From 5f1108e4f87420e53b0bd9953a39c0a6fc9cb0f5 Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Thu, 21 Aug 2003 13:11:42 +0000 Subject: merge --- usr.sbin/httpd/htdocs/manual/LICENSE | 2 +- usr.sbin/httpd/htdocs/manual/TODO | 4 + usr.sbin/httpd/htdocs/manual/cygwin.html | 18 +- usr.sbin/httpd/htdocs/manual/dns-caveats.html.en | 2 +- usr.sbin/httpd/htdocs/manual/dns-caveats.html.html | 2 +- usr.sbin/httpd/htdocs/manual/ebcdic.html | 2 +- usr.sbin/httpd/htdocs/manual/env.html.en | 8 +- usr.sbin/httpd/htdocs/manual/env.html.html | 8 +- usr.sbin/httpd/htdocs/manual/env.html.ja.jis | 24 +- usr.sbin/httpd/htdocs/manual/host.html | 185 +++ usr.sbin/httpd/htdocs/manual/howto/auth.html | 57 +- usr.sbin/httpd/htdocs/manual/howto/ssi.html.en | 11 +- usr.sbin/httpd/htdocs/manual/howto/ssi.html.html | 11 +- usr.sbin/httpd/htdocs/manual/howto/ssi.html.ja.jis | 2 +- usr.sbin/httpd/htdocs/manual/install-tpf.html | 170 +-- usr.sbin/httpd/htdocs/manual/install.html.en | 12 +- usr.sbin/httpd/htdocs/manual/install.html.es | 4 +- usr.sbin/httpd/htdocs/manual/install.html.fr | 4 +- usr.sbin/httpd/htdocs/manual/install.html.html | 12 +- usr.sbin/httpd/htdocs/manual/install.html.ja.jis | 329 +++++- usr.sbin/httpd/htdocs/manual/install_1_1.html | 124 ++ usr.sbin/httpd/htdocs/manual/logs.html | 20 +- usr.sbin/httpd/htdocs/manual/misc/FAQ.html | 86 +- usr.sbin/httpd/htdocs/manual/misc/descriptors.html | 13 +- usr.sbin/httpd/htdocs/manual/misc/howto.html | 4 +- usr.sbin/httpd/htdocs/manual/misc/known_bugs.html | 171 +++ .../htdocs/manual/misc/known_client_problems.html | 6 +- usr.sbin/httpd/htdocs/manual/misc/nopgp.html | 4 +- usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html | 1194 ++++++++++---------- usr.sbin/httpd/htdocs/manual/misc/perf.html | 45 +- .../httpd/htdocs/manual/misc/rewriteguide.html | 131 +-- .../httpd/htdocs/manual/misc/security_tips.html | 28 +- usr.sbin/httpd/htdocs/manual/mod/core.html.en | 176 ++- usr.sbin/httpd/htdocs/manual/mod/core.html.html | 176 ++- .../httpd/htdocs/manual/mod/directives.html.de | 17 +- .../httpd/htdocs/manual/mod/directives.html.en | 19 +- .../httpd/htdocs/manual/mod/directives.html.fr | 6 +- .../httpd/htdocs/manual/mod/directives.html.html | 19 +- .../httpd/htdocs/manual/mod/directives.html.ja.jis | 12 +- .../htdocs/manual/mod/index-bytype.html.ja.jis | 41 +- usr.sbin/httpd/htdocs/manual/mod/index.html.ja.jis | 2 +- .../httpd/htdocs/manual/mod/mod_access.html.en | 4 +- .../httpd/htdocs/manual/mod/mod_access.html.html | 4 +- .../htdocs/manual/mod/mod_actions.html.ja.jis | 6 +- .../httpd/htdocs/manual/mod/mod_auth_digest.html | 2 +- .../httpd/htdocs/manual/mod/mod_auth_msql.html | 488 ++++++++ .../httpd/htdocs/manual/mod/mod_autoindex.html | 28 +- .../httpd/htdocs/manual/mod/mod_cern_meta.html | 2 +- usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.en | 2 +- usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.html | 2 +- .../httpd/htdocs/manual/mod/mod_cgi.html.ja.jis | 8 +- .../httpd/htdocs/manual/mod/mod_dir.html.ja.jis | 2 +- .../httpd/htdocs/manual/mod/mod_env.html.ja.jis | 8 +- usr.sbin/httpd/htdocs/manual/mod/mod_imap.html | 6 +- usr.sbin/httpd/htdocs/manual/mod/mod_include.html | 5 + usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en | 2 +- .../httpd/htdocs/manual/mod/mod_info.html.html | 2 +- .../httpd/htdocs/manual/mod/mod_info.html.ja.jis | 18 +- .../httpd/htdocs/manual/mod/mod_log_common.html | 2 +- .../httpd/htdocs/manual/mod/mod_log_referer.html | 2 +- usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.en | 28 +- .../httpd/htdocs/manual/mod/mod_mime.html.html | 28 +- .../httpd/htdocs/manual/mod/mod_mime.html.ja.jis | 49 +- .../httpd/htdocs/manual/mod/mod_mmap_static.html | 2 +- .../htdocs/manual/mod/mod_negotiation.html.ja.jis | 2 +- usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html | 36 +- .../httpd/htdocs/manual/mod/mod_setenvif.html.en | 28 +- .../httpd/htdocs/manual/mod/mod_setenvif.html.html | 28 +- .../htdocs/manual/mod/mod_setenvif.html.ja.jis | 12 +- usr.sbin/httpd/htdocs/manual/mod/mod_so.html.en | 5 + usr.sbin/httpd/htdocs/manual/mod/mod_so.html.html | 5 + .../httpd/htdocs/manual/mod/mod_so.html.ja.jis | 13 +- .../htdocs/manual/mod/mod_speling.html.ja.jis | 13 +- .../htdocs/manual/mod/mod_unique_id.html.ja.jis | 4 +- .../htdocs/manual/mod/mod_userdir.html.ja.jis | 55 +- .../httpd/htdocs/manual/mod/mod_usertrack.html | 50 + .../htdocs/manual/mod/module-dict.html.ja.jis | 8 +- .../httpd/htdocs/manual/new_features_1_3.html.en | 8 +- .../httpd/htdocs/manual/new_features_1_3.html.html | 8 +- .../htdocs/manual/new_features_1_3.html.ja.jis | 6 +- usr.sbin/httpd/htdocs/manual/readme-tpf.html | 5 +- usr.sbin/httpd/htdocs/manual/suexec.html.en | 14 +- usr.sbin/httpd/htdocs/manual/suexec.html.html | 14 +- usr.sbin/httpd/htdocs/manual/suexec.html.ja.jis | 8 +- usr.sbin/httpd/htdocs/manual/urlmapping.html | 10 +- usr.sbin/httpd/htdocs/manual/vhosts-in-depth.html | 398 +++++++ .../httpd/htdocs/manual/vhosts/details_1_2.html | 2 +- .../htdocs/manual/vhosts/name-based.html.ja.jis | 75 +- .../htdocs/manual/vhosts/vhosts-in-depth.html | 2 +- .../httpd/htdocs/manual/vhosts/virtual-host.html | 2 +- usr.sbin/httpd/htdocs/manual/virtual-host.html | 216 ++++ .../httpd/htdocs/manual/win_compiling.html.ja.jis | 56 +- usr.sbin/httpd/htdocs/manual/windows.html.ja.jis | 6 +- 93 files changed, 3589 insertions(+), 1361 deletions(-) create mode 100644 usr.sbin/httpd/htdocs/manual/TODO create mode 100644 usr.sbin/httpd/htdocs/manual/host.html create mode 100644 usr.sbin/httpd/htdocs/manual/install_1_1.html create mode 100644 usr.sbin/httpd/htdocs/manual/misc/known_bugs.html create mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html create mode 100644 usr.sbin/httpd/htdocs/manual/vhosts-in-depth.html create mode 100644 usr.sbin/httpd/htdocs/manual/virtual-host.html (limited to 'usr.sbin/httpd/htdocs') diff --git a/usr.sbin/httpd/htdocs/manual/LICENSE b/usr.sbin/httpd/htdocs/manual/LICENSE index de6706f26e0..886dacf5191 100644 --- a/usr.sbin/httpd/htdocs/manual/LICENSE +++ b/usr.sbin/httpd/htdocs/manual/LICENSE @@ -1,7 +1,7 @@ /* ==================================================================== * The Apache Software License, Version 1.1 * - * Copyright (c) 2000 The Apache Software Foundation. All rights + * Copyright (c) 2000-2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without diff --git a/usr.sbin/httpd/htdocs/manual/TODO b/usr.sbin/httpd/htdocs/manual/TODO new file mode 100644 index 00000000000..975ac8e68ea --- /dev/null +++ b/usr.sbin/httpd/htdocs/manual/TODO @@ -0,0 +1,4 @@ +Documentation changes/enhancements needed: + +- Documentation for mod_expires +- Documentation for Satisfy diff --git a/usr.sbin/httpd/htdocs/manual/cygwin.html b/usr.sbin/httpd/htdocs/manual/cygwin.html index e41b7eb45c8..cf134065896 100644 --- a/usr.sbin/httpd/htdocs/manual/cygwin.html +++ b/usr.sbin/httpd/htdocs/manual/cygwin.html @@ -110,7 +110,7 @@ from Apache 1.3.20 and later. Pre-compiled binaries for the Cygwin platform (without the cygwin1.dll) will be supplied at http://www.apache.org/httpd + href="http://httpd.apache.org/">http://httpd.apache.org/ for each released version.

Differences from Apache for @@ -169,7 +169,7 @@

What are the differences in the configuration files?
While the Apache for Windows port uses Windows native path - names to refer files and directorys, like

+ names to refer files and directories, like

   # httpd.conf (for Windows)
   DocumentRoot "c:/apache/htdocs"
@@ -201,7 +201,7 @@
 
     
Cygwin 1.x is required to compile and run this version.
     Cygwin 1.3.9 and 1.3.10 have been tested and approved on both
-    supported OSes. We suggest to use Cygwin 1.3.9-2 and higher.
 
+    supported OSes. We suggest using Cygwin 1.3.9-2 and higher.
 
 
     
Note:If you want to compile shared DLL
     modules using 
 
         
This will produce the required extra libraries or object
-        files which hold all static linked code. Then
+        files that hold all static linked code. Then
         dllwrap and dlltool will export
         all of those (including any additional module code) to the
         shared cyghttpd.dll and create the
@@ -330,11 +330,11 @@
             trying to link the shared DLL modules
             mod_foo.dll.

 
-            
Unfortunatly while Apache's build process the shared
+            
Unfortunately, during Apache's build process, the shared
             modules are linked before the shared core import
             library src/cyghttpd.dll has been made.
             The shared modules depend on this import library, so
-            they can not link for the first time you run
+            they cannot link for the first time you run
             make.

           
 
@@ -350,8 +350,8 @@
             
All shared modules are placed into
             libexec, including the shared core DLL
             cyghttpd.dll. When Apache's
-            /bin/httpd is started it has to dynamicly
-            link cyghttpd.dll while runtime. That is
+            /bin/httpd is started, it has to dynamically
+            link cyghttpd.dll during runtime; that is
             why you have to place the shared core DLL
             cyghttpd.dll to the same directory where
             httpd.exe resides, i.e.
@@ -421,7 +421,7 @@
     
 	 
     
-	 
Using Win32 native socket 
+	 
Using Win32 native socket 
 	 implementation instead

 
     
Apache for Cygwin supports an option to use the Win32 native 
diff --git a/usr.sbin/httpd/htdocs/manual/dns-caveats.html.en b/usr.sbin/httpd/htdocs/manual/dns-caveats.html.en
index 3d472f49c75..515343fa1c9 100644
--- a/usr.sbin/httpd/htdocs/manual/dns-caveats.html.en
+++ b/usr.sbin/httpd/htdocs/manual/dns-caveats.html.en
@@ -196,7 +196,7 @@
 
     
A possible work around to the theft of service attack
     described above would be to perform a reverse DNS lookup on the
-    ip address returned by the forward lookup and compare the two
+    IP address returned by the forward lookup and compare the two
     names. In the event of a mismatch the virtualhost would be
     disabled. This would require reverse DNS to be configured
     properly (which is something that most admins are familiar with
diff --git a/usr.sbin/httpd/htdocs/manual/dns-caveats.html.html b/usr.sbin/httpd/htdocs/manual/dns-caveats.html.html
index bd3702e551f..0d47f605fe0 100644
--- a/usr.sbin/httpd/htdocs/manual/dns-caveats.html.html
+++ b/usr.sbin/httpd/htdocs/manual/dns-caveats.html.html
@@ -198,7 +198,7 @@
 
     
A possible work around to the theft of service attack
     described above would be to perform a reverse DNS lookup on the
-    ip address returned by the forward lookup and compare the two
+    IP address returned by the forward lookup and compare the two
     names. In the event of a mismatch the virtualhost would be
     disabled. This would require reverse DNS to be configured
     properly (which is something that most admins are familiar with
diff --git a/usr.sbin/httpd/htdocs/manual/ebcdic.html b/usr.sbin/httpd/htdocs/manual/ebcdic.html
index 1f7cf83b790..9424bf3a316 100644
--- a/usr.sbin/httpd/htdocs/manual/ebcdic.html
+++ b/usr.sbin/httpd/htdocs/manual/ebcdic.html
@@ -26,7 +26,7 @@
     set as their native codeset.

      (Initially, that support covered only the Fujitsu-Siemens
     family of mainframes running the 
+    href="http://www.fujitsu-siemens.com/rl/products/software/bs2000bc.html">
     BS2000/OSD operating system, a mainframe OS which features
     a SVR4-derived POSIX subsystem. Later, the two IBM mainframe
     operating systems TPF and OS/390 were added).

diff --git a/usr.sbin/httpd/htdocs/manual/env.html.en b/usr.sbin/httpd/htdocs/manual/env.html.en
index 88dad998deb..e43a1247e05 100644
--- a/usr.sbin/httpd/htdocs/manual/env.html.en
+++ b/usr.sbin/httpd/htdocs/manual/env.html.en
@@ -69,17 +69,17 @@
         Related Directives

          

          BrowserMatch

+        href="mod/mod_setenvif.html#browsermatch">BrowserMatch

          BrowserMatchNoCase

+        href="mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase

          PassEnv

          RewriteRule

          SetEnv

          SetEnvIf

+        href="mod/mod_setenvif.html#setenvif">SetEnvIf

          SetEnvIfNoCase

+        href="mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase

          UnsetEnv

          
       
diff --git a/usr.sbin/httpd/htdocs/manual/env.html.html b/usr.sbin/httpd/htdocs/manual/env.html.html
index 3572a6f6079..1b79aa7c653 100644
--- a/usr.sbin/httpd/htdocs/manual/env.html.html
+++ b/usr.sbin/httpd/htdocs/manual/env.html.html
@@ -71,17 +71,17 @@
         Related Directives

          

          BrowserMatch

+        href="mod/mod_setenvif.html#browsermatch">BrowserMatch

          BrowserMatchNoCase

+        href="mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase

          PassEnv

          RewriteRule

          SetEnv

          SetEnvIf

+        href="mod/mod_setenvif.html#setenvif">SetEnvIf

          SetEnvIfNoCase

+        href="mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase

          UnsetEnv

          
       
diff --git a/usr.sbin/httpd/htdocs/manual/env.html.ja.jis b/usr.sbin/httpd/htdocs/manual/env.html.ja.jis
index 961bbb0ae2c..13bc6eb1ffc 100644
--- a/usr.sbin/httpd/htdocs/manual/env.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/env.html.ja.jis
@@ -8,7 +8,7 @@
 
     Apache の環境変数
   
-  
+  
   
   
@@ -66,17 +66,17 @@
         関連ディレクティブ

          

          BrowserMatch

+        href="mod/mod_setenvif.html#browsermatch">BrowserMatch

          BrowserMatchNoCase

+        href="mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase

          PassEnv

          RewriteRule

          SetEnv

          SetEnvIf

+        href="mod/mod_setenvif.html#setenvif">SetEnvIf

          SetEnvIfNoCase

+        href="mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase

          UnsetEnv

          
       
@@ -261,6 +261,20 @@
 
     
これが設定されている場合は、KeepAlive を使用しないようにします。

+
+    
suppress-error-charset

+    
1.3.26 と 2.0.40 以降のバージョンで使用可能

+    
Apache がクライアントのリクエストに応じてリダイレクトを行なうとき、
+    レスポンスにはクライアントが自動的にリダイレクトを追えない(追わない)ときの
+    ために表示されるテキストが含まれています。Apache は通常はこのテキストは
+    使われている文字セットである ISO-8859-1 とします。

+    
しかし、リダイレクト先が別の文字セットを使っている場合、
+    標準に準拠していないブラウザでは、リダイレクト先の実際の文字セットの
+    代わりに、リダイレクト元の文字セットを使ってしまうことがあります。
+    これは、例えばギリシャ文字が文字化けしたりすることになります。

+    
この環境変数を設定すると、 Apache はリダイレクト元のテキストの文字セット
+    は省略するようになり、そのような標準に準拠していないブラウザでもリダイレクト
+    先の文字セットを正しく使うことができるようになります。

     

 
     

diff --git a/usr.sbin/httpd/htdocs/manual/host.html b/usr.sbin/httpd/htdocs/manual/host.html
new file mode 100644
index 00000000000..74639a5b5fb
--- /dev/null
+++ b/usr.sbin/httpd/htdocs/manual/host.html
@@ -0,0 +1,185 @@
+
+
+Apache non-IP Virtual Hosts
+
+
+
+
+

+ [APACHE DOCUMENTATION]
+ 

+  Apache HTTP Server Version 1.2
+ 

+

+
+
Apache non-IP Virtual Hosts

+
+See Also:
+Virtual Host Support
+
+

+
+
What is a Virtual Host

+
+
The "Virtual Host" refers to the practice of maintaining more than
+one server on one machine, as differentiated by their apparent
+hostname. For example, it is often desirable for companies sharing a
+web server to have their own domains, with web servers accessible as
+www.company1.com and www.company2.com,
+without requiring the user to know any extra path information.

+
+
Apache was one of the first servers to support virtual hosts right
+out of the box, but since the base HTTP (HyperText
+Transport Protocol) standard does not allow any method for the server
+to determine the hostname it is being addressed as, Apache's virtual
+host support has required a separate IP address for each
+server. Documentation on using this approach (which still works very
+well) is available.
+
+
While the approach described above works, with the available IP
+address space growing smaller, and the number of domains increasing,
+it is not the most elegant solution, and is hard to implement on some
+machines. The HTTP/1.1 protocol contains a method for the
+server to identify what name it is being addressed as. Apache 1.1 and
+later support this approach as well as the traditional
+IP-address-per-hostname method.

+
+
The benefits of using the new virtual host support is a practically
+unlimited number of servers, ease of configuration and use, and
+requires no additional hardware or software. The main disadvantage is
+that the user's browser must support this part of the protocol. The
+latest versions of many browsers (including Netscape Navigator 2.0 and
+later) do, but many browsers, especially older ones, do not. This can
+cause problems, although a possible solution is addressed below.

+
+
Using non-IP Virtual Hosts

+
+
Using the new virtual hosts is quite easy, and superficially looks
+like the old method. You simply add to one of the Apache configuration
+files (most likely httpd.conf or srm.conf)
+code similar to the following:

+
+    <VirtualHost www.apache.org>
+    ServerName www.apache.org
+    DocumentRoot /usr/web/apache
+    </VirtualHost>
+

+
+
Of course, any additional directives can (and should) be placed
+into the <VirtualHost> section. To make this work,
+all that is needed is to make sure that the www.apache.org
+DNS entry points to the same IP address as the main
+server. Optionally, you could simply use that IP address in the
+<VirtualHost> entry.

+
+
Additionally, many servers may wish to be accessible by more than
+one name. For example, the Apache server might want to be accessible
+as apache.org, or ftp.apache.org, assuming
+the IP addresses pointed to the same server. In fact, one might want it
+so that all addresses at apache.org were picked up by the
+server. This is possible with the ServerAlias
+directive, placed inside the <VirtualHost> section. For
+example:

+
+
+    ServerAlias apache.org *.apache.org
+

+
+
Note that you can use * and ? as wild-card
+characters.

+
+
You also might need ServerAlias if you are serving local users who
+do not always include the domain name.  For example, if local users are
+familiar with typing "www" or "www.physics" then you will need to add
+ServerAlias www www.physics.  It isn't possible for the
+server to know what domain the client uses for their name resolution
+because the client doesn't provide that information in the request.

+
+
Security Considerations

+
+Apache allows all virtual hosts to be made accessible via the
+Host: header through all IP interfaces, even those which
+are configured to use different IP interfaces.  For example, if the
+configuration for www.foo.com contained a virtual host
+section for www.bar.com, and www.bar.com was
+a separate IP interface, such that
+non-Host:-header-supporting browsers can use it, as
+before with Apache 1.0.  If a request is made to
+www.foo.com and the request includes the header
+Host: www.bar.com, a page from www.bar.com
+will be sent.
+
+

+
+This is a security concern if you are controlling access to a
+particular server based on IP-layer controls, such as from within a
+firewall or router.  Let's say www.bar.com in the above
+example was instead an intra-net server called
+private.foo.com, and the router used by foo.com only let
+internal users access private.foo.com.  Obviously,
+Host: header functionality now allows someone who has
+access to www.foo.com to get
+private.foo.com, if they send a Host:
+private.foo.com header.  It is important to note that this
+condition exists only if you only implement this policy at the IP
+layer - all security controls used by Apache (i.e., allow, deny from, etc.) are consistently
+respected.
+
+
Compatibility with Older Browsers

+
+
As mentioned earlier, a majority of browsers do not send the
+required data for the new virtual hosts to work properly. These
+browsers will always be sent to the main server's pages. There is a
+workaround, albeit a slightly cumbersome one:

+
+
To continue the www.apache.org example (Note: Apache's
+web server does not actually function in this manner), we might use the
+new ServerPath directive in the www.apache.org virtual host,
+for example:
+
+
+    ServerPath /apache
+

+
What does this mean? It means that a request for any file beginning
+with "/apache" will be looked for in the Apache
+docs. This means that the pages can be accessed as
+http://www.apache.org/apache/ for all browsers, although
+new browsers can also access it as
+http://www.apache.org/.

+
+
In order to make this work, put a link on your main server's page
+to http://www.apache.org/apache/ (Note: Do not use
+http://www.apache.org/ - this would create an endless
+loop). Then, in the virtual host's pages, be sure to use either purely
+relative links (e.g. "file.html" or
+"../icons/image.gif" or links containing the prefacing
+/apache/
+(e.g. "http://www.apache.org/apache/file.html" or
+"/apache/docs/1.1/index.html").

+
+
This requires a bit of
+discipline, but adherence to these guidelines will, for the most part,
+ensure that your pages will work with all browsers, new and old. When
+a new browser contacts http://www.apache.org/, they will
+be directly taken to the Apache pages. Older browsers will be able to
+click on the link from the main server, go to
+http://www.apache.org/apache/, and then access the
+pages.
 
+
+

+

+ Apache HTTP Server Version 1.2
+

+
+Index
+
+
+
+
diff --git a/usr.sbin/httpd/htdocs/manual/howto/auth.html b/usr.sbin/httpd/htdocs/manual/howto/auth.html
index 6966d536a24..940d5ff7600 100644
--- a/usr.sbin/httpd/htdocs/manual/howto/auth.html
+++ b/usr.sbin/httpd/htdocs/manual/howto/auth.html
@@ -19,12 +19,12 @@
 
Authentication, Authorization, and Access
 Control

 
-     
+

  • Configuration: - Protecting content with basic authentication + Protecting content with basic authentication
  • Frequently asked - questions about basic auth + questions about basic auth
  • Security @@ -48,7 +48,7 @@ Control
  • - Digest authentication + Digest authentication
    - TIP: Logic changes + TIP: Logic changes implemented with PUT11 cause ZINET to not restart NOLISTEN servers after ZOLDR ACT and ZOLDR DEACT entries. This means that Apache @@ -626,44 +670,40 @@ http://xx.xx.xx.xx    (where xx.xx.xx.xx is your IP address)
    • +
    -

    Compiling with VisualAge TPF

    +

    Using VisualAge TPF

    - It is not required that make be used to compile Apache - for TPF: Individual programs may be compiled using IBM's - VisualAge TPF product. This is particularly useful when - compiling selected programs for the Debug Tool.  - -

    The following VisualAge compile settings are required:

    - - + VisualAge TPF can be used to generate link maps for Apache: +
      +
    1. Copy the sample linkhttp.dlm file from the src/os/tpf/samples + directory to your Apache src directory on OS/390 UNIX. +
      2. +
    2. This sample file contains the components for the default + configuration of Apache. Add and delete components (such as modules) + as necessary so it matches your configuration of Apache. + Basically, it should match your link JCL with the ".../apache/src" + portion of the filenames removed. +
      3. +
    3. Change items in angle brackets (< >) to also match your JCL. + Be sure to remove the angle brackets as well. +
      4. +
    4. In VisualAge TPF create a container with your modified dlm file as its sole contents. +
      5. +
    5. Right click on the dlm file in your new container and choose "Build DLM". +
      6. +
    - [ top  | Download  | Compilation  | Installation  | VisualAge ] + [ top + | Download + | Compilation + | Installation + | VisualAge ]
    diff --git a/usr.sbin/httpd/htdocs/manual/install.html.en b/usr.sbin/httpd/htdocs/manual/install.html.en index 455a125fc04..207d64ca5c5 100644 --- a/usr.sbin/httpd/htdocs/manual/install.html.en +++ b/usr.sbin/httpd/htdocs/manual/install.html.en @@ -191,7 +191,7 @@ please read the document htdocs/manual/dso.html carefully. Especially the section entitled "Advantages & Disadvantages" because using the DSO mechanism can have strange side-effects if you are not - carefully. BE WARNED!

    + careful. BE WARNED!

    @@ -258,10 +258,10 @@

    Configuring the installation

    - Compiling Apache consists of three steps: Firstly select which + Compiling Apache consists of three steps: First select which Apache modules you want to include into the - server. Secondly create a configuration for your operating - system. Thirdly compile the executable. + server. Second create a configuration for your operating + system. Third compile the executable.

    All configuration of Apache is performed in the src directory of the Apache distribution. Change @@ -269,8 +269,8 @@

    1. - Select modules to compile into Apache in the - Configuration file. Uncomment lines + Select modules to compile into Apache in the Configuration + file src/Configuration.tmpl. Uncomment lines corresponding to those optional modules you wish to include (among the AddModule lines at the bottom of the file), or add new lines corresponding to additional modules you have diff --git a/usr.sbin/httpd/htdocs/manual/install.html.es b/usr.sbin/httpd/htdocs/manual/install.html.es index 693010262a3..2476dff6296 100644 --- a/usr.sbin/httpd/htdocs/manual/install.html.es +++ b/usr.sbin/httpd/htdocs/manual/install.html.es @@ -63,7 +63,7 @@ en la web y por ftp anónimo.

      Si se ha bajado la distribución binaria, vaya a Instalación de Apache. Si no es + href="#installing">Instalación de Apache. Si no es así lea la siguiente sección como compilar el servidor.

      @@ -160,7 +160,7 @@ Hay instrucciones en esa página para añadir estos módulos en el núcleo de Apache.

      -

      Instalación de +

      Instalación de Apache

      Tendrá un fichero binario llamado hhtpd diff --git a/usr.sbin/httpd/htdocs/manual/install.html.fr b/usr.sbin/httpd/htdocs/manual/install.html.fr index d5d197c2185..e6b600aa509 100644 --- a/usr.sbin/httpd/htdocs/manual/install.html.fr +++ b/usr.sbin/httpd/htdocs/manual/install.html.fr @@ -63,7 +63,7 @@

      Si vous avez téléchargé une distribution composée des binaires, passez directement - à l'installation d'Apache. Sinon + à l'installation d'Apache. Sinon lisez la section suivante afin de savoir comment compiler le serveur.

      @@ -168,7 +168,7 @@ make Des instructions sont fournies sur cette page pour lier ces modules au noyau d'Apache. -

      Installation +

      Installation d'Apache

      Vous devez avoir un exécutable appelé httpd dans le répertoire src. diff --git a/usr.sbin/httpd/htdocs/manual/install.html.html b/usr.sbin/httpd/htdocs/manual/install.html.html index 1364cb6e51d..3352a08fbed 100644 --- a/usr.sbin/httpd/htdocs/manual/install.html.html +++ b/usr.sbin/httpd/htdocs/manual/install.html.html @@ -193,7 +193,7 @@ please read the document htdocs/manual/dso.html carefully. Especially the section entitled "Advantages & Disadvantages" because using the DSO mechanism can have strange side-effects if you are not - carefully. BE WARNED!

      + careful. BE WARNED!

      @@ -260,10 +260,10 @@

      Configuring the installation

      - Compiling Apache consists of three steps: Firstly select which + Compiling Apache consists of three steps: First select which Apache modules you want to include into the - server. Secondly create a configuration for your operating - system. Thirdly compile the executable. + server. Second create a configuration for your operating + system. Third compile the executable.

