#what-is"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-is"><b>L</b></a>] <p> The RSA private key file is a digital file that you can use to decrypt messages sent to you. It has a public component which you distribute (via @@ -837,7 +838,7 @@ What are RSA Private Keys, CSRs and Certificates?</strong> <strong id="faq"> Seems like there is a difference on startup between the original Apache and an SSL-aware Apache? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#startup"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#startup"><b>L</b></a>] <p> Yes, in general, starting Apache with a built-in mod_ssl is just like starting an unencumbered Apache, except for the fact that when you have a @@ -855,7 +856,7 @@ Seems like there is a difference on startup between the original Apache and an S <strong id="faq"> How can I create a dummy SSL server Certificate for testing purposes? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cert-dummy"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy"><b>L</b></a>] <p> A Certificate does not have to be signed by a public CA. You can use your private key to sign the Certificate which contains your public key. You @@ -880,7 +881,7 @@ How can I create a dummy SSL server Certificate for testing purposes? Ok, I've got my server installed and want to create a real SSL server Certificate for it. How do I do it? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cert-real"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real"><b>L</b></a>] <p> Here is a step-by-step description: <p> @@ -977,7 +978,7 @@ server Certificate for it. How do I do it? <strong id="faq"> How can I create and use my own Certificate Authority (CA)? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cert-ownca"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-ownca"><b>L</b></a>] <p> The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code> script provided by OpenSSL. The long and manual answer is this: @@ -1029,7 +1030,7 @@ How can I create and use my own Certificate Authority (CA)? <strong id="faq"> How can I change the pass-phrase on my private key file? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#change-passphrase"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#change-passphrase"><b>L</b></a>] <p> You simply have to read it with the old pass-phrase and write it again by specifying the new pass-phrase. You can accomplish this with the following @@ -1047,7 +1048,7 @@ How can I change the pass-phrase on my private key file? <strong id="faq"> How can I get rid of the pass-phrase dialog at Apache startup time? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#remove-passphrase"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#remove-passphrase"><b>L</b></a>] <p> The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your server.key file is stored in @@ -1084,7 +1085,7 @@ How can I get rid of the pass-phrase dialog at Apache startup time? <strong id="faq"> How do I verify that a private key matches its Certificate? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#verify-key"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verify-key"><b>L</b></a>] <p> The private key contains a series of numbers. Two of those numbers form the "public key", the others are part of your "private key". The "public @@ -1117,7 +1118,7 @@ How do I verify that a private key matches its Certificate? What does it mean when my connections fail with an "alert bad certificate" error? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#keysize1"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize1"><b>L</b></a>] <p> Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate</tt>'' in the SSL @@ -1130,7 +1131,7 @@ error? <strong id="faq"> Why does my 2048-bit private key not work? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#keysize2"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize2"><b>L</b></a>] <p> The private key sizes for SSL must be either 512 or 1024 for compatibility with certain web browsers. A keysize of 1024 bits is recommended because @@ -1144,7 +1145,7 @@ Why does my 2048-bit private key not work? Why is client authentication broken after upgrading from SSLeay version 0.8 to 0.9? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#hash-symlinks"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hash-symlinks"><b>L</b></a>] <p> The CA certificates under the path you configured with <code>SSLCACertificatePath</code> are found by SSLeay through hash @@ -1159,7 +1160,7 @@ SSLeay version 0.8 to 0.9? <strong id="faq"> How can I convert a certificate from PEM to DER format? