##
httpd.conf - configuration for the Apache web server
#
#
What we listen to
#
ServerType
StandAlone
ServerRoot
/etc/httpd/
#
We don't handle this yet...
#
#
Dynamic Shared Object (DSO) Support
#
#
To be able to use the functionality of a module which was built as a DSO you
#
have to place corresponding `LoadModule' lines at this location so the
#
directives contained in it are actually available _before_ they are used.
#
Please read the file README.DSO in the Apache 1.3 distribution for more
#
details about the DSO mechanism and run `httpd -l' for the list of already
#
built-in (statically linked and thus always available) modules in your httpd
#
binary.
#
#
Note: The order is which modules are loaded is important. Don't change
#
the order below without expert advice.
#
#
Example:
#
LoadModule foo_module modules/mod_foo.so
#LoadModule
mmap_static_module modules/mod_mmap_static.so
LoadModule
vhost_alias_module modules/mod_vhost_alias.so
LoadModule
env_module modules/mod_env.so
LoadModule
config_log_module modules/mod_log_config.so
LoadModule
agent_log_module modules/mod_log_agent.so
LoadModule
referer_log_module modules/mod_log_referer.so
#LoadModule
mime_magic_module modules/mod_mime_magic.so
LoadModule
mime_module modules/mod_mime.so
LoadModule
negotiation_module modules/mod_negotiation.so
LoadModule
status_module modules/mod_status.so
LoadModule
info_module modules/mod_info.so
LoadModule
includes_module modules/mod_include.so
LoadModule
autoindex_module modules/mod_autoindex.so
LoadModule
dir_module modules/mod_dir.so
LoadModule
cgi_module modules/mod_cgi.so
LoadModule
asis_module modules/mod_asis.so
LoadModule
imap_module modules/mod_imap.so
LoadModule
action_module modules/mod_actions.so
#LoadModule
speling_module modules/mod_speling.so
LoadModule
userdir_module modules/mod_userdir.so
LoadModule
alias_module modules/mod_alias.so
LoadModule
rewrite_module modules/mod_rewrite.so
LoadModule
access_module modules/mod_access.so
LoadModule
auth_module modules/mod_auth.so
LoadModule
anon_auth_module modules/mod_auth_anon.so
LoadModule
db_auth_module modules/mod_auth_db.so
#LoadModule
digest_module modules/mod_digest.so
#LoadModule
proxy_module modules/libproxy.so
#LoadModule
cern_meta_module modules/mod_cern_meta.so
LoadModule
expires_module modules/mod_expires.so
LoadModule
headers_module modules/mod_headers.so
#LoadModule
usertrack_module modules/mod_usertrack.so
#LoadModule
example_module modules/mod_example.so
#LoadModule
unique_id_module modules/mod_unique_id.so
LoadModule
setenvif_module modules/mod_setenvif.so
#LoadModule
bandwidth_module modules/mod_bandwidth.so
#LoadModule
put_module modules/mod_put.so
<IfDefine
HAVE_PERL>
LoadModule
perl_module modules/libperl.so
</IfDefine>
<IfDefine
HAVE_PHP>
LoadModule
php_module modules/mod_php.so
</IfDefine>
<IfDefine
HAVE_PHP3>
LoadModule
php3_module modules/libphp3.so
</IfDefine>
<IfDefine
HAVE_PHP4>
LoadModule
php4_module modules/libphp4.so
</IfDefine>
<IfDefine
HAVE_DAV>
LoadModule
dav_module modules/libdav.so
</IfDefine>
<IfDefine
HAVE_ROAMING>
LoadModule
roaming_module modules/mod_roaming.so
</IfDefine>
<IfDefine
HAVE_SSL>
LoadModule
ssl_module modules/libssl.so
</IfDefine>
# Reconstruction of the complete module list
from all available modules
# (static and shared ones) to achieve correct
module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION
