/etc/httpd.conf
- Default configuration file
#
- Comment sign
Map
- Map URLs to actual files
Pass
- Accept a request
Fail
- Fail a request
Redirect
- Redirect a request
Protect
- Set up protection
DefProt
- Default protection setup
Exec
- Executable server scripts
Search
- Index search facility
AddType
- Filename suffix mappings to MIME Content-Types
AddEncoding
- Filename suffix mappings to MIME Content-Transfer-Encodings
AddLanguage
- Filename suffix mappings to different Content-Languages,
multilanguage support
UserDir
- User-supported directories, URLs starting /~username
MetaDir
- Directory name for meta-information files
MetaSuffix
- Suffix for meta-information files
NoLog
- No log entries for listed hosts/domains
Disable
- Disable methods that you don't need/want
Enable
- Enable a desired method
DirAccess
- Enable/Selective/Disable directory listings
DirReadme
- Configure/disable README-feature
AccessLog
- Set access log file name
ErrorLog
- Set error log file name
LogFormat
- Set access log file format
LogTime
- Set time zone for log files
SuffixCaseSense
- Set suffix case sensitivity
InputTimeOut
- Timeout for request
OutputTimeOut
- Timeout for response
UserId
- Default user to run as (instead of nobody
)
GroupId
- Default group to run as (instead of nogroup
)
CacheRoot
- Set cache root directory for a proxy server
CacheSize
- Specify cache size (in megabytes)
CacheClean
- Remove everything older than this (in days)
CacheUnused
- Remove if has been unused this long (in days)
CacheDefaultExpiry
- Default expiry time if not given by remote server (in days)
GcTimeInterval
- Interval to do cache garbage collection (in hours)
GcReqInterval
- Number of requests between garbage collections
GcMemUsage
- Garbage collector memory usage directive
CacheLimit_1
- First cache file size limit (kilobytes)
CacheLimit_2
- Second cache file size limit (kilobytes)
CacheLockTimeOut
- Break cache locks after this amount of seconds.
http_proxy
ftp_proxy
gopher_proxy
wais_proxy
- Make firewall gateway (proxy) connect to another gateway
httpd
will translate a request into a document name.
It allows one to provide an extra level of name mapping above that
given by symbolic links in the file system. It allows, for example,
out of date names to mapped onto their more recent counterparts. The configuration file also allows access to be restricted. This is essential, to prevent, for example, unauthorized access to your private documents.
Note: The configuration file is not essential if you want to just export one directory tree, but then you must remember to specify the exported directory in command line:
httpd -p 80 /your/exported/directoryThe server guesses the data types of file from the file suffix. A configuration file is necessary to specify any data types which are not in the default set of suffixes. However, the default set is quite extensive.
/etc/httpd.conf
is
loaded, unless specified otherwise with the -r
command line
option:
httpd -p 80 -r /your/own/httpd.confSee also: example rule files.
#
are ignored, as are empty lines.
Map,
Pass
and
Fail.
The server uses the top rule first, then
each successive rule unless told otherwise by a
Pass
or a Fail
rule.
Map
template result
Pass
template
Pass
template result
Fail
template
*
. The result string may have the wildcard only if the
template has one. When matching,
Map
template exactly, the
result string is used instead of the original string and applied
to successive rules.
Map
template with
wildcard, then the text of the request which matches the wildcard
is inserted in place of the wildcard in the result string
to form the translated request. If the result string has no
wildcard, it is used as it is.
Map
substitution takes place, the rule scan
continues with the next rule using the new string in place of the
request. This is not the case if a Pass
or
Fail
is matched: they terminate the rule scan.
Redirect
rule to tell
httpd
to redirect the request to another server. If the
client program is smart enough user won't even notice that the
document is retrieved from a different server.
Redirect
template result
http:
and the host name).
Redirect /hypertext/WWW/* http://www.cern.ch/WebDocs/*This redirects everything starting with
/hypertext/WWW
to
host www.cern.ch
into virtual directory
/WebDocs
. For example,
/hypertext/WWW/
would be redirected to
http://www.cern.ch/WebDocs/
.
Protect
and
DefProt
rules. Their syntax is the following:
DefProt
template setup-file [
uid.gid]
Protect
rule. If that
Protect
rule doesn't specify setup-file, the
one from the latest DefProt
rule is used.