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#pem-to-der"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#pem-to-der"><b>L</b></a>] <p> The default certificate format for SSLeay/OpenSSL is PEM, which actually is Base64 encoded DER with header and footer lines. For some applications @@ -1174,7 +1175,7 @@ How can I convert a certificate from PEM to DER format? I try to install a Verisign certificate. Why can't I find neither the <code>getca</code> nor <code>getverisign</code> programs Verisign mentions? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#verisign-getca"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verisign-getca"><b>L</b></a>] <p> This is because Verisign has never provided specific instructions for Apache+mod_ssl. Rather they tell you what you should do @@ -1194,7 +1195,7 @@ I try to install a Verisign certificate. Why can't I find neither the Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global ID) also with mod_ssl? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#gid"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>] <p> Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have to configure anything special for this, just use a Global ID as your @@ -1208,7 +1209,7 @@ ID) also with mod_ssl? After I have installed my new Verisign Global ID server certificate, the browsers complain that they cannot verify the server certificate? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#gid"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>] <p> That is because Verisign uses an intermediate CA certificate between the root CA certificate (which is installed in the browsers) and @@ -1225,36 +1226,49 @@ browsers complain that they cannot verify the server certificate? <ul> <p> <li><a name="ToC41"></a> + <a name="random-errors"></a> + <strong id="faq"> +Why do I get lots of random SSL protocol errors under heavy server load? +</strong> + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random-errors"><b>L</b></a>] + <p> + There can be a number of reasons for this, but the main one + is problems with the SSL session Cache specified by the + <tt>SSLSessionCache</tt> directive. The DBM session cache is most + likely the source of the problem, so trying the SHM session cache or + no cache at all may help. +<p> +<li><a name="ToC42"></a> <a name="load"></a> <strong id="faq"> Why has my webserver a higher load now that I run SSL there? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#load"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#load"><b>L</b></a>] <p> Because SSL uses strong cryptographic encryption and this needs a lot of number crunching. And because when you request a webpage via HTTPS even the images are transfered encrypted. So, when you have a lot of HTTPS traffic the load increases. <p> -<li><a name="ToC42"></a> +<li><a name="ToC43"></a> <a name="random"></a> <strong id="faq"> Often HTTPS connections to my server require up to 30 seconds for establishing the connection, although sometimes it works faster? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#random"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random"><b>L</b></a>] <p> Usually this is caused by using a <code>/dev/random</code> device for <code>SSLRandomSeed</code> which is blocking in read(2) calls if not enough entropy is available. Read more about this problem in the refernce chapter under <code>SSLRandomSeed</code>. <p> -<li><a name="ToC43"></a> +<li><a name="ToC44"></a> <a name="ciphers"></a> <strong id="faq"> What SSL Ciphers are supported by mod_ssl? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#ciphers"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#ciphers"><b>L</b></a>] <p> Usually just all SSL ciphers which are supported by the version of OpenSSL in use (can depend on the way you built @@ -1275,13 +1289,13 @@ What SSL Ciphers are supported by mod_ssl? <p> <code><strong>$ openssl ciphers -v</strong></code><br> <p> -<li><a name="ToC44"></a> +<li><a name="ToC45"></a> <a name="cipher-adh"></a> <strong id="faq"> I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no shared cipher'' errors? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cipher-adh"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-adh"><b>L</b></a>] <p> In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough to just put ``<code>ADH</code>'' into your <code>SSLCipherSuite</code>. @@ -1290,13 +1304,13 @@ shared cipher'' errors? allow ADH ciphers for security reasons. So if you are actually enabling these ciphers make sure you are informed about the side-effects. <p> -<li><a name="ToC45"></a> +<li><a name="ToC46"></a> <a name="cipher-shared"></a> <strong id="faq"> I always just get a 'no shared ciphers' error if I try to connect to my freshly installed server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#cipher-shared"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-shared"><b>L</b></a>] <p> Either you have messed up your <code>SSLCipherSuite</code> directive (compare it with the pre-configured example in @@ -1310,12 +1324,12 @@ I try to connect to my freshly installed server? this, regenerate your server certificate/key pair and this time choose the RSA algorithm. <p> -<li><a name="ToC46"></a> +<li><a name="ToC47"></a> <a name="vhosts"></a> <strong id="faq"> Why can't I use SSL with name-based/non-IP-based virtual hosts? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#vhosts"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts"><b>L</b></a>] <p> The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer @@ -1329,14 +1343,14 @@ Why can't I use SSL with name-based/non-IP-based virtual hosts? handshake is finished. But the information is already needed at the SSL handshake phase. Bingo! <p> -<li><a name="ToC47"></a> +<li><a name="ToC48"></a> <a name="lock-icon"></a> <strong id="faq"> When I use Basic Authentication over HTTPS the lock icon in Netscape browsers still show the unlocked state when the dialog pops up. Does this mean the username/password is still transmitted unencrypted? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#lock-icon"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#lock-icon"><b>L</b></a>] <p> No, the username/password is already transmitted encrypted. The icon in Netscape browsers is just not really synchronized with the SSL/TLS layer @@ -1348,13 +1362,13 @@ username/password is still transmitted unencrypted? handshake phase and switched to encrypted communication. So, don't get confused by this icon. <p> -<li><a name="ToC48"></a> +<li><a name="ToC49"></a> <a name="io-ie"></a> <strong id="faq"> When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet Explorer (MSIE) I get various I/O errors. What is the reason? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#io-ie"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie"><b>L</b></a>] <p> The first reason is that the SSL implementation in some MSIE versions has some subtle bugs related to the HTTP keep-alive facility and the SSL close @@ -1401,15 +1415,21 @@ Explorer (MSIE) I get various I/O errors. What is the reason? Cryptography (SGC) facility. This can only be avoided by using the fully qualified domain name (FQDN) of the website in hyperlinks instead, because MSIE 5.x has an error in the way it handles the SGC negotiation. + <p> + And finally there are versions of MSIE which seem to require that + an SSL session can be reused (a totally non standard-conforming + behaviour, of course). Connection with those MSIE versions only work + if a SSL session cache is used. So, as a work-around, make sure you + are using a session cache (see <tt>SSLSessionCache</tt> directive). <p> -<li><a name="ToC49"></a> +<li><a name="ToC50"></a> <a name="io-ns"></a> <strong id="faq"> When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I get I/O errors and the message "Netscape has encountered bad data from the server" What's the reason? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#io-ns"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ns"><b>L</b></a>] <p> The problem usually is that you had created a new server certificate with the same DN, but you had told your browser to accept forever the old @@ -1420,29 +1440,29 @@ server" What's the reason? </ul> <p> <br> -<h2><a name="ToC50">About Support</a></h2> +<h2><a name="ToC51">About Support</a></h2> <ul> <p> -<li><a name="ToC51"></a> +<li><a name="ToC52"></a> <a name="resources"></a> <strong id="faq"> What information resources are available in case of mod_ssl problems? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#resources"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#resources"><b>L</b></a>] <p> The following information resources are available. In case of problems you should search here first. <p> <ol> <li><em>Answers in the User Manual's F.A.Q. List (this)</em><br> - <a href="http://www.modssl.org/docs/2.7/ssl_faq.html"> - http://www.modssl.org/docs/2.7/ssl_faq.html</a><br> + <a href="http://www.modssl.org/docs/2.8/ssl_faq.html"> + http://www.modssl.org/docs/2.8/ssl_faq.html</a><br> First look inside the F.A.Q. (this text), perhaps your problem is such popular that it was already answered a lot of times in the past. <p> <li><em>Postings from the modssl-users Support Mailing List</em> - <a href="http://www.modssl.org/news/list.html"> - http://www.modssl.org/news/list.html</a><br> + <a href="http://www.modssl.org/support/"> + http://www.modssl.org/support/</a><br> Second search for your problem in one of the existing archives of the modssl-users mailing list. Perhaps your problem popped up at least once for another user, too. @@ -1454,12 +1474,12 @@ In case of problems you should search here first. someone else already has reported the problem. </ol> <p> -<li><a name="ToC52"></a> +<li><a name="ToC53"></a> <a name="contact"></a> <strong id="faq"> What support contacts are available in case of mod_ssl problems? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#contact"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#contact"><b>L</b></a>] <p> The following lists all support possibilities for mod_ssl, in order of preference, i.e. start in this order and do not pick the support possibility @@ -1490,13 +1510,13 @@ you just like most, please. usually not processed as fast as a posting on modssl-users. </ol> <p> -<li><a name="ToC53"></a> +<li><a name="ToC54"></a> <a name="report-details"></a> <strong id="faq"> What information and details I've to provide to the author when writing a bug report? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#report-details"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-details"><b>L</b></a>] <p> You have to at least always provide the following information: <p> @@ -1530,12 +1550,12 @@ You have to at least always provide the following information: course. </ul> <p> -<li><a name="ToC54"></a> +<li><a name="ToC55"></a> <a name="core-dumped"></a> <strong id="faq"> I got a core dump, can you help me? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#core-dumped"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dumped"><b>L</b></a>] <p> In general no, at least not unless you provide more details about the code location where Apache dumped core. What is usually always required in @@ -1543,12 +1563,12 @@ I got a core dump, can you help me? information it is mostly impossible to find the problem and help you in fixing it. <p> -<li><a name="ToC55"></a> +<li><a name="ToC56"></a> <a name="report-backtrace"></a> <strong id="faq"> Ok, I got a core dump but how do I get a backtrace to find out the reason for it? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#report-backtrace"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-backtrace"><b>L</b></a>] <p> Follow the following steps: <p> @@ -1600,12 +1620,12 @@ Follow the following steps: <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml index 5683974ecb3..e3d169317d2 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml @@ -69,7 +69,7 @@ author. <a name="<get-var ref>"></a> <strong id="faq">%body</strong>\ - [<a href="http://www.modssl.org/docs/2.7/ssl_faq.html#<get-var ref>"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#<get-var ref>"><b>L</b></a>] <p> <restore toc> <restore ref> @@ -922,6 +922,16 @@ browsers complain that they cannot verify the server certificate? <ul> +<faq ref="random-errors" toc="Random SSL errors under heavy load?"> +Why do I get lots of random SSL protocol errors under heavy server load? +</faq> + + There can be a number of reasons for this, but the main one + is problems with the SSL session Cache specified by the + <tt>SSLSessionCache</tt> directive. The DBM session cache is most + likely the source of the problem, so trying the SHM session cache or + no cache at all may help. + <faq ref="load" toc="Why has the server a higher load?"