Apache server configuration Raiders
The setting file of the Apache server is located in / usr / local / apache / conf / directory, traditionally
Use three profile httpd.conf, access.conf, and srm.conf to configure Apache servers
the behavior of.
HTTPD.CONF provides the most basic server configuration, which is a skilled manner on how the daemon httpd is
Tymn; srm.conf is the resource mapping file of the server, telling the MIME type of various files,
And how to support these files; Access.conf is used to configure access to the server to control different users
And the computer's access restrictions; these three configuration files control all aspects of the server, so
These three files need to be set in order to run the server normally.
In addition to these three setup files, Apache also uses mime.types files to identify different texts.
Piece
The corresponding MIME type, the MAGIC file sets some special identifiers for different MIME type files, making
When the Apache server cannot determine the MIME type of the file from the document suffix, it can pass the file content.
These special tags to determine the MIME type of the document.
Bash-2.02 $ ls -l / usr / local / apache / conf
Total 100
-rw-r - r - 1 root wheel 348 APR 16 16:01 Access.conf
-rw-r - r - 1 root wheel 348 Feb 13 13:33 Access.conf.default
-rw-r - r - 1 root wheel 30331 May 26 08:55 httpd.conf
-rw-r - r - 1 root wheel 29953 Feb 13 13:33 httpd.conf.default
-rw-r - r - 1 root wheel 12441 APR 19 15:42 MAGIC
-rw-r - r - 1 root wheel 12441 feb 13 13:33 Magic.default
-rw-r - r - 1 root wheel 7334 Feb 13 13:33 mime.types
-rw-r - r - 1 root wheel 383 May 13 17:01 Srmm.conf
-rw-r - r - 1 root wheeel 357 Feb 13 13:33 Srm.conf.default
In fact, the current version of Apache will originally httpd.conf, srm.conf and Access.conf
All configuration parameters are placed in a configuration file httpd.conf, just to compile with the previous version.
The reason for accommodation (using these three settings files from NCSA-HTTPD), only three configurations
file. There is no specific settings in the access.conf and SRM.conf files.
Since all settings are placed in httpd.conf in the new version of Apache, only
Need to adjust the settings in this file. The following uses the default httpd.conf as an example, explain
Apache service
Each setting option for the instructor. However, it is not necessary because it provides settings to set the parameters, basically this
some
The parameters are clear, or the Apache server can also be run without a change. But if you need to adjust the Apache service
Affirm
The performance of the device, and support for some feature, you need to understand the meaning of these setting parameters.
About the performance of the Apache server, there is a big controversy on the Internet, basically use
Apache's user is almost no doubt that Apache has also supported a lot of famous high and negative.
Loaded websites, but in commercial institutions, Apache often scores not high. Many people pointed out, in
In these reviews, commercial web servers and their operating systems often perform performance adjustments by engineers from their professional companies, and free operating systems and web servers often use their default configuration or only small.
Change. It should be pointed out that in addition to the performance adjustment of the operating system, the Apache server itself
The default configuration is not optimal and most efficient, but to adapt to almost all kinds of operating systems, all
Settings under type hardware, multi-platform software cannot provide optimized for specific platforms and specific hardware
The default configuration. Therefore, performance adjustments are essential when using Apache.
Another fact that is ignored in business reviews is that different types of functions are often
ratio
More, for example, the performance of the standard CGI using apache is compared to the ISAPI, NSAPI and other server-side APIs.
The Apache server can be compared to the function of Modperl, Fastcgi, similar to the ASP.
Can be PHP, etc., but only because of Apache's open mode, these functions are independent development groups.
Implemented to stand-alone modules. However, in the evaluation, the tester did not join the corresponding module to evaluate it.
performance.
HTTP daemon running parameters
The parameters required for some HTTPD daemon runtime are first defined in httpd.conf.
Operation and operating environment.
Servertype Standalone
ServerType Defines the server's startup method, default is independent mode Standalone, httpd
The server will be launched by itself and resides in the host to monitor connection requests. Will be started in Linux
The web server is automatically launched in /etc/rc.d/rc.local/init.d/apache, this way is to
Recommended.
