 |  |
18.2. Basic Server Configuration: Core Directives
The following section contains core directives that are independent of modules and can be used in the Apache server at all times. With each directive, we indicate any version constraints that are required, as well as the context the directive should appear in. Contexts include:
- server config
- The directive is allowed in the httpd.conf or srm.conf configuration files.
- <VirtualHost>
- The directive can appear inside a <VirtualHost> subsection, stating that the directive applies to a virtual server.
- <Directory>
- The directive can appear inside a <Directory> subsection, stating that the directive applies to a specific directory tree on the server.
- .htaccess
- The directive can appear inside the per-directory .htaccess access control files.
Directives pertaining to specific Apache modules are covered in Chapter 19.
| AcceptPathInfo |
AcceptPathInfo on|off|default
Determines if extra information following a valid URL pathname is accepted by the server or not. An off value means that a request is rejected if the pathname doesn't match exactly a server resource. on means that the server ignores the extra path information and returns the resource that will match a valid part of the path. The default setting allows the default handler to determine action. If the resource is a CGI script, extra path info may be allowed, but not if the request is for a file.
| AccessConfig |
AccessConfig filename
[server config or within <VirtualHost>]
Specifies the location of the access configuration file, either as an absolute path (with a beginning slash) or as a relative path from the ServerRoot directory. For example:
AccessConfig conf/access.conf
| AccessFileName |
AccessFileName filename filename ...
[server config or within <VirtualHost>]
Specifies the names of one or more per-directory access control files. The default is:
AccessFileName .htaccess
| AddDefaultCharSet |
AddDefaultCharSet on|off|charset
Specifies whether the server will add a default CharSet header to outgoing HTTP headers that do not have a Content Type set. If set to on the default Apache charset will be used. Otherwise, you can provide the character set string you wish.
| AllowOverride |
AllowOverride options ...
[Within <Directory>]
Controls the extent to which local per-directory .htaccess files can override the defaults defined by access control files in higher directories. The directive takes one or more options, which can be:
- None
- Access control files are unrecognized in this directory.
- All
- Access control files are unrestricted in this directory.
- Options
- Allow use of the Options and XBitHack directives.
- Indexes
- Allow use of directory indexing directives (FancyIndexing, AddIcon, and AddDescription, etc.).
- FileInfo
- Allow use of the directive relating to document type: (AddType, AddEncoding, AddLanguage, etc.).
- AuthConfig
- Allow use of these directives: require, AuthName, AuthType, AuthUserFile, AuthGroupFile, or any other Auth* directives.
- Limit
- Allow use of the allow, deny, and order directives.
If omitted, the default is:
AllowOverride All
| AuthName |
AuthName name
[Within <Directory> or .htaccess]
Sets the name of the username/password authorization realm for this directory. The value is a short name describing this authorization realm; it can contain spaces.
| AuthType |
AuthType type
[Within <Directory> or .htaccess]
Sets the type of authorization used in this directory. Basic authorization is the most commonly used method. If used, this directive should be followed by AuthName, require, AuthGroupFile, and AuthUserFile directives, which better describe the authorization realm.
| CGIMapExtension |
CGIMapExtension path extension
[Within <Directory> or .htaccess]
Provides an alternative method for assigning a script interpreter to a given file extension.
| ContentDigest |
ContentDigest on|off
Computes an MD5 (Message Digest 5) hash of the body content of core data sent to the client. This value is stored in a header that looks like:
Content-MD5: AyTr28784eSp2k67d98n28a=
The receiver can use this hash value to determine whether the contents of the page have been altered in transit. The hash values are not cached for each page sent; hence, they must be recalculated each time data is requested.
| DefaultType |
DefaultType mime_type
Establishes a default MIME type to be returned to a browser if mappings in the mime.types file fail to successfully identify a document or file type. The default is text/html.