      All configuration of Apache is performed in the src directory of the Apache distribution. Change @@ -271,8 +271,8 @@

      1. - Select modules to compile into Apache in the - Configuration file. Uncomment lines + Select modules to compile into Apache in the Configuration + file src/Configuration.tmpl. Uncomment lines corresponding to those optional modules you wish to include (among the AddModule lines at the bottom of the file), or add new lines corresponding to additional modules you have diff --git a/usr.sbin/httpd/htdocs/manual/install.html.ja.jis b/usr.sbin/httpd/htdocs/manual/install.html.ja.jis index 83f48a28676..70eff7bbd66 100644 --- a/usr.sbin/httpd/htdocs/manual/install.html.ja.jis +++ b/usr.sbin/httpd/htdocs/manual/install.html.ja.jis @@ -1,17 +1,16 @@ - - Compiling and Installing Apache + - + - +
        [APACHE DOCUMENTATION] @@ -22,48 +21,251 @@

        Apache 1.3 のコンパイル・インストール

        -

        このドキュメントは Apache を Unix システム上で、手動でのビルド - ・インストールの手法によって、コンパイル、インストール - するためのものです。もし、あなたが autoconf スタイルの configure - インターフェイスを使いたい場合は、Apache のソース配布のルートにある - INSTALL ファイルを代わりに読んでください。特定のプラットフォーム上での - コンパイルとインストールについては、以下の項目を参照してください。

        + +

        この文書は Apache を Unix システム上で、コンパイル及びインストール + するためのものです。それ以外のプラットホーム上でのコンパイル及び + インストールについては、以下の項目を参照してください。

        -
      2. Cygwin 上で Apache を使用する
        3. +

        Apache のダウンロード

        + +

        Apache の最新版は Apache ウェブサイト http://www.apache.org/dist/httpd/ + または http://www.apache.org/dyn/closer.cgi + にリストされた多くのミラーサイトから直接ダウンロードすることも出来ます。 + これらのサイトには現在のリリース版や最新のベータ版、古いバージョンへのリンク、 + いろいろなプラットホーム用のバイナリ配布がリストされます。

        + +

        導入

        + +

        すべての良い物と同様、Apache を設定、コンパイル、インストール + する方法は二つあります。以下で説明する APACI プロセスを使った + 3分インストール、または 'src/INSTALL' ファイルで説明されている、 + 以前のバージョンの Apache と同じ機構を選択することが出来ます。 + それぞれに利点と欠点があります。- APACI はより新しく、 + 少し熟成されていませんがそれに費やす時間は最小限で済みます。 + 対して、"Configuration.tmpl" + の機構を使った従来の方法はパワーユーザにとってはより柔軟に扱うことが出来ます。 + 我々は、それぞれのやり方に対する意見やフィードバックには大変興味があります +

        -
      3. Novell Netware 上で Apache - を使用する
        4. +

        APACI を使った Apache 1.3 HTTP + サーバのインストール

        -
      4. HP MPE/iX 上で Apache を使用する
        5. +

        Overview for the impatient

        +
        +     $ ./configure --prefix=PREFIX
+     $ make
+     $ make install
+     $ PREFIX/bin/apachectl start
+
        -
      5. UnixWare 上で Apache - をコンパイルする
        6. +

        注意: PREFIX は "PREFIX" + という文字列ではありません。代わりに Apache をインストールしたい + Unix のファイルシステム上のパスを使います。たとえば上の PREFIX + の部分には "/usr/local/apache" が入ります。

        + +

        必要なシステム

        +

        Apache のビルドには以下に挙げるものが必要になります

        + +
        +
        ディスクスペース
        + +
        約 12 MB のディスクスペースが一時的に必要になることを確認してください。 + インストール後には約 3 MB のディスクスペースが必要になります。 + (実際に必要になディスクスペースは組み込まれたサードパーティーの + モジュール等に依ります)。
        + +
        ANSI-C コンパイラ
        + +
        ANSI-C コンパイラがインストールされていることを確認してください。 + Free Software Foundation (FSF) による GNU C コンパイラ (GCC) + を推奨します(バージョン 2.7.2 で大丈夫)。GCC を持っていない場合は + ベンダによるコンパイラが最低限 ANSI 互換であることを確認してください。 + GNU のホームページは http://www.gnu.org/ に、GCC 配布は + http://www.gnu.org/order/ftp.html から見つけることが出来ます。
        + +
        Perl 5 インタプリタ [オプション]
        + +
        `apxs' や `dbmmanage' のような(Perl で書かれた) + サポートスクリプトの中には Perl 5 インタプリタ (バージョン 5.003 + または 5.004 が望ましい) が必要なものがあります。APACI の + `configure' スクリプトにそのようなインタプリタが見つからなかった場合、 + 害にはなりません。当然、Apache 1.3 をビルド及びインストール + することができます。もし、複数の Perl インタプリタがインストール + されている場合 (恐らくはベンダによる Perl 4 と自分で導入した Perl 5)、 + --with-perl オプション (以下参照) を使って正しいものを選択し APACI + に知らせてやることを推奨します。
        + +
        動的共有オブジェクト (DSO) サポート [オプション]
        + +
        +

        現在、最大限の柔軟性のために Apache は dlopen()/dlsym() + システムコールを利用した DSO 機構を経由させたランタイムにより、 + モジュールをロードすることが出来ます。これらのシステムコールはすべての + OS で有効なわけではないのでどのプラットホームでも DSO + 機構を使えるとは限りません。シェアードオブジェクトのコンパイルは + 非常にプラットフォームに依存したものであるため、Apache は現時点では + いくつかのプラットフォームに関してのみその方法を知っています。 + 現在の状況はこのようになります。

        + +
          +
        • + サポートされているプラットフォーム: + +

          + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
          LinuxSunOSUnixWareDarwin/Mac OS
          FreeBSDSolarisAIXOpenStep/Mach
          OpenBSDIRIXSCODYNIX/ptx
          NetBSDHPUXReliantUNIXBSDI
          Digital UnixDGUX
          +

          +
          • + +
        • + 完全にサポート外のプラットフォーム: + +

          Ultrix

          +
          • +
        + +

        あなたのシステムがこのリストにないけれど、dlopen + 形式のインタフェースがある場合、適切なコンパイラとリンカフラグ + (CFLAGS_SHLIB, LDFLAGS_SHLIB 及び LDFLAGS_SHLIB_EXPORT 参照) + を手動で与えてやるか、最低限 Apache がオプションを推察できるように、 + Perl 5 インタプリタがどこにインストール + されているかを指定する必要があります。

        + +

        Apache 1.3 での DSO サポートに関する、より細部の情報については + htdocs/manual/dso.html の文書をよく読んでください。 + 十分に注意しないで DSO 機構を使うと妙な副作用が発生することがあるため、 + 特に + "Advantages & Disadvantages" と名付けられた節は + 注意して読んでください。警告はしましたよ!

        +
        +
        + +

        ソースツリーの設定

        + +

        次の段階は Apache ソースツリーを特定のプラットホームや + 個々の必要に合わせて設定します。この設定で最も重要なことは後で + Apache がインストールされる位置の決定です。というのは + Apache が正しく動作するためにこの位置に合わせて設定されるからです。 + 他にも希望に応じて多くのオプションが有効です。

        + +

        どんなことが出来るのか簡単に感じてもらうため、ここでは + 標準的な例として、インストールツリーを /sw/pkg/apache, + 特定のコンパイラ及びフラグ、そして 2 つの追加モジュール mod_rewrite + 及び mod_proxy を後で DSO 機構によりロードさせるように Apache + をコンパイルするものとします>。

        +
        +     $ CC="pgcc" OPTIM="-O2" \
+       ./configure --prefix=/usr/local/apache \
+                   --enable-module=rewrite --enable-shared=rewrite \
+                   --enable-module=proxy   --enable-shared=proxy
+
        -
      6. Apache の TPF Port の概要 -
        7. - +

        有効なオプションの完全なリストは以下のコマンドを打ち込んでください。 +

        +

        ./configure --help

        + +

        設定例のリストは README.configure + ファイルも見てください。

        + +

        パッケージのビルド

        + +

        これで Apache パッケージの各部分をコマンド

        +
        +        $ make 
+
        + +

        を実行することによりビルドすることが出来ます。 + これには有効にしたモジュールの量にもよりますが Pentium-166/FreeBSD-2.2 + システムの場合で約 2 分かかります。じっと待ってください。 +

        + +

        パッケージのインストール

        -

        Apache のダウンロード

        - Apache の最新版の情報は http://www.apache.org/ の Apache - ウェブサーバから入手することができます。ここには最新リリースと、 - より新しいベータテストリリース、ミラーウェブサイトと anonymous ftp - サイトの詳しい情報が表示されています。 +

        インストールの PREFIX (上の --prefix + オプション参照)設定によりパッケージをインストールする時です。

        +
        +        $ make install
+
        + +

        以下の例では PREFIX はそのまま "PREFIX" + ではなく、--prefix + オプションにより与えられた引数になります。

        + + +

        伝統的な方法によるビルドとインストール

        -

        もし、あなたがバイナリ配布版をダウンロードしたのであれば、Apache のインストールに移ってください。そうでなければ、 - 次のセクションのサーバのコンパイルについてを読んで下さい。

        +

        APACI が出てくる以前は Apache のビルド及びインストールの方法は + 1 つしかありませんでした。APACI は + 人によってはよりわかりやすい設定のインターフェースを提供しますが、 + 従来からの方法は大量のコマンドライン + オプションを打ち込むことなくインストールの設定を + 出来る方法が用意されています。

        -

        Apache のコンパイル

        - Apache のコンパイルは三段階で構成されます: まずサーバに含めたい - Apache モジュール を選択してください。 - 次に、あなたの OS に合わせた設定をします。 - 最後にコンパイルをします。 +

        インストールの設定

        + +

        Apache のコンパイルは三段階で構成されます。 + まずサーバに含めたい Apache モジュール + を選択してください。次に、OS に合わせた設定をします。 + 最後にコンパイルをします。

        Apache の全ての設定は、Apache 配布の src ディレクトリで行われます。このディレクトリに入ってください。 @@ -71,7 +273,8 @@

        1. - Configuration ファイルの中で Apache + Configuration ファイル src/Configuration.tmpl + の中で Apache にコンパイルするモジュールを選択します。実装したいオプションの モジュールの行のコメントを外すか (ファイルの終わりにある AddModule 行で) 、ダウンロードしたり、作成した追加のモジュールの @@ -99,7 +302,7 @@ EXTRA_CFLAGS, LIBS, LDFLAGS, INCLUDES. -

          Configure スクリプトを実行します:

          +

          Configure スクリプトを実行します

          @@ -115,7 +318,7 @@
     Creating Makefile in os/unix
     Creating Makefile in modules/standard
 
-
          +
          (*: 設定内容とシステムによっては、Configure はこの通りに 表示しないことがありますが、それで問題ありません。) @@ -130,9 +333,11 @@ ファイルを読み込むようにオプションを付けるといいでしょう。)

          2. +

          Apache のコンパイル

          +
        2. make を実行してください。
        - Apache 配布にあるモジュールはApache 開発グループによってテストが行われ、 + Apache 配布物にあるモジュールは Apache 開発グループによってテストが行われ、 多くのメンバーによって日常的に使われているものです。 メンバーやサードパーティによって開発された特定のニーズや機能をもつ 追加モジュールは、<Apache のインストール +

        Apache のインストール

        + コンパイルを行うと、httpd というバイナリファイルが src ディレクトリに作成されます。Apache のバイナリ配布はこのファイルを提供します。 @@ -150,7 +356,7 @@ Apache はコンパイルされたディレクトリと同じディレクトリのセットで 設定、実行されるようになっています。 もしどこか他のところから実行させたい場合は、ディレクトリを作成し、 - そこに conflogs, icons + そこに conf, logs 及び icons ディレクトリをコピーしてください。どちらの場合でも、 サーバルートのディレクトリのパーミッションをどう設定するかについて、 security 情報 @@ -171,8 +377,7 @@ セキュリティ的に危険になったりします。 conf ディレクトリには mime.types という追加ファイルがあります。 - 通常このファイルを編集する必要はありません。 -

        + 通常このファイルを編集する必要はありません。

        最初に httpd.conf を編集してください。 このファイルはサーバに関する一般的な属性を設定します; @@ -186,24 +391,42 @@ ディレクトリにある .htaccess ファイルを使うことによって、 ディレクトリ毎に設定できます。

        -

        システムタイムを正確に設定してください!

        - 公開されるウェブサーバの適切な操作には、HTTP - プロトコルの要素がその日の時間として示されるため、 - 正確な時間が必要とされます。ですから、これを機会に UNIX においては - NTP やなんらかの時間の同期を取るシステム、NT - においても何かそれと同じ働きをするものを導入してください。 - -

        サポートプログラムのコンパイル

        +

        サポートプログラムのコンパイル

        上記でコンパイル、設定されるメインの httpd サーバの他に、Apache には多数のサポートプログラムが含まれています。 これらは標準ではコンパイルされません。サポートプログラムは support ディレクトリにあります。 サポートプログラムをコンパイルするには、このディレクトリに入り、 - 以下のように入力してください : + 以下のように入力してください。 
             make
        + +

        パッケージのテスト

        + +

        ここで、以下のコマンドを実行することで、Apache HTTP をすぐに + 実行できるようになっています。

        +
        +        $ PREFIX/bin/apachectl start
+
        + +

        それから URL http://localhost/ (Apache を root としてあるいは + --without-confadjust オプションを使ってビルド、インストールした場合) + または http://localhost:8080/ (Apache を普通のユーザでビルド、 + インストールした場合) により最初の文書をリクエストできます。 + それから以下によりサーバを止めてください。

        +
        +        $ PREFIX/bin/apachectl stop
+
        + +

        正しいシステム時間の設定!

        +

        公開されるウェブサーバの適切な操作には、HTTP + プロトコルの要素がその日の時間として示されるため、 + 正確な時間が必要とされます。ですから、これを機会に UNIX においては + NTP やなんらかの時間の同期を取るシステム、NT + においても何かそれと同じ働きをするものを導入してください。

        +

        Apache HTTP Server

        diff --git a/usr.sbin/httpd/htdocs/manual/install_1_1.html b/usr.sbin/httpd/htdocs/manual/install_1_1.html new file mode 100644 index 00000000000..f5f0f4d376c --- /dev/null +++ b/usr.sbin/httpd/htdocs/manual/install_1_1.html @@ -0,0 +1,124 @@ + + + +Compiling and Installing Apache + + + + +
        + [APACHE DOCUMENTATION] +

        + Apache HTTP Server Version 1.2 +

        +
        + +

        Compiling and Installing Apache

        +

        Downloading Apache

        +

        Information on the latest version of Apache can be found on the Apache +web server at http://www.apache.org/. This will list the current release, +any more recent beta-test release, together with details of mirror +web and anonymous ftp sites.

        + +UnixWare users will want to consult build notes +for various UnixWare versions before compiling. + +

        Compiling Apache

        +This release of Apache supports the notion of `optional modules'. +However, the server has to know which modules are compiled into it, in +order for those modules to be effective; this requires generation of a +short bit of code (`modules.c') which simply has a list of them. +

        +If you are satisfied with our standard module set, and expect to +continue to be satisfied with it, then you can just edit the stock +Makefile and compile as you have been doing previously. If you +would +like to select optional modules, however, you need to run the +configuration script. +

        +To do this: +

          +
        1. Edit the file `Configuration'. This contains the per-machine +config settings of the Makefile, and also an additional section at +the bottom which lists the modules which have been compiled in, and +also names the files containing them. You will need to: +
            +
          1. Select a compiler and compilation options as appropriate to +your machine. +
          2. Uncomment lines corresponding to those optional modules you wish +to include (among the Module lines at the bottom of the file) +or add new lines corresponding to custom modules you have written. +

            +Note that DBM auth has to be explicitly configured in, if you want +it; just uncomment the corresponding line. +

          +
        2. Run the `Configure' script: +
          +% Configure
          +Using 'Configuration' as config file
          +%
          + +This generates new versions of the Makefile and of modules.c. If +you want to maintain multiple configurations, you can say, e.g., +
          +% Configure -file Configuration.ai
          +Using alternate config file Configuration.ai
          +%
          + +
        3. Type `make'. +

          +The modules we place in the Apache distribution are the ones we have +tested and are used regularly by various members of the Apache +development group. Additional modules contributed by members or third +parties with specific needs or functions are available at +<URL:http://www.apache.org/dist/contrib/modules/>. There are instructions on that page for +linking these modules into the core Apache code. +

        + +

        Installing Apache

        +After compilation, you will have a binary called `httpd' in the +src/ directory. A binary distribution of Apache will supply this +file. +

        +The next step is to edit the configuration files for the server. In +the subdirectory called `conf' you should find distribution versions +of the three configuration files: srm.conf-dist, +access.conf-dist and httpd.conf-dist. Copy them to +srm.conf, access.conf and httpd.conf +respectively. +

        +First edit httpd.conf. This sets up general attributes about the +server; the port number, the user it runs as, etc. Next edit the +srm.conf file; this sets up the root of the document tree, +special functions like server-parsed HTML or internal imagemap parsing, etc. +Finally, edit the access.conf file to at least set the base cases +of access. +

        +Finally, make a call to httpd, with a -f to the full path to the +httpd.conf file. I.e., the common case: +

        + /usr/local/etc/apache/src/httpd -f /usr/local/etc/apache/conf/httpd.conf +
        +The server should be now running. +

        +By default the srm.conf and access.conf files are +located by name; to specifically call them by other names, use the +AccessConfig and +ResourceConfig directives in +httpd.conf. + +

        +

        + Apache HTTP Server Version 1.2 +

        + +Index + + + diff --git a/usr.sbin/httpd/htdocs/manual/logs.html b/usr.sbin/httpd/htdocs/manual/logs.html index 5e092afcdf5..0e3e171fbfc 100644 --- a/usr.sbin/httpd/htdocs/manual/logs.html +++ b/usr.sbin/httpd/htdocs/manual/logs.html @@ -195,7 +195,7 @@ part of the job of the web server itself. For more information about this topic, and for applications which perform log analysis, check the + href="http://dmoz.org/Computers/Software/Internet/Site_Management/Log_Analysis/"> Open Directory or Yahoo.

        @@ -209,7 +209,7 @@

        The format of the access log is highly configurable. The format is specified using a format string that + href="mod/mod_log_config.html#formats">format string that looks much like a C-style printf(1) format string. Some examples are presented in the next sections. For a complete list of the possible contents of the format string, see the -

        Some simple examples using piped logs:

        - -
        - # compressed logs
        - CustomLog "|/usr/bin/gzip -c >> - /var/log/access_log.gz" common
        - # almost-real-time name resolution
        - CustomLog "|/usr/local/apache/bin/logresolve >> - /var/log/access_log" common         -
        - -

        Notice that quotes are used to enclose the entire command - that will be called for the pipe. Although these examples are - for the access log, the same technique can be used for the - error log.

        -

        One important use of piped logs is to allow log rotation without having to restart the server. The Apache HTTP Server includes a simple program called Why the name "Apache"? -

        A cute name which stuck. Apache is "A +

        The name 'Apache' was chosen from respect for + the Native American Indian tribe of Apache (Indé), + well-known + for their superior skills in warfare strategy and their + inexhaustible endurance. For more information on the + Apache Nation, we suggest searching + Google, + Northernlight, or + AllTheWeb.

        + +

        Secondarily, and more popularly (though incorrectly) accepted, + it's a considered cute name which stuck. Apache is "A PAtCHy server". It was based on some existing code and a series of "patch files".

        -

        For many developers it is also a reverent connotation to - the Native American Indian tribe of Apache, well-known - for their superior skills in warfare strategy and - inexhaustible endurance. For more information on the - Apache Nation, we suggest searching Google, - - Northernlight, or - AllTheWeb.

        @@ -1205,7 +1206,7 @@

        Be prepared to respond to any questions about your patches and possibly defend your code. If your patch results in a lot of discussion, you may be asked to submit - an updated patch that incorporate all changes and + an updated patch that incorporates all changes and suggestions.

        @@ -1573,8 +1574,8 @@ connection before it had been completely set up - such as by the end-user pressing the "Stop" button. People's patience being what it is, sites with response-time - problems or slow network links may experiences this more - than high-capacity ones or those with large pipes to the + problems or slow network links may experience this more + than high capacity ones or those with large pipes to the network.

        @@ -1821,18 +1822,9 @@

        The shim is not unloaded when Aventail Connect is shut down. Once observed, the problem persists until the shim is either explicitly unloaded or the machine is rebooted. - Instructions for temporarily removing the Aventail Connect - V3.x shim can be found here: "How - to Remove Aventail Connect v3.x from the LSP Order for - Testing Purposes."

        - -

        Another potential solution (not tested) is to add + Another potential solution (not tested) is to add apache.exe to the Aventail "Connect Exclusion - List". See this link for details: "How - to Add an Application to Aventail Connect's Application - Exclusion List."

        + List".

        Apache is affected in a similar way by any firewall program that isn't correctly configured. Assure @@ -1916,7 +1908,7 @@

        Check your cron jobs to see when/if your server logs are being - rotated. Compare the time of rotation to the error menage time. + rotated. Compare the time of rotation to the error message time. If they are the same, you can somewhat safely assume that the restart is due to your server logs being rotated.

        @@ -1929,7 +1921,7 @@ source that is associated with binary compatibility of modules. It is changed when internal Apache structures, function calls and other significant parts of API change in - such a way that binary compatiblity cannot be guaranteed any + such a way that binary compatibility cannot be guaranteed any more. On MMN change, all third party modules have to be at least recompiled, sometimes even slightly changed in order to work with the new version of Apache.

        @@ -2283,6 +2275,34 @@ href="../mod/core.html#servername">ServerName directive to the config file to tell it what the domain name of the server is.

        + +

        The other thing that can occasionally cause this symptom is a + misunderstanding of the Alias directive, + resulting in an alias working with a trailing slash, and not + without one. The Alias directive is very literal, + and aliases what you tell it to. Consider the following + example:

        + + 
        +        Alias /example/ /home/www/example/
+
        + +

        The above directive creates an alias for URLs starting with + /example/, but does not alias URLs + starting with /example. That is to say, a URL such + as http://servername.com/example/ will get the + desired content, but a URL such as + http://servername.com/example will result in a + "file not found" error.

        + +

        The following Alias, on the other hand, will + work for both cases:

        + + 
        +        Alias /example /home/www/example
+
        +
        @@ -2606,7 +2626,7 @@ Options Includes ExecCGI
        -
      7. How can I change +
      8. How can I change the information that Apache returns about itself in the headers? @@ -3280,7 +3300,9 @@ NameVirtualHost * href="http://www.apacheweek.com/features/userauth">Using User Authentication or DBM - User Authentication.

        + User Authentication, or see the authentication tutorial in the + Apache documentation.

        9. @@ -3891,7 +3913,7 @@ href="../env.html#examples">Environment Variables documentation.

        program which does whatever you want. However, Apache does offer the ability to prevent requests from ever appearing in the log files. You can do this by using the SetEnvIf + href="../mod/mod_setenvif.html#setenvif">SetEnvIf directive to set an environment variable for certain requests and then using the conditional diff --git a/usr.sbin/httpd/htdocs/manual/misc/descriptors.html b/usr.sbin/httpd/htdocs/manual/misc/descriptors.html index ebc7180292b..811ef241aeb 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/descriptors.html +++ b/usr.sbin/httpd/htdocs/manual/misc/descriptors.html @@ -126,7 +126,18 @@
        AIX version 3.2?? appears to have a hard limit of 128 descriptors. End of story. Version 4.1.5 has a hard limit of - 2000.
        + 2000. Version 4.3.3 and 5.1 say + 
        +/*
+ * Select uses bit masks of file descriptors.
+ * These macros manipulate such bit fields.
+ * FD_SETSIZE may be defined by the user to the maximum valued file
+ * descriptor to be selected; the default here should be == OPEN_MAX
+ */
+#ifndef FD_SETSIZE
+#define FD_SETSIZE     32767    /* must be == OPEN_MAX in  */
+#endif
+
        SCO OpenServer
        diff --git a/usr.sbin/httpd/htdocs/manual/misc/howto.html b/usr.sbin/httpd/htdocs/manual/misc/howto.html index 8ce8520658b..c37b82f933d 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/howto.html +++ b/usr.sbin/httpd/htdocs/manual/misc/howto.html @@ -172,7 +172,7 @@ print "Status: 302 Moved Temporarily\r\n" . reputation for sending hundreds/thousands of requests to each site, often resulting in the site being overloaded. Things have improved dramatically since then, thanks to         + href="http://www.robotstxt.org/wc/guidelines.html"> Guidelines for Robot Writers, but even so, some robots may exhibit unfriendly behavior which the webmaster isn't willing to tolerate, and will want to stop.

        @@ -187,7 +187,7 @@ print "Status: 302 Moved Temporarily\r\n" .

        If you decide to exclude robots completely, or just limit the areas in which they can roam, create a robots.txt file; refer to the + href="http://www.robotstxt.org/wc/robots.html"> robot information pages provided by Martijn Koster for the syntax.

        diff --git a/usr.sbin/httpd/htdocs/manual/misc/known_bugs.html b/usr.sbin/httpd/htdocs/manual/misc/known_bugs.html new file mode 100644 index 00000000000..95bb37c705d --- /dev/null +++ b/usr.sbin/httpd/htdocs/manual/misc/known_bugs.html @@ -0,0 +1,171 @@ + + + +Apache HTTP Server Project + + + + +
        + [APACHE DOCUMENTATION] +

        + Apache HTTP Server Version 1.2 +

        +
        + +

        Known Bugs in Apache

        + +The most up-to-date resource for bug tracking and information is the +Apache bug database. +Significant bugs at release time will also be noted there. +If you are running a 1.2 beta release or version 1.1.3 or earlier +and thing you have found a bug, please upgrade to 1.2. Many bugs +in early versions have been fixed in 1.2. + +

        See Also: Compatibility notes

        +
        + +

        Apache 1.2 Bugs

        + +
          +
        1. Exists in 1.2.1 only. + On Solaris 2.x the server will stop running after receiving a + SIGHUP. Four workarounds exist (choose one):

          +

            +
          • Retrieve this patch. + cd to your apache_1.2.1 directory, and + type patch -s -p1 < /path/to/patchfile. Then rebuild + Apache.

            +

          • Use SIGUSR1 instead of SIGHUP, see + Stopping and Restarting Apache for more details.

            +

          • Add -DNO_SLACK to + EXTRA_CFLAGS in + your Configuration file, re-run Configure + and rebuild your server. This disables the + descriptor slack workaround

            +

          • (Least preferable) Use Apache 1.2.0 instead of 1.2.1.

            +

          + This problem will be tracked as + PR#832.

          +

          2. + +
        2. (Exists in 1.2.0 and in 1.2.1 after either of the + NO_SLACK or patch provided by the previous bug are applied.) + Solaris 2.5.1 (and probably other versions of Solaris) appear to have + a race condition completely unrelated to all the others. It is possible + during a SIGHUP that the server will fail to start because it will not + be able to re-open its sockets. To our knowledge this has only shown + up during testing when we pummel the server with as many SIGHUP requests + per second as we can. This appears unrelated to the similar sounding bug + described in PR#832. +

          + +

        3. On some architectures + if your configuration uses multiple + Listen directives then it is possible + that the server will starve one of the sockets while serving hits on + another. The work-around is to add + -DUSE_FLOCK_SERIALIZED_ACCEPT to the + EXTRA_CFLAGS line in your Configuration and rebuild. + (If you encounter problems with that, you can also try + -DUSE_FCNTL_SERIALIZED_ACCEPT.) + This affects any architecture that doesn't use one of the + USE_xxxxx_SERIALIZED_ACCEPT definitions, see the + source file conf.h for your architecture. + This will be tracked as + PR#467. +

          4. + +
        4. Fixed in 1.2.1. + Apache's Content + Negotiation should pick the smallest variant if there + are several that are equally acceptable. A bug in 1.2 means it no + longer does this unless all the variants have character sets. + This patch + fixes this problem. It also fixes the problem which makes Apache + pick the last equally acceptable variant instead of the first. + This will be tracked as + PR#94. +

          5. + +
        5. + The PATH_INFO part of a request URI cannot include the sequence + %2f. This will be tracked as + PR#543. +

          6. + +
        6. Users of early 1.2 betas reported problems with many + connections stuck in the FIN_WAIT_2 state due to server + timeouts. Several changes were made during the beta testing of 1.2 + to reduce this problem as much as possible, although you may still + see sockets in FIN_WAIT_2 state due to network or operating system + issues outside the control of Apache. See our FIN_WAIT_2 page for more details. + +

          SunOS4 has a kernel bug in the allocation of memory for the mbuf table. + When it fills up, the result is a Panic the next time any routine tries + to set something in an imaginary mbuf beyond the range of the table. + Due to buggy browser behavior and the lack of a FIN_WAIT_2 timeout + on SunOS4, "KeepAlive Off" is necessary to avoid filling up the mbuf + table on busy sites. +

          7. + +
        7. Compilation fails on SCO3 when using gcc instead of cc, complaining + with "gcc: noinline: No such file or directory". Fix + is given in PR#695. +

          8. + +
        8. If compilation fails complaining about "unknown symbol __inet_ntoa()" + then you have probably installed version 8 of bind. You will need to + explicitly link with the bind library by adding -lbind + to EXTRA_LDFLAGS in Configuration. See + PR#616 + and the + Apache FAQ. +

          9. + +
        9. The message "created shared memory segment #730499" + in error_log is not an error and should be ignored. See + PR#696. +

          10. + +
        10. + Compiling on Solaris 2 with SunSoft's C compiler gives the warning + "mod_include.c", line 1123: warning: end-of-loop code not + reached. This is a bogus warning and can be ignored. + See PR#681. +

          11. + +
        11. Workaround available in 1.2.1. + There appears to be a problem on BSDI 2.1 with large numbers of + virtual hosts. This appears similar to a file-descriptor limit + but BSDI should not have this problem. This will be tracked as + PR#611. + See also the Apache FAQ. +

          12. + +
        12. Workaround available in 1.2.1. + Solaris 2 has problems with large numbers of virtual hosts. This is + because of an operating system limit of 256 file pointers, not due + to Apache. See also the Apache FAQ. +

          13. + +
        + +
        +

        + Apache HTTP Server Version 1.2 +

        + +Index +Home + + + + diff --git a/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html b/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html index ca0ff6eedd3..f2e87c55f84 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html +++ b/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html @@ -247,9 +247,9 @@ regardless of how far in the future the expiry time is set. There is no workaround supplied with Apache, however there are hacks for + href="http://arctic.org/~dean/patches/apache-1.2-gif89-expires-hack.patch"> 1.2 and for + href="http://arctic.org/~dean/patches/apache-1.3-gif89-expires-hack.patch"> 1.3.

        information. There's also + href="http://arctic.org/~dean/apache/no-content-length/"> some information about the actual problem.