Another way to start the Apache server is the inet mode, using super server inetd monitoring
Squire and start the server. When you need to use the inetd startup method, you need to change to this setting.
And mask the /etc/rc.d/rc.local/init.d/apache file, and change /etc/inetd.conf and
Heat inetd, then Apache can start from inetd.
The difference between the two ways is that the independent method is to manage your own startup process by the server itself, so
start
You can immediately start multiple copies of the server, each copy resides in memory, a connection request
You can do it immediately if you don't need to generate a child process, and the response to the customer browser is faster, sexually
Can
high. The inetd method is to be found after the connection request is found after the connection request is to start the HTTP server.
inetd wants to listen too much port, so the reaction is slow, the efficiency is low, but saves the connection request
The resources occupied by the web server. Therefore, inetd is only used in occasionally accessible and does not require access.
Degree server. In fact, inetd mode is not suitable for http's burst and multi-connection characteristics because one
The page may contain multiple images, and each image will cause a connection request, even though the visitors
The number has caused less, but the instantaneous connection request is quite limited, which is limited by inetd performance, even shadow
Other server programs started by inetd.
Serverroot "/ usr / local"
ServerRoot is used to specify the run directory of the daemon httpd, and HTTPD will automatically
will
The current directory of the process changes to this directory, so if the file or directory specified in the setup file is
For the path, the real path is located under this ServerRoot definition path.
Because HTTPD will perform concurrent file operations, you need to use a locking method to ensure files.
The operation does not conflict, and since the NFS file system is limited in the file lock, this directory should be a local disk file system without using NFS file systems.
#LOCKFILE /VAR/Run/httpd.lock
The LockFile parameter specifies the lock file of the HTTPD daemon, which generally does not need to set this parameter.
The Apache server will automatically operate in the path below ServerRoot. but if
ServerRoot is an NFS file system, you need to use this parameter to specify the path in the local file system.
Pidfile /var/run/httpd.pid
PIDFile specified file will record the process number of the HTTPD daemon, because HTTPD can automatically copy
It itself, so there are multiple httpd processes in the system, but only one process is initially started, it
The parent process for other processes will affect all HTTPD processes for this process. PIDFILE
The process number of the HTTPD parent process is recorded in the defined file.
ScoreboardFile /var/run/httpd.scoreboard
HTTPD uses ScoreboardFile to maintain internal data of the process, so it usually does not need to change this
Parameters, unless the administrator wants to run several Apache servers on a computer, then each
Apache servers require a separate setup file htt pd.conf and use different
ScoreboardFile.
#ResourceConfig conf / srm.conf
#Accessconfig conf / access.conf
These two parameters resourceconfig and accessconfig are used to use SRM.CONF and
The old version of the Access.conf setting file is compatible with the Apache. If there is no compatible needs, you can
The setup file is specified as / dev / null, which will indicate that there is no other settings file, but only use
Httpd.conf a file to save all settings options.
TIMEOUT 300
Timeout defines the overall time separation of the client and server connection, exceeding this time interval (seconds)
The rear server will disconnect the connection with the client.
Keepalive ON
In HTTP 1.0, a connection can only be transmitted once an HTTP request, and the Keepalive parameter is used for
Support for HTTP 1.1 version, multiple transmission functions, so you can pass in a connection
Multiple HTTP requests. Although only new browsers support this feature, but still open this
Options.
MaxkeepaliveRequests 100
MaxkeepAliveRequests is the maximum number of requests for HTTP requests for a connection.
will
Its value is set to 0 will support an unlimited transmission request within a single connection. In fact, there is no customer program in
Too many pages are requested in a connection, usually do not reach this upper limit to complete the connection.
KeepaliveTimeout 15
KeepaliveTimeout Tests time between multiple requests transmitted in a connection, if
Be aware of
A request has been completed, but it has not received the next request for the client program, and the interval exceeds
In
After this parameter is set, the server is disconnected.