| <Directory> |
<Directory>...</Directory>
[server config or within <VirtualHost>]
<Directory> is a sectioning directive that identifies the directory (and its subdirectories) to which contained access-control directives apply. This directive cannot be used in a per-directory .htaccess file. The start tag has this format:
<Directory dir>
where dir is the absolute pathname of the directory. You can include wildcard characters (such as * and ?) to designate a set of directories or even use regular expressions if preceded by a tilde (~).
| <DirectoryMatch> |
<DirectoryMatch>...</DirectoryMatch>
[server config or within <VirtualHost>]
<DirectoryMatch> is a sectioning directive that identifies the directory (and subdirectories) to which contained access-control directives apply. It cannot be used in a per-directory .htaccess file. The start tag has this format:
<DirectoryMatch regex>
where regex is a regular expression that designates one or more directories the enclosed directives apply to.
| DocumentRoot |
DocumentRoot directory_path
[server config or within <VirtualHost>]
Specifies the root of the server document tree. For example:
DocumentRoot /usr/local/etc/httpd/htdocs/
This specifies that HTML documents for this server will reside in the given directory and its subdirectories. The default is:
DocumentRoot /usr/local/apache/htdocs/
| ErrorDocument |
ErrorDocument code filename|string|URL
Allows you to customize the response sent by your server when an error is encountered. The error code is an HTTP status code as listed in Chapter 17. Possible values are:
- filename .25i
- A local file to return upon encountering this error
- string .25i
- A message to return upon encountering this error; the string must be surrounded by quotes
- URL .25i
- A local or remote document to redirect the user to upon encountering this error
Example usage:
ErrorDocument 404 /errors/notfound.html ErrorDocument 408 "Sorry, the server timed out - try again later" ErrorDocument 402 http://www.oreilly.com/payment/
| ErrorLog |
ErrorLog filename
[server config or within <VirtualHost>]
Specifies the location of the error log file, either an absolute path or relative path to the ServerRoot directory if an opening slash (/) is omitted. The default setting is:
ErrorLog logs/error_log
Beginning with Apache 1.3, you can specify syslog if the system supports logging via syslogd.
| FileETag |
FileETag flags
Configures how the server forms the ETag response header used for network cache management. The header value is formed from a combination of certain file attributes. The flag keywords can be used in the directive with a plus or minus in front of them to indicate if they will be included or excluded from the determination with respect to a broader scope. The flags are:
- INode
- The file's inode number
- MTime
- The last-modified data and time of the file
- Size
- The size of the file
All indicates all three attributes should be used. None specifies that no ETag value should be added.
| <Files> |
<Files>...</Files>
The <Files> directive is a sectioning directive that identifies the file or files to which contained access-control directives apply. The start tag has this format:
<Files filename>
where filename is the name of any file that should have restrictions placed on it. Note that filename may include wildcard characters (such as * and ?) to designate a set of files. In addition, you may place it inside a <Directory> directive to further restrict which files are affected. You can also specify regular expressions by preceding them with a tilde (~).
| <FilesMatch> |
<FilesMatch>...</FilesMatch>
The <FilesMatch> directive is a sectioning directive that identifies the file or files to which contained access-control directives apply. The start tag has the following format:
<FilesMatch regex>
where regex is a regular expression that designates one or more files the enclosed directives apply to. Note that you may place this directive inside a <Directory> directive to further restrict which files are affected.
| ForceType |
ForceType mime-type
[Within <Directory> or .htaccess]
Forces all files in its scope to be served as the specified MIME type.
| Group |
Group groupname
[server config or within <VirtualHost>]
Specifies the group you want the server to process requests as. Either a group name or group ID can be specified; a group ID should be preceded by a hash mark (#). Setting this option to the same group as the superuser (i.e., root) is highly discouraged. Many administrators use the group nobody for the Apache server.