> Why has my webserver a higher load now that I run SSL there? </faq> @@ -1087,6 +1097,13 @@ Explorer (MSIE) I get various I/O errors. What is the reason? qualified domain name (FQDN) of the website in hyperlinks instead, because MSIE 5.x has an error in the way it handles the SGC negotiation. + <p> + And finally there are versions of MSIE which seem to require that + an SSL session can be reused (a totally non standard-conforming + behaviour, of course). Connection with those MSIE versions only work + if a SSL session cache is used. So, as a work-around, make sure you + are using a session cache (see <tt>SSLSessionCache</tt> directive). + <faq ref="io-ns" toc="Why do I get I/O errors with NS clients?"> When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I get I/O errors and the message "Netscape has encountered bad data from the @@ -1118,14 +1135,14 @@ In case of problems you should search here first. <p> <ol> <li><em>Answers in the User Manual's F.A.Q. List (this)</em><br> - <a href="http://www.modssl.org/docs/2.7/ssl_faq.html"> - http://www.modssl.org/docs/2.7/ssl_faq.html</a><br> + <a href="http://www.modssl.org/docs/2.8/ssl_faq.html"> + http://www.modssl.org/docs/2.8/ssl_faq.html</a><br> First look inside the F.A.Q. (this text), perhaps your problem is such popular that it was already answered a lot of times in the past. <p> <li><em>Postings from the modssl-users Support Mailing List</em> - <a href="http://www.modssl.org/news/list.html"> - http://www.modssl.org/news/list.html</a><br> + <a href="http://www.modssl.org/support/"> + http://www.modssl.org/support/</a><br> Second search for your problem in one of the existing archives of the modssl-users mailing list. Perhaps your problem popped up at least once for another user, too. diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html index f3a6618c72d..6c50706867f 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html @@ -3,7 +3,7 @@ <title>mod_ssl: Glossary</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -390,12 +390,12 @@ Richard Nixon <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html index 31178f3d593..01ff7a99ac1 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html @@ -3,7 +3,7 @@ <title>mod_ssl: HowTo</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -303,7 +303,7 @@ coherences. <strong id="howto"> How can I create a real SSLv2-only server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#cipher-sslv2"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sslv2"><b>L</b></a>] <p> The following creates an SSL server which speaks only the SSLv2 protocol and its ciphers. @@ -352,7 +352,7 @@ SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP <strong id="howto"> How can I create an SSL server which accepts strong encryption only? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#cipher-strong"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-strong"><b>L</b></a>] <p> The following enables only the seven strongest ciphers: <p> @@ -401,7 +401,7 @@ SSLCipherSuite HIGH:MEDIUM How can I create an SSL server which accepts strong encryption only, but allows export browsers to upgrade to stronger encryption? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#cipher-sgc"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sgc"><b>L</b></a>] <p> This facility is called Server Gated Cryptography (SGC) and details you can find in the <code>README.GlobalID</code> document in the mod_ssl distribution. @@ -465,7 +465,7 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 How can I create an SSL server which accepts all types of ciphers in general, but requires a strong ciphers for access to a particular URL? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#cipher-perdir"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-perdir"><b>L</b></a>] <p> Obviously you cannot just use a server-wide <code>SSLCipherSuite</code> which restricts the ciphers to the strong variants. But mod_ssl allows you to @@ -525,7 +525,7 @@ SSLCipherSuite HIGH:MEDIUM How can I authenticate clients based on certificates when I know all my clients? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#auth-simple"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-simple"><b>L</b></a>] <p> When you know your user community (i.e. a closed user group situation), as it's the case for instance in an Intranet, you can use plain certificate @@ -581,7 +581,7 @@ SSLCACertificateFile conf/ssl.crt/ca.crt How can I authenticate my clients for a particular URL based on certificates but still allow arbitrary clients to access the remaining parts of the server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#auth-selective"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-selective"><b>L</b></a>] <p> For this we again use the per-directory reconfiguration feature of mod_ssl: <p> @@ -635,7 +635,7 @@ How can I authenticate only particular clients for a some URLs based on certificates but still allow arbitrary clients to access the remaining parts of the server? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#auth-particular"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular"><b>L</b></a>] <p> The key is to check for various ingredients of the client certficate. Usually this means to check the whole or part of the Distinguished Name (DN) of the @@ -797,7 +797,7 @@ certificates for access to a subarea on the Intranet website for clients coming from the Internet but still allow plain HTTP access for clients on the Intranet? </strong> - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#auth-intranet"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-intranet"><b>L</b></a>] <p> Let us assume the Intranet can be distinguished through the IP network 192.160.1.0/24 and the subarea on the Intranet website has the URL @@ -828,11 +828,13 @@ host (so it applies to both HTTPS and HTTP): <td> <pre> +SSLCACertificateFile conf/ssl.crt/company-ca.crt + <Directory /usr/local/apache/htdocs> # Outside the subarea only Intranet access is granted Order deny,allow Deny from all -Allow 192.160.1.0/24 +Allow from 192.168.1.0/24 </Directory> <Directory /usr/local/apache/htdocs/subarea> @@ -844,7 +846,6 @@ Allow 192.160.1.0/24 # Additionally allow client certs as alternative to basic auth. SSLVerifyClient optional SSLVerifyDepth 1 -SSLCACertificateFile conf/ssl.crt/company-ca.crt SSLOptions +FakeBasicAuth +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 @@ -860,7 +861,7 @@ Satisfy any # Network Access Control Order deny,allow Deny from all -Allow 192.160.1.0/24 +Allow 192.168.1.0/24 # HTTP Basic Authentication AuthType basic @@ -905,12 +906,12 @@ Require valid-user <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml index 7bb3932b6bf..7ce00b04d06 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml @@ -63,7 +63,7 @@ coherences. <a name="<get-var ref>"></a> <strong id="howto">%body</strong>\ - [<a href="http://www.modssl.org/docs/2.7/ssl_howto.html#<get-var ref>"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#<get-var ref>"><b>L</b></a>] <p> <restore toc> <restore ref> @@ -278,11 +278,13 @@ host (so it applies to both HTTPS and HTTP): <p> <config> +SSLCACertificateFile conf/ssl.crt/company-ca.crt + <Directory /usr/local/apache/htdocs> \# Outside the subarea only Intranet access is granted Order deny,allow Deny from all -Allow 192.160.1.0/24 +Allow from 192.168.1.0/24 </Directory> <Directory /usr/local/apache/htdocs/subarea> @@ -294,7 +296,6 @@ Allow 192.160.1.0/24 \# Additionally allow client certs as alternative to basic auth. SSLVerifyClient optional SSLVerifyDepth 1 -SSLCACertificateFile conf/ssl.crt/company-ca.crt SSLOptions +FakeBasicAuth +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 @@ -310,7 +311,7 @@ Satisfy any \# Network Access Control Order deny,allow Deny from all -Allow 192.160.1.0/24 +Allow 192.168.1.0/24 \# HTTP Basic Authentication AuthType basic diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html index 4db11be91ec..fae805f07a4 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html @@ -3,7 +3,7 @@ <title>mod_ssl: Introduction</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -737,7 +737,7 @@ choices, including the choice to perform no encryption: <ul> <li>RC2 with 40 bit key <li>DES with 40 bit key - <li>DES with 54 bit key + <li>DES with 56 bit key <li>Triple-DES with 168 bit key <li>Idea (128 bit key) <li>Fortezza (96 bit key) @@ -896,12 +896,12 @@ is what mod_ssl provides to you for the Apache webserver... <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.wml index 8c2d46ddb2c..2d943826a6e 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.wml @@ -505,7 +505,7 @@ choices, including the choice to perform no encryption: <ul> <li>RC2 with 40 bit key <li>DES with 40 bit key - <li>DES with 54 bit key + <li>DES with 56 bit key <li>Triple-DES with 168 bit key <li>Idea (128 bit key) <li>Fortezza (96 bit key) diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html index 5cf96253ee1..be48d6c77fd 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html @@ -3,7 +3,7 @@ <title>mod_ssl: Preface</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -453,12 +453,12 @@ Not all platform support this. <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html