        JDK 1.2 betas lose diff --git a/usr.sbin/httpd/htdocs/manual/misc/nopgp.html b/usr.sbin/httpd/htdocs/manual/misc/nopgp.html index 3054170f953..eeafb9699db 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/nopgp.html +++ b/usr.sbin/httpd/htdocs/manual/misc/nopgp.html @@ -68,11 +68,11 @@
        • + href="http://dir.yahoo.com/Computers_and_Internet/security_and_encryption/"> Yahoo - Science: Mathematics: Security and Encryption
          • -
        • EFF +
        • EFF Crypto/Privacy/Security Archive
        • - +
          [APACHE DOCUMENTATION] @@ -25,20 +25,28 @@
          • Introduction
            • -
          • Hardware and Operating System - Issues
            • +
          • Hardware and Operating System Issues
          • Run-Time Configuration Issues
            • -
          • Compile-Time Configuration - Issues
            • + + +
          • Compile-Time Configuration Issues
          • Appendixes
            -

            Introduction

            +

            Introduction

            -

            Apache is a general webserver, which is designed to be - correct first, and fast second. Even so, its performance is - quite satisfactory. Most sites have less than 10Mbits of - outgoing bandwidth, which Apache can fill using only a low end - Pentium-based webserver. In practice sites with more bandwidth - require more than one machine to fill the bandwidth due to - other constraints (such as CGI or database transaction - overhead). For these reasons the development focus has been - mostly on correctness and configurability.

            +

            Apache is a general webserver, which is designed to be correct + first, and fast second. Even so, its performance is quite satisfactory. + Most sites have less than 10Mbits of outgoing bandwidth, which Apache + can fill using only a low end Pentium-based webserver. In practice, + sites with more bandwidth require more than one machine to fill the + bandwidth due to other constraints (such as CGI or database transaction + overhead). For these reasons, the development focus has been mostly on + correctness and configurability.

            Unfortunately many folks overlook these facts and cite raw - performance numbers as if they are some indication of the - quality of a web server product. There is a bare minimum - performance that is acceptable, beyond that extra speed only - caters to a much smaller segment of the market. But in order to - avoid this hurdle to the acceptance of Apache in some markets, - effort was put into Apache 1.3 to bring performance up to a - point where the difference with other high-end webservers is - minimal.

            - -

            Finally there are the folks who just plain want to see how - fast something can go. The author falls into this category. The - rest of this document is dedicated to these folks who want to - squeeze every last bit of performance out of Apache's current - model, and want to understand why it does some things which - slow it down.

            - -

            Note that this is tailored towards Apache 1.3 on Unix. Some - of it applies to Apache on NT. Apache on NT has not been tuned - for performance yet; in fact it probably performs very poorly - because NT performance requires a different programming - model.

            + performance numbers as if they are some indication of the quality of a + web server product. There is a bare minimum performance that is + acceptable, beyond that, extra speed only caters to a much smaller + segment of the market. But in order to avoid this hurdle to the + acceptance of Apache in some markets, effort was put into Apache 1.3 to + bring performance up to a point where the difference with other + high-end webservers is minimal.

            + +

            Finally there are the folks who just want to see how fast something + can go. The author falls into this category. The rest of this document + is dedicated to these folks who want to squeeze every last bit of + performance out of Apache's current model, and want to understand why + it does some things which slow it down.

            + +

            Note that this is tailored towards Apache 1.3 on Unix. Some of it + applies to Apache on NT. Apache on NT has not been tuned for + performance yet; in fact it probably performs very poorly because NT + performance requires a different programming model.

            -

            Hardware and Operating - System Issues

            - -

            The single biggest hardware issue affecting webserver - performance is RAM. A webserver should never ever have to swap, - swapping increases the latency of each request beyond a point - that users consider "fast enough". This causes users to hit - stop and reload, further increasing the load. You can, and - should, control the MaxClients setting so that - your server does not spawn so many children it starts - swapping.

            - -

            Beyond that the rest is mundane: get a fast enough CPU, a - fast enough network card, and fast enough disks, where "fast - enough" is something that needs to be determined by - experimentation.

            - -

            Operating system choice is largely a matter of local - concerns. But a general guideline is to always apply the latest - vendor TCP/IP patches. HTTP serving completely breaks many of - the assumptions built into Unix kernels up through 1994 and - even 1995. Good choices include recent FreeBSD, and Linux.

            +

            Hardware and Operating System + Issues

            + +

            The single biggest hardware issue affecting webserver performance is + RAM. A webserver should never ever have to swap, as swapping increases + the latency of each request beyond a point that users consider "fast + enough". This causes users to hit stop and reload, further increasing + the load. You can, and should, control the MaxClients + setting so that your server does not spawn so many children it starts + swapping. The procedure for doing this is simple: determine the size of + your average Apache process, by looking at your process list via a tool + such as top, and divide this into your total available + memory, leaving some room for other processes.

            + +

            Beyond that the rest is mundane: get a fast enough CPU, a fast + enough network card, and fast enough disks, where "fast enough" is + something that needs to be determined by experimentation.

            + +

            Operating system choice is largely a matter of local concerns. But a + general guideline is to always apply the latest vendor TCP/IP + patches.

            Run-Time Configuration Issues

            -

            HostnameLookups

            - -

            Prior to Apache 1.3, HostnameLookups defaulted - to On. This adds latency to every request because it requires a - DNS lookup to complete before the request is finished. In - Apache 1.3 this setting defaults to Off. However (1.3 or - later), if you use any Allow from domain or - Deny from domain directives then you will pay for - a double reverse DNS lookup (a reverse, followed by a forward - to make sure that the reverse is not being spoofed). So for the - highest performance avoid using these directives (it's fine to - use IP addresses rather than domain names).

            - -

            Note that it's possible to scope the directives, such as - within a <Location /server-status> section. - In this case the DNS lookups are only performed on requests - matching the criteria. Here's an example which disables lookups - except for .html and .cgi files:

            +

            HostnameLookups and other DNS considerations

            + +

            Prior to Apache 1.3, HostnameLookups + defaulted to On. This adds latency to every request + because it requires a DNS lookup to complete before the request is + finished. In Apache 1.3 this setting defaults to Off. If + you need to have addresses in your log files resolved to hostnames, use + the logresolve program that + comes with Apache, or one of the numerous log reporting packages which + are available.

            + +

            It is recommended that you do this sort of postprocessing of your + log files on some machine other than the production web server machine, + in order that this activity not adversely affect server + performance.

            + +

            If you use any Allow from domain or + Deny from domain + directives (i.e., using a hostname, or a domain name, rather than an IP + address) then you will pay for a double reverse DNS lookup (a reverse, + followed by a forward to make sure that the reverse is not being + spoofed). For best performance, therefore, use IP addresses, rather + than names, when using these directives, if possible.

            + +

            Note that it's possible to scope the directives, such as within a + <Location /server-status> section. In this case the + DNS lookups are only performed on requests matching the criteria. + Here's an example which disables lookups except for .html and .cgi + files:

            @@ -139,27 +154,18 @@ HostnameLookups off
 </Files>
            - But even still, if you just need DNS names in some CGIs you - could consider doing the gethostbyname call in the - specific CGIs that need it. - -

            Similarly, if you need to have hostname information in your - server logs in order to generate reports of this information, - you can postprocess your log file with logresolve, so that - these lookups can be done without making the client wait. It is - recommended that you do this postprocessing, and any other - statistical analysis of the log file, somewhere other than your - production web server machine, in order that this activity does - not adversely affect server performance.

            - -

            FollowSymLinks and SymLinksIfOwnerMatch

            + +

            But even still, if you just need DNS names in some CGIs you could + consider doing the gethostbyname call in the specific CGIs + that need it.

            + +

            FollowSymLinks and SymLinksIfOwnerMatch

            Wherever in your URL-space you do not have an Options FollowSymLinks, or you do have an Options - SymLinksIfOwnerMatch Apache will have to issue extra - system calls to check up on symlinks. One extra call per - filename component. For example, if you had:

            + SymLinksIfOwnerMatch             Apache will have to issue extra system + calls to check up on symlinks. One extra call per filename component. + For example, if you had:

            @@ -169,13 +175,13 @@ DocumentRoot /www/htdocs
 </Directory>
            - and a request is made for the URI /index.html. - Then Apache will perform lstat(2) on - /www, /www/htdocs, and - /www/htdocs/index.html. The results of these - lstats are never cached, so they will occur on - every single request. If you really desire the symlinks - security checking you can do something like this: + +

            and a request is made for the URI /index.html. Then + Apache will perform lstat(2) on /www, + /www/htdocs, and /www/htdocs/index.html. The + results of these lstats are never cached, so they will + occur on every single request. If you really desire the symlinks + security checking you can do something like this:

            @@ -188,20 +194,19 @@ DocumentRoot /www/htdocs
 </Directory>
            - This at least avoids the extra checks for the - DocumentRoot path. Note that you'll need to add - similar sections if you have any Alias or - RewriteRule paths outside of your document root. - For highest performance, and no symlink protection, set - FollowSymLinks everywhere, and never set - SymLinksIfOwnerMatch. -

            AllowOverride

            +

            This at least avoids the extra checks for the + DocumentRoot path. Note that you'll need to add similar + sections if you have any Alias or RewriteRule + paths outside of your document root. For highest performance, and no + symlink protection, set FollowSymLinks everywhere, and + never set SymLinksIfOwnerMatch.

            + +

            AllowOverride

            Wherever in your URL-space you allow overrides (typically .htaccess files) Apache will attempt to open - .htaccess for each filename component. For - example,

            + .htaccess for each filename component. For example,

            @@ -211,118 +216,183 @@ DocumentRoot /www/htdocs
 </Directory>
            - and a request is made for the URI /index.html. - Then Apache will attempt to open /.htaccess, - /www/.htaccess, and - /www/htdocs/.htaccess. The solutions are similar - to the previous case of Options FollowSymLinks. - For highest performance use AllowOverride None - everywhere in your filesystem. - -

            Negotiation

            - -

            If at all possible, avoid content-negotiation if you're - really interested in every last ounce of performance. In - practice the benefits of negotiation outweigh the performance - penalties. There's one case where you can speed up the server. - Instead of using a wildcard such as:

            + +

            and a request is made for the URI /index.html. Then + Apache will attempt to open /.htaccess, + /www/.htaccess, and /www/htdocs/.htaccess. + The solutions are similar to the previous case of Options + FollowSymLinks. For highest performance use AllowOverride + None everywhere in your filesystem.

            + +

            See also the .htaccess tutorial + for further discussion of this.

            + +

            Negotiation

            + +

            If at all possible, avoid content-negotiation if you're really + interested in every last ounce of performance. In practice the benefits + of negotiation outweigh the performance penalties. There's one case + where you can speed up the server. Instead of using a wildcard such + as:

             DirectoryIndex index
            - Use a complete list of options: + +

            Use a complete list of options:

             DirectoryIndex index.cgi index.pl index.shtml index.html
            - where you list the most common choice first. - -

            Process Creation

            - -

            Prior to Apache 1.3 the MinSpareServers, - MaxSpareServers, and StartServers - settings all had drastic effects on benchmark results. In - particular, Apache required a "ramp-up" period in order to - reach a number of children sufficient to serve the load being - applied. After the initial spawning of - StartServers children, only one child per second - would be created to satisfy the MinSpareServers - setting. So a server being accessed by 100 simultaneous - clients, using the default StartServers of 5 would - take on the order 95 seconds to spawn enough children to handle - the load. This works fine in practice on real-life servers, - because they aren't restarted frequently. But does really - poorly on benchmarks which might only run for ten minutes.

            - -

            The one-per-second rule was implemented in an effort to - avoid swamping the machine with the startup of new children. If - the machine is busy spawning children it can't service - requests. But it has such a drastic effect on the perceived - performance of Apache that it had to be replaced. As of Apache - 1.3, the code will relax the one-per-second rule. It will spawn - one, wait a second, then spawn two, wait a second, then spawn - four, and it will continue exponentially until it is spawning - 32 children per second. It will stop whenever it satisfies the + +

            where you list the most common choice first.

            + +

            If your site needs content negotiation, consider using + type-map files rather than the Options + MultiViews directive to accomplish the negotiation. See the Content Negotiation + documentation for a full discussion of the methods of negotiation, and + instructions for creating type-map files.

            + +

            Process Creation

            + +

            Prior to Apache 1.3 the MinSpareServers, + MaxSpareServers, + and StartServers + settings all had drastic effects on benchmark results. In particular, + Apache required a "ramp-up" period in order to reach a number of + children sufficient to serve the load being applied. After the initial + spawning of StartServers children, only one child per + second would be created to satisfy the MinSpareServers + setting. So a server being accessed by 100 simultaneous clients, using + the default StartServers of 5 would take on the order 95 + seconds to spawn enough children to handle the load. This works fine in + practice on real-life servers, because they aren't restarted + frequently. But results in poor performance on benchmarks, which might + only run for ten minutes.

            + +

            The one-per-second rule was implemented in an effort to avoid + swamping the machine with the startup of new children. If the machine + is busy spawning children it can't service requests. But it has such a + drastic effect on the perceived performance of Apache that it had to be + replaced. As of Apache 1.3, the code will relax the one-per-second + rule. It will spawn one, wait a second, then spawn two, wait a second, + then spawn four, and it will continue exponentially until it is + spawning 32 children per second. It will stop whenever it satisfies the MinSpareServers setting.

            -

            This appears to be responsive enough that it's almost - unnecessary to twiddle the MinSpareServers, - MaxSpareServers and StartServers - knobs. When more than 4 children are spawned per second, a - message will be emitted to the ErrorLog. If you - see a lot of these errors then consider tuning these settings. - Use the mod_status output as a guide.

            +

            This appears to be responsive enough that it's almost unnecessary to + adjust the MinSpareServers, MaxSpareServers + and StartServers settings. When more than 4 children are + spawned per second, a message will be emitted to the + ErrorLog. If you see a lot of these errors then consider + tuning these settings. Use the mod_status output as a + guide.

            + +

            In particular, you may need to set MinSpareServers + higher if traffic on your site is extremely bursty - that is, if the + number of connections to your site fluctuates radically in short + periods of time. This may be the case, for example, if traffic to your + site is highly event-driven, such as sites for major sports events, or + other sites where users are encouraged to visit the site at a + particular time.

            Related to process creation is process death induced by the - MaxRequestsPerChild setting. By default this is 0, - which means that there is no limit to the number of requests - handled per child. If your configuration currently has this set - to some very low number, such as 30, you may want to bump this - up significantly. If you are running SunOS or an old version of - Solaris, limit this to 10000 or so because of memory leaks.

            - -

            When keep-alives are in use, children will be kept busy - doing nothing waiting for more requests on the already open - connection. The default KeepAliveTimeout of 15 - seconds attempts to minimize this effect. The tradeoff here is - between network bandwidth and server resources. In no event - should you raise this above about 60 seconds, as + MaxRequestsPerChild setting. By default this is 0, which + means that there is no limit to the number of requests handled per + child. If your configuration currently has this set to some very low + number, such as 30, you may want to bump this up significantly. If you + are running SunOS or an old version of Solaris, limit this to 10000 or + so because of memory leaks.

            + +

            When keep-alives are in use, children will be kept busy doing + nothing waiting for more requests on the already open connection. The + default KeepAliveTimeout of 15 seconds attempts to + minimize this effect. The tradeoff here is between network bandwidth + and server resources. In no event should you raise this above about 60 + seconds, as most of the benefits are lost.

            + +

            Modules

            + +

            Since memory usage is such an important consideration in + performance, you should attempt to eliminate modules that you are not + actually using. If you have built the modules as DSOs, eliminating modules is a simple matter of + commenting out the associated AddModule and LoadModule directives for + that module. This allows you to experiment with removing modules, and + seeing if your site still functions in their absence.

            + +

            If, on the other hand, you have modules statically linked into your + Apache binary, you will need to recompile Apache in order to remove + unwanted modules.

            + +

            An associated question that arises here is, of course, what modules + you need, and which ones you don't. The answer here will, of course, + vary from one web site to another. However, the minimal list of + modules which you can get by with tends to include mod_mime, mod_dir, and mod_log_config. + mod_log_config is, of course, optional, as you can run a + web site without log files. This is, however, not recommended.

            + +

            mod_mmap_static

            + +

            Apache comes with a module, mod_mmap_static, which is not + enabled by default, which allows you to map files into RAM, and + serve them directly from memory rather than from the disc, which + should result in substantial performance improvement for + frequently-requests files. Note that when files are modified, you + will need to restart your server in order to serve the latest + version of the file, so this is not appropriate for files which + change frequently. See the documentation for this module for more + complete details.

            +
            -

            Compile-Time - Configuration Issues

            +

            Compile-Time Configuration + Issues

            mod_status and ExtendedStatus On

            -

            If you include mod_status and you also set - ExtendedStatus On when building and running - Apache, then on every request Apache will perform two calls to - gettimeofday(2) (or times(2) - depending on your operating system), and (pre-1.3) several - extra calls to time(2). This is all done so that - the status report contains timing indications. For highest - performance, set ExtendedStatus off (which is the - default).

            +

            If you include mod_status and you also + set ExtendedStatus On when building and running Apache, + then on every request Apache will perform two calls to + gettimeofday(2) (or times(2) depending on + your operating system), and (pre-1.3) several extra calls to + time(2). This is all done so that the status report + contains timing indications. For highest performance, set + ExtendedStatus off (which is the default).

            + +

            mod_status should probably be configured to allow + access by only a few users, rather than to the general public, so this + will likely have very low impact on your overall performance.

            accept Serialization - multiple sockets

            -

            This discusses a shortcoming in the Unix socket API. Suppose - your web server uses multiple Listen statements to - listen on either multiple ports or multiple addresses. In order - to test each socket to see if a connection is ready Apache uses - select(2). select(2) indicates that a - socket has zero or at least one connection - waiting on it. Apache's model includes multiple children, and - all the idle ones test for new connections at the same time. A - naive implementation looks something like this (these examples - do not match the code, they're contrived for pedagogical - purposes):

            +

            This discusses a shortcoming in the Unix socket API. Suppose your + web server uses multiple Listen statements to listen on + either multiple ports or multiple addresses. In order to test each + socket to see if a connection is ready Apache uses + select(2). select(2) indicates that a socket + has zero or at least one connection waiting on it. + Apache's model includes multiple children, and all the idle ones test + for new connections at the same time. A naive implementation looks + something like this (these examples do not match the code, they're + contrived for pedagogical purposes):

            @@ -349,42 +419,37 @@ DirectoryIndex index.cgi index.pl index.shtml index.html
     }
            - But this naive implementation has a serious starvation problem. - Recall that multiple children execute this loop at the same - time, and so multiple children will block at - select when they are in between requests. All - those blocked children will awaken and return from - select when a single request appears on any socket - (the number of children which awaken varies depending on the - operating system and timing issues). They will all then fall - down into the loop and try to accept the - connection. But only one will succeed (assuming there's still - only one connection ready), the rest will be blocked - in accept. This effectively locks those children - into serving requests from that one socket and no other - sockets, and they'll be stuck there until enough new requests - appear on that socket to wake them all up. This starvation - problem was first documented in PR#467. There - are at least two solutions. - -

            One solution is to make the sockets non-blocking. In this - case the accept won't block the children, and they - will be allowed to continue immediately. But this wastes CPU - time. Suppose you have ten idle children in - select, and one connection arrives. Then nine of - those children will wake up, try to accept the - connection, fail, and loop back into select, - accomplishing nothing. Meanwhile none of those children are - servicing requests that occurred on other sockets until they - get back up to the select again. Overall this - solution does not seem very fruitful unless you have as many - idle CPUs (in a multiprocessor box) as you have idle children, - not a very likely situation.

            - -

            Another solution, the one used by Apache, is to serialize - entry into the inner loop. The loop looks like this - (differences highlighted):

            + But this naive implementation has a serious starvation problem. Recall + that multiple children execute this loop at the same time, and so + multiple children will block at select when they are in + between requests. All those blocked children will awaken and return + from select when a single request appears on any socket + (the number of children which awaken varies depending on the operating + system and timing issues). They will all then fall down into the loop + and try to accept the connection. But only one will + succeed (assuming there's still only one connection ready), the rest + will be blocked in accept. This effectively locks + those children into serving requests from that one socket and no other + sockets, and they'll be stuck there until enough new requests appear on + that socket to wake them all up. This starvation problem was first + documented in PR#467. There are at + least two solutions. + +

            One solution is to make the sockets non-blocking. In this case the + accept won't block the children, and they will be allowed + to continue immediately. But this wastes CPU time. Suppose you have ten + idle children in select, and one connection arrives. Then + nine of those children will wake up, try to accept the + connection, fail, and loop back into select, accomplishing + nothing. Meanwhile none of those children are servicing requests that + occurred on other sockets until they get back up to the + select again. Overall this solution does not seem very + fruitful unless you have as many idle CPUs (in a multiprocessor box) as + you have idle children, not a very likely situation.

            + +

            Another solution, the one used by Apache, is to serialize entry into + the inner loop. The loop looks like this (differences highlighted):

            @@ -415,158 +480,141 @@ DirectoryIndex index.cgi index.pl index.shtml index.html
            The functions accept_mutex_on and accept_mutex_off - implement a mutual exclusion semaphore. Only one child can have - the mutex at any time. There are several choices for - implementing these mutexes. The choice is defined in - src/conf.h (pre-1.3) or - src/include/ap_config.h (1.3 or later). Some - architectures do not have any locking choice made, on these - architectures it is unsafe to use multiple Listen - directives. + implement a mutual exclusion semaphore. Only one child can have the + mutex at any time. There are several choices for implementing these + mutexes. The choice is defined in src/conf.h (pre-1.3) or + src/include/ap_config.h (1.3 or later). Some architectures + do not have any locking choice made, on these architectures it is + unsafe to use multiple Listen directives.
            HAVE_FLOCK_SERIALIZED_ACCEPT
            -
            This method uses the flock(2) system call to - lock a lock file (located by the LockFile - directive).
            +
            This method uses the flock(2) system call to lock a + lock file (located by the LockFile directive).
            HAVE_FCNTL_SERIALIZED_ACCEPT
            -
            This method uses the fcntl(2) system call to - lock a lock file (located by the LockFile - directive).
            +
            This method uses the fcntl(2) system call to lock a + lock file (located by the LockFile directive).
            HAVE_SYSVSEM_SERIALIZED_ACCEPT
            (1.3 or later) This method uses SysV-style semaphores to - implement the mutex. Unfortunately SysV-style semaphores have - some bad side-effects. One is that it's possible Apache will - die without cleaning up the semaphore (see the - ipcs(8) man page). The other is that the - semaphore API allows for a denial of service attack by any - CGIs running under the same uid as the webserver - (i.e., all CGIs, unless you use something like - suexec or cgiwrapper). For these reasons this method is not - used on any architecture except IRIX (where the previous two - are prohibitively expensive on most IRIX boxes).
            + implement the mutex. Unfortunately SysV-style semaphores have some + bad side-effects. One is that it's possible Apache will die without + cleaning up the semaphore (see the ipcs(8) man page). + The other is that the semaphore API allows for a denial of service + attack by any CGIs running under the same uid as the webserver + (i.e., all CGIs, unless you use something like suexec or + cgiwrapper). For these reasons this method is not used on any + architecture except IRIX (where the previous two are prohibitively + expensive on most IRIX boxes).
            HAVE_USLOCK_SERIALIZED_ACCEPT
            -
            (1.3 or later) This method is only available on IRIX, and - uses usconfig(2) to create a mutex. While this - method avoids the hassles of SysV-style semaphores, it is not - the default for IRIX. This is because on single processor - IRIX boxes (5.3 or 6.2) the uslock code is two orders of - magnitude slower than the SysV-semaphore code. On - multi-processor IRIX boxes the uslock code is an order of - magnitude faster than the SysV-semaphore code. Kind of a - messed up situation. So if you're using a multiprocessor IRIX - box then you should rebuild your webserver with +
            (1.3 or later) This method is only available on IRIX, and uses + usconfig(2) to create a mutex. While this method avoids + the hassles of SysV-style semaphores, it is not the default for IRIX. + This is because on single processor IRIX boxes (5.3 or 6.2) the + uslock code is two orders of magnitude slower than the SysV-semaphore + code. On multi-processor IRIX boxes the uslock code is an order of + magnitude faster than the SysV-semaphore code. Kind of a messed up + situation. So if you're using a multiprocessor IRIX box then you + should rebuild your webserver with -DHAVE_USLOCK_SERIALIZED_ACCEPT on the EXTRA_CFLAGS.
            HAVE_PTHREAD_SERIALIZED_ACCEPT
            -
            (1.3 or later) This method uses POSIX mutexes and should - work on any architecture implementing the full POSIX threads - specification, however appears to only work on Solaris (2.5 - or later), and even then only in certain configurations. If - you experiment with this you should watch out for your server - hanging and not responding. Static content only servers may - work just fine.
            +
            (1.3 or later) This method uses POSIX mutexes and should work on + any architecture implementing the full POSIX threads specification, + however appears to only work on Solaris (2.5 or later), and even then + only in certain configurations. If you experiment with this you + should watch out for your server hanging and not responding. Static + content only servers may work just fine.
            -

            If your system has another method of serialization which - isn't in the above list then it may be worthwhile adding code - for it (and submitting a patch back to Apache). The above - HAVE_METHOD_SERIALIZED_ACCEPT defines specify - which method is available and works on the platform (you can - have more than one); USE_METHOD_SERIALIZED_ACCEPT - is used to specify the default method (see the - AcceptMutex directive).

            - -

            Another solution that has been considered but never - implemented is to partially serialize the loop -- that is, let - in a certain number of processes. This would only be of - interest on multiprocessor boxes where it's possible multiple - children could run simultaneously, and the serialization - actually doesn't take advantage of the full bandwidth. This is - a possible area of future investigation, but priority remains +

            If your system has another method of serialization which isn't in + the above list then it may be worthwhile adding code for it (and + submitting a patch back to Apache). The above + HAVE_METHOD_SERIALIZED_ACCEPT defines specify which method + is available and works on the platform (you can have more than one); + USE_METHOD_SERIALIZED_ACCEPT is used to specify the + default method (see the AcceptMutex directive).

            + +

            Another solution that has been considered but never implemented is + to partially serialize the loop -- that is, let in a certain number of + processes. This would only be of interest on multiprocessor boxes where + it's possible multiple children could run simultaneously, and the + serialization actually doesn't take advantage of the full bandwidth. + This is a possible area of future investigation, but priority remains low because highly parallel web servers are not the norm.

            -

            Ideally you should run servers without multiple - Listen statements if you want the highest - performance. But read on.

            +

            Ideally you should run servers without multiple Listen + statements if you want the highest performance. But read on.

            accept Serialization - single socket

            -

            The above is fine and dandy for multiple socket servers, but - what about single socket servers? In theory they shouldn't - experience any of these same problems because all children can - just block in accept(2) until a connection - arrives, and no starvation results. In practice this hides - almost the same "spinning" behavior discussed above in the - non-blocking solution. The way that most TCP stacks are - implemented, the kernel actually wakes up all processes blocked - in accept when a single connection arrives. One of - those processes gets the connection and returns to user-space, - the rest spin in the kernel and go back to sleep when they - discover there's no connection for them. This spinning is - hidden from the user-land code, but it's there nonetheless. - This can result in the same load-spiking wasteful behavior - that a non-blocking solution to the multiple sockets case - can.

            - -

            For this reason we have found that many architectures behave - more "nicely" if we serialize even the single socket case. So - this is actually the default in almost all cases. Crude - experiments under Linux (2.0.30 on a dual Pentium pro 166 - w/128Mb RAM) have shown that the serialization of the single - socket case causes less than a 3% decrease in requests per - second over unserialized single-socket. But unserialized - single-socket showed an extra 100ms latency on each request. - This latency is probably a wash on long haul lines, and only an - issue on LANs. If you want to override the single socket +

            The above is fine and dandy for multiple socket servers, but what + about single socket servers? In theory they shouldn't experience any of + these same problems because all children can just block in + accept(2) until a connection arrives, and no starvation + results. In practice this hides almost the same "spinning" behavior + discussed above in the non-blocking solution. The way that most TCP + stacks are implemented, the kernel actually wakes up all processes + blocked in accept when a single connection arrives. One of + those processes gets the connection and returns to user-space, the rest + spin in the kernel and go back to sleep when they discover there's no + connection for them. This spinning is hidden from the user-land code, + but it's there nonetheless. This can result in the same load-spiking + wasteful behavior that a non-blocking solution to the multiple sockets + case can.

            + +

            For this reason we have found that many architectures behave more + "nicely" if we serialize even the single socket case. So this is + actually the default in almost all cases. Crude experiments under Linux + (2.0.30 on a dual Pentium pro 166 w/128Mb RAM) have shown that the + serialization of the single socket case causes less than a 3% decrease + in requests per second over unserialized single-socket. But + unserialized single-socket showed an extra 100ms latency on each + request. This latency is probably a wash on long haul lines, and only + an issue on LANs. If you want to override the single socket serialization you can define - SINGLE_LISTEN_UNSERIALIZED_ACCEPT and then - single-socket servers will not serialize at all.

            + SINGLE_LISTEN_UNSERIALIZED_ACCEPT and then single-socket + servers will not serialize at all.

            Lingering Close

            As discussed in - draft-ietf-http-connection-00.txt section 8, in order for - an HTTP server to reliably implement the - protocol it needs to shutdown each direction of the - communication independently (recall that a TCP connection is - bi-directional, each half is independent of the other). This - fact is often overlooked by other servers, but is correctly - implemented in Apache as of 1.2.