| HostNameLookups |
HostNameLookups on|off|double
[server config, within <VirtualHost> or <Directory>]
Enables whether the server should perform hostname lookups on clients instead of simply recording the IP address in the connection logs. If the double option is specified, the server performs a forward and reverse DNS lookup; this ensures the client hostname maps to its IP, as well as the IP mapping to the DNS name. The default is off.
| IdentityCheck |
IdentityCheck on|off
[server config, within <VirtualHost> or <Directory>]
Specifies whether the server should attempt to learn the user identity for each request by querying an identd process running on the user's machine. By default, identity checking is off.
| <IfDefine> |
<IfDefine>...</IfDefine>
A sectioning directive for specifying directives that apply if a given define is entered on the command line. For example:
<IfDefine MD5Digest> LoadModule mod_digest libexec/moddigest.so </IfDefine>
This directive is executed if the Apache server is started using the following command line parameter:
httpd -DMD5Digest ...
Note that you can place an exclamation mark in front of the <IfDefine> parameter to include such directives if a definition is not made on the command line.
| <IfModule> |
<IfModule>...</IfModule>
A sectioning directive for specifying directives that apply if a given module has been compiled into the Apache server. For example:
<IfModule mod_cgi> LoadModule mod_speling libexec/modspelling.so </IfModule>
This directive is executed if Apache is compiled with the mod_cgi module. Note that you can place an exclamation mark in front of the module name to include such directives if a module is not included in the Apache server build.
| Include |
Include filename
[server config, within <VirtualHost>, or <Directory>]
Tells the server to include a specified file as part of its configuration.
| KeepAlive |
KeepAlive on|off
[server config or within <VirtualHost>]
Tells the server to allow persistent connections using the same TCP connection. The default is on. See also KeepAliveTimeOut and MaxKeepAliveRequests.
| KeepAliveTimeOut |
KeepAliveTimeOut seconds
[server config or within <VirtualHost>]
Specifies the number of seconds to wait for the next request before closing a persistent connection. Used only when persistent connections are enabled with the KeepAlive On setting. The default is 15.
| <Limit> |
<Limit methods> ... </Limit>
<Limit> is a sectioning directive that applies to the specified access methods (GET, POST, etc.). This directive restricts the boundaries of the access methods specified; if you wish to apply restrictions globally, omit the Limit directive completely. The start tag has the following syntax:
<Limit method1 method2 ...>
where a method is one of the following:
- GET
- Allows clients to retrieve documents and execute scripts with the GET request method. The HEAD method is also restricted when you specify GET.
- POST
- Allows clients to use scripts and resources using the POST request method (mostly CGI programs).
- PUT
- Allows clients access to documents and resources using the PUT request method.
- DELETE
- Allows clients access to documents and resources using the DELETE request method.
- CONNECT
- Allows clients access to documents and resources using the CONNECT request method.
- OPTIONS
- Allows clients access to documents and resources using the OPTIONS request method.
The order, deny, allow, and require directives are the usual inhabitants of the Limit sectioning directive.
| <LimitExcept> |
<LimitExcept methods> ... </LimitExcept>
The reverse functionality of the <Limit> directive. <LimitExcept> restricts any methods that are not listed as parameters.
| LimitRequestBody |
LimitRequestBody size
Limits the maximum size in bytes of the body of a client request. This setting can assist in addressing abnormal requests and some denial of service attacks. The default is 0.
| LimitRequestFields |
LimitRequestFields n
[server config]
Limits the maximum number of HTTP headers accepted in a client request. This setting can assist in addressing abnormal requests and some denial of service attacks. The default is 100.
| LimitRequestFieldsize |
LimitRequestFieldsize size
[server config]
Limits the size in bytes of header fields accepted from a client request. The default is 8190.
| LimitRequestLine |
LimitRequestLine size
[server config]
Limits the maximum size of the request line in a client request. The request line contains the HTTP method the URI of the requested resource and the protocol version number. This directive effectively limits the length of the URI. The request URI can vary widely in length, since it may contain extra-path info or CGI query strings. The default is 16380.