MinSpareServers 5MaxSpareServers 10
On the WEB server that uses sub-process to process HTTP requests, because of the first generation of child processes to be
If the customer's request, there is a little delay in the reaction time. However, Apache servers use one
Special techniques to get rid of this problem, this is the predecessor to become a plurality of empty sub-process resident in the system,
Once there is a request, use these empty sub-processes immediately, so there is no generating
The latency caused by the child process. In operation, as the customer request increases, the started child process will increase, but these server copies do not quit immediately after processing HTTP requests, but staying
Wait for the next request in the computer. However, the copy of the sub-process copy cannot be increased without decrease, too many empty
The surplus process does not have a task, and it also takes up the processing power of the server, so it is necessary to limit the empty copy.
The quantity, allowing it to maintain a suitable number, making it possible to respond to customer request in time, and reduce
The number of processes you want.
So you can use the parameter minSpareServers to set the minimum number of air processes,
and
Use the parameter maxSpareServers to limit the number of idle child processes, excess server processes
A copy will exit. Set according to the actual situation of the server, if the server performance is high, and
Also
Access is frequent, you should increase the settings of these two parameters. For high-load professional websites, these two
value
It should be substantially the same, and the number of copies of the maximum server supported by the system is also reduced unnecessary.
vice
This exit.
StartServers 5
The StartServers parameter is used to set the number of sub-process copies that started when HTTPD starts.
The parameters are related to the MINSPARSERVERSERS and MaxSpareServers parameters defined above, are used for
The air idle process to improve the speed of the server. This parameter should be set to between the first two values.
A value, less than Minservers and greater than maxs pareservers.
MaxClients 150
On the other hand, the server's ability is limited, it is impossible to handle unlimited connections.
please
Seeking, therefore the parameter MaxClient S is used to specify the number of customers supported by the server, such as
If this value is set too large, the system has to cut between excessive processes when busy.
Many customers are serving, so that the response to each customer will slow down and reduce the overall efficiency.
If this value is set, it will reject some client connection requests when the system is busy. Conjoity
When the server is high, the settings of this value can be appropriately added. For professional websites, you should use
High server efficiency strategy, so this parameter cannot exceed the limit of hardware itself, if frequent appears
Refusing the access phenomenon, you need to upgrade the server hardware. For non-professional websites, not much
The response speed of the customer browser, or that the reaction speed is slower, but it can be slightly better than the refusal.
Micro exceeds the hardware condition to set this parameter.
This parameter limits the settings for MinSpareServers and MaxSpareServers, they should not
Big
Setting this parameter.
MaxRequestSperchild 30
The use of sub-process provides service web services, and common ways is a child process as a connection
A service, the problem caused, that is, each connection needs to be generated, exit the subscription system operation,
This additional processing process occupies a large amount of processing capabilities of the computer. So the best way is one
The process can be a multiple connection request service, so it does not require these generations, exiting the system
Consumption, Apache uses this way, after the connection is completed, the child process does not quit, but
Staying in the system waiting for the next service request, which greatly improves performance.
However, due to the constant application and release of memory during processing, it will cause more times.
One
Some memory garbage will affect the stability of the system and affect the effective use of system resources. Thus, in
After a copy has handled a certain number of requests, you can give this sub-process copy, then from the original
Beginning
A clean copy is re-replicated in the HTTPD process so that the stability of the system can be improved. In this way, each sub-process processing service request is defined by Maxre QuestperChild. The default set value is 30
,
This value is too conservative for the Linux system with high stability characteristics, which can be set to
1000 is even higher, set to 0 to support each copy to perform unlimited service processing.
#Listen 3000
#Listen 12.34.56.78:80
#Bindaddress *
The Listen parameter can specify that the server is also monitored other ports in addition to the 80-port of the standard.
of
HTTP request. Since the FreeBSD system can have multiple IP addresses at the same time, you can also specify a server.
Just listen to the HTTP request for the IP address of a BindadDress . If this is not configured,
The server will respond to requests for all IPs.
