/etc/httpd.conf
- Default configuration file
#
- Comment sign
Map
- Map URLs to actual files
Pass
- Accept a request
Fail
- Fail a request
Redirect
- Redirect a request
Protect
- Set up protection
DefProt
- Default protection setup
Exec
- Executable server scripts
Search
- Index search facility
AddType
- Filename suffix mappings to MIME Content-Types
AddEncoding
- Filename suffix mappings to MIME Content-Encodings
AddLanguage
- Filename suffix mappings to different Content-Languages,
multilanguage support
UserDir
- User-supported directories, URLs starting /~username
MetaDir
- Directory name for meta-information files
MetaSuffix
- Suffix for meta-information files
NoLog
- No log entries for listed hosts/domains
Disable
- Disable methods that you don't need/want
Enable
- Enable a desired method
httpd
will translate a request into a document name.
It allows one to provide an extra level of name mapping above that
given by symbolic links in the file system. It allows, for example,
out of date names to mapped onto their more recent counterparts. The configuration file also allows access to be restricted. This is essential, to prevent, for example, unauthorized access to your private documents.
Note: The configuration file is not essential if you want to just export one directory tree, but then you must remember to specify the exported directory in command line:
httpd -p 80 /your/exported/directoryThe server guesses the data types of file from the file suffix. A configuration file is necessary to specify any data types which are not in the default set of suffixes. However, the default set is quite extensive.
/etc/httpd.conf
is
loaded, unless specified otherwise with the -r
command line
option:
httpd -p 80 -r /your/own/httpd.confSee also: example rule files.
#
are ignored, as are empty lines.
Map,
Pass
and
Fail.
The server uses the top rule first, then
each successive rule unless told otherwise by a
Pass
or a Fail
rule.
Map
template result
Pass
template
Pass
template result
Fail
template
*
. The result string may have the wildcard only if the
template has one. When matching,
Map
template exactly, the
result string is used instead of the original string and applied
to successive rules.
Map
template with
wildcard, then the text of the request which matches the wildcard
is inserted in place of the wildcard in the result string
to form the translated request. If the result string has no
wildcard, it is used as it is.
Map
substitution takes place, the rule scan
continues with the next rule using the new string in place of the
request. This is not the case if a Pass
or
Fail
is matched: they terminate the rule scan.
Redirect
rule to tell
httpd
to redirect the request to another server. If the
client program is smart enough user won't even notice that the
document is retrieved from a different server.
Redirect
template result
http:
and the host name).
Redirect /hypertext/WWW/* http://www.cern.ch/WebDocs/*This redirects everything starting with
/hypertext/WWW
to
host www.cern.ch
into virtual directory
/WebDocs
. For example,
/hypertext/WWW/
would be redirected to
http://www.cern.ch/WebDocs/
.
Protect
and
DefProt
rules. Their syntax is the following:
DefProt
template setup-file [
uid.gid]
Protect
rule. If that
Protect
rule doesn't specify setup-file, the
one from the latest DefProt
rule is used.
Protect
[
template setup-file [
uid.gid]]
If setup-file is not specified the one from previous
matched DefProt
rule will be used. If none have
matched access to the file is forbidden.
Setup file can be omitted from Protect
rule, but it is
obligatory in DefProt
rule. If setup file is omitted it
is not possible to give the uid.gid part, either.
uid.gid are the Unix user id and group id (either by name or by
number, separated by a dot) to which the server should change when
serving the request. These are only meaningful when the server is
running as root.
If they are missing they default to
nobody.nogroup.
Note: Uid and gid are inherited from
DefProt
rule to Protect
rule
only when the setup-file is also inherited.
If setup-file is specified for Protect
rule but
uid.gid is not, they default to nobody.nogroup
regardless of the previous DefProt
rule.
This is to avoid accidentally running the server under wrong user id
with wrong setup file. This information should logically go into the
protection setup file, but for safety reasons it cannot be done,
because a non-trustworthy collaboration could specify it to be
root
. This way only the main webmaster
can
control user and group ids.
Exec
rule:
Exec template scriptIn both template and script there must be a
*
wildcard, that
matches everything starting from the script filename. This is
to enable httpd
to know what is the script name and what
is the extra path information to be passed to the script.
/your/url/doit
to execute the script /usr/etc/www/htbin/doit.
You do
this by saying:
Exec /your/url/* /usr/etc/www/htbin/*Here asterisk mathes the script name
doit
(and everything
else that follows it). Usually people use some fixed keyword in front
of the pathname in URL to point out that the document is actually a
script call. Often this keyword is /htbin
. That is,
usually your Exec
rule looks like this:
Exec /htbin/* /usr/etc/www/htbin/*and all the URLs pointing to the scripts start with
/htbin
, for example /htbin/doit
in the
previous example.
httpd
versions 2.13 and 2.14 had a hard-coded
handling of URL pathnames starting /htbin
that mapped
them to scripts in a directory specified via HTBin
rule:
HTBin /your/htbin/directoryThis is still handled automatically by
httpd
, by
translating it to its equivalent Exec
form:
Exec /htbin/* /your/htbin/directory/*Always use
Exec
instead -- it is more general.
Search
field in rule file:
search /search/script/pathnameThis script is called with URL pathname of the document from which the query was issued from, in
PATH_INFO
environment variable, and absolute (translated) document pathname
in PATH_TRANSLATED
environment variable.
Keyword part of the URL is (undecoded) in QUERY_STRING
environment variable, and also decoded as command line parameters, one
in each of argv[1]
, argv[2]
, ...
Search script must conform to CGI/1.0 rules, that is, it has to output
either a Location:
field, or start its output with:
Content-Type: text/htmlfollowed by a blank line. (The Content-Type can, of course, be also other than
text/html
-- this was just an example.
httpd
has an extensive set of predefined
suffixes, so usually you don't need to specify any. The syntax is:
AddType .suffix representation encoding [quality]The parameters are as follows:
*.*
matches to all files which have not been matched by
any explicit suffixes but do contain a dot. *
by itself
matches to any file which does not match any other suffix.
xxx.*
which differ in their
suffix only, when a link to xxx.multi
is being resolved.
Defaults to 1.0.
AddType .html text/html 8bit 1.0 AddType .text text/plain 7bit 0.9 AddType .ps application/postscript 8bit 1.0 AddType *.* application/binary binary 0.1 AddType * text/plain 7bit
AddType
was previously called Suffix.
The
old name is still understood, but may be misleading since suffixes are
also used to determine Content-Encoding and language. Always use
AddType
instead.
.Z
suffix for x-compressed
, for example).
Syntax is:
AddEncoding .suffix encoding
AddEncoding .Z x-compressed
AddLanguage
rule (.en
suffix for english,
for example). Syntax is:
AddLanguage .suffix encoding
AddLanguage .en en AddLanguage .uk en_UK
UserDir
directive:
UserDir dir-nameThe dir-name argument is the directory in each user's home directory to be exported, for example
WWW
or
Web
.
httpd
to add meta-information to
response. Meta-information is stored in a directory specified by
MetaDir
directive, under the same directory as the file
being retrieved:
MetaDir dir-nameMeta-information is stored in a file with the same name as the actual document, but appended with a suffix specified via
MetaSuffix
directive:
MetaSuffix .suffixMeta-information files contain RFC822-style headers.
NoLog
directive can be used to
prevent log entry being made for hosts matching a given IP number or
host name template:
NoLog template
NoLog 128.141.*.* NoLog *.cern.ch NoLog *.ch *.fr *.it
Enable method Disable methodBy default
GET
, HEAD
and
POST
are enabled, and the rest are disabled.
Enable POST Disable DELETE