| LimitXMLRequestBody |
LimitXMLRequestBody size
Limits the size in bytes of the body of an XML request that the server will accept. This setting would relate to SOAP requests and other XML-based services. The default is 0.
| Listen |
Listen [IP_address:]port
[server config]
Tells the server to listen for requests on the specified port for the specified IP address (if supplied), instead of that specified by the BindAddress and Port directives. Multiple Listen directives can be used to bind the server to more than one port or address/port combination.
| ListenBacklog |
ListenBacklog backlog
[server config]
Sets the length of the pending connection queue. Increasing this may be useful when the server is flooded with an unusually large number of pending connections. The default is 511.
| <Location> |
<Location urlpath>...</Location>
[server config or within <VirtualHost>]
A sectioning directive for specifying directives that apply to a given URL. Basically just a more specific version of <Directory>. Wildcards and regular expressions are allowed.
| <LocationMatch> |
<LocationMatch regexpr>...</LocationMatch>
[server config or within <VirtualHost>]
A sectioning directive for specifying directives that apply to a given URL. Basically, it's just a more specific version of <DirectoryMatch>.
| LockFile |
LockFile filename
[server config]
Sets the path to the lockfile Apache uses while running. The lockfile must be on the local disk and cannot be NFS-mounted. This file should never be placed in a world-writable directory.
| LogLevel |
LogLevel level
[server config or within <VirtualHost>]
This directive sets the verbosity of the Apache error logs. The level can be one of the following:
- emerg
- Logs errors that cause the server to fail.
- alert
- Reports alerts from program execution that had unexpected errors. The server may or may not perform correctly after such an error.
- crit
- Reports critical conditions from server execution.
- error
- Reports error conditions in Apache execution.
- warn
- Reports warnings in Apache execution.
- notice
- Reports common, noteworthy conditions.
- info
- Reports informational items.
- debug
- Reports simple debug-level items.
| MaxClients |
MaxClients number
[server config]
Specifies the maximum number of slave processes, and hence the number of client connections, the Apache server can support at a given time. The default is 256.
| MaxKeepAliveRequests |
MaxKeepAliveRequests number
[server config]
When persistent connections are enabled with KeepAlive On, the MaxKeepAliveRequests directive specifies the number of requests the server allows per persistent connection. If set to 0, the server allows unlimited connections. The default is 100.
| MaxMemFree |
MaxMemFree number
[server config]
Specifies the amount of memory (in KBytes) that can be held by the main allocator before calling free( ). A zero value or no setting is equivalent to no limit at all.
| MaxRequestsPerChild |
MaxRequestsPerChild number
[server config]
Specifies how many requests a slave process may handle for a client during its life. If set to 0, the slave process may handle an unlimited number of connections; the default is 0. For example:
MaxRequestsPerChild 1000
This allows the slave process to handle up to 1000 requests per connection before the process dies, and the client is forced to reconnect to the server.
| MaxSpareServers |
MaxSpareServers number
[server config]
Specifies the upper range for how many idle slave processes the server should keep to handle requests. The default is 10.
| MinSpareServers |
MinSpareServers number
[server config]
Specifies the lower range for how many idle slave processes the server should keep around to handle requests. The default is 5.
| NameVirtualHost |
NameVirtualHost [IP_address:]port
[server config]
Specifies the name or address a virtual host on the server should resolve to. In addition to the address, you can also specify the port that should be used. For example, if you are accepting connections on the server under the IP 123.23.23.123, port 8001 (in addition to others), you would specify:
NameVirtualHost 123.23.23.123:8001
| Options |
Options options ...
[server config, or within <VirtualHost> or <Directory>, or .htaccess]
Controls the degree of advanced features that you wish to allow on your server. One or more options may be listed on the Options line, separated by spaces. Valid entries are:
- None
- No features are enabled in this directory.
- Indexes
- Allows clients to request a formatted index of this directory if no DirectoryIndex has been specified.