            - -

            When this feature was added to Apache it caused a flurry of - problems on various versions of Unix because of a - shortsightedness. The TCP specification does not state that the - FIN_WAIT_2 state has a timeout, but it doesn't prohibit it. On - systems without the timeout, Apache 1.2 induces many sockets - stuck forever in the FIN_WAIT_2 state. In many cases this can - be avoided by simply upgrading to the latest TCP/IP patches - supplied by the vendor. In cases where the vendor has never - released patches (i.e., SunOS4 -- although folks with - a source license can patch it themselves) we have decided to - disable this feature.

            - -

            There are two ways of accomplishing this. One is the socket - option SO_LINGER. But as fate would have it, this - has never been implemented properly in most TCP/IP stacks. Even - on those stacks with a proper implementation (i.e., - Linux 2.0.31) this method proves to be more expensive (cputime) - than the next solution.

            - -

            For the most part, Apache implements this in a function - called lingering_close (in - http_main.c). The function looks roughly like - this:

            + href="http://ftp.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt"> + draft-ietf-http-connection-00.txt section 8, in order for an HTTP + server to reliably implement the protocol it needs to + shutdown each direction of the communication independently (recall that + a TCP connection is bi-directional, each half is independent of the + other). This fact is often overlooked by other servers, but is + correctly implemented in Apache as of 1.2.

            + +

            When this feature was added to Apache it caused a flurry of problems + on various versions of Unix because of a shortsightedness. The TCP + specification does not state that the FIN_WAIT_2 state has a timeout, + but it doesn't prohibit it. On systems without the timeout, Apache 1.2 + induces many sockets stuck forever in the FIN_WAIT_2 state. In many + cases this can be avoided by simply upgrading to the latest TCP/IP + patches supplied by the vendor. In cases where the vendor has never + released patches (i.e., SunOS4 -- although folks with a source + license can patch it themselves) we have decided to disable this + feature.

            + +

            There are two ways of accomplishing this. One is the socket option + SO_LINGER. But as fate would have it, this has never been + implemented properly in most TCP/IP stacks. Even on those stacks with a + proper implementation (i.e., Linux 2.0.31) this method proves + to be more expensive (cputime) than the next solution.

            + +

            For the most part, Apache implements this in a function called + lingering_close (in http_main.c). The + function looks roughly like this:

            @@ -595,51 +643,47 @@ DirectoryIndex index.cgi index.pl index.shtml index.html
     }
            - This naturally adds some expense at the end of a connection, - but it is required for a reliable implementation. As HTTP/1.1 - becomes more prevalent, and all connections are persistent, - this expense will be amortized over more requests. If you want - to play with fire and disable this feature you can define - NO_LINGCLOSE, but this is not recommended at all. - In particular, as HTTP/1.1 pipelined persistent connections - come into use lingering_close is an absolute + This naturally adds some expense at the end of a connection, but it is + required for a reliable implementation. As HTTP/1.1 becomes more + prevalent, and all connections are persistent, this expense will be + amortized over more requests. If you want to play with fire and disable + this feature you can define NO_LINGCLOSE, but this is not + recommended at all. In particular, as HTTP/1.1 pipelined persistent + connections come into use lingering_close is an absolute necessity (and - pipelined connections are faster, so you want to support - them). + href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">pipelined + connections are faster, so you want to support them).

            Scoreboard File

            -

            Apache's parent and children communicate with each other - through something called the scoreboard. Ideally this should be - implemented in shared memory. For those operating systems that - we either have access to, or have been given detailed ports - for, it typically is implemented using shared memory. The rest - default to using an on-disk file. The on-disk file is not only - slow, but it is unreliable (and less featured). Peruse the - src/main/conf.h file for your architecture and - look for either USE_MMAP_SCOREBOARD or - USE_SHMGET_SCOREBOARD. Defining one of those two - (as well as their companions HAVE_MMAP and - HAVE_SHMGET respectively) enables the supplied - shared memory code. If your system has another type of shared - memory, edit the file src/main/http_main.c and add - the hooks necessary to use it in Apache. (Send us back a patch - too please.)

            - -

            Historical note: The Linux port of Apache didn't start to - use shared memory until version 1.2 of Apache. This oversight - resulted in really poor and unreliable behavior of earlier - versions of Apache on Linux.

            +

            Apache's parent and children communicate with each other through + something called the scoreboard. Ideally this should be implemented in + shared memory. For those operating systems that we either have access + to, or have been given detailed ports for, it typically is implemented + using shared memory. The rest default to using an on-disk file. The + on-disk file is not only slow, but it is unreliable (and less + featured). Peruse the src/main/conf.h file for your + architecture and look for either USE_MMAP_SCOREBOARD or + USE_SHMGET_SCOREBOARD. Defining one of those two (as well + as their companions HAVE_MMAP and HAVE_SHMGET + respectively) enables the supplied shared memory code. If your system + has another type of shared memory, edit the file + src/main/http_main.c and add the hooks necessary to use it + in Apache. (Send us back a patch too please.)

            + +

            Historical note: The Linux port of Apache didn't start to use shared + memory until version 1.2 of Apache. This oversight resulted in really + poor and unreliable behavior of earlier versions of Apache on + Linux.

            DYNAMIC_MODULE_LIMIT

            -

            If you have no intention of using dynamically loaded modules - (you probably don't if you're reading this and tuning your - server for every last ounce of performance) then you should add - -DDYNAMIC_MODULE_LIMIT=0 when building your - server. This will save RAM that's allocated only for supporting - dynamically loaded modules.

            +

            If you have no intention of using dynamically loaded modules (you + probably don't if you're reading this and tuning your server for every + last ounce of performance) then you should add + -DDYNAMIC_MODULE_LIMIT=0 when building your server. This + will save RAM that's allocated only for supporting dynamically loaded + modules.

            Appendix: Detailed Analysis of a @@ -655,13 +699,12 @@ DirectoryIndex index.cgi index.pl index.shtml index.html </Directory> - The file being requested is a static 6K file of no particular - content. Traces of non-static requests or requests with content - negotiation look wildly different (and quite ugly in some - cases). First the entire trace, then we'll examine details. - (This was generated by the strace program, other - similar programs include truss, - ktrace, and par.) + The file being requested is a static 6K file of no particular content. + Traces of non-static requests or requests with content negotiation look + wildly different (and quite ugly in some cases). First the entire + trace, then we'll examine details. (This was generated by the + strace program, other similar programs include + truss, ktrace, and par.) 
            @@ -703,8 +746,7 @@ flock(18, LOCK_EX)                      = 0
            These two calls can be removed by defining - SINGLE_LISTEN_UNSERIALIZED_ACCEPT as described - earlier. + SINGLE_LISTEN_UNSERIALIZED_ACCEPT as described earlier.

            Notice the SIGUSR1 manipulation:

            @@ -717,49 +759,46 @@ sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0 sigaction(SIGUSR1, {0x8059954, [], SA_INTERRUPT}, {SIG_IGN}) = 0 - This is caused by the implementation of graceful restarts. When - the parent receives a SIGUSR1 it sends a - SIGUSR1 to all of its children (and it also - increments a "generation counter" in shared memory). Any - children that are idle (between connections) will immediately - die off when they receive the signal. Any children that are in - keep-alive connections, but are in between requests will die - off immediately. But any children that have a connection and - are still waiting for the first request will not die off - immediately. - -

            To see why this is necessary, consider how a browser reacts - to a closed connection. If the connection was a keep-alive - connection and the request being serviced was not the first - request then the browser will quietly reissue the request on a - new connection. It has to do this because the server is always - free to close a keep-alive connection in between requests - (i.e., due to a timeout or because of a maximum number - of requests). But, if the connection is closed before the first - response has been received the typical browser will display a - "document contains no data" dialogue (or a broken image icon). - This is done on the assumption that the server is broken in - some way (or maybe too overloaded to respond at all). So Apache - tries to avoid ever deliberately closing the connection before - it has sent a single response. This is the cause of those - SIGUSR1 manipulations.

            - -

            Note that it is theoretically possible to eliminate all - three of these calls. But in rough tests the gain proved to be - almost unnoticeable.

            - -

            In order to implement virtual hosts, Apache needs to know - the local socket address used to accept the connection:

            + This is caused by the implementation of graceful restarts. When the + parent receives a SIGUSR1 it sends a SIGUSR1 + to all of its children (and it also increments a "generation counter" + in shared memory). Any children that are idle (between connections) + will immediately die off when they receive the signal. Any children + that are in keep-alive connections, but are in between requests will + die off immediately. But any children that have a connection and are + still waiting for the first request will not die off immediately. + +

            To see why this is necessary, consider how a browser reacts to a + closed connection. If the connection was a keep-alive connection and + the request being serviced was not the first request then the browser + will quietly reissue the request on a new connection. It has to do this + because the server is always free to close a keep-alive connection in + between requests (i.e., due to a timeout or because of a + maximum number of requests). But, if the connection is closed before + the first response has been received the typical browser will display a + "document contains no data" dialogue (or a broken image icon). This is + done on the assumption that the server is broken in some way (or maybe + too overloaded to respond at all). So Apache tries to avoid ever + deliberately closing the connection before it has sent a single + response. This is the cause of those SIGUSR1 + manipulations.

            + +

            Note that it is theoretically possible to eliminate all three of + these calls. But in rough tests the gain proved to be almost + unnoticeable.

            + +

            In order to implement virtual hosts, Apache needs to know the local + socket address used to accept the connection:

             getsockname(3, {sin_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
            - It is possible to eliminate this call in many situations (such - as when there are no virtual hosts, or when Listen - directives are used which do not have wildcard addresses). But - no effort has yet been made to do these optimizations. + It is possible to eliminate this call in many situations (such as when + there are no virtual hosts, or when Listen directives are + used which do not have wildcard addresses). But no effort has yet been + made to do these optimizations.

            Apache turns off the Nagle algorithm:

            @@ -769,8 +808,8 @@ setsockopt(3, IPPROTO_TCP1, [1], 4) = 0 because of problems described in             a - paper by John Heidemann. + href="http://www.isi.edu/~johnh/PAPERS/Heidemann97a.html">a paper by + John Heidemann.

            Notice the two time calls:

            @@ -781,18 +820,17 @@ time(NULL) = 873959960 time(NULL) = 873959960 - One of these occurs at the beginning of the request, and the - other occurs as a result of writing the log. At least one of - these is required to properly implement the HTTP protocol. The - second occurs because the Common Log Format dictates that the - log record include a timestamp of the end of the request. A - custom logging module could eliminate one of the calls. Or you - can use a method which moves the time into shared memory, see - the patches section below. - -

            As described earlier, ExtendedStatus On causes - two gettimeofday calls and a call to - times:

            + One of these occurs at the beginning of the request, and the other + occurs as a result of writing the log. At least one of these is + required to properly implement the HTTP protocol. The second occurs + because the Common Log Format dictates that the log record include a + timestamp of the end of the request. A custom logging module could + eliminate one of the calls. Or you can use a method which moves the + time into shared memory, see the patches section + below. + +

            As described earlier, ExtendedStatus On causes two + gettimeofday calls and a call to times:

            @@ -802,8 +840,8 @@ gettimeofday({873959960, 417742}, NULL) = 0
 times({tms_utime=5, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 446747
            - These can be removed by setting ExtendedStatus Off - (which is the default). + These can be removed by setting ExtendedStatus Off (which + is the default).

            It might seem odd to call stat:

            @@ -813,21 +851,19 @@ stat("/home/dgaudet/ap/apachen/htdocs/6k", {st_mode=S_IFREG|0644, st_size=6144, This is part of the algorithm which calculates the - PATH_INFO for use by CGIs. In fact if the request - had been for the URI /cgi-bin/printenv/foobar then - there would be two calls to stat. The first for - /home/dgaudet/ap/apachen/cgi-bin/printenv/foobar - which does not exist, and the second for - /home/dgaudet/ap/apachen/cgi-bin/printenv, which - does exist. Regardless, at least one stat call is - necessary when serving static files because the file size and - modification times are used to generate HTTP headers (such as - Content-Length, Last-Modified) and - implement protocol features (such as - If-Modified-Since). A somewhat more clever server - could avoid the stat when serving non-static - files, however doing so in Apache is very difficult given the - modular structure. + PATH_INFO for use by CGIs. In fact if the request had been + for the URI /cgi-bin/printenv/foobar then there would be + two calls to stat. The first for + /home/dgaudet/ap/apachen/cgi-bin/printenv/foobar which + does not exist, and the second for + /home/dgaudet/ap/apachen/cgi-bin/printenv, which does + exist. Regardless, at least one stat call is necessary + when serving static files because the file size and modification times + are used to generate HTTP headers (such as Content-Length, + Last-Modified) and implement protocol features (such as + If-Modified-Since). A somewhat more clever server could + avoid the stat when serving non-static files, however + doing so in Apache is very difficult given the modular structure.

            All static files are served using mmap:

            @@ -838,48 +874,46 @@ mmap(0, 6144, PROT_READ, MAP_PRIVATE, 4, 0) = 0x400ee000 munmap(0x400ee000, 6144) = 0 - On some architectures it's slower to mmap small - files than it is to simply read them. The define - MMAP_THRESHOLD can be set to the minimum size - required before using mmap. By default it's set to - 0 (except on SunOS4 where experimentation has shown 8192 to be - a better value). Using a tool such as lmbench you can - determine the optimal setting for your environment. - -

            You may also wish to experiment with - MMAP_SEGMENT_SIZE (default 32768) which determines - the maximum number of bytes that will be written at a time from - mmap()d files. Apache only resets the client's - Timeout in between write()s. So setting this large - may lock out low bandwidth clients unless you also increase the + On some architectures it's slower to mmap small files than + it is to simply read them. The define + MMAP_THRESHOLD can be set to the minimum size required + before using mmap. By default it's set to 0 (except on + SunOS4 where experimentation has shown 8192 to be a better value). + Using a tool such as lmbench you can determine + the optimal setting for your environment. + +

            You may also wish to experiment with MMAP_SEGMENT_SIZE + (default 32768) which determines the maximum number of bytes that will + be written at a time from mmap()d files. Apache only resets the + client's Timeout in between write()s. So setting this + large may lock out low bandwidth clients unless you also increase the Timeout.

            -

            It may even be the case that mmap isn't used on - your architecture; if so then defining - USE_MMAP_FILES and HAVE_MMAP might - work (if it works then report back to us).

            +

            It may even be the case that mmap isn't used on your + architecture; if so then defining USE_MMAP_FILES and + HAVE_MMAP might work (if it works then report back to + us).

            -

            Apache does its best to avoid copying bytes around in - memory. The first write of any request typically is turned into - a writev which combines both the headers and the - first hunk of data:

            +

            Apache does its best to avoid copying bytes around in memory. The + first write of any request typically is turned into a + writev which combines both the headers and the first hunk + of data:

             writev(3, [{"HTTP/1.1 200 OK\r\nDate: Thu, 11"..., 245}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 6144}], 2) = 6389
            - When doing HTTP/1.1 chunked encoding Apache will generate up to - four element writevs. The goal is to push the byte - copying into the kernel, where it typically has to happen - anyhow (to assemble network packets). On testing, various - Unixes (BSDI 2.x, Solaris 2.5, Linux 2.0.31+) properly combine - the elements into network packets. Pre-2.0.31 Linux will not - combine, and will create a packet for each element, so - upgrading is a good idea. Defining NO_WRITEV will - disable this combining, but result in very poor chunked - encoding performance. + When doing HTTP/1.1 chunked encoding Apache will generate up to four + element writevs. The goal is to push the byte copying into + the kernel, where it typically has to happen anyhow (to assemble + network packets). On testing, various Unixes (BSDI 2.x, Solaris 2.5, + Linux 2.0.31+) properly combine the elements into network packets. + Pre-2.0.31 Linux will not combine, and will create a packet for each + element, so upgrading is a good idea. Defining NO_WRITEV + will disable this combining, but result in very poor chunked encoding + performance.

            The log write:

            @@ -888,13 +922,12 @@ writev(3, [{"HTTP/1.1 200 OK\r\nDate: Thu, 11"..., 245}, {"\0\0\0\0\0\0\0\0\0\0\ write(17, "127.0.0.1 - - [10/Sep/1997:23:39"..., 71) = 71 - can be deferred by defining BUFFERED_LOGS. In this - case up to PIPE_BUF bytes (a POSIX defined - constant) of log entries are buffered before writing. At no - time does it split a log entry across a PIPE_BUF - boundary because those writes may not be atomic. - (i.e., entries from multiple children could become - mixed together). The code does its best to flush this buffer + can be deferred by defining BUFFERED_LOGS. In this case up + to PIPE_BUF bytes (a POSIX defined constant) of log + entries are buffered before writing. At no time does it split a log + entry across a PIPE_BUF boundary because those writes may + not be atomic. (i.e., entries from multiple children could + become mixed together). The code does its best to flush this buffer when a child dies.

            The lingering close code causes four system calls:

            @@ -910,9 +943,8 @@ close(3) = 0 which were described earlier.

            Let's apply some of these optimizations: - -DSINGLE_LISTEN_UNSERIALIZED_ACCEPT - -DBUFFERED_LOGS and ExtendedStatus Off. - Here's the final trace:

            + -DSINGLE_LISTEN_UNSERIALIZED_ACCEPT -DBUFFERED_LOGS and + ExtendedStatus Off. Here's the final trace:

            @@ -937,91 +969,83 @@ sigaction(SIGUSR1, {0x8058c98, [], SA_INTERRUPT}, {SIG_IGN}) = 0
 munmap(0x400e3000, 6144)                = 0
            - That's 19 system calls, of which 4 remain relatively easy to - remove, but don't seem worth the effort. - -

            Appendix: Patches - Available

            - There are several - performance patches available for 1.3. Although they may - not apply cleanly to the current version, it shouldn't be - difficult for someone with a little C knowledge to update them. - In particular: + That's 19 system calls, of which 4 remain relatively easy to remove, + but don't seem worth the effort. + +

            Appendix: Patches Available

            + There are several + performance patches available for 1.3. Although they may not apply + cleanly to the current version, it shouldn't be difficult for someone + with a little C knowledge to update them. In particular:
            • A - patch to remove all time(2) system - calls.
              • + href="http://arctic.org/~dean/apache/1.3/shared_time.patch">patch + to remove all time(2) system calls.
            • A + href="http://arctic.org/~dean/apache/1.3/mod_include_speedups.patch"> patch to remove various system calls from - mod_include, these calls are used by few sites - but required for backwards compatibility.
              • + mod_include, these calls are used by few sites but + required for backwards compatibility.
            • A - patch which integrates the above two plus a few other - speedups at the cost of removing some functionality.
              • + href="http://arctic.org/~dean/apache/1.3/top_fuel.patch">patch + which integrates the above two plus a few other speedups at the cost + of removing some functionality.
            -

            Appendix: The - Pre-Forking Model

            +

            Appendix: The Pre-Forking + Model

            Apache (on Unix) is a pre-forking model server. The - parent process is responsible only for forking - child processes, it does not serve any requests or - service any network sockets. The child processes actually - process connections, they serve multiple connections (one at a - time) before dying. The parent spawns new or kills off old - children in response to changes in the load on the server (it - does so by monitoring a scoreboard which the children keep up - to date).

            - -

            This model for servers offers a robustness that other models - do not. In particular, the parent code is very simple, and with - a high degree of confidence the parent will continue to do its - job without error. The children are complex, and when you add - in third party code via modules, you risk segmentation faults - and other forms of corruption. Even should such a thing happen, - it only affects one connection and the server continues serving - requests. The parent quickly replaces the dead child.

            + parent process is responsible only for forking child + processes, it does not serve any requests or service any network + sockets. The child processes actually process connections, they serve + multiple connections (one at a time) before dying. The parent spawns + new or kills off old children in response to changes in the load on the + server (it does so by monitoring a scoreboard which the children keep + up to date).

            + +

            This model for servers offers a robustness that other models do not. + In particular, the parent code is very simple, and with a high degree + of confidence the parent will continue to do its job without error. The + children are complex, and when you add in third party code via modules, + you risk segmentation faults and other forms of corruption. Even should + such a thing happen, it only affects one connection and the server + continues serving requests. The parent quickly replaces the dead + child.

            Pre-forking is also very portable across dialects of Unix. Historically this has been an important goal for Apache, and it continues to remain so.

            -

            The pre-forking model comes under criticism for various - performance aspects. Of particular concern are the overhead of - forking a process, the overhead of context switches between - processes, and the memory overhead of having multiple - processes. Furthermore it does not offer as many opportunities - for data-caching between requests (such as a pool of - mmapped files). Various other models exist and - extensive analysis can be found in the papers - of the JAWS project. In practice all of these costs vary - drastically depending on the operating system.

            - -

            Apache's core code is already multithread aware, and Apache - version 1.3 is multithreaded on NT. There have been at least - two other experimental implementations of threaded Apache, one - using the 1.3 code base on DCE, and one using a custom - user-level threads package and the 1.0 code base; neither is - publicly available. There is also an experimental port of - Apache 1.3 to Netscape's - Portable Run Time, which is - available (but you're encouraged to join the new-httpd mailing - list if you intend to use it). Part of our redesign for - version 2.0 of Apache will include abstractions of the server - model so that we can continue to support the pre-forking model, - and also support various threaded models. -

            +

            The pre-forking model comes under criticism for various performance + aspects. Of particular concern are the overhead of forking a process, + the overhead of context switches between processes, and the memory + overhead of having multiple processes. Furthermore it does not offer as + many opportunities for data-caching between requests (such as a pool of + mmapped files). Various other models exist and extensive + analysis can be found in the papers of + the JAWS project. In practice all of these costs vary drastically + depending on the operating system.

            + +

            Apache's core code is already multithread aware, and Apache version + 1.3 is multithreaded on NT. There have been at least two other + experimental implementations of threaded Apache, one using the 1.3 code + base on DCE, and one using a custom user-level threads package and the + 1.0 code base; neither is publicly available. There is also an + experimental port of Apache 1.3 to Netscape's Portable + Run Time, which is available (but + you're encouraged to join the new-httpd mailing list + if you intend to use it). Part of our redesign for version 2.0 of + Apache includes abstractions of the server model so that we can + continue to support the pre-forking model, and also support various + threaded models.

            Apache HTTP Server Version 1.3

            Index diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf.html b/usr.sbin/httpd/htdocs/manual/misc/perf.html index 24b345a1ba6..d7d7632439b 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/perf.html +++ b/usr.sbin/httpd/htdocs/manual/misc/perf.html @@ -69,48 +69,7 @@ -
            - -

            IRIX

            - -

            An SGI document covering tuning of IRIX 6.2 through 6.5 is - available from Stanford.

            - -
            - -

            Linux

            - There are no known problems with heavily loaded systems running - Linux kernels 2.0.32 or later. Earlier kernels have some - problems, and an upgrade to the latest 2.0.x is a good idea to - eliminate various security and denial of service attacks. -
            - - -

            Solaris 2.4

            - The Solaris 2.4 TCP implementation has a few inherent - limitations that only became apparent under heavy loads. This - has been fixed to some extent in 2.5 (and completely revamped - in 2.6), but for now consult the following URL for tips on how - to expand the capabilities if you are finding slowdowns and - lags are hurting performance. - -

            Other links:

            - -
              -
            • World - Wide Web Server Performance, - <http://www.sun.com/sun-on-net/performance.html>
              • - -
            • + href="http://www.sean.de/Solaris/tune.html"> Solaris 2.x - tuning your TCP/IP stack contains some good technical information about tuning various Solaris TCP/IP parameters.
              • @@ -177,7 +136,7 @@

              More welcome!

              If you have tips to contribute, please submit them to - the Apache Bug + the Apache Bug Database.
              diff --git a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html b/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html index 345a9188bc2..403eda88a41 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html +++ b/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html @@ -1038,7 +1038,7 @@ RewriteRule ^(.*)$ $1.html
              Description:
              Assume we have recently renamed the page - bar.html to foo.html and now want + foo.html to bar.html and now want to provide the old URL for backward compatibility. Actually we want that users of the old URL even not recognize that the pages was renamed.
              @@ -1070,7 +1070,7 @@ RewriteRule ^foo\.html$ bar.html
              Description:
              Assume again that we have recently renamed the page - bar.html to foo.html and now want + foo.html to bar.html and now want to provide the old URL for backward compatibility. But this time we want that the users of the old URL get hinted to the new one, i.e. their browsers Location field should @@ -1461,133 +1461,6 @@ while (<STDIN>) {
              -

              Reverse Proxy

              - -
              -
              Description:
              - -
              ...
              - -
              Solution:
              - -
              - - - - -
              -
              -##
-##  apache-rproxy.conf -- Apache configuration for Reverse Proxy Usage
-##
-
-#   server type
-ServerType           standalone
-Port                 8000
-MinSpareServers      16
-StartServers         16
-MaxSpareServers      16
-MaxClients           16
-MaxRequestsPerChild  100
-
-#   server operation parameters
-KeepAlive            on
-MaxKeepAliveRequests 100
-KeepAliveTimeout     15
-Timeout              400
-IdentityCheck        off
-HostnameLookups      off
-
-#   paths to runtime files
-PidFile              /path/to/apache-rproxy.pid
-LockFile             /path/to/apache-rproxy.lock
-ErrorLog             /path/to/apache-rproxy.elog
-CustomLog            /path/to/apache-rproxy.dlog "%{%v/%T}t %h -> %{SERVER}e URL: %U"
-
-#   unused paths
-ServerRoot           /tmp
-DocumentRoot         /tmp
-CacheRoot            /tmp
-RewriteLog           /dev/null
-TransferLog          /dev/null
-TypesConfig          /dev/null
-AccessConfig         /dev/null
-ResourceConfig       /dev/null
-
-#   speed up and secure processing
-<Directory />
-Options -FollowSymLinks -SymLinksIfOwnerMatch
-AllowOverride None
-</Directory>
-
-#   the status page for monitoring the reverse proxy
-<Location /apache-rproxy-status>
-SetHandler server-status
-</Location>
-
-#   enable the URL rewriting engine
-RewriteEngine        on
-RewriteLogLevel      0
-
-#   define a rewriting map with value-lists where
-#   mod_rewrite randomly chooses a particular value
-RewriteMap     server  rnd:/path/to/apache-rproxy.conf-servers
-
-#   make sure the status page is handled locally
-#   and make sure no one uses our proxy except ourself
-RewriteRule    ^/apache-rproxy-status.*  -  [L]
-RewriteRule    ^(http|ftp)://.*          -  [F]
-
-#   now choose the possible servers for particular URL types
-RewriteRule    ^/(.*\.(cgi|shtml))$  to://${server:dynamic}/$1  [S=1]
-RewriteRule    ^/(.*)$               to://${server:static}/$1  
-
-#   and delegate the generated URL by passing it 
-#   through the proxy module
-RewriteRule    ^to://([^/]+)/(.*)    http://$1/$2   [E=SERVER:$1,P,L]
-
-#   and make really sure all other stuff is forbidden 
-#   when it should survive the above rules...
-RewriteRule    .*                    -              [F]
-
-#   enable the Proxy module without caching
-ProxyRequests        on
-NoCache              *
-
-#   setup URL reverse mapping for redirect reponses
-ProxyPassReverse  /  http://www1.foo.dom/
-ProxyPassReverse  /  http://www2.foo.dom/
-ProxyPassReverse  /  http://www3.foo.dom/
-ProxyPassReverse  /  http://www4.foo.dom/
-ProxyPassReverse  /  http://www5.foo.dom/
-ProxyPassReverse  /  http://www6.foo.dom/
-
              -
              - - - - - -
              -
              -##
-##  apache-rproxy.conf-servers -- Apache/mod_rewrite selection table
-##
-
-#   list of backend servers which serve static
-#   pages (HTML files and Images, etc.)
-static    www1.foo.dom|www2.foo.dom|www3.foo.dom|www4.foo.dom
-
-#   list of backend servers which serve dynamically 
-#   generated page (CGI programs or mod_perl scripts)
-dynamic   www5.foo.dom|www6.foo.dom
-
              -
              -
              -
              -

              New MIME-type, New Service

              diff --git a/usr.sbin/httpd/htdocs/manual/misc/security_tips.html b/usr.sbin/httpd/htdocs/manual/misc/security_tips.html index 3387a66dc00..12ff7b27e4a 100644 --- a/usr.sbin/httpd/htdocs/manual/misc/security_tips.html +++ b/usr.sbin/httpd/htdocs/manual/misc/security_tips.html @@ -32,6 +32,8 @@
            • CGI in General
              • +
            • Other sources of dynamic content
              • +
            • Protecting System Settings
              • @@ -54,8 +56,8 @@ directive to serve hits. As is the case with any command that root executes, you must take care that it is protected from modification by non-root users. Not only must the files - themselves be writable only by root, but so must the - directories, and parents of all directories. For example, if + themselves be writeable only by root, but also the + directories and parents of all directories. For example, if you choose to place ServerRoot in /usr/local/apache then it is suggested that you create that directory as root, with commands like these:

              @@ -91,11 +93,11 @@ either executes or writes on then you open your system to root compromises. For example, someone could replace the httpd binary so that the next time you start it, it will execute some - arbitrary code. If the logs directory is writable (by a + arbitrary code. If the logs directory is writeable (by a non-root user), someone could replace a log file with a symlink to some other system file, and then root might overwrite that file with arbitrary data. If the log files themselves are - writable (by a non-root user), then someone may be able to + writeable (by a non-root user), then someone may be able to overwrite the log itself with bogus data.

              @@ -133,13 +135,13 @@ of risk.

              Another solution is to disable the ability to run scripts - and programs from SSI pages. To do this replace + and programs from SSI pages. To do this, replace Includes with IncludesNOEXEC in the Options directive. Note that users may still use <--#include virtual="..." --> to execute CGI scripts if these scripts are in directories - desginated by a ScriptAlias + designated by a ScriptAlias directive.

              @@ -194,6 +196,18 @@ href="http://wwwcgi.umr.edu/~cgiwrap/">CGIWrap.