Protect
[
template setup-file [
uid.gid]]
If setup-file is not specified the one from previous
matched DefProt
rule will be used. If none have
matched access to the file is forbidden.
Setup file can be omitted from Protect
rule, but it is
obligatory in DefProt
rule. If setup file is omitted it
is not possible to give the uid.gid part, either.
uid.gid are the Unix user id and group id (either by name or by
number, separated by a dot) to which the server should change when
serving the request. These are only meaningful when the server is
running as root.
If they are missing they default to
nobody.nogroup.
Note: Uid and gid are inherited from
DefProt
rule to Protect
rule
only when the setup-file is also inherited.
If setup-file is specified for Protect
rule but
uid.gid is not, they default to nobody.nogroup
regardless of the previous DefProt
rule.
This is to avoid accidentally running the server under wrong user id
with wrong setup file. This information should logically go into the
protection setup file, but for safety reasons it cannot be done,
because a non-trustworthy collaboration could specify it to be
root
. This way only the main webmaster
can
control user and group ids.
Exec
rule:
Exec template scriptIn both template and script there must be a
*
wildcard, that
matches everything starting from the script filename. This is
to enable httpd
to know what is the script name and what
is the extra path information to be passed to the script.
/your/url/doit
to execute the script /usr/etc/www/htbin/doit.
You do
this by saying:
Exec /your/url/* /usr/etc/www/htbin/*Here asterisk mathes the script name
doit
(and everything
else that follows it). Usually people use some fixed keyword in front
of the pathname in URL to point out that the document is actually a
script call. Often this keyword is /htbin
. That is,
usually your Exec
rule looks like this:
Exec /htbin/* /usr/etc/www/htbin/*and all the URLs pointing to the scripts start with
/htbin
, for example /htbin/doit
in the
previous example.
httpd
versions 2.13 and 2.14 had a hard-coded
handling of URL pathnames starting /htbin
that mapped
them to scripts in a directory specified via HTBin
rule:
HTBin /your/htbin/directoryThis is still handled automatically by
httpd
, by
translating it to its equivalent Exec
form:
Exec /htbin/* /your/htbin/directory/*Always use
Exec
instead -- it is more general.
Search
field in rule file:
search /search/script/pathnameThis script is called with URL pathname of the document from which the query was issued from, in
PATH_INFO
environment variable, and absolute (translated) document pathname
in PATH_TRANSLATED
environment variable.
Keyword part of the URL is (undecoded) in QUERY_STRING
environment variable, and also decoded as command line parameters, one
in each of argv[1]
, argv[2]
, ...
Search script must conform to CGI/1.0 rules, that is, it has to output
either a Location:
field, or start its output with:
Content-Type: text/htmlfollowed by a blank line. (The Content-Type can, of course, be also other than
text/html
-- this was just an example.
httpd
has an extensive set of predefined
suffixes, so usually you don't need to specify any. The syntax is:
AddType .suffix representation encoding [quality]The parameters are as follows:
*.*
matches to all files which have not been matched by
any explicit suffixes but do contain a dot. *
by itself
matches to any file which does not match any other suffix.
xxx.*
which differ in their
suffix only, when a link to xxx.multi
is being resolved.
Defaults to 1.0.
AddType .html text/html 8bit 1.0 AddType .text text/plain 7bit 0.9 AddType .ps application/postscript 8bit 1.0 AddType *.* application/binary binary 0.1 AddType * text/plain 7bit
AddType
was previously called Suffix.
The
old name is still understood, but may be misleading since suffixes are
also used to determine Content-Transfer-Encoding and language. Always use
AddType
instead.
.Z
suffix for x-compressed
, for
example). Syntax is:
AddEncoding .suffix encoding
AddEncoding .Z x-compress
AddLanguage
rule (.en
suffix for english,
for example). Syntax is:
AddLanguage .suffix encoding
AddLanguage .en en AddLanguage .uk en_UK
UserDir
directive:
UserDir dir-nameThe dir-name argument is the directory in each user's home directory to be exported, for example
WWW
or
Web
.
httpd
to add meta-information to
response. Meta-information is stored in a directory specified by
MetaDir
directive, under the same directory as the file
being retrieved:
MetaDir dir-nameMeta-information is stored in a file with the same name as the actual document, but appended with a suffix specified via
MetaSuffix
directive:
MetaSuffix .suffixMeta-information files contain RFC822-style headers.