- Includes
- Server-side includes are enabled in this directory.
- IncludesNoExec
- Server-side includes (SSIs) are enabled in the directory, but the exec feature and the include of CGI scripts is disabled.
- ExecCGI
- Execution of CGI scripts is allowed in this directory.
- MultiViews
- Content-negotiated multiviews are allowed in this directory.
- FollowSymLinks
- The server follows symbolic links in this directory. The pathname is not altered to reflect to the new location.
- SymLinksIfOwnerMatch
- The server follows symbolic links only if the target file/directory is owned by the same user ID as the link.
- All
- All features are enabled in this directory.
The Options directive can be used in both the global access.conf and in per-directory .htaccess files. There can be only one Options directive per Directory segment. If omitted, the default is:
Options All
| PidFile |
PidFile filename
[server config]
Specifies the location of the file into which the server should place its process ID when running in standalone mode, either as an absolute path or as a relative path from the ServerRoot directory if an opening slash (/) has been omitted. The default is:
PidFile logs/httpd.pid
| require |
require entity names ...
[Within <Directory>, or .htaccess]
Specifies which authenticated users or groups can access a given directory, typically in a <Limit> section of an access control file. A require line requires that all of the appropriate Auth* directives are specified for the directory. entity is one of the following:
- user
- Only the named users can access this directory with the given methods. Each name is therefore a username that exists in the AuthUserFile (specified password file).
- group
- Only users in the named groups can access this directory with the given methods. Each name is therefore a group name that is listed in the specified group file.
- valid-user
- All users listed in the AuthUserFile (specified password file) are allowed access upon providing a valid password.
For example, the following restricts access to a directory to a few key users:
require user jdoe msmith
| RLimitCPU |
RLimitCPU limit [limit]
Specifies the soft resource limit and optionally the maximum resource limit of CPU time, in seconds per slave process.
RLimitCPU 5 5
In place of each parameter, you can also use the max keyword, which sets it to the maximum allowed by the host operating system.
| RLimitMEM |
RLimitMEM limit [limit]
Specifies the soft resource limit and optionally the maximum resource limit of memory usage, in bytes per process.
RLimitMEM 65535 65535
In place of each parameter, you can also use the max keyword, which sets it to the maximum allowed by the host operating system.
| RLimitNPROC |
RLimitNPROC limit [limit]
[server config, or within <VirtualHost>]
Specifies the soft resource limit and optionally the maximum resource limit of slave processes that the server can create.
RLimitNPROC 20 20
In place of each parameter, you can also use the max keyword, which sets it to the maximum allowed by the host operating system.
| Satisfy |
Satisfy any| all
[Within <Directory>, or .htaccess]
Specifies an access policy if access is restricted by both username-password and host address. The any parameter allows access if the client satisfies either the username-password or host address requirements. The all parameter requires that the client satisfy both.
| ScoreBoardFile |
ScoreBoardFile filename
[server config]
Specifies the location of the server status file, used by the server to communicate with slave processes. The location is specified as an absolute path, or as a relative path from the ServerRoot directory if the opening slash (/) is omitted. The default is:
ScoreBoardFile logs/apache_status
| SendBufferSize |
SendBufferSize bytes
[server config]
| ServerAdmin |
ServerAdmin email_address
[server config, or within <VirtualHost>]
Specifies the email address to which complaints, suggestions, and questions regarding your server should be sent. Used when the server sends error messages in response to failed requests. This directive has no default. It may be specified as follows:
ServerAdmin webmaster@oreilly.com
| ServerAlias |
ServerAlias virtual_hostname real_hostname
[Within <VirtualHost>]
| ServerName |
ServerName hostname[:port]
[server config, or within <VirtualHost>]
Allows you to specify a preferred hostname for your server and its port address. (In 2.0, this directive replaces the functionality of the superseded Port directive.) This must be a valid, fully qualified DNS name for the server in question.