ABOVE UPDATE THIS, TOO]
ClearModuleList
#AddModule
mod_mmap_static.c
AddModule
mod_vhost_alias.c
AddModule
mod_env.c
AddModule
mod_log_config.c
AddModule
mod_log_agent.c
AddModule
mod_log_referer.c
#AddModule
mod_mime_magic.c
AddModule
mod_mime.c
AddModule
mod_negotiation.c
AddModule
mod_status.c
AddModule
mod_info.c
AddModule
mod_include.c
AddModule
mod_autoindex.c
AddModule
mod_dir.c
AddModule
mod_cgi.c
AddModule
mod_asis.c
AddModule
mod_imap.c
AddModule
mod_actions.c
#AddModule
mod_speling.c
AddModule
mod_userdir.c
AddModule
mod_alias.c
AddModule
mod_rewrite.c
AddModule
mod_access.c
AddModule
mod_auth.c
AddModule
mod_auth_anon.c
AddModule
mod_auth_db.c
#AddModule
mod_digest.c
#AddModule
mod_proxy.c
#AddModule
mod_cern_meta.c
AddModule
mod_expires.c
AddModule
mod_headers.c
#AddModule
mod_usertrack.c
#AddModule
mod_example.c
#AddModule
mod_unique_id.c
AddModule
mod_so.c
AddModule
mod_setenvif.c
#AddModule
mod_bandwidth.c
#AddModule
mod_put.c
<IfDefine
HAVE_PERL>
AddModule
mod_perl.c
</IfDefine>
<IfDefine
HAVE_PHP>
AddModule
mod_php.c
</IfDefine>
<IfDefine
HAVE_PHP3>
AddModule
mod_php3.c
</IfDefine>
<IfDefine
HAVE_PHP4>
AddModule
mod_php4.c
</IfDefine>
<IfDefine
HAVE_DAV>
AddModule
mod_dav.c
</IfDefine>
<IfDefine
HAVE_ROAMING>
AddModule
mod_roaming.c
</IfDefine>
<IfDefine
HAVE_SSL>
AddModule
mod_ssl.c
</IfDefine>
ServerName
ns1.bogus25.com
ServerAdmin
support@bogus25.com
Listen
*:80
Port
80
ScoreBoardFile
/var/run/httpd.scoreboard
NameVirtualHost
72.96.152.127
#
Where do we put the lock and pif files?
LockFile
/var/lock/httpd.lock
PidFile
/var/run/httpd.pid
CoreDumpDirectory
"/etc/httpd"
#
Documents
DocumentRoot
/var/www/html
UserDir
public_html
IndexOptions
FancyIndexing
#
Who runs the server?
User
apache
Group
apache
#
Performance parameters
MaxClients
150
TimeOut
300
KeepAlive
false
MaxKeepAliveRequests
100
MaxRequestsPerChild
100
KeepAliveTimeout
15
MinSpareServers
5
MaxSpareServers
20
StartServers
8
#
Error documents
#
Misc
AccessFileName
.htaccess
UseCanonicalName
on
TypesConfig
/etc/mime.types
DefaultType
"text/plain"
#
Defaults for virtual hosts
ServerSignature
on
#
Logs
ErrorLog
/var/log/httpd/error_log
LogLevel
warn
HostNameLookups
Off
#
Need to modify to your choice
LogFormat
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat
"%h %l %u %t \"%r\" %>s %b" common
LogFormat
"%{Referer}i -> %U" referer
LogFormat
"%{User-agent}i" agent
CustomLog
/var/log/httpd/access_log common
Alias
/icons/ "/var/www/icons/"
#
#
ScriptAlias: This controls which directories contain server scripts.
#
ScriptAliases are essentially the same as Aliases, except that
#
documents in the realname directory are treated as applications and
#
run by the server when requested rather than as documents sent to the client.
#
The same rules about trailing "/" apply to ScriptAlias directives
as to
#
Alias.
#
#ScriptAlias
/cgi-bin/ "/var/www/cgi-bin/"
#
#
"/var/www/cgi-bin" should be changed to whatever your ScriptAliased
#
CGI directory exists, if you have that configured.
#
#<Directory
"/var/www/cgi-bin">
# AllowOverride None
# Options ExecCGI
# Order allow,deny
# Allow from all
#</Directory>
#
#
Redirect allows you to tell clients about documents which used to exist in
#
your server's namespace, but do not anymore. This allows you to tell the
#
clients where to look for the relocated document.