Even if the BindAddress parameter is used, the server only responds to a request to an IP address, but
By using the extended listEn parameter, it is still possible to let the HTTP daemon respond to other IP addresses.
request. The usage of the Listen parameter is the same as the second example above. This more complex usage
Mainly used to set the virtual host. After that, you can define virtual hosts of different IPs with VirtualHost parameters.
However, this usage is a method of setting a virtual host in an earlier HTTP 1.0 standard, each for a virtual
A host will need an IP address, which is not very useful. In HTTP 1.1, add a single IP
Support for multi-domain names of virtual hosts makes it greater significance.
LOADMODULE MIME_MAGIC_MODULE LIBEXEC / APACHE / MOD_MIME_MAGIC.SO
LoadModule Info_Module Libexec / Apache / MOD_INFO.SO
LoadModule Speling_Module Libexec / Apache / MOD_SPELING.SO
LoadModule Proxy_Module Libexec / Apache / LibProxy.so
LoadModule Rewrite_Module Libexec / Apache / MOD_rewrite.so
LOADMODULE Anon_AUTH_MODULE LIBEXEC / APACHE / MOD_AUTH_ANON.SO
LOADMODULE DB_AUTH_MODULE LIBEXEC / APACHE / MOD_AUTH_DB.SO
LoadModule Digest_Module Libexec / Apache / MOD_Digest.so
LOADMODULE CERN_META_MODULE LIBEXEC / APACHE / MOD_CERN_META.SO
LoadModule Expires_Module Libexec / Apache / MOD_EXPIRES.SOSOSOSO
LoadModule Headers_Module Libexec / Apache / MOD_HEADERS.SO
LoadModule Usertrack_Module Libexec / Apache / MOD_USERTRACK.SO
LOADMODULE UNIQUE_ID_MODULE LIBEXEC / APACHE / MOD_UNIQUE_ID.SO
ClearModuleList
AddModule MOD_ENV.C
AddModule MOD_LOG_CONFIG.C
AddModule MOD_MIME_MAGIC.C
AddModule MOD_MIME.C
AddModule MOD_NEGOTIATION.C
AddModule MOD_STATUS.C
AddModule MOD_INFO.C
AddModule MOD_INCLUDE.C
AddModule MOD_AUTOINDEX.C
Addmodule MOD_DIR.CADDModule MOD_CGI.C
AddModule MOD_ASIS.C
Addmodule MOD_IMAP.C
AddModule MOD_ACTIONS.C
Addmodule MOD_SPELING.C
AddModule MOD_USERDIR.C
AddModule MOD_PROXY.C
AddModule MOD_ALIAS.C
AddModule MOD_REWRITE.C
AddModule MOD_ACCESS.C
AddModule MOD_AUTH.C
AddModule MOD_AUTH_ANON.C
AddModule MOD_AUTH_DB.C
AddModule MOD_Digest.c
AddModule MOD_CERN_META.C
AddModule MOD_EXPIRES.C
AddModule MOD_HEADERS.C
AddModule MOD_USERTRACK.C
AddModule MOD_UNIQUE_ID.C
AddModule MOD_SO.C
AddModule MOD_SETENVIF.C
An important feature of the Apache server is its modular structure, which is not only manifested.
Translation can join new features via new modules, also manifestation, which can be dynamically loaded into HTTP services
Approach
In the order, there is no need to load unwanted modules. Dynamic loading modules using Apache only need to set
Load module and addmodule parameters can be, this feature is Apache's DSO (Dynamic)
Shared object) features, but to make full use of DSO features, it is still not a simple thing.
Inappropriate changes The settings here may cause the server to start normally. So if it is not an increase
Adding or reducing the functionality provided by the server, do not change the settings here.
The above list shows the modules supported by the default Apache server under Linux, in fact
Multi-block is not necessary, unnecessary modules will not be loaded into memory. Modules can be static to Pache
The server can also be dynamically loaded, and the characteristics of Apache are compiled into dynamic loadable modules.