| ServerPath |
ServerPath pathname
[Within <VirtualHost>]
Specifies a pathname for a virtual host; that is, requests for this hostname are automatically routed to the specified pathname.
| ServerRoot |
ServerRoot directory_path
[server config]
Specifies the directory in which all the server's associated files reside. This path is used as the root directory when relative paths are specified with other directives. For example:
ServerRoot /etc/httpd/
| ServerSignature |
ServerSignature on|off|EMail
[server config, or within <VirtualHost> or <Directory>, or .htaccess]
Creates a footer line under all documents to identify the exact server this document originated from. This is useful in the event that there is a series of proxies, any one of which can return a specific document or error message. The default is off. If the on option is specified, the footer creates a line with the ServerName and version number. If the EMail option is used, the server creates a name and version number as well as a "mailto:" reference to the ServerAdmin.
| ServerTokens |
ServerTokens Minimal|OS|Full
[server config]
Specifies which type of header field is returned to clients when the information is requested. There are three options, listed with the appropriate formats:
- ProductOnly (Prod)
- Server: Apache
- Major
- Server: Apache/2
- Minor
- Server: Apache/2.0
- Minimal (Min)
- Server: Apache/2.0.41
- OS
- Server: Apache/2.0.41 (Unix)
- Full
- Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2
| ServerType |
ServerType standalone|inetd
[server config]
Specifies whether your server is run standalone or from the inetd daemon. If the server is run from inetd, it's restarted each time a connection is made; hence, using this option is discouraged. The default is to run standalone.
| SetHandler |
SetHandler handler
Specifies a special handler for files requested from the location where this directive is used.
| SetInputFilter |
SetInputFilter filter[; filter2; filter3;...
Specifies a filter or filters to process client requests.
| SetOutputFilter |
SetOutputFilter filter[; filter2; filter3;...>
Specifes a filter or filters to process server responses before they are sent to the client.
| StartServers |
StartServers number
[server config]
Specifies the initial number of slave processes at server startup. The default is 5. This directive has no effect under the Windows platform.
| TimeOut |
TimeOut seconds
[server config]
Specifies the number of seconds to wait before closing a presumably defunct connection. The default is 300 seconds.
| UseCanonicalName |
UseCanonicalName on|off|dns
[server config, within <Directory>, or <VirtualHost>]
Used to build a self-referential URL. If on, Apache uses the <ServerName> directive to build a URL representing itself. If off, Apache attempts to construct its URL from the client parameters, which is typical when using the VirtualHost directive to represent different addresses. The dns value causes the server to use reverse DNS lookup to determine the self URL.
| User |
User username
[server config, or within <VirtualHost>]
Specifies the user you want the Apache server to process requests as. Either a username or user ID can be specified; a user ID should be preceded by a hash mark (#). Setting this to root is highly discouraged. Many administrators create a user nobody for Apache.
| <VirtualHost> |
<VirtualHost>...</VirtualHost>
[server config]
Used when the Apache server services multiple hostnames. Each hostname is given its own <VirtualHost> directive.
<VirtualHost> has a beginning and ending directive, with other configuration directives for the virtual host entered in between. Most directives are valid within <VirtualHost> except the following: BindAddress, GroupId, MaxRequestsPerChild, MaxSpareServers, MinSpareServers, Listen, NameVirtualHost, PidFile, ServerType, ServerRoot, StartServers, TypesConfig, and UserId. This is essentially a segmenting directive that applies directives solely to the virtual host specified. For example:
<VirtualHost sales.oreilly.com> ServerAdmin webmaster@oreilly.com DocumentRoot /ora/sales/www ServerName sales.oreilly.com ErrorLog /ora/sales/logs/error_log TransferLog /ora/sales/logs/access_log </VirtualHost>
|  | |
| 18. Apache Configuration |  | 19. Apache Modules |
Copyright © 2003 O'Reilly & Associates. All rights reserved.