index 4bb6375deff..f7ecb633ffe 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html @@ -3,7 +3,7 @@ <title>mod_ssl: Reference</title> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -1107,8 +1107,8 @@ specify the preference and order for the ciphers (see <a href="#table1">Table <tr id="H"><td><code>SSLv3</code></td> <td>all SSL version 3.0 ciphers</td> </tr> <tr id="D"><td><code>TLSv1</code></td> <td>all TLS version 1.0 ciphers</td> </tr> <tr id="H"><td><code>EXP</code></td> <td>all export ciphers</td> </tr> -<tr id="D"><td><code>EXP40</code></td> <td>all 40-bit export ciphers only</td> </tr> -<tr id="H"><td><code>EXP56</code></td> <td>all 56-bit export ciphers only</td> </tr> +<tr id="D"><td><code>EXPORT40</code></td> <td>all 40-bit export ciphers only</td> </tr> +<tr id="H"><td><code>EXPORT56</code></td> <td>all 56-bit export ciphers only</td> </tr> <tr id="D"><td><code>LOW</code></td> <td>all low strength ciphers (no export, single DES)</td></tr> <tr id="H"><td><code>MEDIUM</code></td> <td>all ciphers with 128 bit encryption</td> </tr> <tr id="D"><td><code>HIGH</code></td> <td>all ciphers using Triple-DES</td> </tr> @@ -2516,12 +2516,12 @@ CustomLog logs/ssl_request_log \ <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align="right"><font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.wml index a1be5bbb4c2..db6ad65f532 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.wml @@ -618,8 +618,8 @@ specify the preference and order for the ciphers (see <a href="#table1">Table <tr id=H><td><code>SSLv3</code></td> <td>all SSL version 3.0 ciphers</td> </tr> <tr id=D><td><code>TLSv1</code></td> <td>all TLS version 1.0 ciphers</td> </tr> <tr id=H><td><code>EXP</code></td> <td>all export ciphers</td> </tr> -<tr id=D><td><code>EXP40</code></td> <td>all 40-bit export ciphers only</td> </tr> -<tr id=H><td><code>EXP56</code></td> <td>all 56-bit export ciphers only</td> </tr> +<tr id=D><td><code>EXPORT40</code></td> <td>all 40-bit export ciphers only</td> </tr> +<tr id=H><td><code>EXPORT56</code></td> <td>all 56-bit export ciphers only</td> </tr> <tr id=D><td><code>LOW</code></td> <td>all low strength ciphers (no export, single DES)</td></tr> <tr id=H><td><code>MEDIUM</code></td> <td>all ciphers with 128 bit encryption</td> </tr> <tr id=D><td><code>HIGH</code></td> <td>all ciphers using Triple-DES</td> </tr> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc index d1a656cb250..f799d40dc4c 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc @@ -1,6 +1,6 @@ ## ## ssl_template.inc -- mod_ssl User Manual: The Heart -## Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved. +## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. ## #use wml::std::page @@ -16,7 +16,7 @@ <head>\ <protect> <!-- - Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved. + Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -232,13 +232,13 @@ H4 { <tr> <td align=left>\ <font face="Arial,Helvetica"> - <a href="http://www.modssl.org/">mod_ssl</a> 2.7, User Manual<br> + <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br> The Apache Interface to OpenSSL </font> </td> <td align=right>\ <font face="Arial,Helvetica"> - Copyright © 1998-2000 + Copyright © 1998-2001 <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br> All Rights Reserved<br> </font> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_status.html b/usr.sbin/httpd/htdocs/manual/mod/mod_status.html index 8cf0ae1a550..da68288f114 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_status.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_status.html @@ -132,7 +132,7 @@ directory of Apache, <CODE>log_server_status</CODE>. <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> ExtendedStatus <EM>On|Off</EM><BR> +><STRONG>Syntax:</STRONG></A> ExtendedStatus On|Off<BR> <A HREF="directive-dict.html#Default" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html b/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html index ebe8f19044c..42727528ba2 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html @@ -52,7 +52,7 @@ REL="Help" <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> UserDir <EM>directory/filename</EM><BR> +><STRONG>Syntax:</STRONG></A> UserDir <EM>directory-filename</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -79,7 +79,7 @@ list of usernames, is only available in Apache 1.3 and above.