#
Format: Redirect old-URI new-URL
#
#
#
Directives controlling the display of server-generated directory listings.
#
#
#
FancyIndexing: whether you want fancy directory indexing or standard
#
IndexOptions
FancyIndexing
#
#
AddIcon* directives tell the server which icon to show for different
#
files or filename extensions. These
are only displayed for
#
FancyIndexed directories.
#
AddIconByEncoding
(CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType
(TXT,/icons/text.gif) text/*
AddIconByType
(IMG,/icons/image2.gif) image/*
AddIconByType
(SND,/icons/sound2.gif) audio/*
AddIconByType
(VID,/icons/movie.gif) video/*
AddIcon
/icons/binary.gif .bin .exe
AddIcon
/icons/binhex.gif .hqx
AddIcon
/icons/tar.gif .tar
AddIcon
/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon
/icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon
/icons/a.gif .ps .ai .eps
AddIcon
/icons/layout.gif .html .shtml .htm .pdf
AddIcon
/icons/text.gif .txt
AddIcon
/icons/c.gif .c
AddIcon
/icons/p.gif .pl .py
AddIcon
/icons/f.gif .for
AddIcon
/icons/dvi.gif .dvi
AddIcon
/icons/uuencoded.gif .uu
AddIcon
/icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon
/icons/tex.gif .tex
AddIcon
/icons/bomb.gif core
AddIcon
/icons/back.gif ..
AddIcon
/icons/hand.right.gif README
AddIcon
/icons/folder.gif ^^DIRECTORY^^
AddIcon
/icons/blank.gif ^^BLANKICON^^
#
#
DefaultIcon: which icon to show for files which do not have an icon
#
explicitly set.
#
DefaultIcon
/icons/unknown.gif
#
#
AddDescription: allows you to place a short description after a file in
#
server-generated indexes. These are
only displayed for FancyIndexed
#
directories.
#
Format: AddDescription "description" filename
#
#AddDescription
"GZIP compressed document" .gz
#AddDescription
"tar archive" .tar
#AddDescription
"GZIP compressed tar archive" .tgz
#
#
ReadmeName: the name of the README file the server will look for by
#
default, and append to directory listings.
#
#
HeaderName: the name of a file which should be prepended to
#
directory indexes.
#
#
The server will first look for name.html and include it if found.
#
If name.html doesn't exist, the server will then look for name.txt
#
and include it as plaintext if found.
#
ReadmeName
README
HeaderName
HEADER
#
#
IndexIgnore: a set of filenames which directory indexing should ignore
#
and not include in the listing. Shell-style
wildcarding is permitted.
#
IndexIgnore
.??* *~ *# HEADER* README* RCS CVS *,v *,t
#
#
AddEncoding: allows you to have certain browsers (Mosaic/X 2.1+) uncompress
#
information on the fly. Note: Not all browsers support this.
#
Despite the name similarity, the following Add* directives have nothing
#
to do with the FancyIndexing customization directives above.
#
AddEncoding
x-compress Z
AddEncoding
x-gzip gz tgz
#
#
AddLanguage: allows you to specify the language of a document. You can
#
then use content negotiation to give a browser a file in a language
#
it can understand. Note that the suffix
does not have to be the same
#
as the language keyword --- those with documents in Polish (whose
#
net-standard language code is pl) may wish to use "AddLanguage pl .po"
#
to avoid the ambiguity with the common suffix for perl scripts.
#
AddLanguage
en .en
AddLanguage
fr .fr
AddLanguage
de .de
AddLanguage
da .da
AddLanguage
el .el
AddLanguage
it .it
#
#
LanguagePriority: allows you to give precedence to some languages
#
in case of a tie during content negotiation.
#
Just list the languages in decreasing order of preference.
#
LanguagePriority
en fr de
#
#
AddType: allows you to tweak mime.types without actually editing it, or to
#
make certain files to be certain types.