              +

              Other sources of dynamic + content

              + +

              Embedded scripting options which run as part of the server itself, such +as mod_php, mod_perl, mod_tcl, and mod_python, run under the identity of +the server itself (see the User +directive), and therefore scripts executed by these engines +potentially can access anything the server user can. Some scripting +engines may provide restrictions, but it is better to be safe and assume +not.

              +
              +

              Protecting System Settings

              diff --git a/usr.sbin/httpd/htdocs/manual/mod/core.html.en b/usr.sbin/httpd/htdocs/manual/mod/core.html.en index c146201e064..448f4788494 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/core.html.en +++ b/usr.sbin/httpd/htdocs/manual/mod/core.html.en @@ -18,7 +18,7 @@
          -

          Apache Core Features

          +

          Apache Core Features

          These configuration parameters control the core Apache features, and are always available.

          @@ -48,6 +48,8 @@
        • BS2000Account
          • +
        • CGICommandArgs
          • +
        • ClearModuleList
        • ContentDigest
          • @@ -99,6 +101,8 @@
        • <LimitExcept>
          • +
        • LimitInternalRecursion
          • +
        • LimitRequestBody
        • LimitRequestFields
          • @@ -250,7 +254,7 @@ method Apache will use. Not all methods are available on all platforms, since the suite of methods is determined at compile-time. For a list of which methods are available for - your particular build, the httpd -L command line + your particular build, the httpd -V command line option will list them out.

          The compile time flags -D @@ -315,10 +319,10 @@

          Alternatively you can use a wildcard to limit the scope; i.e to only *.conf files.

          -

          Note that by default any file in the specified +

          Note that by default any file in the specified directory will be loaded as a configuration file. -

          +

          So make sure that you don't have stray files in this directory by mistake, such as temporary files created by your editor, for example.

          @@ -436,8 +440,18 @@ AddModule mod_include.c +

          The ordering of AddModule lines is important. + Modules are listed in reverse priority order --- the ones that come + later can override the behavior of those that come earlier. This + can have visible effects; for instance, if UserDir followed Alias, + you couldn't alias out a particular user's home directory. For + more information and a recommended ordering, see + src/Configuration.tmpl in the Apache source + distribution.

          +

          See also: ClearModuleList, + href="#clearmodulelist">ClearModuleList and LoadModule

          AllowOverride @@ -460,6 +474,11 @@ which directives declared in that file can override earlier access information.

          +

          Note: AllowOverride is only + valid in <Directory> sections, not in <Location> or + <Files> sections, as implied by the Context + section above.

          +

          When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the @@ -688,6 +707,39 @@ EBCDIC port

          +

          CGICommandArgs + directive

          + + Syntax: CGICommandArgs On|Off
          + Default: CGICommandArgs On
          + Context: directory, .htaccess
          + Override: Options
          + Status: core
          + Compatibility: Available in Apache + 1.3.24 and later. + +

          Way back when the internet was a safer, more naive place, it + was convenient for the server to take a query string that did not + contain an '=' sign and to parse and pass it to a CGI program as + command line args. For example, <IsIndex> + generated searches often work in this way. The default behavior + in Apache is to maintain this behavior for backwards + compatibility, although it is generally regarded as unsafe + practice today. Most CGI programs do not take command line + parameters, but among those that do, many are unaware of this + method of passing arguments and are therefore vulnerable to + malicious clients passing unsafe material in this way. Setting + CGICommandArgs Off is recommended to protect such + scripts with little loss in functionality.

          + +
          +

          ClearModuleList directive

          @@ -705,6 +757,11 @@ This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.

          + +

          See also: AddModule and LoadModule

          +

          ContentDigest @@ -840,7 +897,7 @@ Directory-path is either the full path to a directory, or a wild-card string. In a wild-card string, `?' matches any single character, and `*' matches any sequences of characters. - As of Apache 1.3, you may also use `[]' character ranges like + As of Apache 1.3, you may also use `[ ]' character ranges like in the shell. Also as of Apache 1.3 none of the wildcards match a `/' character, which more closely mimics the behavior of Unix shells. Example:

          @@ -1310,8 +1367,11 @@

          Examples

          - ErrorLog logs/vhost1.error
          - ErrorLog |/usr/local/bin/errorlog.pl +

          ErrorLog logs/vhost1.error

          + + or + +

          ErrorLog |/usr/local/bin/errorlog.pl

          Apache 1.3 and above: Using syslog instead of a filename enables logging via @@ -1323,7 +1383,11 @@

          For example:

          - ErrorLog syslog +

          ErrorLog syslog

          + + or + +

          ErrorLog syslog:user

          SECURITY: See the security tips @@ -1358,7 +1422,7 @@ bandwidth.) In Apache 1.3.22 and earlier, the ETag value was always formed from the file's inode, size, and last-modified time (mtime). The FileETag directive allows you to choose - which of these -- if any -- should be used. The recognised + which of these -- if any -- should be used. The recognized keywords are:

          @@ -1451,7 +1515,7 @@ subdirectories, unless specifically overridden.

          (See Require for details on using the - Require directive)

          + Require directive)

          See also: How Directory, Location and Files sections work for an @@ -1516,9 +1580,13 @@

          Refers to a group by its number.
          - It is recommended that you set up a new group specifically for +

          It is recommended that you set up a new group specifically for running the server. Some admins use user nobody, - but this is not always possible or desirable. + but this is not always possible or desirable.

          + +

          Example:

          + + Group www-group

          Note: if you start the server as a non-root user, it will fail to change to the specified group, and will instead @@ -1772,7 +1840,7 @@ directives, which may cause the server to fail on start up. Running apachectl configtest will give you a list of the files that are being processed during the configuration - check:

          + check:

           root@host# apachectl configtest
@@ -1896,10 +1964,10 @@ Syntax OK
        </Limit>
     
     The method names listed can be one or more of: GET, POST, PUT,
-    DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH,
+    DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH,
     MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is
     case-sensitive. If GET is used it will also restrict
-    HEAD requests. 
+    HEAD requests. The TRACE method cannot be limited.
     
          
 
     
          <LimitExcept>
@@ -1936,6 +2004,50 @@ Syntax OK
 
     
          
 
+    
          LimitInternalRecursion directive
          
+
+    Syntax: LimitInternalRecursion
+    number [number]
          
+     Default: LimitInternalRecursion
+    20
          
+     Context: server config, virtual host
          
+     Status: core
          
+     Compatibility: LimitInternalRecursion
+    is only available in Apache 1.3.28 and later. 
+
+    
          An internal redirect happens, for example, when using the Action directive, which internally
+    redirects the original request to a CGI script. A subrequest is Apache's
+    mechanism to find out what would happen for some URI if it were requested.
+    For example, mod_dir uses subrequests to look
+    for the files listed in the DirectoryIndex
+    directive.
          
+
+    
          LimitInternalRecursion prevents the server
+    from crashing when entering an infinite loop of internal redirects or
+    subrequests. Such loops are usually caused by misconfigurations.
          
+
+    
          The directive stores two different limits, which are evaluated on
+    per-request basis. The first number is the maximum number of
+    internal redirects, that may follow each other. The second number
+    determines, how deep subrequests may be nested. If you specify only one
+    number, it will be assigned to both limits. A value of
+    0 means "unlimited".
          
+
+    
          Example
          
+    
          +    LimitInternalRecursion 5
+    
          
+
+    
          
+
     
          LimitRequestBody directive
          
 
@@ -2386,10 +2498,10 @@ Syntax OK
 
     
-        
+        
 
-        
-        
+        
+        
@@ -2966,13 +3078,13 @@ Syntax OK
     rel="Help">Status: core 
 
     
          This directive selects which authenticated users can access
-    a directory. The allowed syntaxes are:
          
+    a resource. The allowed syntaxes are:
            
       
          • 
         Require user userid [userid] ... 
 
-        
            Only the named users can access the directory.
            
+        
            Only the named users can access the resource.
            
       
            • 
 
       
          • 
@@ -2980,13 +3092,23 @@ Syntax OK
         
 
         
            Only users in the named groups can access the
-        directory.
            
+        resource.
            
       
            • 
 
       
          • 
         Require valid-user 
 
-        
            All valid users can access the directory.
            
+        
            All valid users can access the resource.
            
+      
            • 
+      
          • file-owner
+        
            Only the user, whose name matches the system's name for 
+	the file owner, can access the resource.
            
+	[Available after Apache 1.3.20]
            
+      
            • 
+      
          • file-group
+        
            Only the members of the group, whose name matches the
+	system's name of the file owner group, can access the 
+	resource.
            [Available after Apache 1.3.20]
            
       
            • 
     
          
 
@@ -3064,15 +3186,13 @@ Syntax OK
     
          Alternatively you can use a wildcard to limit the scope; i.e
     to only *.conf files.
     
          
-    
          Note that by default any file in the specified 
+    
          Note that by default any file in the specified
     directory will be loaded as a configuration file.
-    
          
     
          
-    So make sure that you don't have stray files in
+    
          So make sure that you don't have stray files in
     this directory by mistake, such as temporary files created by your
     editor, for example.
          
 
-
     
          See also AccessConfig.
          
 
@@ -3779,7 +3899,7 @@ Syntax OK
     9090, then the canonical name of the server is
     www.example.com:9090. In the event that
     Port has its default value of 80, the
-    :80 is ommitted from the canonical name.
+    :80 is omitted from the canonical name.
          With UseCanonicalName off Apache will form
     self-referential URLs using the hostname and port supplied by
diff --git a/usr.sbin/httpd/htdocs/manual/mod/core.html.html b/usr.sbin/httpd/htdocs/manual/mod/core.html.html
index 34ec33b29de..01ca807474a 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/core.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/core.html.html
@@ -20,7 +20,7 @@
     
 
 
-    
          Apache Core Features
          
+    
          Apache Core Features
          These configuration parameters control the core Apache
     features, and are always available.
          
@@ -50,6 +50,8 @@
 
       
        • BS2000Account
          • 
 
+      
        • CGICommandArgs
          • 
+
       
        • ClearModuleList
        • ContentDigest
          • 
@@ -101,6 +103,8 @@
 
       
        • <LimitExcept>
          • 
 
+      
        • LimitInternalRecursion
          • 
+
       
        • LimitRequestBody
        • LimitRequestFields
          • 
@@ -252,7 +256,7 @@
     method Apache will use. Not all methods are available on all
     platforms, since the suite of methods is determined at
     compile-time. For a list of which methods are available for
-    your particular build, the httpd -L command line
+    your particular build, the httpd -V command line
     option will list them out.
          The compile time flags -D
@@ -317,10 +321,10 @@
     
          Alternatively you can use a wildcard to limit the scope; i.e
     to only *.conf files.
     
          
-    
          Note that by default any file in the specified 
+    
          Note that by default any file in the specified 
     directory will be loaded as a configuration file.
-    
          
     
          
+    
          
     So make sure that you don't have stray files in
     this directory by mistake, such as temporary files created by your
     editor, for example.
          
@@ -438,8 +442,18 @@
     AddModule mod_include.c
     
 
+    
          The ordering of AddModule lines is important.
+    Modules are listed in reverse priority order --- the ones that come
+    later can override the behavior of those that come earlier.  This
+    can have visible effects; for instance, if UserDir followed Alias,
+    you couldn't alias out a particular user's home directory.  For
+    more information and a recommended ordering, see 
+    src/Configuration.tmpl in the Apache source
+    distribution.
          
+
     
          See also: ClearModuleList, 
+    href="#clearmodulelist">ClearModuleList and LoadModule
          
     
          
 
     
          AllowOverride
@@ -462,6 +476,11 @@
     which directives declared in that file can override earlier
     access information.
          
 
+    
          Note: AllowOverride is only
+    valid in <Directory> sections, not in <Location> or
+    <Files> sections, as implied by the Context
+    section above.
          
+
     
          When this directive is set to None, then
     .htaccess files are completely ignored. In this case, the
     server will not even attempt to read .htaccess files in the
@@ -690,6 +709,39 @@
     EBCDIC port
          
     
          
 
+    
          CGICommandArgs
+    directive
          
+
+    Syntax: CGICommandArgs On|Off
          
+     Default: CGICommandArgs On
          
+     Context: directory, .htaccess
          
+     Override: Options
          
+     Status: core
          
+     Compatibility: Available in Apache
+       1.3.24 and later.
+
+    
          Way back when the internet was a safer, more naive place, it
+    was convenient for the server to take a query string that did not
+    contain an '=' sign and to parse and pass it to a CGI program as
+    command line args.  For example, <IsIndex>
+    generated searches often work in this way.  The default behavior
+    in Apache is to maintain this behavior for backwards
+    compatibility, although it is generally regarded as unsafe
+    practice today.  Most CGI programs do not take command line
+    parameters, but among those that do, many are unaware of this
+    method of passing arguments and are therefore vulnerable to
+    malicious clients passing unsafe material in this way. Setting
+    CGICommandArgs Off is recommended to protect such
+    scripts with little loss in functionality.
          
+
+    
          
+
     
          ClearModuleList directive
          
 
@@ -707,6 +759,11 @@
     This directive clears the list. It is assumed that the list
     will then be re-populated using the AddModule directive.
          
+
+    
          See also: AddModule and LoadModule
          
+ 
     
          
 
     
          ContentDigest
@@ -842,7 +899,7 @@
     Directory-path is either the full path to a directory,
     or a wild-card string. In a wild-card string, `?' matches any
     single character, and `*' matches any sequences of characters.
-    As of Apache 1.3, you may also use `[]' character ranges like
+    As of Apache 1.3, you may also use `[ ]' character ranges like
     in the shell. Also as of Apache 1.3 none of the wildcards match
     a `/' character, which more closely mimics the behavior of
     Unix shells. Example:
          
@@ -1312,8 +1369,11 @@
 
     
          Examples
          
 
-    ErrorLog logs/vhost1.error
          
-    ErrorLog |/usr/local/bin/errorlog.pl
+    
          ErrorLog logs/vhost1.error
          
+
+    or
+
+    
          ErrorLog |/usr/local/bin/errorlog.pl
          
 
     
          Apache 1.3 and above: Using
     syslog instead of a filename enables logging via
@@ -1325,7 +1385,11 @@
 
     
          For example:
          
 
-    ErrorLog syslog
+    
          ErrorLog syslog
          
+
+    or
+
+    
          ErrorLog syslog:user
          
 
     
          SECURITY: See the security tips
@@ -1360,7 +1424,7 @@
     bandwidth.)  In Apache 1.3.22 and earlier, the ETag value was
     always formed from the file's inode, size, and last-modified
     time (mtime).  The FileETag directive allows you to choose
-    which of these -- if any -- should be used.  The recognised
+    which of these -- if any -- should be used.  The recognized
     keywords are:
     
          
     
          
@@ -1453,7 +1517,7 @@
     subdirectories, unless specifically overridden.
          
 
     
          (See Require for details on using the
-    Require directive)
          
+    Require directive)
          
 
     
          See also: How
     Directory, Location and Files sections work for an
@@ -1518,9 +1582,13 @@
 
       
          Refers to a group by its number.
          
     
          
-    It is recommended that you set up a new group specifically for
+    
          It is recommended that you set up a new group specifically for
     running the server. Some admins use user nobody,
-    but this is not always possible or desirable. 
+    but this is not always possible or desirable.
          
+
+    
          Example:
          
+
+    Group www-group
 
     
          Note: if you start the server as a non-root user, it will
     fail to change to the specified group, and will instead
@@ -1774,7 +1842,7 @@
     directives, which may cause the server to fail on start up.
     Running apachectl configtest will give you a list of
     the files that are being processed during the configuration  
-    check:
          
+    check:
          
 
 
           root@host# apachectl configtest
@@ -1898,10 +1966,10 @@ Syntax OK
        </Limit>
     
     The method names listed can be one or more of: GET, POST, PUT,
-    DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH,
+    DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH,
     MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is
     case-sensitive. If GET is used it will also restrict
-    HEAD requests. 
+    HEAD requests. The TRACE method cannot be limited.
     
          
 
     
          <LimitExcept>
@@ -1938,6 +2006,50 @@ Syntax OK
 
     
          
 
+    
          LimitInternalRecursion directive
          
+
+    Syntax: LimitInternalRecursion
+    number [number]
          
+     Default: LimitInternalRecursion
+    20
          
+     Context: server config, virtual host
          
+     Status: core
          
+     Compatibility: LimitInternalRecursion
+    is only available in Apache 1.3.28 and later. 
+
+    
          An internal redirect happens, for example, when using the Action directive, which internally
+    redirects the original request to a CGI script. A subrequest is Apache's
+    mechanism to find out what would happen for some URI if it were requested.
+    For example, mod_dir uses subrequests to look
+    for the files listed in the DirectoryIndex
+    directive.
          
+
+    
          LimitInternalRecursion prevents the server
+    from crashing when entering an infinite loop of internal redirects or
+    subrequests. Such loops are usually caused by misconfigurations.
          
+
+    
          The directive stores two different limits, which are evaluated on
+    per-request basis. The first number is the maximum number of
+    internal redirects, that may follow each other. The second number
+    determines, how deep subrequests may be nested. If you specify only one
+    number, it will be assigned to both limits. A value of
+    0 means "unlimited".
          
+
+    
          Example
          
+    
          +    LimitInternalRecursion 5
+    
          
+
+    
          
+
     
          LimitRequestBody directive
          
 
@@ -2388,10 +2500,10 @@ Syntax OK
 
     
          
       
          Level Level Description Example Description Example 
       
          
 
       
          
 
     
     
 
     
 
     
 
       
 
       
 
     
          
-        
+        
 
-        
-        
+        
+        
@@ -2968,13 +3080,13 @@ Syntax OK
     rel="Help">Status: core 
 
     
          This directive selects which authenticated users can access
-    a directory. The allowed syntaxes are:
          
+    a resource. The allowed syntaxes are:
            
       
          • 
         Require user userid [userid] ... 
 
-        
            Only the named users can access the directory.
            
+        
            Only the named users can access the resource.
            
       
            • 
 
       
          • 
@@ -2982,13 +3094,23 @@ Syntax OK
         
 
         
            Only users in the named groups can access the
-        directory.
            
+        resource.
            
       
            • 
 
       
          • 
         Require valid-user 
 
-        
            All valid users can access the directory.
            
+        
            All valid users can access the resource.
            
+      
            • 
+      
          • file-owner
+        
            Only the user, whose name matches the system's name for 
+	the file owner, can access the resource.
            
+	[Available after Apache 1.3.20]
            
+      
            • 
+      
          • file-group
+        
            Only the members of the group, whose name matches the
+	system's name of the file owner group, can access the 
+	resource.
            [Available after Apache 1.3.20]
            
       
            • 
     
          
 
@@ -3066,15 +3188,13 @@ Syntax OK
     
          Alternatively you can use a wildcard to limit the scope; i.e
     to only *.conf files.
     
          
-    
          Note that by default any file in the specified 
+    
          Note that by default any file in the specified
     directory will be loaded as a configuration file.
-    
          
     
          
-    So make sure that you don't have stray files in
+    
          So make sure that you don't have stray files in
     this directory by mistake, such as temporary files created by your
     editor, for example.
          
 
-
     
          See also AccessConfig.
          
 
@@ -3781,7 +3901,7 @@ Syntax OK
     9090, then the canonical name of the server is
     www.example.com:9090. In the event that
     Port has its default value of 80, the
-    :80 is ommitted from the canonical name.
+    :80 is omitted from the canonical name.
          With UseCanonicalName off Apache will form
     self-referential URLs using the hostname and port supplied by
diff --git a/usr.sbin/httpd/htdocs/manual/mod/directives.html.de b/usr.sbin/httpd/htdocs/manual/mod/directives.html.de
index b0fb88568c1..a5375d5b361 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/directives.html.de
+++ b/usr.sbin/httpd/htdocs/manual/mod/directives.html.de
@@ -31,6 +31,8 @@ wobei es zu den im Beschreibungsformat verwendeten Feldern eine eigene
 gibt.
 
            
+
          • AcceptFilter
            • 
+
          • AcceptMutex
            • 
 
          • AccessConfig
 
          • AccessFileName
 
          • Action
@@ -75,8 +77,8 @@ gibt.
 
          • AuthType
 
          • AuthUserFile
 
          • BindAddress
-
          • BrowserMatch
-
          • BrowserMatchNoCase
+
          • BrowserMatch
+
          • BrowserMatchNoCase
 
          • BS2000Account
 
          • CacheDefaultExpire
 
          • CacheDirLength
@@ -91,9 +93,13 @@ gibt.
 
          • CheckSpelling
 
          • ClearModuleList
 
          • ContentDigest
+
          • CookieDomain
            • 
 
          • CookieExpires
+
          • CookieFormat
            • 
 
          • CookieLog (mod_cookies)
 
          • CookieLog (mod_log_config)
+
          • CookiePrefix
            • 
+
          • CookieStyle
            • 
 
          • CookieTracking
 
          • CoreDumpDirectory
 
          • CustomLog
@@ -109,6 +115,7 @@ gibt.
 
          • EBCDICConvertByType
 
          • EBCDICKludge
 
          • ErrorDocument
+
          • ErrorHeader
            • 
 
          • ErrorLog
 
          • Example
 
          • ExpiresActive
@@ -116,6 +123,7 @@ gibt.
 
          • ExpiresDefault
 
          • ExtendedStatus
 
          • FancyIndexing
+
          • FileETag
            • 
 
          • <Files>
 
          • <FilesMatch>
 
          • ForceType
@@ -142,6 +150,7 @@ gibt.
 
          • LanguagePriority
 
          • <Limit>
 
          • <LimitExcept>
+
          • LimitInternalRecursion
 
          • LimitRequestBody
 
          • LimitRequestFields
 
          • LimitRequestFieldsize
@@ -172,6 +181,7 @@ gibt.
 
          • PassEnv
 
          • PidFile
 
          • Port
+
          • ProtocolReqCheck
            • 
 
          • ProxyBlock
 
          • ProxyDomain
 
          • ProxyPass
@@ -224,8 +234,9 @@ gibt.
 
          • ServerType
 
          • SetEnv
 
          • SetEnvIf
-
          • SetEnvIfNoCase
+
          • SetEnvIfNoCase
 
          • SetHandler
+
          • ShmemUIDisUser
            • 
 
          • StartServers
 
          • ThreadsPerChild
 
          • TimeOut
diff --git a/usr.sbin/httpd/htdocs/manual/mod/directives.html.en b/usr.sbin/httpd/htdocs/manual/mod/directives.html.en
index 8bc8dc53877..97d728422aa 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/directives.html.en
+++ b/usr.sbin/httpd/htdocs/manual/mod/directives.html.en
@@ -145,10 +145,10 @@
       
          • BindAddress
            • 
 
       
          • BrowserMatch
            • 
+      href="mod_setenvif.html#browsermatch">BrowserMatch
 
       
          • BrowserMatchNoCase
            • 
+      href="mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase
 
       
          • BS2000Account
            • 
 
@@ -180,6 +180,8 @@
 
       
          • CacheSize
            • 
 
+      
          • CGICommandArgs
            • 
+
       
          • CheckSpelling
            • 
 
@@ -194,12 +196,18 @@
       
          • CookieExpires
            • 
 
+      
          • CookieFormat
            • 
+
       
          • CookieLog
       (mod_cookies)
            • 
 
       
          • CookieLog
       (mod_log_config)
            • 
 
+      
          • CookiePrefix
            • 
+
       
          • CookieStyle
            • 
 
@@ -243,6 +251,8 @@
 
       
          • ErrorDocument
            • 
 
+      
          • ErrorHeader
            • 
+      
       
          • ErrorLog
            • 
 
       
          • Example
            • 
@@ -329,6 +339,9 @@
       
          • <LimitExcept>
            • 
 
+      
          • LimitInternalRecursion
            • 
+
       
          • LimitRequestBody
            • 
 
@@ -535,7 +548,7 @@
       
          • SetEnvIf
            • 
 
       
          • SetEnvIfNoCase
            • 
+      href="mod_setenvif.html#setenvifnocase">SetEnvIfNoCase
 
       
          • SetHandler
            • 
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/directives.html.fr b/usr.sbin/httpd/htdocs/manual/mod/directives.html.fr
index 89a7fccde4a..9576f91168c 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/directives.html.fr
+++ b/usr.sbin/httpd/htdocs/manual/mod/directives.html.fr
@@ -149,10 +149,10 @@
       
          • BindAddress
            • 
 
       
          • BrowserMatch
            • 
+      href="mod_setenvif.html#browsermatch">BrowserMatch
 
       
          • BrowserMatchNoCase
            • 
+      href="mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase
 
       
          • BS2000Account
            • 
 
@@ -527,7 +527,7 @@
       
          • SetEnvIf
            • 
 
       
          • SetEnvIfNoCase
            • 
+      href="mod_setenvif.html#setenvifnocase">SetEnvIfNoCase
 
       
          • SetHandler
            • 
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/directives.html.html b/usr.sbin/httpd/htdocs/manual/mod/directives.html.html
index ac29ce7a470..c2b7d78ba6d 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/directives.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/directives.html.html
@@ -147,10 +147,10 @@
       
          • BindAddress
            • 
 
       
          • BrowserMatch
            • 
+      href="mod_setenvif.html#browsermatch">BrowserMatch
 
       
          • BrowserMatchNoCase
            • 
+      href="mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase
 
       
          • BS2000Account
            • 
 
@@ -182,6 +182,8 @@
 
       
          • CacheSize
            • 
 
+      
          • CGICommandArgs
            • 
+
       
          • CheckSpelling
            • 
 
@@ -196,12 +198,18 @@
       
          • CookieExpires
            • 
 
+      
          • CookieFormat
            • 
+
       
          • CookieLog
       (mod_cookies)
            • 
 
       
          • CookieLog
       (mod_log_config)
            • 
 
+      
          • CookiePrefix
            • 
+
       
          • CookieStyle
            • 
 
@@ -243,6 +251,8 @@
 
       
          • ErrorDocument
            • 
 
+      
          • ErrorHeader
            • 
+      
       
          • ErrorLog
            • 
 
       
          • Example
            • 
@@ -329,6 +339,9 @@
       
          • <LimitExcept>
            • 
 
+      
          • LimitInternalRecursion
            • 
+
       
          • LimitRequestBody
            • 
 
@@ -535,7 +548,7 @@
       
          • SetEnvIf
            • 
 
       
          • SetEnvIfNoCase
            • 
+      href="mod_setenvif.html#setenvifnocase">SetEnvIfNoCase
 
       
          • SetHandler
            • 
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/directives.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/directives.html.ja.jis
index 7f1d0f27765..5a17a7e1fed 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/directives.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/directives.html.ja.jis
@@ -7,7 +7,7 @@
     Apache ディレクティブ
 
   
-  
+  
   
   
@@ -193,12 +193,18 @@
       
          • CookieExpires
            • 
 
+      
          • CookieFormat
            • 
+
       
          • CookieLog
       (mod_cookies)
            • 
 
       
          • CookieLog
       (mod_log_config)
            • 
 
+      
          • CookiePrefix
            • 
+
       
          • CookieStyle
            • 
 
       
          • ErrorDocument
            • 
 
+      
          • ErrorHeader
            • 
+
       
          • ErrorLog
            • 
 
       
          • Example
            • 
@@ -535,6 +543,8 @@
 
       
          • SetHandler
            • 
 
+      
          • ShmemUIDisUser
            • 
+
       
          • StartServers
            • 
 
       
          • 
 
 
@@ -18,13 +19,14 @@
     
 
 
-    
            Apache モジュール
            
+    
            Apache モジュール
            
 
     
            Apache の配布に含まれているモジュールは、以下の通りです。
-    アルファベット順Apache の全ディレクティブ
-    のアルファベット順リストも参照してください。
+    アルファベット順Apache
+    の全ディレクティブ のアルファベット順リストも参照してください。
     Apache の配布に含まれない Apache モジュールについては http://modules.apache.org を参照してください。
            
+    href="http://modules.apache.org/">http://modules.apache.org
+    を参照してください。
            
 
     
            コア
            
 
@@ -48,7 +50,7 @@
       
            mod_unique_id Apache 1.3
       and up
            
 
-      
            リクエスト毎に、一意なリクエスト ID を生成する
            
+      
            リクエストごとに、一意なリクエスト ID を生成する
            
     
 
     
            コンテンツの種類を決定する
            
@@ -72,11 +74,13 @@
     
            
       
            mod_alias
            
 
-      
            ホストファイルシステムのドキュメントツリーへのマッピング及び URL のリダイレクションを行なう
            
+      
            ホストファイルシステムのドキュメントツリーへのマッピング及び
+      URL のリダイレクションを行なう
            
 
       
            mod_rewrite Apache 1.2 以降
            
 
-      
            正規表現を利用した、URI からファイル名への強力なマッピング機能を提供する
            
+      
            正規表現を利用した、URI
+      からファイル名への強力なマッピング機能を提供する
            
 
       
            mod_userdir
            
 
@@ -112,7 +116,7 @@
 
       
            mod_auth
            
 
-      
            テキストファイル形式の認証ファイルを使用した ユーザ認証機能を提供する
            
+      
            テキストファイル形式の認証ファイルを使用したユーザ認証機能を提供する
            
 
       
            mod_auth_dbm
            
 
@@ -169,7 +173,8 @@
 
       
            mod_actions Apache 1.1 以降
            
 
-      
            メディアタイプやリクエストメソッドによって CGI スクリプトを実行する
            
+      
            メディアタイプやリクエストメソッドによって CGI
+      スクリプトを実行する
            
 
       
            mod_isapi WIN32 のみ
            
 
@@ -221,12 +226,13 @@
 
       
            mod_so Apache 1.3 以降
            
 
-      
            実行時にモジュール (UNIXでは .so、Win32 では .dll) を動的読み込みする機能を提供する
            
+      
            実行時にモジュール (UNIXでは .so、Win32 では .dll)
+      を動的読み込みする機能を提供する
            
 
       
            mod_mmap_static Apache 以降
            
 
       
            ファイルのキャッシングを行なう実験的なモジュールで、
-      ファイルをメモリ内にマッピングすることにより パフォーマンスを向上させる
            
+      ファイルをメモリ内にマッピングすることによりパフォーマンスを向上させる
     
            
 
     
            開発用
            
@@ -242,19 +248,24 @@
     
            
       
            mod_browser Apache 1.2.* のみ
            
 
-      
            User-Agent 文字列を元に環境変数を設定する。 Apache 1.3 以降において、mod_setenvif で置き換えられた
            
+      
            User-Agent 文字列を元に環境変数を設定する。Apache 1.3
+      以降において、mod_setenvif で置き換えられた
            
 
       
            mod_cookies Apache 1.1.1 以降
            
 
-      
            Netscape のような cookie をサポートする。 Apache 1.2 において、mod_usertrack に置き換えられた
            
+      
            Netscape のような cookie をサポートする。 Apache 1.2
+      において、mod_usertrack に置き換えられた
            
 
       
            mod_dld Apache 1.2.* 以前
            
 
-      
            GNU libdld を用いて起動時にモジュールのリンクを行なう。 Apache 1.3 において、mod_so に置き換えられた
            
+      
            GNU libdld を用いて起動時にモジュールのリンクを行なう。Apache
+      1.3 において、mod_so に置き換えられた
            
 
       
            mod_log_common Apache 1.1.1 以降
            
 
-      
            Common Logfile Format での標準的な書式によりログを記録する。 Apache 1.2 以降において、mod_log_config モジュールに置き換えられた
            
+      
            Common Logfile Format
+      での標準的な書式によりログを記録する。Apache 1.2
+      以降において、mod_log_config モジュールに置き換えられた
            
     
            
         
            
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/index.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/index.html.ja.jis
index 1b916dce632..d1e50ccf49b 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/index.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/index.html.ja.jis
@@ -231,7 +231,7 @@
       
            mod_unique_id
       Apache 1.3 以降
            
 
-      
            リクエスト毎に、一意なリクエスト ID を生成する
            
+      
            リクエストごとに、一意なリクエスト ID を生成する
            
 
       
            mod_usertrack
       Apache 1.2 以降
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.en b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.en
index c99341eb799..c8f7b2520db 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.en
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.en
@@ -184,7 +184,7 @@ SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
 
     
            See also Deny, Order and SetEnvIf.
            