NoLog
directive can be used to
prevent log entry being made for hosts matching a given IP number or
host name template:
NoLog template
NoLog 128.141.*.* NoLog *.cern.ch NoLog *.ch *.fr *.it
Enable method Disable methodBy default
GET
, HEAD
and
POST
are enabled, and the rest are disabled.
Enable POST Disable DELETE
DirAccess on
-dy
command line option.
Default.
DirAccess off
-dn
command line option.
DirAccess selective
.www_browsable
are allowed.
Synonym with -ds
command line option.
DirReadme top
README
file, include the text at the top of the directory listing.
Synonym with -dt
command line option.
Default.
DirReadme bottom
README
appear
on the bottom.
Synonym with -db
command line option.
DirReadme off
README
inclusion feature.
Synonym with -dr
command line option.
-l
logfile command
line option, or with AccessLog
directive:
AccessLog /absolute/path/logfile
ErrorLog
directive:
ErrorLog /absolute/path/errorlogIf error log file is not specified, it defaults to access log file name with
.error
extension. If the filename extension
already exists, .error
will replace it.
LogFormat commonThe old CERN
httpd
format can be used by
LogFormat old
LogTime
directive:
LogTime gmtDefault is:
LogTime localtime
SuffixCaseSense
directive:
SuffixCaseSense On
InputTimeOut 120 OutputTimeOut 1200That is, 2 minutes and 20 minutess, respectively.
UserId
directive sets the default user to run as instead
of nobody
. This directive is only meaningful when
running server as root.
UserId whoever
GroupId
directive sets the default group to run under
instead of nogroup
. This directive is only meaningful
when running server as root.
GroupId whichever
CacheRoot
directive, which is used to set the absolute
path of the cache directory:
CacheRoot /absolute/cache/directory
CacheSize
directive sets the maximum cache size in
megabytes. Default value is 5MB, but its preferable to have several
megabytes of cache, like 50-100MB, to get best results. Cache may,
however, temporarily grow a few megabytes bigger than specified.
CacheSize 20sets cache size to 20 megabytes.
CacheClean
directive will be removed. This value overrides expiry date in that
no file can be stored longer than this value specifies, regardless of
expiry date. Default value is 21 days.
CacheClean 14would cause everything older than two weeks to be removed.
CacheUnused
directive will be removed. Default value is
14 days.
CacheUnused 7would set this to one week.
Expires:
nor
Last-Modified:
header will be kept at most the number of
days specified by CacheDefaultExpiry
directive.
Default value is 7 days.
CacheDefaultExpiry 1would set this to one day.
GcTimeInterval hours GcReqInterval requests
GcTimeInterval
specifies the number of hours after which
time to do garbage collection. Default value is 24 hours.
GcReqInterval
specifies the maximum number of requests
between successive garbage collections. Default value is 10000
requests.
GcMemUsage
directive advices garbage collector about how
much memory to use. You may imagine this is the number of kilobytes
to use for gc data, but it may vary greatly according to dynamic
things, like the directory structure of cached files.
Default is 500; if gc fails because memory runs out make this smaller. If your machine has so much memory that it just can't run out, make this very big.
GcMemUsage 100if you have very little memory.
CacheLimit_1
sets the lower
limit; under this all the files have equal size factor.
CacheLimit_2
sets up higher limit; files bigger than this
get extremely bad size factor (meaning they get removed right away
because they are too big). Sizes are specified in kilobytes, and defaults values are 200K and 4MB, respectively.
CacheLimit_1 200 CacheLimit_2 4000would set the same values as the defaults, 200K and 4MB.
CacheLockTimeOut
directive sets the amount of time after which lock can be broken.
Time is specified in seconds, default value is 1200 seconds (20
minutes), the same as default OutputTimeOut
.
CacheLockTimeOut should never be less than OutputTimeOut!
CacheLockTimeOut 1800would set lock timeout to half an hour.
http_proxy
ftp_proxy
gopher_proxy
wais_proxy
#!/bin/sh http_proxy=http://outer.proxy.server:8082/ export http_proxy /usr/etc/httpd -r /etc/inner-proxy.conf -p 8081This is a little ugly, so there are also the following directives for the configuration file:
http_proxy
http://outer.proxy.server/
ftp_proxy
http://outer.proxy.server/
gopher_proxy
http://outer.proxy.server/
wais_proxy
http://outer.proxy.server/