#
#
The following is for PHP4 (conficts with PHP/FI, below):
<IfModule
mod_php4.c>
AddType application/x-httpd-php .php4 .php3
.phtml .php
AddType application/x-httpd-php-source .phps
</IfModule>
#
The following is for PHP3:
<IfModule
mod_php3.c>
AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3-source .phps
</IfModule>
#
The following is for PHP/FI (PHP2):
<IfModule
mod_php.c>
AddType application/x-httpd-php .phtml
</IfModule>
AddType
application/x-tar .tgz
#
#
AddHandler: allows you to map certain file extensions to "handlers",
#
actions unrelated to filetype. These can be either built into the server
#
or added with the Action command (see below)
#
#
If you want to use server side includes, or CGI outside
#
ScriptAliased directories, uncomment the following lines.
#
#
To use CGI scripts:
#
AddHandler
cgi-script .cgi .pl
#
#
To use server-parsed HTML files
#
AddType
text/html .shtml
AddHandler
server-parsed .shtml
#
#
Uncomment the following line to enable Apache's send-asis HTTP file
#
feature
#
#AddHandler
send-as-is asis
#
#
If you wish to use server-parsed imagemap files, use
#
AddHandler
imap-file map
#
#
The following directives modify normal HTTP response behavior.
#
The first directive disables keepalive for Netscape 2.x and browsers that
#
spoof it. There are known problems with these browser implementations.
#
The second directive is for Microsoft Internet Explorer 4.0b2
#
which has a broken HTTP/1.1 implementation and does not properly
#
support keepalive when it is used on 301 or 302 (redirect) responses.
#
BrowserMatch
"Mozilla/2" nokeepalive
BrowserMatch
"MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
#
#
The following directive disables HTTP/1.1 responses to browsers which
#
are in violation of the HTTP/1.0 spec by not being able to grok a
#
basic 1.1 response.
#
BrowserMatch
"RealPlayer 4\.0" force-response-1.0
BrowserMatch
"Java/1\.0" force-response-1.0
BrowserMatch
"JDK/1\.0" force-response-1.0
#
If the perl module is installed, this will be enabled.
<IfModule
mod_perl.c>
Alias /perl/ /var/www/perl/
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
</Location>
</IfModule>
#
#
Allow http put (such as Netscape Gold's publish feature)
#
Use htpasswd to generate /etc/httpd/conf/passwd.
#
You must unremark these two lines at the top of this file as well:
#LoadModule
put_module modules/mod_put.so
#AddModule
mod_put.c
#
#Alias
/upload /tmp
#<Location
/upload>
# EnablePut On
# AuthType Basic
# AuthName Temporary
# AuthUserFile /etc/httpd/conf/passwd
# EnableDelete Off
# umask 007
# <Limit PUT>
# require valid-user
# </Limit>
#</Location>
#
#
Allow server status reports, with the URL of http://servername/server-status
#
Change the ".your_domain.com" to match your domain to enable.
#
#<Location
/server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
#
#
Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that
mod_info.c be loaded).
#
Change the ".your_domain.com" to match your domain to enable.
#
#<Location
/server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
#
Allow access to local system documentation from localhost
Alias
/doc/ /usr/share/doc/
<Location
/doc>
order deny,allow
deny from all
allow from localhost
Options Indexes FollowSymLinks
</Location>
#
<IfDefine
HAVE_SSL>
##
##
SSL Virtual Host Context
##
# Apache will only listen on port 80 by default. Defining the virtual server
# (below) won't make it automatically listen
on the virtual server's port.
Listen
443
<VirtualHost
_default_:443>
# General setup for the virtual host
DocumentRoot
"/var/www/html"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine
on
# SSL Cipher Suite:
# List the ciphers that the client is permitted
to negotiate.
# See the mod_ssl documentation for a complete
list.
#SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded
certificate. If
# the certificate is encrypted, then you will
be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate'
under
# built time. Keep in mind that if you've both
a RSA and a DSA
# certificate you can configure both in parallel
(to also allow
# the use of DSA ciphers, etc.)
SSLCertificateFile
/etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile
/etc/httpd/conf/ssl.crt/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate,
use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you
can configure
# both in parallel (to also allow the use of
DSA ciphers, etc.)
SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/server.key
#SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/server-dsa.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing
the
# concatenation of PEM encoded CA certificates
which form the
# certificate chain for the server certificate.
Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended
to the server
# certificate for convinience.
#SSLCertificateChainFile
/etc/httpd/conf/ssl.crt/ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where
to find CA
# certificates for client authentication or
alternatively one
# huge file containing all of them (file must
be PEM encoded)
# Note: Inside SSLCACertificatePath you need
hash symlinks
# to point to the certificate files. Use
the provided
# Makefile to update the hash symlinks
after changes.
#SSLCACertificatePath
/etc/httpd/conf/ssl.crt
#SSLCACertificateFile
/etc/httpd/conf/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA
CRLs for client
# authentication or alternatively one huge file
containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need
hash symlinks
# to point to the certificate files. Use
the provided
# Makefile to update the hash symlinks
after changes.
#SSLCARevocationPath
/etc/httpd/conf/ssl.crl
#SSLCARevocationFile
/etc/httpd/conf/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth.
Types are
# none, optional, require and optional_no_ca.
Depth is a
# number which specifies how deeply to verify
the certificate
# issuer chain before deciding the certificate
is not valid.
#SSLVerifyClient
require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access
control based
# on arbitrary complex boolean expressions containing
server
# variable checks and other lookup directives.
The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location
/>
#SSLRequire
( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/
\
# and %{SSL_CLIENT_S_DN_O} eq "Snake
Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff",
"CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY}
<= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR}
<= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic
Authorisation. This means that
# the standard Auth/DBMAuth methods can be
used for access control. The
# user name is the `one line' version of the
client's X.509 certificate.
# Note that no password is obtained from the
user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment
variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded
certificates of the
# server (always existing) and the client
(only existing when client
# authentication is used). This can be used
to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related
`SSL_*' environment variables.
# Per default this exportation is switched
off for performance reasons,
# because the extraction step is an expensive
operation and is usually
# useless for serving static content. So one
usually enables the
# exportation for CGI and SSI requests only.
# o CompatEnvVars:
# This exports obsolete environment variables
for backward compatibility
# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux
1.0 and Stronghold 2.x. Use this
# to provide compatibility to existing CGI
scripts.
# o StrictRequire:
# This denies access when "SSLRequireSSL"
or "SSLRequire" applied even
# under a "Satisfy any" situation,
i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation
handling when SSL
# directives are used in per-directory context.
#SSLOptions
+FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files
~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory
"/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# Notice: Most problems of broken clients are
also related to the HTTP
# keep-alive facility, so you usually additionally
want to disable
# keep-alive for those clients, too. Use variable
"nokeepalive" for this.
SetEnvIf
User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
# Per-Server Logging:
# The home of a custom SSL log file. Use this
when you want a
# compact non-error SSL logfile on a virtual
host basis.
CustomLog
/var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
\"%r\" %b"
</VirtualHost>
</IfDefine>
#
Virtual hosts
#
Virtual host Default Virtual Host
<VirtualHost
_default_:*>
ServerName _default_
DirectoryIndex index.php index.html index.htm index.shtml
ServerSignature
email
LogLevel warn
HostNameLookups
off
</VirtualHost>
#
Virtual host bogus25.com
<VirtualHost
72.96.52.127>
DocumentRoot
/home/bogus25/www/
ServerAdmin
support@bogus25.com
ServerName
bogus25.com
ServerAlias www.bogus25.com
ScriptAlias
/cgi-bin/ /home/bogus25/cgi-bin/
#
Virtual host yourseconddomain.com
#<VirtualHost
72.96.52.127>
# DocumentRoot
/home/yourseconddomain/www/
# ServerAdmin
support@yourseconddomain.com
# ServerName
yourseconddomain.com
# ServerAlias www.yourseconddomain.com
# ScriptAlias
/cgi-bin/ /home/yourseconddomain/cgi-bin/
#
Directories...
<Directory
"/">
Options
FollowSymLinks
AllowOverride
None
</Directory>
<Directory
"/var/www/html">
Options
Indexes Includes FollowSymLinks
AllowOverride
None
Allow
from from all
Order Deny,Allow
</Directory>
<Directory
"/var/www/icons">
Options
Indexes MultiViews
AllowOverride
None
Allow
from from all
Order allow,deny
</Directory>