+    href="mod_setenvif.html#setenvif">SetEnvIf.
            
     
            
 
     
            Deny See also Allow, Order and SetEnvIf.
            
+    href="mod_setenvif.html#setenvif">SetEnvIf.
            
     
            
 
     
            Order directive
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.html b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.html
index cdf076cee45..37e106318d0 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html.html
@@ -186,7 +186,7 @@ SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
 
     
            See also Deny, Order and SetEnvIf.
            
+    href="mod_setenvif.html#setenvif">SetEnvIf.
            
     
            
 
     
            Deny See also Allow, Order and SetEnvIf.
            
+    href="mod_setenvif.html#setenvif">SetEnvIf.
            
     
            
 
     
            Order directive
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.ja.jis
index f3a5449b0d8..75bdec448db 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html.ja.jis
@@ -31,7 +31,7 @@
      モジュール識別子:
     action_module
            
-     互換性:
     Apache 1.1 以降でのみ使用可能。
            
 
@@ -66,7 +66,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_actions
            
-     互換性:
     Apache 1.1 以降でのみ使用可能。
            
 
@@ -116,7 +116,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_actions
            
-     互換性: Script は Apache 1.1
     以降でのみ使用可能。任意のメソッドの使用は 1.3.10
     以降でのみ使用可能。
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html
index 420330ab402..9fc1cd3dc69 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html
@@ -45,7 +45,7 @@
     directives).
            
 
     
            Digest authentication is described in RFC 
+    href="http://ftp.ics.uci.edu/pub/ietf/http/rfc2617.txt">RFC 
     2617.
            
  
     
            Directives
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html
new file mode 100644
index 00000000000..9e85f5d2cdd
--- /dev/null
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html
@@ -0,0 +1,488 @@
+
+
+
+Module mod_auth_msql
+
+
+
+
            
+ [APACHE DOCUMENTATION]
+ 
            
+  Apache HTTP Server Version 1.2
+ 
            
+
            
+
+
            Module mod_auth_msql
            
+
+This module is contained in the mod_auth_msql.c file and
+is compiled in by default.  It allows access control using the public
+domain mSQL database             ftp://ftp.bond.edu.au/pub/Minerva/msql,
+a fast but limited SQL engine which can be contacted over an internal
+Unix domain protocol as well as over normal TCP/IP socket
+communication. It is only available in Apache 1.1 and later. 
            
+
+Full description /
+Example /
+Compile time options /
+RevisionHistory /
+Person to blame /
+Sourcecode
+
            
+
+
            Full description of all tokens
            
+
            
+
+
            
+Auth_MSQLhost < FQHN | IP Address | localhost >
+
            
+        Hostname of the machine running the mSQL demon. The effective uid
+        of the server should be allowed access. If not given, or if it is
+        the magic name localhost, it is passed to the mSQL library as a null
+        pointer. This effectively forces it to use /dev/msql rather than the
+        (slower) socket communication.
+
            
+
+
            
+Auth_MSQLdatabase < mSQL database name >
+
            
+        Name of the database in which the following table(s) are contained (Quick check: use the
+        mSQL command relshow [<hostname> dbase] to verify the spelling of the
+        database name).
+
            
+
+
            
+Auth_MSQLpwd_table < mSQL table name >
+
            
+        Contains at least the fields with the username
+        and the (encrypted) password. Each uid should only occur once in this table and
+        for performance reasons should be a primary key.
+        Normally this table is compulsory, but it is
+        possible to use a fall-through to other methods
+        and use the mSQL module for group control only.
+        See the Auth_MSQL_Authoritative
+        directive below.
+
            
+
+
            
+Auth_MSQLgrp_table < mSQL table name in the above database >
+
            
+        Contains at least the fields with the
+        username and the groupname. A user which
+        is in multiple groups has therefore
+        multiple entries. There might be some performance
+        problems associated with this and one
+        might consider to have separate tables for each
+        group (rather than all groups in one table) if
+        your directory structure allows for it.
+        One only need to specify this table when doing
+        group control.
+
            
+
+
            
+Auth_MSQLuid_field < mSQL field name >
+
            
+        Name of the field containing the username in the 
+        Auth_MSQLpwd_table and optionally in the 
+        Auth_MSQLgrp_table tables.
+
            
+
+
            
+Auth_MSQLpwd_field < mSQL field name >
+
            
+        Fieldname for the passwords in the 
+        Auth_MSQLpwd_table table.
+
            
+
+
            
+Auth_MSQLgrp_field < mSQL field name >
+
            
+        Fieldname for the groupname
            
+        Only the fields used need to be specified. When this
+        module is compiled with the
+        BACKWARD_VITEK option then
+        the uid and pwd field names default to 'user' and 'password'.
+        However you are strongly encouraged to always specify these values
+        explicitly given the security issues involved.
+
            
+
+
            
+Auth_MSQL_nopasswd < on | off >
+
            
+        Skip password comparison if passwd field is
+        empty, i.e. allow any password. This is 'off'
+        by default to ensure that an empty field
+        in the mSQL table does not allow people in by
+        default with a random password.
+
            
+
+
            
+Auth_MSQL_Authoritative < on | off >
+
            
+        Default is 'on'. When set 'on', there is no
+        fall-through to other authorization methods. So if a
+        user is not in the mSQL dbase table (and perhaps
+        not in the right group) or has the password wrong, then
+        he or she is denied access. When this directive is set to
+        'off', control is passed on to any other authorization
+        modules, such as the basic auth module with the htpasswd
+        file or the Unix-(g)dbm modules. The default is 'on'
+        to avoid nasty 'fall-through' surprises. Be sure you
+        know what you are doing when you decide to switch it off.
+
            
+
+
            
+Auth_MSQL_EncryptedPasswords < on | off >
+
            
+        Default is 'on'. When set on, the values in the
+        pwd_field are assumed to be crypt-ed using *your*
+        machines 'crypt()' function and the incoming password
+        is 'crypt'ed before comparison. When this function is
+        'off', the comparison is done directly with the plaintext
+        entered password. (Yes, http-basic-auth does send the
+        password as plaintext over the wire :-( ). The default
+        is a sensible 'on', and I personally think that it is
+        a *very-bad-idea* to change this. However a multi
+        vendor or international environment (which sometimes
+        leads to different crypts functions) might force you to.
+
            
+
            
+
+
+
            Example
            
+
+An example mSQL table could be created with the following commands:
+
            +     % msqladmin create www               
            
+     % msql www                           
            
+     -> create table user_records (       
            
+     ->   User_id  char(32) primary key,  
            
+     ->   Cpasswd  char(32),              
            
+     ->   Xgroup   char(32)               
            
+     ->   ) \g                            
            
+     query OK                             
            
+     -> \q                                
            
+     %                                    
            
+

            
+
+The User_id can be as long as desired. However some of the
+popular web browsers truncate names at or stop the user from entering
+names longer than 32 characters. Furthermore the 'crypt' function
+on your platform might impose further limits. Also use of
+the require users uid [uid..] directive in the
+access.conf file where the uid's are separated by
+spaces can possibly prohibit the use of spaces in your usernames.
+Also, please note the MAX_FIELD_LEN
+directive somewhere below.
+
            
+To use the above, the following example could be in your
+access.conf file. Also there is a more elaborate description
+below this example.
+
            
+
+<directory /web/docs/private>
+
            
+
+
            
+
            
+Auth_MSQLhost        localhost
            
+
            
+    
            or
            
+
            
+Auth_MSQLhost        datab.machine.your.org
+
            
+                If this directive is omitted or set to localhost,
+                it is assumed that Apache and the mSQL
+                database run on the same (physical) machine and the faster
+                /dev/msql communication channel will be used. Otherwise,
+                it is the machine to contact by TCP/IP. Consult the mSQL
+                documentation for more information.
+
            
+
            
+
+
            
+Auth_MSQLdatabase    www
+
            
+                The name of the database on the above machine,
+                which contains *both* the tables for group and
+                for user/passwords. Currently it is not possible
+                to have these split over two databases. Make
+                sure that the msql.acl (access control file) of
+                mSQL does indeed allow the effective uid of the
+                web server read access to this database. Check the
+                httpd.conf file for this uid.
+
            
+
+
            
+Auth_MSQLpwd_table   user_records
+
            
+                This is the table which contain the uid/password combination
+                is specified.
+
            
+
+
            
+Auth_MSQLuid_field   User_id 
            
+Auth_MSQLpwd_field   Cpasswd
+
            
+                These two directive specify the field names in the user_record
+                table. If this module is compiled with the BACKWARD_VITEK
+                compatibility switch, the defaults user and password are
+                assumed if you do not specify them. Currently the user_id field
+                *MUST* be a primary key or one must ensure that each user only
+                occurs once in the table. If a uid occurs twice access is
+                denied by default; but see the ONLY_ONCE
+                compiler directive for more information.
+
            
+
+
            
+Auth_MSQLgrp_table   user_records 
            
+Auth_MSQLgrp_field   Xgroup       
            
+
            
+                Optionally one can also specify a table which contains the
+                user/group combinations. This can be the same table which
+                also contains the username/password combinations. However
+                if a user belongs to two or more groups, one will have to
+                use a different table with multiple entries.
+
            
+
+
            
+Auth_MSQL_nopasswd           off 
            
+Auth_MSQL_Authoritative        on  
            
+Auth_MSQL_EncryptedPasswords on  
            
+
            
+                These three optional fields (all set to the sensible defaults,
+                so you really do not have to enter them) are described in more
+                detail below. If you choose to set these to any other values then
+                the above, be very sure you understand the security implications and
+                do verify that Apache does what you expect it to do.
+
            
+
+
            
+AuthName                example mSQL realm 
            
+AuthType                basic
+
            
+
            
+                Normal Apache/NCSA tokens for access control
+                
            
+                <limit get post head>
            
+                order deny,allow          
            
+                allow from all            
            
+                
            
+                require valid-user        
            
+                    
            • valid-user; allow in any user which has a valid uid/passwd
+                    pair in the above pwd_table.
+                    
            
+                or
            
+                require user smith jones  
            
+                    
            • Limit access to users who have a valid uid/passwd pair in the
+                    above pwd_table *and* whose uid is 'smith' or 'jones'. Do note that
+                    the uid's are separated by 'spaces' for historic (NCSA) reasons.
+                    So allowing uids with spaces might cause problems.
+                    
            
+                require group has_paid
            
+                    
            • Optionally also ensure that the uid has the value 'has_paid' in
+                    the group field in the group table.
+                    
            
+                <limit>              
            
+
            
+
            
+
+
+
            Compile Time Options
            
+
+
            
+
            
+#define ONLY_ONCE 1
+
            
+   If the mSQL table containing the uid/passwd combination does
+   not have the uid field as a primary key, it is possible for the
+   uid to occur more than once in the table with possibly different
+   passwords. When this module is compiled with the ONLY_ONCE
+   directive set, access is denied if the uid occurs more than once in the
+   uid/passwd table. If you choose not to set it, the software takes
+   the first pair returned and ignores any further pairs. The SQL
+   statement used for this is
            
+   
            "select password form pwd_table where user='UID'"
            
+   this might lead to unpredictable results. For this reason as well
+   as for performance reasons you are strongly advised to make the
+   uid field a primary key. Use at your own peril :-)
+
            
+
+
            
+#define KEEP_MSQL_CONNECTION_OPEN
+
            
+   Normally the (TCP/IP) connection with the database is opened and
+   closed for each SQL query. When the Apache web-server and the database
+   are on the same machine, and /dev/msql is used this does not
+   cause a serious overhead. However when your platform does not
+   support this (see the mSQL documentation) or when the web server
+   and the database are on different machines the overhead can be
+   considerable. When the above directive is set defined the server leaves
+   the connection open, i.e. no call to msqlClose().
+   If an error occurs an attempt is made to reopen the connection for
+   the next http request.
+   
            
+   This has a number of very serious drawbacks
+   
            •  It costs 2 already rare file-descriptors for each child.
+       
            •  It costs msql-connections, typically one per child. The (compiled in)
+            number of connections mSQL can handle is low, typically 6 or 12.
+            which might prohibit access to the mSQL database for later
+            processes.
+       
            •  When a child dies, it might not free that connection properly
+            or quick enough.
+       
            •  When errors start to occur, connection/file-descriptor resources
+            might become exhausted very quickly.
+   
            
+   
            
+   In short, use this at your own peril and only in a highly controlled and
+   monitored environment.
+
            
+
+
            
+
+#define BACKWARD_VITEK
            
+#define VITEK_uid_name "user"
            
+#define VITEK_gid_name "passwd"
+
            
+   A second mSQL auth module for Apache has also been developed by Vivek Khera
+   <khera@kciLink.com>
+   and was subsequently distributed with some early versions of Apache. It
+   can be obtained from
+   ftp://ftp.kcilink.com/pub/mod_auth_msql.c*.
+   Older 'vitek' versions had the field/table names compiled in. Newer
+   versions, v.1.11 have more access.conf configuration
+   options. However these where chosen not to be in line the 'ewse'
+   version of this module. Also, the 'vitek' module does not give group
+   control or 'empty' password control.
+   
            
+   To get things slightly more in line this version (0.9) should
+   be backward compatible with the 'vitek' module by:
+   
            •  Adding support for the Auth_MSQL_EncryptedPasswords on/off functionality
+       
            •  Adding support for the different spelling of the 4 configuration
+            tokens for user-table-name, user/password-field-name and dbase-name.
+       
            •  Setting some field names to a default which used to be hard
+            coded in in older 'vitek' modules.
+   
            
+   
            
+   If this troubles you, remove the 'BACKWARD_VITEK' define.
+
            
+
+
            
+
+#define MAX_FIELD_LEN (64)
            
+#define MAX_QUERY_LEN (32+24+MAX_FIELD_LEN*2+3*MSQL_FIELD_NAME_LEN+1*MSQL_TABLE_NAME_LEN)
            
+
            
+   In order to avoid using the very large HUGE_STRING_LENGTH, the above two compile
+   time directives are supplies. The MAX_FIELD_LEN contains the maximum number of
+   characters in your user, password and group fields. The maximum query length is derived
+   from those values.
+   
            
+   We only do the following two queries:
+   
            • For the user/passwd combination
+           
              "select PWDFIELD from PWDTABLE where USERFIELD='UID'"
              
+       
            • Optionally for the user/group combination:
+           
              "select GROUPFIELD from GROUPTABLE where USERFIELD='UID' and GROUPFIELD='GID'"
              
+   
            
+   
            
+   This leads to the above limit for the query string. We are ignoring escaping a wee bit here
+   assuming not more than 24 escapes.)
+
            
+
            
+
+
+
            Revision History
            
+
+This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.
+
+
            
+
+
            Version 0.0
            
+    
            First release
+    
            
+
            Version 0.1
            
+    
            Update to Apache 1.00
+    
            
+
            Version 0.2
            
+    
            Added lines which got missing God knows when
+        and which did the valid-user authentication no good at all !
+    
            
+
            Version 0.3
            
+    
            Added 'Auth_MSQL_nopasswd' option
+    
            
+
            Version 0.4
            
+    
            Cleaned out the error messages mess.
+    
            
+
            Version 0.6
            
+    
            Inconsistency with gid/grp in comment/token/source
+ Make sure you really use 'Auth_MSQLgrp_field'
+ as indicated above.
+    
            
+
            Version 0.7
            
+    
            *host to host fixed. Credits
+        go to Rob Stout, <stout@lava.et.tudelft.nl> for
+        spotting this one.
+    
            
+
            Version 0.8
            
+    
            Authoritative directive added. See above.
+    
            
+
            Version 0.9
            
+    
            palloc return code check(s), should be
+        backward compatible with 1.11 version of Vivek Khera
+        <khera@kciLink.com> msql
+        module, fixed broken err msg in group control, changed
+        command table messages to make more sense when displayed
+        in that new module management tool. Added
+        Auth_MSQL_EncryptedPasswords on/off functionality.
+        msqlClose() statements added upon error. Support for
+        persistent connections with the mSQL database (riscy).
+        Escaping of ' and \. Replaced some
+        MAX_STRING_LENGTH claims.
+    
            
+
            
+
+
+
            Contact/person to blame
            
+
+This module was written for the
+European Wide Service Exchange by
+<Dirk.vanGulik@jrc.it>.
+Feel free to contact me if you have any problems, ice-creams or bugs. This
+documentation, courtesy of Nick Himba, 
+<himba@cs.utwente.nl>.
+
            
+
+
+
            Sourcecode
            
+
+The source code can be found at 
+http://www.apache.org. A snapshot of a development version
+usually resides at 
+http://me-www.jrc.it/~dirkx/mod_auth_msql.c. Please make sure
+that you always quote the version you use when filing a bug report.
+
            
+Furthermore a test/demonstration suite (which assumes that you have
+both mSQL and Apache compiled and installed) is available at the contrib
+section of 
+ftp://ftp.apache.org/apache/dist/contrib or
+
+http://me-www.jrc.it/~dirkx/apache-msql-demo.tar.gz and
+its 
+README file.
+
+
            
+
            
+ Apache HTTP Server Version 1.2
+
            
+
+Index
+Home
+
+
+
+
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html
index 22219823021..ca00533594e 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html
@@ -117,7 +117,7 @@
     directory listing. The query options are of the form
     X=Y, where X is one of N
     (file Name), M (file last
-    Modified date), S (file Size, or
+    Modified date), S (file Size), or
     D (file Description), and Y
     is one of A (Ascending) or D
     (Descending).
            
@@ -253,7 +253,7 @@
 
     Syntax: AddDescription
-    string file [file] ...
            
+    "string" file|directory [file|directory] ...
            
      Context: server config, virtual
     host, directory, .htaccess
            
@@ -264,10 +264,11 @@
      Module: mod_autoindex 
 
-    
            This sets the description to display for a file, for FancyIndexing. File is a
-    file extension, partial filename, wild-card expression or full
-    filename for files to describe. String is enclosed in
+    
            This sets the description to display for a file or directory, for IndexOptions FancyIndexing. 
+    file|directory is a file extension, partial filename or 
+    directory name, wild-card expression or full filename or directory name, 
+    for files or directories to describe. String is enclosed in 
     double quotes ("). Example:
            
 
     
            
@@ -495,15 +496,21 @@
     
            
 
     
            
-      Apache versions after 1.3.6:
+      
            Apache versions after 1.3.6:
       Filename is treated as a URI path relative to the
-      one used to access the directory being indexed, and must
+      one used to access the directory being indexed. Note that this
+      means that if Filemame starts with a slash, it will be
+      taken to be relative to the DocumentRoot.
            
+      
+      
            Filename must
       resolve to a document with a major content type of
       "text" (e.g., text/html,
       text/plain, etc.). This means that
       filename may refer to a CGI script if the script's
       actual file type (as opposed to its output) is marked as
-      text/html such as with a directive like: 
+      text/html such as with a directive like: 
            
+
 
                 AddType text/html .cgi
 
            
@@ -680,7 +687,8 @@
       software.
 
       
            IgnoreCase
            
+      name="indexoptions:ignorecase">IgnoreCase
+      (Apache 1.3.24 and later)
 
       
            
       If this option is enabled, names are sorted in case-insensitive
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html
index c659817b72d..3061b1ea4aa 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html
@@ -46,7 +46,7 @@
     CERN users who can exploit this module. 
 
     
            More information on the 
+    href="http://www.w3.org/Daemon/User/Config/General.html#MetaDir">
     CERN metafile semantics is available.
            
 
     
            Directives
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.en b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.en
index 5616f5a5c73..8b21039fb40 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.en
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.en
@@ -164,7 +164,7 @@
 
     
            This log will be opened as the user the child processes run
     as, ie. the user specified in the main User directive. This means that
+    href="core.html#user">User directive. This means that
     either the directory the script log is in needs to be writable
     by that user or the file needs to be manually created and set
     to be writable by that user. If you place the script log in
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.html
index ddd4c01f610..74435a72ed7 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.html
@@ -166,7 +166,7 @@
 
     
            This log will be opened as the user the child processes run
     as, ie. the user specified in the main User directive. This means that
+    href="core.html#user">User directive. This means that
     either the directory the script log is in needs to be writable
     by that user or the file needs to be manually created and set
     to be writable by that user. If you place the script log in
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.ja.jis
index 766c060f6ba..0253eb2c50d 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html.ja.jis
@@ -1,13 +1,13 @@
 
 
-
+
   
 
     Apache module mod_cgi
 
   
-  
+  
   
   
@@ -36,7 +36,7 @@
     であるか、ハンドラ cgi-script (Apache 1.1 以降)
     が指定されているファイルは CGI スクリプトとして扱われ、
     サーバにより実行され、その出力がクライアントに返されます。
-    ファイルは、AddType
+    ファイルは、AddType
     ディレクティブに指定された 拡張子を名前に含むか、
     ScriptAlias
     ディレクトリに存在することによりこのタイプになります。
@@ -164,7 +164,7 @@
     サーバルートからの相対パスとして扱われます。
            
 
     
            このログは子プロセスが実行されているユーザとしてオープンされます。
-    すなわち、User ディレクティブで指定された
+    すなわち、User ディレクティブで指定された
     ユーザです。これは、スクリプトログが書かれるディレクトリがそのユーザで
     書き込み可能か、スクリプトファイルが手動で作成され、そのユーザで
     書き込み可能になっている必要があるということです。スクリプトログを
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html.ja.jis
index 959208cba45..cd47bba8427 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html.ja.jis
@@ -111,7 +111,7 @@
     
            
     とした場合、index.htmlindex.txt
     のどちらもディレクトリ内で存在しない場合、CGI スクリプト
-    /cgi-bin/index.pl が実行されます。
            
+    /cgi-bin/index.pl が実行されます。
 
         
            
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_env.html.ja.jis
index 730ad5242b6..b36df77da35 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_env.html.ja.jis
@@ -30,7 +30,7 @@
      モジュール識別子:
     env_module
            
-     互換性:
     Apache 1.1 以降で使用可能。
            
 
@@ -70,7 +70,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_env
            
-     互換性: PassEnv は Apache 1.1
     以降でのみ使用可能。ディレクトリ、.htaccess での使用は
     Apache 1.3.7 以降で使用可能。
            
@@ -96,7 +96,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_env
            
-     互換性: SetEnv は Apache 1.1
     以降でのみ使用可能。ディレクトリ、.htaccess での使用は
     Apache 1.3.7 以降で使用可能。
            
@@ -122,7 +122,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_env
            
-     互換性: UnsetEnv は Apache 1.1
     以降でのみ使用可能。ディレクトリ、.htaccess での使用は
     Apache 1.3.7 以降で使用可能。
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html b/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html
index 366173a7a88..c930f62bc24 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html
@@ -30,7 +30,7 @@
      Module Identifier:
     imap_module
            
-     Compatibility: Available in
     Apache 1.1 and later.
            
 
@@ -230,8 +230,8 @@
       used as the text:
            
        <a
       HREF="http://foo.com/">http://foo.com</a>
            
-       It is impossible to escape double quotes within this
-      text.
+       If you want to use double quotes within this text, you have to
+       write them as &quot;.
     
 
     
            Example Mapfile
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html b/usr.sbin/httpd/htdocs/manual/mod/mod_include.html
index d77d9e1d43e..905188fcf8d 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_include.html
@@ -401,6 +401,11 @@ Options +Includes
 
       
            The last modification date of the document requested by
       the user.
            
+
+      
            USER_NAME
            
+    
+      
            Contains the owner of the file which included it.
            
+
     
 
     
            Variable Substitution
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en
index 4a0b92a73ab..7aa1a13c4b1 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.en
@@ -31,7 +31,7 @@
      Module Identifier:
     info_module
            
-     Compatibility: Available in
     Apache 1.1 and later.
            
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.html b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.html
index 8bfc88ba822..9175e2ed4da 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.html
@@ -33,7 +33,7 @@
      Module Identifier:
     info_module
            
-     Compatibility: Available in
     Apache 1.1 and later.
            
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.ja.jis
index 48362b3fc6d..e9cfdfcb166 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html.ja.jis
@@ -7,7 +7,7 @@
     Apache module mod_info
 
   
-  
+  
   
   
@@ -31,7 +31,7 @@
      モジュール識別子:
     info_module
            
-     互換性:
     Apache 1.1 以降で使用可能。
            
 
@@ -55,7 +55,7 @@ SetHandler server-info
     ディレクティブの中に <Limit>
     節を入れるとよいかもしれません。
 
-    
            一旦設定すると、http://your.host.dom/server-info
+    
            いったん設定すると、http://your.host.dom/server-info
     をアクセスするとサーバの情報を得られるようになります。
            
 
     
            
@@ -69,11 +69,19 @@ SetHandler server-info
       ディレクティブを参照してください)。
       でなければ、ディレクティブの設定は表示されません。
            
       
            mod_info
-      がサーバに組み込まれている場合は、ディレクトリのファイル
+      がサーバに組み込まれている場合は、ディレクトリごとのファイル
       (例えば、.htaccess) を含むすべての設定ファイルで
       ハンドラを使用可能であるということにも注意してください。
       これは、あなたのサイトではセキュリティに関連した問題があるかもしれません。
       
            
+
+      
            特に、このモジュールはシステムパス、ユーザ名/パスワード、
+      データベース名など、他の Apache モジュールの設定ディレクティブから
+      慎重に扱われるべき情報を漏らしてしまう可能性があります。
+      このモジュールがそのように動作するため、情報の流出を防ぐ方法はありません。
+      ですから、このモジュールはきちんとアクセス制御された環境でのみ
+      注意して使ってください。
            
+
     
            
     
            
 
@@ -89,7 +97,7 @@ SetHandler server-info
     rel="help">ステータス: Extension
            
      モジュール: mod_info
            
-     互換性: Apache 1.3 以降。
 
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html
index 66a52da7946..71992b7b0f4 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html
@@ -50,7 +50,7 @@
 
       
            authuser
            
 
-      
            If the request was for an password protected document,
+      
            If the request was for a password protected document,
       then this is the userid used in the request.
            
 
       
            date
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html
index f27e1063915..31161b56b1f 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html
@@ -118,7 +118,7 @@
       
            `|' followed by a command
            
 
       
            A program to receive the referrer log information on its
-      standard input. Note the a new program will not be started
+      standard input. Note that a new program will not be started
       for a VirtualHost if it inherits the RefererLog from the main
       server.
            
     
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.en b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.en
index 680470b08a0..ef3c5415c26 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.en
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.en
@@ -423,7 +423,7 @@
     directive
     Syntax: ForceType
-    media-type
            
+    media-type|None
            
      Context: directory,
     .htaccess
            
@@ -448,6 +448,21 @@
     
            Note that this will override any filename extensions that
     might determine the media type.
            
 
+    
            You can override any ForceType setting
+    by using the value of none:
            
+
+
            +    # force all files to be image/gif:
+    <Location /images>
+      ForceType image/gif
+    </Location>
+
+    # but normal mime-type associations here:
+    <Location /images/mixed>
+      ForceType none
+    </Location>
+
            
+
     
            See also: AddType
            
 
@@ -459,7 +474,7 @@
     rel="Help">Syntax: RemoveEncoding
     extension [extension] ...
            
      Context: directory,
+    rel="Help">Context: virtual host, directory,
     .htaccess
            
      Status: Base
            
@@ -506,7 +521,7 @@
     rel="Help">Syntax: RemoveHandler
     extension [extension] ...
            
      Context: directory,
+    rel="Help">Context: virtual host, directory,
     .htaccess
            
      Status: Base
            
@@ -548,7 +563,7 @@
     rel="Help">Syntax: RemoveType
     extension [extension] ...
            