<P> The UserDir directive sets the real directory in a user's home directory to use when a request for a document for a user is received. -<EM>Directory/filename</EM> is one of the following: +<EM>Directory-filename</EM> is one of the following: </P> <UL> <LI>The name of a directory or a pattern such as those shown below. @@ -105,18 +105,24 @@ keywords appear in the <SAMP>Userdir</SAMP> directive, the argument is treated as a filename pattern, and is used to turn the name into a directory specification. A request for <CODE>http://www.foo.com/~bob/one/two.html</CODE> will be translated to: +</P> + <PRE> UserDir public_html -> ~bob/public_html/one/two.html UserDir /usr/web -> /usr/web/bob/one/two.html UserDir /home/*/www -> /home/bob/www/one/two.html </PRE> + +<p> The following directives will send redirects to the client: +</p> + <PRE> UserDir http://www.foo.com/users -> http://www.foo.com/users/bob/one/two.html UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html </PRE> -</P> + <BLOCKQUOTE> <STRONG> Be careful when using this directive; for instance, diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html b/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html index d0c2056951e..44563d06aae 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html @@ -199,7 +199,7 @@ include A-Z, a-z, 0-9, "_", and "-". <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> CookieTracking <EM>on | off</EM><BR> +><STRONG>Syntax:</STRONG></A> CookieTracking on|off<BR> <A HREF="directive-dict.html#Context" REL="Help" diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html b/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html index b402b6f8bca..b63c8aa261b 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html @@ -78,6 +78,8 @@ directive for details on how this is determined) or the IP address of the virtual host on the server in dotted-quad format. The interpolation is controlled by specifiers inspired by <CODE>printf</CODE> which have a number of formats: +</P> + <DL> <DT><CODE>%%</CODE> <DD>insert a <CODE>%</CODE> @@ -86,7 +88,6 @@ interpolation is controlled by specifiers inspired by <DT><CODE>%N.M</CODE> <DD>insert (part of) the name </DL> -</P> <P> <CODE>N</CODE> and <CODE>M</CODE> are used to specify substrings of @@ -113,6 +114,8 @@ to zero if it isn't present; the dot must be present if and only if <DT><CODE>1+</CODE> and <CODE>-1+</CODE> <DD>the same as <CODE>0</CODE> </DL> + +<p> If <CODE>N</CODE> or <CODE>M</CODE> is greater than the number of parts available a single underscore is interpolated. </P> @@ -122,10 +125,13 @@ parts available a single underscore is interpolated. <P> For simple name-based virtual hosts you might use the following directives in your server configuration file: +</p> <PRE> UseCanonicalName Off VirtualDocumentRoot /usr/local/apache/vhosts/%0 </PRE> + +<p> A request for <CODE>http://www.example.com/directory/file.html</CODE> will be satisfied by the file <CODE>/usr/local/apache/vhosts/www.example.com/directory/file.html</CODE>. @@ -153,7 +159,8 @@ Alternatively you might use: <PRE> VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2.4+ </PRE> -The example request would come from + +<p>The example request would come from <CODE>/usr/local/apache/vhosts/isp.com/e/x/a/mple/directory/file.html</CODE>. </P> @@ -165,6 +172,8 @@ configuration file: VirtualDocumentRootIP /usr/local/apache/vhosts/%1/%2/%3/%4/docs VirtualScriptAliasIP /usr/local/apache/vhosts/%1/%2/%3/%4/cgi-bin </PRE> + +<p> A request for <CODE>http://www.example.isp.com/directory/file.html</CODE> would be satisfied by the file <CODE>/usr/local/apache/vhosts/10/20/30/40/docs/directory/file.html</CODE> if @@ -182,6 +191,8 @@ following way: <PRE> VirtualDocumentRoot /usr/local/apache/vhosts/%2.0.%3.0 </PRE> + +<p> A request for <CODE>http://www.example.isp.com/directory/file.html</CODE> will be satisfied by the file <CODE>/usr/local/apache/vhosts/example.isp/directory/file.html</CODE>. @@ -229,7 +240,7 @@ name. The result of expanding <EM>interpolated-directory</EM> is used as the root of the document tree in a similar manner to the <A HREF="core.html#documentroot"><CODE>DocumentRoot</CODE></A> directive's argument. If <EM>interpolated-directory</EM> is -<CODE>none</CODE> then <CODE>VirtaulDocumentRoot</CODE> is turned off. +<CODE>none</CODE> then <CODE>VirtualDocumentRoot</CODE> is turned off. This directive cannot be used in the same context as <A HREF="#virtualdocumentrootip"><CODE>VirtualDocumentRootIP</CODE></A>. </P> |