Is the PORT approach, not the default approach of Apache, which is at the same time while sacrificing small performance
It brings great flexibility.
Therefore, the dynamic loadable ability is a slight effect on performance, so it can be recompiled
Apache, compile the features you need into the Apache server, allowing the system more
Clean, efficiency has slight improvement. Usually reformed Apache just just for this purpose
It is necessary, if you need to add additional characteristics, recompile Apache, you may wish to add other modules
At the same time, all modules are static into the Apache server. Some users prefer dynamic loading mode
Block, then you may also use a dynamic loading module.
These modules are placed in / usr / local / apache / libexec / directory, each module corresponds to
A feature of the Apache server. Detailed explanation of the function of each module requires quite a number of spaces, of which
The more important features will be explained in the corresponding places, while the function and use of each module
The law needs to view Apache's documentation.
#ExtendedStatus on
Apache server can report its own running status through a special HTTP request, open this
A
The extendedStatus parameter allows the server to report more fully run status information. Primary server settings
Apache servers require a variety of settings to define yourself to use various parameters to provide web services. Correct
In addition to the settings covered in the definition item of the virtual host (some)
Settings must be redefined), the settings here are also the default settings of the virtual host. Port 80
Port defines the ports used in the HTTPD daemon in Standalone mode, and the standard port is 80.
This option is only valid for servers that start in an independent manner, and services that are started in inetd
Which port is defined in inetd.conf.
Using the 80 port under UNIX requires root privileges, some administrators think about the reason for security
The HTTPD server is not possible without security vulnerabilities, so it is preferred to use ordinary users' permissions to start the service.
The server, which cannot use the 80 port and other ports of less than 1024, but must use greater than 1024
Port to start HTTPD, in general, 8000 or 8080 is also a commonly used port. Apache httpd service
The instructor itself can change to ordinary user identity after opening 80 ports with root privileges.
It is not necessary to consider this security problem. But if ordinary users want
Install your own WWW server, then you have to use ports greater than 1024.
User Nobody
Group nogroup
User and Group configuration are security assurances of Apache, and Apache will be opened after opening the port.
The body is set to run the user and group permissions set by these two options, which reduces the danger of the server.
Dangerous. This option is also only used for Standalone mode, the inetd mode specifies the operation in inetd.conf.
Row Apache user. Since the server must perform a setuid () operation that changes the identity,
Cheng should have root privileges, if you use non-root users to start AAPCHE, this configuration will not
Play a role.
The default setting is Nobody and NOGROUP, this user and group do not own files in the system, guaranteed
The server itself is not permission to change the file system with the CGI process started by it. In some cases, examples
For example, in order to run the CGI and UNIX, you need to let the server to access files on the server, if still
Using nobody and nogroup, files that belong to Nobody will appear in the system, which is for system security
It is all disadvantageous because other programs will perform certain operations with Nobody and Nogroup permissions.
May access these Nobody owned files, causing security issues. Under normal circumstances, set the web service
A specific user and group, while changing the user and group settings here.
ServerAdmin you@your.address
Perhaps that should change in the configuration file, this is used to configure WWW servers
The administrator's email address, which will return to the browser under the HTTP service error, so that
Let web users and administrators, report errors. Get used to using WebMaster on the server as
The Administrator of the WWW server will be sent to the webmaster's electronic alias mechanism.
Email is sent to a real web administrator.
#Servername new.host.name
By default, you don't need to specify this servername parameter, the server will automatically pass the name.
solution
Analysis process to get your own name, but if there is a problem with the name of the server (usually reverse analysis
Do not
Correctly), or there is no official DNS name, you can also specify an IP address here. When ServerName is set
When you are incorrect, the server cannot start normally.
Usually a web server can have multiple names, and the customer browser can use all of these names.
Or IP address to access this server, but if you don't define a virtual host, the server is always
End of your own formal name respond to the browser. ServerName defines the formal name you recognized by the web server, such as a server name (defined in DNS) is exmaple.org.cn,
It has also defined an alias (CNAME record) for www.exmaple.org.cn, then
Apache automatically parsed the name of EXAMPLE.ORG.CN, so regardless of customer browser?