      Context: directory,
+    rel="Help">Context: virtual host, directory,
     .htaccess
            
      Status: Base
            
@@ -588,7 +603,7 @@
     directive
     Syntax: SetHandler
-    handler-name
            
+    handler-name|None
            
      Context: directory,
     .htaccess
            
@@ -623,6 +638,9 @@
     </Location>
 
 
+    
            You can override an earlier defined SetHandler
+    directive by using the value None.
            
+
     
            See also: AddHandler
            
     
            
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.html
index 5b2da0a774b..810ee5d3e0f 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.html
@@ -425,7 +425,7 @@
     directive
     Syntax: ForceType
-    media-type
            
+    media-type|None
            
      Context: directory,
     .htaccess
            
@@ -450,6 +450,21 @@
     
            Note that this will override any filename extensions that
     might determine the media type.
            
 
+    
            You can override any ForceType setting
+    by using the value of none:
            
+
+
            +    # force all files to be image/gif:
+    <Location /images>
+      ForceType image/gif
+    </Location>
+
+    # but normal mime-type associations here:
+    <Location /images/mixed>
+      ForceType none
+    </Location>
+
            
+
     
            See also: AddType
            
 
@@ -461,7 +476,7 @@
     rel="Help">Syntax: RemoveEncoding
     extension [extension] ...
            
      Context: directory,
+    rel="Help">Context: virtual host, directory,
     .htaccess
            
      Status: Base
            
@@ -508,7 +523,7 @@
     rel="Help">Syntax: RemoveHandler
     extension [extension] ...
            
      Context: directory,
+    rel="Help">Context: virtual host, directory,
     .htaccess
            
      Status: Base
            
@@ -550,7 +565,7 @@
     rel="Help">Syntax: RemoveType
     extension [extension] ...
            
      Context: directory,
+    rel="Help">Context: virtual host, directory,
     .htaccess
            
      Status: Base
            
@@ -590,7 +605,7 @@
     directive
     Syntax: SetHandler
-    handler-name
            
+    handler-name|None
            
      Context: directory,
     .htaccess
            
@@ -625,6 +640,9 @@
     </Location>
 
 
+    
            You can override an earlier defined SetHandler
+    directive by using the value None.
            
+
     
            See also: AddHandler
            
     
            
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.ja.jis
index 131cca441cf..eaf912c21c9 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html.ja.jis
@@ -7,7 +7,7 @@
     Apache module mod_mime
 
   
-  
+  
   
   
@@ -140,7 +140,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_mime
            
-     互換性: AddCharset は
     Apache 1.3.10 以降でのみ使用可能。
 
@@ -243,7 +243,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_mime
            
-     互換性: AddHandler は
     Apache 1.1 以降でのみ使用可能。
            
     
            AddHandler は、拡張子 extensionステータス: Base
            
      モジュール: mod_mime
            
-     互換性: DefaultLanguage は
     Apache 1.3.4 以降でのみ使用可能。
            
 
@@ -425,7 +425,7 @@
     ディレクティブ
      構文: ForceType
-    media-type
            
+    media-type|None
            
      コンテキスト:
     ディレクトリ、.htaccess
            
@@ -433,7 +433,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_mime
            
-     互換性: ForceType は
     Apache 1.1 以降でのみ使用可能。
 
@@ -450,6 +450,23 @@
     
            これは、メディアタイプを決定するかもしれないすべての拡張子を
     上書きすることに注意してください。
            
 
+    
            値を none に設定することで、
+    以前の ForceType のすべての設定を上書きすることも
+    できます:
            
+
+
            +    # force all files to be image/gif:
+    <Location /images>
+      ForceType image/gif
+    </Location>
+
+    # but normal mime-type associations here:
+    <Location /images/mixed>
+      ForceType none
+    </Location>
+
            
+
+
     
            参照: AddType
            
     
            
@@ -461,12 +478,12 @@
     extension [extension] ...
            
      コンテキスト:
-    ディレクトリ、.htaccess
            
+    バーチャルホスト、ディレクトリ、.htaccess
            
      ステータス: Base
            
      モジュール: mod_mime
            
-     互換性: RemoveEncoding は
     Apache 1.3.13 以降でのみ使用可能。
 
@@ -508,12 +525,12 @@
     extension [extension] ...
            
      コンテキスト:
-    ディレクトリ、.htaccess
            
+    バーチャルホスト、ディレクトリ、.htaccess
            
      ステータス: Base
            
      モジュール: mod_mime
            
-     互換性: RemoveHandler は
     Apache 1.3.4 以降でのみ使用可能。
 
@@ -550,12 +567,12 @@
     extension [extension] ...
            
      コンテキスト:
-    ディレクトリ、.htaccess
            
+    バーチャルホスト、ディレクトリ、.htaccess
            
      ステータス: Base
            
      モジュール: mod_mime
            
-     互換性: RemoveType は
     Apache 1.3.13 以降でのみ使用可能。
 
@@ -589,7 +606,7 @@
     ディレクティブ
      構文: SetHandler
-    handler-name
            
+    handler-name|None
            
      コンテキスト:
     ディレクトリ、.htaccess
            
@@ -597,7 +614,7 @@
     rel="help">ステータス: Base
            
      モジュール: mod_mime
            
-     互換性: SetHandler は
     Apache 1.1 以降でのみ使用可能。
 
@@ -624,6 +641,10 @@
     </Location>
 
 
+    
            値を None にすることで、
+    以前の SetHandler ディレクティブの定義を上書きすることが
+    できます。
            
+
     
            参照: AddHandler
            
 
     
            
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html
index 09b867ae544..3c8721d73bf 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html
@@ -31,7 +31,7 @@
      Module Identifier:
     mmap_static_module
            
-     Compatibility: Available in
     Apache 1.3 and later.
            
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html.ja.jis
index 48b9b71f745..5e71a2be426 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html.ja.jis
@@ -165,7 +165,7 @@
      モジュール:
      mod_negotiation
            
-     互換性:
     CacheNegotiatedDocs は Apache 1.1 以降でのみ使用可能。
            
     
            このディレクティブが設定されていると、コンテントネゴシエーション
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html b/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html
index dae61107da6..341426057cc 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html
@@ -398,7 +398,8 @@
       rel="Help">Syntax: RewriteOptions
       Option
            
        Default: None
            
+      rel="Help">Default: RewriteOptions
+      MaxRedirects=10
            
        Context: server config,
       virtual host, directory, .htaccess
            
@@ -410,23 +411,32 @@
       rel="Help">Module: mod_rewrite.c
            
        Compatibility: Apache
-      1.2
            
-       
+      1.2; MaxRedirects is available in Apache 1.3.28 and
+      later
            
+
 
       
            The RewriteOptions directive sets some
       special options for the current per-server or per-directory
       configuration. The Option strings can be one of the
       following:
            
 
-      
              
-        
            • 'inherit'
              
-         This forces the current configuration to inherit the
-        configuration of the parent. In per-virtual-server context
-        this means that the maps, conditions and rules of the main
-        server are inherited. In per-directory context this means
-        that conditions and rules of the parent directory's
-        .htaccess configuration are inherited.
              • 
-      
            
+      
            
+      
            inherit
            
+      
            This forces the current configuration to inherit the
+      configuration of the parent. In per-virtual-server context
+      this means that the maps, conditions and rules of the main
+      server are inherited. In per-directory context this means
+      that conditions and rules of the parent directory's
+      .htaccess configuration are inherited.
            
+
+      
            MaxRedirects=number
            
+      
            In order to prevent endless loops of internal redirects
+      issued by per-directory RewriteRules,
+      mod_rewrite aborts the request after reaching a
+      maximum number of such redirects and responds with an 500 Internal
+      Server Error. If you really need more internal redirects than 10
+      per request, you may increase the default to the desired value.
            
+      
            
       
            
 
       
            RewriteLog
            
@@ -462,7 +472,7 @@
         
          
       
          Level Level Description Example Description Example 
       
          
 
       
          
 
     
     
 
     
 
          
           Note: To disable the logging of
           rewriting actions it is not recommended to set
-          Filename to /dev/null, because
+          file-path to /dev/null, because
           although the rewriting engine does not then output to a
           logfile it still creates the logfile output internally.
           This will slow down the server with no advantage
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.en b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.en
index 661f625f60b..a34a4d0c885 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.en
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.en
@@ -63,18 +63,18 @@
     
          Directives
          
 
     
     
          
     
 
-    
          BrowserMatch
+    
          BrowserMatch
     directive
          
 
     
          Note that the regular expression string is
     case-sensitive. For case-INsensitive matching,
     see the BrowserMatchNoCase
+    href="#browsermatchnocase">BrowserMatchNoCase
     directive.
          
 
     
          The BrowserMatch and
     BrowserMatchNoCase directives are special cases of
-    the SetEnvIf and SetEnvIfNoCase
+    the SetEnvIf and SetEnvIfNoCase
     directives. The following two lines have the same effect:
          
 
              BrowserMatchNoCase Robot is_a_robot
@@ -149,8 +149,8 @@
     
          
     
 
-    
          BrowserMatchNoCase directive
          
+    
          BrowserMatchNoCase directive
          
 
     
          Syntax: BrowserMatchNoCase
@@ -185,7 +185,7 @@
 
     
          The BrowserMatch and
     BrowserMatchNoCase directives are special cases of
-    the SetEnvIf and SetEnvIf and SetEnvIfNoCase
     directives. The following two lines have the same effect:
          
 
          @@ -196,7 +196,7 @@
     
          
     
 
-    
          SetEnvIf
+    
          SetEnvIf
     directive
          
 
     
          
     
 
-    
          SetEnvIfNoCase
+    
          SetEnvIfNoCase
     directive
          
 
     
          
 
     
          The SetEnvIfNoCase is semantically identical to
-    the SetEnvIf directive,
+    the SetEnvIf directive,
     and differs only in that the regular expression matching is
     performed in a case-insensitive manner. For example:
          
 
          diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.html b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.html
index a75a51cbe85..2837e4619b9 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.html
@@ -65,18 +65,18 @@
     
          Directives
          
 
     
     
          
     
 
-    
          BrowserMatch
+    
          BrowserMatch
     directive
          
 
     
          Note that the regular expression string is
     case-sensitive. For case-INsensitive matching,
     see the BrowserMatchNoCase
+    href="#browsermatchnocase">BrowserMatchNoCase
     directive.
          
 
     
          The BrowserMatch and
     BrowserMatchNoCase directives are special cases of
-    the SetEnvIf and SetEnvIfNoCase
+    the SetEnvIf and SetEnvIfNoCase
     directives. The following two lines have the same effect:
          
 
              BrowserMatchNoCase Robot is_a_robot
@@ -151,8 +151,8 @@
     
          
     
 
-    
          BrowserMatchNoCase directive
          
+    
          BrowserMatchNoCase directive
          
 
     
          Syntax: BrowserMatchNoCase
@@ -187,7 +187,7 @@
 
     
          The BrowserMatch and
     BrowserMatchNoCase directives are special cases of
-    the SetEnvIf and SetEnvIf and SetEnvIfNoCase
     directives. The following two lines have the same effect:
          
 
          @@ -198,7 +198,7 @@
     
          
     
 
-    
          SetEnvIf
+    
          SetEnvIf
     directive
          
 
     
          
     
 
-    
          SetEnvIfNoCase
+    
          SetEnvIfNoCase
     directive
          
 
     
          
 
     
          The SetEnvIfNoCase is semantically identical to
-    the SetEnvIf directive,
+    the SetEnvIf directive,
     and differs only in that the regular expression matching is
     performed in a case-insensitive manner. For example:
          
 
          diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.ja.jis
index adba6912f04..493573c25ee 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html.ja.jis
@@ -7,7 +7,7 @@
     Apache module mod_setenvif
 
   
-  
+  
   
   
@@ -31,7 +31,7 @@
      モジュール識別子:
     setenvif_module
          
-     互換性:
     Apache 1.3 以降で使用可能。
          
 
@@ -92,7 +92,7 @@
     rel="help">ステータス: Base
          
      モジュール: mod_setenvif
          
-     互換性: Apache 1.2 以上
     (このディレクティブは Apache 1.2 では、今では obsolete になっている
     mod_browser モジュールにありました)。.htaccess ファイルでの使用は
@@ -167,7 +167,7 @@
     rel="help">ステータス: Base
          
      モジュール: mod_setenvif
          
-     互換性: Apache 1.2 以上
     (このディレクティブは Apache 1.2 では、今では obsolete になっている
     mod_browser モジュールにありました)。.htaccess ファイルでの使用は
@@ -214,7 +214,7 @@
     rel="help">ステータス: Base
          
      モジュール: mod_setenvif
          
-     互換性: Apache 1.3 以上。
     Request_Protocol キーワードと環境変数のマッチは 1.3.7
     以降でのみ使用可能。.htaccess ファイルでの使用は
@@ -306,7 +306,7 @@
     rel="help">ステータス: Base
          
      モジュール: mod_setenvif
          
-     互換性: Apache 1.3 以上。
     Request_Protocol キーワードと環境変数のマッチは 1.3.7
     以降でのみ使用可能。.htaccess ファイルでの使用は
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.en b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.en
index c1c4a74d1e4..4e81065380e 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.en
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.en
@@ -185,6 +185,11 @@
     name of the module, the LoadModule directive requires the exact
     filename, no assumption is made about the filename
     extension.
          
+
+    
          See also: AddModule and ClearModuleList
          
+ 
         
          
 
     
          Apache HTTP Server Version 1.3
          
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.html b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.html
index 3eaee69ba28..21b2835e39a 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.html
@@ -187,6 +187,11 @@
     name of the module, the LoadModule directive requires the exact
     filename, no assumption is made about the filename
     extension.
          
+
+    
          See also: AddModule and ClearModuleList
          
+ 
         
          
 
     
          Apache HTTP Server Version 1.3
          
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.ja.jis
index 4df232d945d..9bde47abaaa 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html.ja.jis
@@ -7,7 +7,7 @@
     Apache module mod_so
 
   
-  
+  
   
   
@@ -31,7 +31,7 @@
      モジュール識別子:
     so_module
          
-     互換性:
     Apache 1.3 以降で使用可能。
          
 
@@ -162,7 +162,7 @@
     Module はファイル中の module
     型の外部変数の名前で、モジュールのドキュメントに
     モジュール識別子として書かれているものです。例 
+    >モジュール識別子として書かれているものです。例
     (Unix と Apache 1.3.15 以降の Windows):
          
 
     
          
@@ -170,7 +170,7 @@
     
          
 
     
          例 (Apache 1.3.15 以前の
-    Windows、サードパーティモジュールの一部):
          
+    Windows, サードパーティモジュールの一部):
          
 
     
          
       LoadModule foo_module modules/ApacheModuleFoo.dll
          
@@ -192,5 +192,10 @@
     Index
     Home
 
+
+    
          参照: AddModuleClearModuleList
          
+
   
 
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html.ja.jis b/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html.ja.jis
index 5293ad9eaae..c209f83fcdc 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html.ja.jis
@@ -32,7 +32,7 @@
      モジュール識別子:
     speling_module
          
-     互換性: Apache 1.3
     以降で使用可能。Apache 1.1 以降では外部モジュールとして使用可能。
     
          
@@ -46,8 +46,9 @@
     リクエストに合うドキュメントを見つけようとすることによりこの問題の
     解決を試みます。このモジュールはリクエストされたディレクトリにある
     それぞれのドキュメントの名前と、リクエストされたドキュメントの名前とを
-    大文字小文字の区別を無視し一文字までの
-    綴りの間違い (文字の挿入/省略/隣合う文字の置換、間違った文字)
+    大文字小文字の区別を無視し、
+    一文字までの綴りの間違い
+    (文字の挿入/省略/隣合う文字の置換、間違った文字)
     を許可して比較することにより、目的を達成しようとします。
     この方法でリクエストに合うドキュメントの一覧が作成されます。
          
 
@@ -91,7 +92,7 @@
     rel="help">ステータス: Base
          
      モジュール: mod_speling
          
-     互換性: CheckSpelling は
     Apache 1.1 では外部のモジュールとして使用可能でしたが、
     大文字小文字の違いを修正する機能のみでした。Apache 1.3 では
@@ -105,8 +106,8 @@
 
     
     
          
 
@@ -63,7 +63,7 @@
       
          Base
          
 
       
          ステータスが "Base"
-      のモジュールは、デフォルトでコンパイルされてわざわざ設定から
+      のモジュールは、デフォルトでコンパイルされて、わざわざ設定から
       モジュールを削除していない限り、通常は利用可能です。
       
          
 
@@ -109,7 +109,7 @@
     
          
     
          
 
-    
          互換性
          
+    
          互換性
          
 
     
          あるモジュールが Apache バージョン 1
     の配布に含まれていなかった場合、
diff --git a/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.en b/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.en
index 93ecc75108d..7adbea08157 100644
--- a/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.en
+++ b/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.en
@@ -226,7 +226,7 @@
       APACI installs the Apache C header files together with the
       apxs tool.
 
-      
          Default Apache
+      
          Default Apache
       directory path changed to
       /usr/local/apache/
          
       
          
@@ -307,9 +307,9 @@
       
 
       
          The addition of SetEnvIf
+      href="mod/mod_setenvif.html#setenvif">SetEnvIf
       and SetEnvIfNoCase.
+      href="mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase.
       These allow you to set environment variables for server and
       CGI use based upon attributes of the request.
          
 
@@ -459,7 +459,7 @@
           
        • Starting with 1.3.15, the server will satisfy
           directory requests with the cache controls ETag and
           LastModified, if IndexOptions includes the TrackModified
+          href="mod/mod_autoindex.html#indexoptions:trackmodified">TrackModified
           directive. The server will not need to generate the
           listing if the client determines the request has not
           changed, improving performance. Due to its experimental
diff --git a/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.html b/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.html
index 3a08fa12ca1..fa4f96d4892 100644
--- a/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.html
+++ b/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.html
@@ -228,7 +228,7 @@
       APACI installs the Apache C header files together with the
       apxs tool.
 
-      
          Default Apache
+      
          Default Apache
       directory path changed to
       /usr/local/apache/
          
       
          
@@ -309,9 +309,9 @@
       
 
       
          The addition of SetEnvIf
+      href="mod/mod_setenvif.html#setenvif">SetEnvIf
       and SetEnvIfNoCase.
+      href="mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase.
       These allow you to set environment variables for server and
       CGI use based upon attributes of the request.
          
 
@@ -461,7 +461,7 @@
           
        • Starting with 1.3.15, the server will satisfy
           directory requests with the cache controls ETag and
           LastModified, if IndexOptions includes the TrackModified
+          href="mod/mod_autoindex.html#indexoptions:trackmodified">TrackModified
           directive. The server will not need to generate the
           listing if the client determines the request has not
           changed, improving performance. Due to its experimental
diff --git a/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.ja.jis b/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.ja.jis
index 230f806ae33..2a364681188 100644
--- a/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/new_features_1_3.html.ja.jis
@@ -7,7 +7,7 @@
     New features with Apache 1.3
 
   
-  
+  
   
   
@@ -226,7 +226,7 @@
       これを達成するために、APACI は Apache の C のヘッダファイルを
       apxs と一緒にインストールします。
 
-      
          Apache
+      
          Apache
       のデフォルトディレクトリパスを /usr/local/apache/
       へ変更
          
       
          
@@ -458,7 +458,7 @@
           と同じ効果になるようになりました。
          • 
 
           
        • 1.3.15 からは、IndexOptions に TrackModifiedTrackModified ディレクティブが含まれている場合は、サーバはディレクトリの
           リクエストを受けたときに、キャッシュを制御する ETag と LastModified
           を付けて返します。そのリクエストが変更されていないとクライアント
diff --git a/usr.sbin/httpd/htdocs/manual/readme-tpf.html b/usr.sbin/httpd/htdocs/manual/readme-tpf.html
index 5f1c27cbb3c..fffdc5582e2 100644
--- a/usr.sbin/httpd/htdocs/manual/readme-tpf.html
+++ b/usr.sbin/httpd/htdocs/manual/readme-tpf.html
@@ -51,6 +51,9 @@
     "Off" (the default is "On") or lowering the Timeout value from
     the default 300 seconds (5 minutes) in order to reduce the
     number of active ECBs on your system.
          
+
+    
          Apache on TPF does not support listening on multiple ports.
          
+
       
 
     
          
@@ -114,7 +117,7 @@
 
       
        • mod_access.c (Use of mod_access directives
       "allow from" & "deny from"
-      with host names (verses ip addresses) requires
+      with host names (versus ip addresses) requires
       PUT10) 
          • 
 
       
        • mod_actions.c 
          • 
diff --git a/usr.sbin/httpd/htdocs/manual/suexec.html.en b/usr.sbin/httpd/htdocs/manual/suexec.html.en
index e208ce88869..35359a9cb8b 100644
--- a/usr.sbin/httpd/htdocs/manual/suexec.html.en
+++ b/usr.sbin/httpd/htdocs/manual/suexec.html.en
@@ -91,16 +91,16 @@
     developers as well as numerous beta testers. Every precaution
     has been taken to ensure a simple yet solidly safe base of
     code. Altering this code can cause unexpected problems and new
-    security risks. It is highly recommended you
-    not alter the suEXEC code unless you are well versed in the
-    particulars of security programming and are willing to share
+    security risks. It is highly recommended that
+    you do not alter the suEXEC code unless you are well versed in 
+    the particulars of security programming and are willing to share
     your work with the Apache Group for consideration.
          
 
     
          Fourth, and last, it has been the decision of
     the Apache Group to NOT make suEXEC part of
     the default installation of Apache. To this end, suEXEC
-    configuration requires of the administrator careful attention
-    to details. After due consideration has been given to the
+    configuration requires careful attention to details from the
+    administrator. After due consideration has been given to the
     various settings for suEXEC, the administrator may install
     suEXEC through normal installation methods. The values for
     these settings need to be carefully determined and specified by
@@ -348,7 +348,7 @@
       
          • 
     
 
-    
          This is the standard operation of the the
+    
          This is the standard operation of the
     suEXEC wrapper's security model. It is somewhat stringent and
     can impose new limitations and guidelines for CGI/SSI design,
     but it was developed carefully step-by-step with security in
@@ -558,7 +558,7 @@
     
          NOTE! This section may not be
     complete. For the latest revision of this section of the
     documentation, see the Apache Group's Online
+    href="http://httpd.apache.org/docs/suexec.html">Online
     Documentation version.
          
 
     
          There are a few points of interest regarding
diff --git a/usr.sbin/httpd/htdocs/manual/suexec.html.html b/usr.sbin/httpd/htdocs/manual/suexec.html.html
index 3e785675b6e..2dc1163d891 100644
--- a/usr.sbin/httpd/htdocs/manual/suexec.html.html
+++ b/usr.sbin/httpd/htdocs/manual/suexec.html.html
@@ -93,16 +93,16 @@
     developers as well as numerous beta testers. Every precaution
     has been taken to ensure a simple yet solidly safe base of
     code. Altering this code can cause unexpected problems and new
-    security risks. It is highly recommended you
-    not alter the suEXEC code unless you are well versed in the
-    particulars of security programming and are willing to share
+    security risks. It is highly recommended that
+    you do not alter the suEXEC code unless you are well versed in 
+    the particulars of security programming and are willing to share
     your work with the Apache Group for consideration.
          
 
     
          Fourth, and last, it has been the decision of
     the Apache Group to NOT make suEXEC part of
     the default installation of Apache. To this end, suEXEC
-    configuration requires of the administrator careful attention
-    to details. After due consideration has been given to the
+    configuration requires careful attention to details from the
+    administrator. After due consideration has been given to the
     various settings for suEXEC, the administrator may install
     suEXEC through normal installation methods. The values for
     these settings need to be carefully determined and specified by
@@ -350,7 +350,7 @@
       
     
 
-    
          This is the standard operation of the the
+    
          This is the standard operation of the
     suEXEC wrapper's security model. It is somewhat stringent and
     can impose new limitations and guidelines for CGI/SSI design,
     but it was developed carefully step-by-step with security in
@@ -560,7 +560,7 @@
     
          NOTE! This section may not be
     complete. For the latest revision of this section of the
     documentation, see the Apache Group's Online
+    href="http://httpd.apache.org/docs/suexec.html">Online
     Documentation version.
          
 
     
          There are a few points of interest regarding
diff --git a/usr.sbin/httpd/htdocs/manual/suexec.html.ja.jis b/usr.sbin/httpd/htdocs/manual/suexec.html.ja.jis
index 92e9fe6c359..605277a3d20 100644
--- a/usr.sbin/httpd/htdocs/manual/suexec.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/suexec.html.ja.jis
@@ -7,7 +7,7 @@
     Apache suEXEC Support
 
   
-  
+  
   
   
@@ -386,7 +386,7 @@
       
          このオプションは、デフォルトではインストールされず、
       有効にはならない suEXEC 機能を有効にします。
       suEXEC を使うように APACI に要求するには、--enable-suexec
-      オプションにあわせて少なくとも一つは --suexec-xxxxx
+      オプションとあわせて少なくとも一つは --suexec-xxxxx
       オプションが指定されなければなりません。
          
 
       
          --suexec-caller=UID
          
@@ -399,7 +399,7 @@
 
       
          Apache のドキュメントルートを設定します。これが suEXEC
       の動作で使用する唯一のディレクトリ階層になります (UserDir
-      の指定は別)。デフォルトでは --datedir に "/htdocs"
+      の指定は別)。デフォルトでは --datadir に "/htdocs"
       というサフィックスをつけたものです。
       "--datadir=/home/apache" として設定すると、
       suEXEC wrapper にとって "/home/apache/htdocs"
@@ -557,7 +557,7 @@
 
     
          注意!
     この章は完全ではありません。この章の最新改訂版については、
-    Apache グループの
+    Apache グループの
     オンラインドキュメント版を参照してください。
     
          
 
diff --git a/usr.sbin/httpd/htdocs/manual/urlmapping.html b/usr.sbin/httpd/htdocs/manual/urlmapping.html
index 64a2e80d074..09dd304ec93 100644
--- a/usr.sbin/httpd/htdocs/manual/urlmapping.html
+++ b/usr.sbin/httpd/htdocs/manual/urlmapping.html
@@ -92,7 +92,7 @@
     href="mod/core.html#documentroot">DocumentRoot specified in
     your configuration files. Therefore, the files and directories
     underneath the DocumentRoot make up the basic
-    document tree which will be visible from the web.
          
+    document tree that will be visible from the web.
          