A name sends a request, and the server always tells the clientself to example.org.cn. Although this
I don't have any problems, but considering that the server may migrate to other computers a certain day.
And just want to complete the migration task by changing the WWW alias configuration in the DNS, so don't want our customers in their books.
Use Linux to record the address of this server in the sign, you must use ServerName to re-specify
The official name of the server.
DocumentRoot "/ www /"
DocumentRoot Defines the path to this server to the external document, the client
The UR L of the sequence is mapped to the web file in this directory. The subdirectories in this directory, and
use
The files and directories indicated by the symbol connection can be accessed by the browser, just to use the same relative relative to the URL
Directory name.
Note that although the symbol connection is logically located under the root documentation directory, it can actually be in the calculation.
machine
In any of the directory, you can enable the customer to access the directory outside the root documentation directory, this
in
Increased flexibility but reduces security. Apache is available in the access control of the directory.
The FOLLOWSYMLINKS option is to open or close the feature of the symbolic connection.
Options Followsymlinks
ALLOWOVERRIDE NONE
Apache server can be accessed by the directory, but access control can pass
Two
The way is implemented, one is to set the file httpd.conf (or access.conf) for each
Objective
The record is set, and the other method is to set the access control file in each directory, usually access control text
Piece
The name is .htaccess. Although using these two ways can be used to control the browser access, however
The method of the configuration file requires restarting the httpd daemon after each change, which is not flexible, so the main
To configure the overall security control strategy of the server system, use the .htaccess text in each directory
The access control of the specific directory is more flexible and convenient.
The Directory statement is used to define access restrictions on the directory. Here you can see its standard language.
Law, define access restrictions for a directory. This setting in the above example is performed for the root directory of the system.
Set Options for Allow Symbol Connections FollowSymlinks, and use the Allowoverride None table
This means that the access control files in this directory are not allowed to change the configuration here, which means no need to
View the corresponding access control files in this directory.
Since Apache's access control settings for a directory can be inherited by the next level of directory, so
Correct
The root directory will affect its lower-level directory. Note Because the setting of the Allowoverride None,
Make
The Apache server does not need to view access control files in the root directory, nor does it need to view the following levels.
Objective
Recorded access control files until httpd.conf (or access.conf) specified for a directory
In
Allowing Alloworride, that is, allowing access to access control files. Since Apache is the control of directory access control
Inheritance mode, if you are allowed to view access control files from the root directory, then apache must be one
Level 1 View Access Control Files, affect system performance. The feature of the root directory is closed by default, so that Apache searches down from the specific directory specified in httpd.conf, reducing search
The number of layers has increased system performance. So setting the ALLOWOVERRIDE NONE for the system root directory
But it is helpful for system security, but also systematic performance.
Options Indexes FollowSymlinks
ALLOWOVERRIDE NONE
ORDER ALOW, DENY
ALLOW FROM ALL
Here, it is defined that the access setting of the directory of the system's external release document is set.
AllowOverride options to define the security control text in the directory settings in the configuration file
The relationship of the part, and the Options option is used to define the characteristics of the directory.
Access control files in each directory can set access restrictions, setting files
by
The administrator is set, and the access control file in each directory is set by the owner of the directory, so the tube
Reason
Customers can specify whether the owner of the directory can override the settings in the setup file, which is needed.
The AllowOverride parameter is set, usually the value can be set:
ALLOWOVERRIDE settings impact on each directory access control file
ALL default, enable access control files to overwrite system configuration
NONE server ignores the settings of the access control file
Options Allows access control files to use Options parameter to define the options for the directory
FILEINFO allows parameter settings such as AddType in the access control file
Authconfig allows access control files to use Authname, Authtype, etc.
Mechanism, which causes the directory gear to protect the directory Limit to the visiting directory.
The IP address and name of the house machine are restricted
Each directory has a certain property, you can use Options to control some of this directory.
Sexual setting, the following is the commonly used characteristic option:
Options Settings Server Feature Settings
All directory features of all are valid, this is the default state
None all directory features are invalid
FOLLOWSYMLINKS allows the use of symbols, which will enable the browser to access the document root.
Document other than the document SymlinksifownerMatch only with the purpose of the symbolic connection
The symbol connection itself is allowed to access the same user, which will add some security.
Execcgi allows this directory to execute CGI programs indexes allow your browser to generate this
Index of all files in the directory makes no index.html in this directory (or other index files)
When you can send a list of files in this directory to your browser
In addition, the above example also uses parameters such as ORDER, ALLOW, DENY, which is used in the LIMIT statement.
A way to control access by the browser's domain name and IP address. Where ORDER definition handles Allow and
Deny's order, and allow, DENY, access control settings for the name or IP, in the above example
ALLOWFROM ALL indicates that all clients are allowed to access this directory without any restrictions.
Userdir public_html
When running the Apache server on a Linux, all users on this computer can have
Your own webpath, shaped like http://example.org.cn/~user, using wavy symbols
The subscriber can map to the user's own web directory. The map directory is one of the user's personal home directory
A child directory, its name is defined with the parameter of UseDir, default is public_html. if not
Want to provide web services for official users, use Disabled to make Userdir parameters. #
# Allowoverride fileinfo authconfig limited
# Options MultiViews INDEXES SYMLINKSIFOWNERMATCH INCLUDESNOEXEC
#
# Order allow, deny
# Allow from all
#
#
# Order deny, allow
# Deny from all
#
#
Here you can see another usage of Directory, that is, you can match the method of simply mode.
Access control permissions are defined for subdirectory distribution in different directories. This setting requires Apache service
The instructor is additionally handled for each path, so it will reduce the performance of the server, so the default
There is no open this access restriction. Here you can see another statement Limit, the LIMIT statement is used to make a specific request method
Set access control, where you can use the request method supported by various servers such as GET, POST.
Limit's parameters to set access restrictions on different request methods. Generally open to GET, POST
, Head three request methods, while masking other request methods to increase security. LIMIT statement
You can use the matching method to use the matching method to use the matching method for domain names.
And IP is limited, but for the domain name is from the back forward match, the IP address is previously matched.
DirectoryIndex Index.html
In many cases, there is no name of the document in the URL, but just give a directory name. that
What is the Apache server automatically returns the file defined by DirectoryIndex in this directory, of course
Search in this directory in this directory in this directory. When all by Directoryindex
When the specified file does not exist, the Apache server can generate this directory according to the system settings.
All file lists provide user selection. The indexes option in the access control option in this directory (
Options indexes must be opened so that the server can generate a list of directory, otherwise Apache
The access will be refused.
AccessFileName .htaccess
AccessFileName Defines the file name of the access control file in each directory, default
For .htaccess, you can change the access control limit of different directories by changing this file.
ORDER ALOW, DENY
Deny from all
In addition to access control over the directory, access control can be set according to the file.
This
Is the task of the File statement. Use the file statement, regardless of the directory of the file, as long as the name matches
It must accept the corresponding access control. This statement is important for system security, such as the above example
Masking all users cannot access .htaccess files, so that the key to.htaccess
The full information is not obtained by the customer.
#Cachenegotiatedddocs
By default, if the proxy server and the Apache server negotiates to cache its webpage, Apache
give
Give a negative answer, do not want your own web page to be cached by the proxy server. However, this is not effective.
Using the advantages of the proxy server, you can set the cachenegotiatiedocs option to make the agent
The server can cache the web page. However, even if this option is not set, some proxy servers (or
The web page can be cached by adjusting the settings.
Usecanonicalname on
Open this UsecanonicalName is a standard approach for web servers because most of the requests sent by customers are references to this server, so that the server can use the ServerName and Port options.