 
     
          Apache is also capable of Virtual
     Hosting, where the server receives requests for more than
@@ -237,12 +237,12 @@
       http://www.example.com/startpage.html
     
          
 
-    
          Alternatively, to temporarily redirect all pages on a site
-    to one particular page, use the following:
          
+    
          Alternatively, to temporarily redirect all pages on one site
+    to a particular page on another site, use the following:
          
 
     
          
       RedirectMatch temp .*
-      http://www.example.com/startpage.html
+      http://othersite.example.com/startpage.html
     
          
 
     
          Rewriting Engine
          
@@ -283,7 +283,7 @@
     
          An especially useful feature of mod_speling, is that it will
     compare filenames without respect to case. This can help
     systems where users are unaware of the case-sensitive nature of
-    URLs and the unix filesystem. But using mod_speling for
+    URLs and the Unix filesystem. But using mod_speling for
     anything more than the occasional URL correction can place
     additional load on the server, since each "incorrect" request
     is followed by a URL redirection and a new request from the
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts-in-depth.html b/usr.sbin/httpd/htdocs/manual/vhosts-in-depth.html
new file mode 100644
index 00000000000..0f87f775ed6
--- /dev/null
+++ b/usr.sbin/httpd/htdocs/manual/vhosts-in-depth.html
@@ -0,0 +1,398 @@
+
+
+An In-Depth Discussion of VirtualHost Matching
+
+
+
+
+
          
+ [APACHE DOCUMENTATION]
+ 
          
+  Apache HTTP Server Version 1.2
+ 
          
+
          
+
+
          An In-Depth Discussion of VirtualHost Matching
          
+
+
          This is a very rough document that was probably out of date the moment
+it was written.  It attempts to explain exactly what the code does when
+deciding what virtual host to serve a hit from.  It's provided on the
+assumption that something is better than nothing.  The server version
+under discussion is Apache 1.2.
+
+
          If you just want to "make it work" without understanding
+how, there's a What Works section at the bottom.
+
+
          Config File Parsing
          
+
+
          There is a main_server which consists of all the definitions appearing
+outside of VirtualHost sections.  There are virtual servers,
+called vhosts, which are defined by
+VirtualHost
+sections.
+
+
          The directives
+Port,
+ServerName,
+ServerPath,
+and
+ServerAlias
+can appear anywhere within the definition of
+a server.  However, each appearance overrides the previous appearance
+(within that server).
+
+
          The default value of the Port field for main_server
+is 80.  The main_server has no default ServerName,
+ServerPath, or ServerAlias.
+
+
          In the absence of any
+Listen
+directives, the (final if there
+are multiple) Port directive in the main_server indicates
+which port httpd will listen on.
+
+
           The Port and ServerName directives for
+any server main or virtual are used when generating URLs such as during
+redirects.
+
+
           Each address appearing in the VirtualHost directive
+can have an optional port.  If the port is unspecified it defaults to
+the value of the main_server's most recent Port statement.
+The special port * indicates a wildcard that matches any port.
+Collectively the entire set of addresses (including multiple
+A record
+results from DNS lookups) are called the vhost's address set.
+
+
           The magic _default_ address has significance during
+the matching algorithm.  It essentially matches any unspecified address.
+
+
           After parsing the VirtualHost directive, the vhost server
+is given a default Port equal to the port assigned to the
+first name in its VirtualHost directive.  The complete
+list of names in the VirtualHost directive are treated
+just like a ServerAlias (but are not overridden by any
+ServerAlias statement).  Note that subsequent Port
+statements for this vhost will not affect the ports assigned in the
+address set.
+
+
          
+All vhosts are stored in a list which is in the reverse order that
+they appeared in the config file.  For example, if the config file is:
+
+
          +    <VirtualHost A>
+    ...
+    </VirtualHost>
+
+    <VirtualHost B>
+    ...
+    </VirtualHost>
+
+    <VirtualHost C>
+    ...
+    </VirtualHost>
+
          
+
+Then the list will be ordered: main_server, C, B, A.  Keep this in mind.
+
+
          
+After parsing has completed, the list of servers is scanned, and various
+merges and default values are set.  In particular:
+
+
            
+
          1. If a vhost has no
+    ServerAdmin,
+    ResourceConfig,
+    AccessConfig,
+    Timeout,
+    KeepAliveTimeout,
+    KeepAlive,
+    MaxKeepAliveRequests,
+    or
+    SendBufferSize
+    directive then the respective value is
+    inherited from the main_server.  (That is, inherited from whatever
+    the final setting of that value is in the main_server.)
+
+
          2. The "lookup defaults" that define the default directory
+    permissions 
+    for a vhost are merged with those of the main server.  This includes
+    any per-directory configuration information for any module.
+
+
          3. The per-server configs for each module from the main_server are
+    merged into the vhost server.
+
          
+
+Essentially, the main_server is treated as "defaults" or a
+"base" on
+which to build each vhost.  But the positioning of these main_server
+definitions in the config file is largely irrelevant -- the entire
+config of the main_server has been parsed when this final merging occurs.
+So even if a main_server definition appears after a vhost definition
+it might affect the vhost definition.
+
+
           If the main_server has no ServerName at this point,
+then the hostname of the machine that httpd is running on is used
+instead.  We will call the main_server address set those IP
+addresses returned by a DNS lookup on the ServerName of
+the main_server.
+
+
           Now a pass is made through the vhosts to fill in any missing
+ServerName fields and to classify the vhost as either
+an IP-based vhost or a name-based vhost.  A vhost is
+considered a name-based vhost if any of its address set overlaps the
+main_server (the port associated with each address must match the
+main_server's Port).  Otherwise it is considered an IP-based
+vhost.
+
+
           For any undefined ServerName fields, a name-based vhost
+defaults to the address given first in the VirtualHost
+statement defining the vhost.  Any vhost that includes the magic
+_default_ wildcard is given the same ServerName as
+the main_server.  Otherwise the vhost (which is necessarily an IP-based
+vhost) is given a ServerName based on the result of a reverse
+DNS lookup on the first address given in the VirtualHost
+statement.
+
+
          
+
+
          Vhost Matching
          
+
+
          
+The server determines which vhost to use for a request as follows:
+
+
           find_virtual_server: When the connection is first made
+by the client, the local IP address (the IP address to which the client
+connected) is looked up in the server list.  A vhost is matched if it
+is an IP-based vhost, the IP address matches and the port matches
+(taking into account wildcards).
+
+
           If no vhosts are matched then the last occurrence, if it appears,
+of a _default_ address (which if you recall the ordering of the
+server list mentioned above means that this would be the first occurrence
+of _default_ in the config file) is matched.
+
+
           In any event, if nothing above has matched, then the main_server is
+matched.
+
+
           The vhost resulting from the above search is stored with data
+about the connection.  We'll call this the connection vhost.
+The connection vhost is constant over all requests in a particular TCP/IP
+session -- that is, over all requests in a KeepAlive/persistent session.
+
+
           For each request made on the connection the following sequence of
+events further determines the actual vhost that will be used to serve
+the request.
+
+
           check_fulluri: If the requestURI is an absoluteURI, that
+is it includes http://hostname/, then an attempt is made to
+determine if the hostname's address (and optional port) match that of
+the connection vhost.  If it does then the hostname portion of the URI
+is saved as the request_hostname.  If it does not match, then the
+URI remains untouched.  Note: to achieve this address
+comparison, 
+the hostname supplied goes through a DNS lookup unless it matches the
+ServerName or the local IP address of the client's socket.
+
+
           parse_uri: If the URI begins with a protocol
+(i.e., http:, ftp:) then the request is
+considered a proxy request.  Note that even though we may have stripped
+an http://hostname/ in the previous step, this could still
+be a proxy request.
+
+
           read_request: If the request does not have a hostname
+from the earlier step, then any Host: header sent by the
+client is used as the request hostname.
+
+
           check_hostalias: If the request now has a hostname,
+then an attempt is made to match for this hostname.  The first step
+of this match is to compare any port, if one was given in the request,
+against the Port field of the connection vhost.  If there's
+a mismatch then the vhost used for the request is the connection vhost.
+(This is a bug, see observations.)
+
+
          
+If the port matches, then httpd scans the list of vhosts starting with
+the next server after the connection vhost.  This scan does not
+stop if there are any matches, it goes through all possible vhosts,
+and in the end uses the last match it found.  The comparisons performed
+are as follows:
+
+
            
+
          • Compare the request hostname:port with the vhost
+    ServerName and Port.
+
+
          • Compare the request hostname against any and all addresses given in
+    the VirtualHost directive for this vhost.
+
+
          • Compare the request hostname against the ServerAlias
+    given for the vhost.
+
          
+
+
          
+check_serverpath: If the request has no hostname
+(back up a few paragraphs) then a scan similar to the one
+in check_hostalias is performed to match any
+ServerPath directives given in the vhosts.  Note that the
+last match is used regardless (again consider the ordering of
+the virtual hosts).
+
+
          Observations
          
+
+
            
+
+
          • It is difficult to define an IP-based vhost for the machine's
+    "main IP address".  You essentially have to create a bogus
+    ServerName for the main_server that does not match the
+    machine's IPs.
+
+
          • During the scans in both check_hostalias and
+    check_serverpath no check is made that the vhost being
+    scanned is actually a name-based vhost.  This means, for example, that
+    it's possible to match an IP-based vhost through another address.  But
+    because the scan starts in the vhost list at the first vhost that
+    matched the local IP address of the connection, not all IP-based vhosts
+    can be matched.
+
+    
            Consider the config file above with three vhosts A, B, C.  Suppose
+    that B is a named-based vhost, and A and C are IP-based vhosts.  If
+    a request comes in on B or C's address containing a header
+    "Host: A" then
+    it will be served from A's config.  If a request comes in on A's
+    address then it will always be served from A's config regardless of
+    any Host: header.
+    
            
+
+
          • Unless you have a _default_ vhost,
+    it doesn't matter if you mix name-based vhosts in amongst IP-based
+    vhosts.  During the find_virtual_server phase above no
+    named-based vhost will be matched, so the main_server will remain the
+    connection vhost.  Then scans will cover all vhosts in the vhost list.
+
+    
            If you do have a _default_ vhost, then you cannot place
+    named-based vhosts after it in the config.  This is because on any
+    connection to the main server IPs the connection vhost will always be
+    the _default_ vhost since none of the name-based are 
+    considered during find_virtual_server.
+    
            
+
+
          • You should never specify DNS names in VirtualHost
+    directives because it will force your server to rely on DNS to boot.
+    Furthermore it poses a security threat if you do not control the
+    DNS for all the domains listed.
+    
+    There's more information
+    available on this and the next two topics.
            
+
+
          • ServerName should always be set for each vhost.  Otherwise
+    A DNS lookup is required for each vhost.
            
+
+
          • A DNS lookup is always required for the main_server's
+    ServerName (or to generate that if it isn't specified
+    in the config).
            
+
+
          • If a ServerPath directive exists which is a prefix of
+    another ServerPath directive that appears later in
+    the configuration file, then the former will always be matched
+    and the latter will never be matched.  (That is assuming that no
+    Host header was available to disambiguate the two.)
            
+
+
          • If a vhost that would otherwise be a name-vhost includes a
+    Port statement that doesn't match the main_server
+    Port then it will be considered an IP-based vhost.
+    Then find_virtual_server will match it (because
+    the ports associated with each address in the address set default
+    to the port of the main_server) as the connection vhost.  Then
+    check_hostalias will refuse to check any other name-based
+    vhost because of the port mismatch.  The result is that the vhost
+    will steal all hits going to the main_server address.
            
+
+
          • If two IP-based vhosts have an address in common, the vhost appearing
+    later in the file is always matched.  Such a thing might happen
+    inadvertently.  If the config has name-based vhosts and for some reason
+    the main_server ServerName resolves to the wrong address
+    then all the name-based vhosts will be parsed as ip-based vhosts.
+    Then the last of them will steal all the hits.
            
+
+
          • The last name-based vhost in the config is always matched for any hit
+    which doesn't match one of the other name-based vhosts.
            
+
+
          
+
+
          What Works
          
+
+
          In addition to the tips on the DNS
+Issues page, here are some further tips:
+
+
            
+
+
          • Place all main_server definitions before any VirtualHost definitions.
+(This is to aid the readability of the configuration -- the post-config
+merging process makes it non-obvious that definitions mixed in around
+virtualhosts might affect all virtualhosts.)
+
            
+
+
          • Arrange your VirtualHosts such
+that all name-based virtual hosts come first, followed by IP-based
+virtual hosts, followed by any _default_ virtual host
+
            
+
+
          • Avoid ServerPaths which are prefixes of other
+ServerPaths.  If you cannot avoid this then you have to
+ensure that the longer (more specific) prefix vhost appears earlier in
+the configuration file than the shorter (less specific) prefix
+(i.e., "ServerPath /abc" should appear after
+"ServerPath /abcdef").
+
            
+
+
          • Do not use port-based vhosts in the same server as
+name-based vhosts.  A loose definition for port-based is a vhost which
+is determined by the port on the server (i.e. one server with
+ports 8000, 8080, and 80 all of which have different configurations).
+
            
+
+
          
+
+
          
+
          
+ Apache HTTP Server Version 1.2
+
          
+
+Index
+
+
+
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/details_1_2.html b/usr.sbin/httpd/htdocs/manual/vhosts/details_1_2.html
index 9019b526ba4..f4717d3c5d8 100644
--- a/usr.sbin/httpd/htdocs/manual/vhosts/details_1_2.html
+++ b/usr.sbin/httpd/htdocs/manual/vhosts/details_1_2.html
@@ -358,7 +358,7 @@
     
          What Works
          
 
     
          In addition to the tips on the DNS Issues page, here are some
+    href="../dns-caveats.html#tips">DNS Issues page, here are some
     further tips:
          
 
     
            
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.ja.jis b/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.ja.jis
index e1f0286d30f..d9a8bfa5179 100644
--- a/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html.ja.jis
@@ -6,7 +6,7 @@
     名前ベースのバーチャルホスト
   
   
-  
+  
   
         
            
@@ -42,17 +42,18 @@
     
            初期のバージョンの HTTP では (他の多くのプロトコル、例えば FTP
     と同様) 一つのサーバ上でのバーチャルホストごとに異なった IP
     アドレスが必要でした。いくつかのプラットフォームでは、このことが
-    実行可能なバーチャルホストの数を限定してしまうことになりました。
-    また、IP アドレスの数には限りがあるということについての懸念から、
-    レジストラ (ARIN, RIPE, APNIC) はバーチャルホストごとに
+    実行可能なバーチャルホストの数を限定してしまうことになりました。また、
+    IP アドレスの数には限りがあるということについての懸念から、レジストラ
+    (ARIN, RIPE, APNIC) はバーチャルホストごとに
     IP を割り当てるようなことは避けるよう強く要請しています。
            
 
-    
            名前ベースのバーチャルホストは通常単純で、それぞれのホスト名と
-    それに対応する正確な IP アドレスを DNS で設定し、異なる
-    ホスト名を区別出来るように Apache HTTP サーバを設定するだけです。
-    さらに、名前ベースのバーチャルホストは不足する IP
-    アドレスの需要を緩和します。したがって、IP ベースのバーチャルホストを
-    選択すべき特定の理由がなければ名前ベースのバーチャルホストを使うべきです。
+    
            名前ベースのバーチャルホストは通常単純で、
+    それぞれのホスト名とそれに対応する正確な IP アドレスを DNS
+    で設定し、異なるホスト名を区別出来るように Apache HTTP
+    サーバを設定するだけです。さらに、名前ベースのバーチャルホストは不足する
+    IP アドレスの需要を緩和します。したがって、IP
+    ベースのバーチャルホストを選択すべき特定の理由がなければ名前ベースの
+    バーチャルホストを使うべきです。
     IP ベースのバーチャルホストを使用することを考慮する理由として、
            
 
     
               
@@ -68,8 +69,8 @@
       
            • 名前ベースのバーチャルホストは SSL プロトコルの特徴により、
       SSL セキュアサーバには使えません。
              • 
 
-      
            • オペレーティングシステムやネットワーク装置のなかには、
-      別の IP アドレス上でない場合、複数のホストを別扱いできないような
+      
            • オペレーティングシステムやネットワーク装置のなかには、別の IP
+      アドレス上でない場合、複数のホストを別扱いできないような
       帯域管理の方法を実装しているものがあります。
              • 
     
            
 
@@ -96,30 +97,40 @@
     を指定する必要があります。
     これは NameVirtualHost
     ディレクティブで設定します。通常、NameVirtualHost で
-    * の属性を使ってサーバの全ての IP アドレスを使います。
+    * の属性を使ってサーバのすべての IP アドレスを使います。
     (NameVirtualHost * はバージョン 1.3.13 以降のみで動作します。)
     NameVirtualHost ディレクティブで IP アドレスを書いても、
     自動的にサーバがその IP アドレスをリッスンするということはないことに
     注意してください。詳細は Apache の使うアドレスと
     ポートを設定する を読んでください。さらに、ここで指定された
-    IP アドレスは全てサーバのネットワークインターフェースと関連付けられて
+    IP アドレスはすべてサーバのネットワークインターフェースと関連付けられて
     いなければなりません。
            
 
     
            次は、扱いたいそれぞれのホストに対して <VirtualHost> ブロックを
-    作成してください。<VirtualHost> ディレクティブの
-    引数は NameVirtualHost ディレクティブの引数と
-    同じにしてください (すなわち、IP アドレス一つや全てのアドレスのための
-    *)。それぞれの <VirtualHost> ディレクティブ
-    の中には、最低限、どのホストが扱われるかを示す <VirtualHost>
+    ブロックを作成してください。<VirtualHost>
+    ディレクティブの引数は NameVirtualHost
+    ディレクティブの引数と同じにしてください (すなわち、IP
+    アドレス一つやすべてのアドレスを表す *)。それぞれの
+    <VirtualHost> ディレクティブの中には、最低限、
+    どのホストが扱われるかを示す ServerName ディレクティブと、
     そのホスト用のコンテンツがファイルシステム上のどこにあるかを示す
-    DocumentRoot ディレクティブを
-    書く必要があります。
            
-
-    
            たとえば、www.domain.tld と
-    www.otherdomain.tld の両方が 1つの IP
-    アドレスを指しているとしましょう。そのような場合は、
+    DocumentRoot
+    ディレクティブを書く必要があります。
            
+
+    
            既に存在するウェブサーバにバーチャルホストを追加する場合、
+    存在するホスト用の <VirtualHost> ブロックを作らなければなりません。
+    ServerNameDocumentRoot
+    はこのバーチャルホストも含めて、それぞれグローバルな
+    ServerName 及び DocumentRoot
+    と同じものにするべきです。設定ファイル中で最初に記述した
+    このバーチャルホストは
+    デフォルトのバーチャルホストとしても振る舞います。
+    
            
+    
            例えば、ドメイン www.domain.tld を運用しているところに
+    バーチャルホスト www.otherdomain.tld を追加する場合で、
+    両方が同じ IP アドレスを指しているとします。そのような場合は、
     httpd.conf に以下のようなコードを追加するだけです
            
 
                 NameVirtualHost *
@@ -149,18 +160,18 @@
     ServerAlias domain.tld *.domain.tld
 
            
 
-    
            domain.tld ドメインへの全てのホストへのリクエストは
+    
            domain.tld ドメインへのすべてのホストへのリクエストは
     www.domain.tld のバーチャルホストが処理します。
-    * や ? をワイルドカード文字として使用できます。
-  Of course,you can't just make up names and place them in ServerName
-  or ServerAlias.
-    第一に DNS のホスト名と IP アドレスをサーバにあわせて適切に設定する事が必要です
            
+    * や ? をワイルドカード文字として使用できますが、当然ながらそれだけで
+    ServerNameServerAlias
+    の名前や場所を構成することはできません。まず最初に DNS のホスト名と
+    IP アドレスをサーバにあわせて適切に設定する事が必要です
            
 
     
            最後に、<VirtualHost> コンテナの中に
     他のディレクティブを書くことで、バーチャルホストの設定を細かく変更
     することができます。どのディレクティブを書くことができるかは、
     ディレクティブの コンテキスト を
+    href="../mod/directive-dict.html#context">コンテキスト を
     調べてください。主サーバコンテキスト
     (<VirtualHost> コンテナの外) の
     設定用ディレクティブはバーチャルホストでの設定で上書きされていない
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html b/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html
index 9019b526ba4..f4717d3c5d8 100644
--- a/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html
+++ b/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html
@@ -358,7 +358,7 @@
     
            What Works
            
 
     
            In addition to the tips on the DNS Issues page, here are some
+    href="../dns-caveats.html#tips">DNS Issues page, here are some
     further tips:
            
 
     
              
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html b/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html
index f20fa1690aa..0c5116196d4 100644
--- a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html
+++ b/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html
@@ -55,7 +55,7 @@
     
              
       http://www.smallco.com/
     
              
-    and baygroup's home page would would have the URL 
+    and baygroup's home page would have the URL 
 
     
              
       http://www.baygroup.org/
diff --git a/usr.sbin/httpd/htdocs/manual/virtual-host.html b/usr.sbin/httpd/htdocs/manual/virtual-host.html
new file mode 100644
index 00000000000..d21ac708fd8
--- /dev/null
+++ b/usr.sbin/httpd/htdocs/manual/virtual-host.html
@@ -0,0 +1,216 @@
+
+
+
+Apache Server Virtual Host Support
+
+
+
+
+
              
+ [APACHE DOCUMENTATION]
+ 
              
+  Apache HTTP Server Version 1.2
+ 
              
+
              
+
+
              Virtual Host Support
              
+
+See Also:
+Non-IP based virtual hosts
+
+
              What are virtual hosts?
              
+This is the ability of a single machine to be a web server for multiple
+domains. For example, an Internet service provider might have a machine
+called www.serve.com which provides Web space for several
+organizations including, say, smallco and baygroup.
+Ordinarily, these groups would be given parts of the Web tree on www.serve.com.
+So smallco's home page would have the URL
+
              
+http://www.serve.com/smallco/
+
              
+and baygroup's home page would have the URL
+
              
+http://www.serve.com/baygroup/
+
              
+
              
+For esthetic reasons, however, both organizations would rather their home
+pages appeared under their own names rather than that of the service
+provider's; but they do not want to set up their own Internet links and
+servers.
+
              
+Virtual hosts are the solution to this problem. smallco and baygroup would
+have their own Internet name registrations, www.smallco.com and
+www.baygroup.org respectively. These hostnames would both
+correspond to the service provider's machine (www.serve.com). Thus
+smallco's home page would now have the URL
+
              
+http://www.smallco.com/
+
              
+and baygroup's home page would would have the URL
+
              
+http://www.baygroup.org/
+
              
+
+
              System requirements
              
+Due to limitations in the HTTP/1.0 protocol, the web server must have a
+different IP address for each virtual host. This can be achieved
+by the machine having several physical network connections, or by use
+of a virtual interface on some operating systems.
+
+
              How to set up Apache
              
+There are two ways of configuring apache to support multiple hosts.
+Either by running a separate httpd daemon for each hostname, or by running a
+single daemon which supports all the virtual hosts.
+
              
+Use multiple daemons when:
+
                
+
              • The different virtual hosts need very different httpd configurations, such
+   as different values for: ServerType,
+   User, 
+   Group,
+   TypesConfig or
+   ServerRoot.
+
              • The machine does not process a very high request rate.
+
              
+Use a single daemon when:
+
                
+
              • Sharing of the httpd configuration between virtual hosts is acceptable.
+
              • The machine services a large number of requests, and so the performance
+   loss in running separate daemons may be significant.
+
              
+
+
              Setting up multiple daemons
              
+Create a separate httpd installation for each virtual host.
+For each installation, use the
+BindAddress directive in the configuration
+file to select which IP address (or virtual host) that daemon services.
+e.g.
+
              BindAddress www.smallco.com
              
+This hostname can also be given as an IP address.
+
+
              Setting up a single daemon
              
+For this case, a single httpd will service requests for all the virtual hosts.
+The VirtualHost directive in the
+ configuration file is used to set the values of
+ServerAdmin,
+ServerName,
+DocumentRoot,
+ErrorLog and
+TransferLog configuration
+directives to different values for each virtual host.
+e.g.
+
              
+<VirtualHost www.smallco.com>
              
+ServerAdmin webmaster@mail.smallco.com
              
+DocumentRoot /groups/smallco/www
              
+ServerName www.smallco.com
              
+ErrorLog /groups/smallco/logs/error_log
              
+TransferLog /groups/smallco/logs/access_log
              
+</VirtualHost>
              
+
              
+<VirtualHost www.baygroup.org>
              
+ServerAdmin webmaster@mail.baygroup.org
              
+DocumentRoot /groups/baygroup/www
              
+ServerName www.baygroup.org
              
+ErrorLog /groups/baygroup/logs/error_log
              
+TransferLog /groups/baygroup/logs/access_log
              
+</VirtualHost>
              
+
              
+
+This VirtualHost hostnames can also be given as IP addresses.
+
+
              
+
+Almost ANY configuration directive can be put
+in the VirtualHost directive, with the exception of
+ServerType,
+User,
+Group,
+StartServers,
+MaxSpareServers,
+MinSpareServers,
+MaxRequestsPerChild,
+BindAddress,
+PidFile,
+TypesConfig, and
+ServerRoot.
+
+
              
+
+SECURITY: When specifying where to write log files, be aware
+of some security risks which are present if anyone other than the
+user that starts Apache has write access to the directory where they
+are written.  See the security
+tips document for details.
+
+
              
+
+
              File Handle/Resource Limits:
              
+When using a large number of Virtual Hosts, Apache may run out of available
+file descriptors if each Virtual Host specifies different log files.
+The total number of file descriptors used by Apache is one for each distinct
+error log file, one for every other log file directive, plus 10-20 for
+internal use. Unix operating systems limit the number of file descriptors that
+may be used by a process; the limit is typically 64, and may usually be
+increased up to a large hard-limit.
+
              
+Although Apache attempts to increase the limit as required, this 
+may not work if:
+
                
+
              1. Your system does not provide the setrlimit() system call.
+
              2. The setrlimit(RLIMIT_NOFILE) call does not function on your system
+ (such as Solaris 2.3)
+
              3. The number of file descriptors required exceeds the hard limit.
+
              4. Your system imposes other limits on file descriptors, such as a limit
+on stdio streams only using file descriptors below 256. (Solaris 2)
+
              
+
+In the event of problems you can:
+
                
+
              • Reduce the number of log files; don't specify log files in the VirtualHost
+sections, but only log to the main log files.
+
              • If you system falls into 1 or 2 (above), then increase the file descriptor
+limit before starting Apache, using a script like
+
                
+#!/bin/sh 
                
+ulimit -S -n 100 
                
+exec httpd
                
+
              
+
+The have been reports that Apache may start running out of resources allocated
+for the root process. This will exhibit itself as errors in the error log like
+"unable to fork". There are two ways you can bump this up:
+
+
                 
+
              1. Have a csh script wrapper around httpd which sets the
+"rlimit" to some large number, like 512.  
+
              2. Edit http_main.c to add calls to setrlimit() from main(), along the lines of
+
                +        struct rlimit rlp;
+
+        rlp.rlim_cur = rlp.rlim_max = 512;
+        if (setrlimit(RLIMIT_NPROC, &rlp)) {
+            fprintf(stderr, "setrlimit(RLIMIT_NPROC) failed.\n");
+            exit(1);
+        }
+
                
+(thanks to "Aaron Gifford <agifford@InfoWest.COM>" for the patch)
+
              
+
+The latter will probably manifest itself in a later version of Apache.
+
+
              
+
              
+ Apache HTTP Server Version 1.2
+
              
+
+Index
+
+
+
diff --git a/usr.sbin/httpd/htdocs/manual/win_compiling.html.ja.jis b/usr.sbin/httpd/htdocs/manual/win_compiling.html.ja.jis
index 9463042f2ba..ff0e02495ef 100644
--- a/usr.sbin/httpd/htdocs/manual/win_compiling.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/win_compiling.html.ja.jis
@@ -8,7 +8,7 @@
 
   
   
-  
+  
   
         
              
@@ -21,40 +21,46 @@
 
     
              Microsoft Windows での Apache のコンパイル
              
 
-    
              Apache のコンパイルをはじめる前に、多くの重要なポイントがあります。
+    
              Apache のコンパイルを始めるにあたって、多くの重要なポイントがあります。
     始める前に、Microsoft Windows での Apache
     の使用を見てください。
              
 
-    
              Apache をコンパイルするには Microsoft Visual
-    C++ 5.0 または 6.0 が適切にインストールされていることが必要です。
-    ビルドはコマンドラインツール、
-    または Visual Studio 環境で可能です。インストールの方法は、
-    VC++ のマニュアルを参考にしてください。コマンドラインでのビルド
-    (たとえば nmake の使用)では、コマンドラインツールの準備に
-    Program Files/DevStudio/VC/bin
-    フォルダにある vcvars32.bat 及び Platform SDK の setenv.bat
-    のファイルが必要になるであろうことについて、
+    
              Apache をコンパイルするには Microsoft Visual C++ 5.0
+    または 6.0 が適切にインストールされていることが必要です。
+    ビルドはコマンドラインツール、または Visual Studio
+    環境で可能です。インストールの方法は、VC++
+    のマニュアルを参考にしてください。コマンドラインでのビルド
+    (例えば nmake の使用)では、コマンドラインツールの準備に Program
+    Files/DevStudio/VC/bin フォルダにある vcvars32.bat 及び Platform
+    SDK の setenv.bat のファイルが必要になるであろうことについて、
     特に注意してください。Makefile.win や Visual Studio IDE の
     InstallBin プロジェクトを使って Apache をインストールする場合は、
-    awk ユーティリティも必要になります。
              
+    awk ユーティリティも必要になります。Visual Studio 7.0 (.net)
+    を使う場合は、Apache.dsw を読み込み .msproj
+    フォーマットに変換してください。プロジェクトファイル (.dsp)
+    に変更があった場合は Apache.dsw
+    を一から変換し直さなければなりません。
              
 
-    
              まず、IDE を使うつもりならパスが通り、 DevStudio
+    
              まず、IDE を使うつもりならパスが通り、DevStudio
     環境が解釈できるところに awk.exe をインストールしてください。
-    Windowsで利用可能な awk は様々なバージョンがあります。
-    一番インストールしやすいものは Brian Kernighan の
-    http://cm.bell-labs.com/cm/cs/who/bwk/サイトから入手可能です。
-    このサイトからhttp://cm.bell-labs.com/cm/cs/who/bwk/ サイトから入手可能です。
+    このサイトから http://cm.bell-labs.com/cm/cs/who/bwk/awk95.exe
     をダウンロードした場合は、awk95.exe を awk.exe
     という名前で保存しなければなりません。
              
-    
              DevStudio はツール(T)メニューのオプション(O)以下の、
-    ディレクトリの実行可能ファイルにリストされた場所にある場合にのみ、
-    awk.exe を見つけられることに注意してください。必要に応じ、awk.exe
-    のパスをこのリストに追加してください。
              
+
+    
              Developer Studio IDE はツール (T) メニューのオプション
+    (O) 以下の、ディレクトリタブ (Developer Studio 7.0 では
+    Projects - VC++ Directories)
+    の実行可能ファイルにリストされた場所にある場合にのみ、awk.exe
+    を見つけられることに注意してください。必要に応じ、awk.exe
+    へのパスをこのリスト、システムの環境変数 PATH に追加してください。
              
 
     
              それから、適切なディレクトリに Apache の配布を展開してください。
-    コマンドラインプロンプトを開き、Apache 配布サブディレクトリ
+    コマンドプロンプトを開き、Apache 配布サブディレクトリ
     src に移動してください
              
 
     
              Makefile.win ファイルには Apache の makefile
@@ -120,7 +126,7 @@
     唯一の例外、デバッグシンボル用のフラグである /ZI
     フラグを除いてこのフォーマットを認識します。
     VC 5.0 では /Zi フラグがこれに相当します。
-    Visual Studio 5.0 (97) の .dspファイルをすぐに準備するには、
+    Visual Studio 5.0 (97) の .dsp ファイルをすぐに準備するには、
     src\helpers フォルダにて配布されている perl
     スクリプトを使うことができます
              
 
              @@ -188,7 +194,7 @@
       
            • support\rotatelogs.dsp
              • 
     
            
 
-    
            Apache がコンパイルできたらサーバールートディレクトリにインストール
+    
            Apache がコンパイルできたらサーバルートディレクトリにインストール
     する必要があります。デフォルトは現在のハードディスクのディレクトリ
     \Apache です。
            
 
diff --git a/usr.sbin/httpd/htdocs/manual/windows.html.ja.jis b/usr.sbin/httpd/htdocs/manual/windows.html.ja.jis
index 395d951be66..29bf4157f47 100644
--- a/usr.sbin/httpd/htdocs/manual/windows.html.ja.jis
+++ b/usr.sbin/httpd/htdocs/manual/windows.html.ja.jis
@@ -7,7 +7,7 @@
     Microsoft Windows での Apache の使用
 
   
-  
+  
   
 
   
 
 
-    
            開始後は Apache は設定ファイルで Port,
+    
            開始後は Apache は(設定ファイルで Port,
     Listen または BindAddress
-    ディレクティブを変更していなければ
+    ディレクティブを変更していなければ)
     (コンソールウィンドウでもサービスでも) 80 番ポートを Listen
     して実行されます。ブラウザを起動し、この URL
            
 
            -- 
cgit v1.2.3