Setting content builds a complete URL and respond to customers so that the browser can get a specified URL. If you will
The parameter is set to OFF, then Apache will use the name and port value of the server from the customer request.
(There will be this information in the request of the client supporting HTTP 1.1), re-builds the URL.
Typesconfig /usr/local/apache/etc/mime.types
TYPECONFIG is used to set file names that have different MIME type data, default in Linux.
Set to /usr/local/apache/etc/mime.types.
DefaultType Text / Plain
If the web server cannot determine the default type of a document, this usually means that the document is used by non-standard.
The quasi-suffix, then the server will send the document to the customer using the DEFAULTTYPE defined MIME type.
Browser. The setting here is TEXT / Plain, which is the problem of setting, if the server cannot be judged
Out of the document MIME, then this document is a binary document in most cases, but use
TEXT / PLAIN format is sent back, and the browser will open it inside without prompting. Therefore recommend
Change this setting to
Application / OCTET-Stream, so browser will prompt users to save.
MimeMagicfile / usr / local / apache / etc / magic
In addition to judging the MIME type of the file from the file, Apache can further
Minute
Analytical features of the document to determine the real MIME type of the file. This feature is
The mod_mime_magic module is implemented, it requires a file that records various MIME type features,
Row analysis judgment. The above setting is a conditional statement, if this module is loaded, you must specify
The location of the corresponding flag file MAGIC.
Usually, the server can only get the client's IP address, if you want to get the client
of
The host name, in order to use logging and supplied to the CGI program, you need this
The HostNameLookups option is set to ON to open the DNS inview function. But this will make the server pair
DNS queries are performed each time the customer request, adding the system overhead, so that the reaction is slow, so the default setting
To use OFF to close this option. After the option is closed, the server will not get the host name of the client, and
You can only use the IP address to record the customer.
Errorlog /var/log/httpd-error.log
Loglevel Warn
Logformat "% H% L% U% T"% R "%> S% b"% {refrer} i ""% {user-agent} "
Combined
Logformat "% H% L% U% T"% r "%> s% B" CommON
Logformat "% {referer} i ->% u" Referer
Logformat "% {User-agent} i" Agent
#Customlog /var/log/httpd-access.log Common
#Customlog /var/log/httpd-referer.log Referr
#Customlog /var/log/httpd- at theLOG Agent
Customlog /var/log/httpd-access.log combined here defines the form of the system log, for server error record, by ErrorLog,
Loglevel to define different error log files and their logging content.
For system access logs, the default use of CustomLog parameter definition logs, default
The combined parameter specifies that all access logs are placed in a file, but different kinds can be
The access log is placed in different logging files, which is different from the CustomLog.
Record types are completed. Common means that ordinary on the single page request access record, Referer means each
The reference record of a page, you can see the number included in a page, Agent represents the client
Type records, obviously can remove the existing Combined defined setup lines and use common,
Referr and Agent As the parameters of Customlog, specify logging for different kinds of logs.
file.
Obviously, logformat is a format used to define different types of logs, this
in
Use the macro definition of the beginning to record different content.
If the file specified by these parameters is used by the relative path, then it is relative to ServerRoot.
of
path.
Serversignature ON
In some cases, for example, when the webpage requesting the customer does not exist, the server will generate an error document.
,
By default, since the Serversignature option is opened, the last line of the error document will contain services.
The name of the server, the version of Apache, etc. Some administrators more inclined to display this information
,on
You can set this parameter to OFF, or set to email, the last line will replace
SERVERADMIN Email Tips.
Alias / ICONS / "/ www / icons /"
Options Indexes MultiViews
ALLOWOVERRIDE NONE
ORDER ALOW, DENY
ALLOW FROM ALL
The Alias parameter is used to map the URL to the true location of the server file system, generally
of
The document will be queried in DocumentRoot, but the path to use Alias will be mapped directly to
phase
In response to DocumentRoot, you should check it out below. So Alias can be used to map one
some
The path to the public file, such as the ICONS path of various commonly used icons. This makes it make
In addition to the connection, the directory outside the document root directory can also use the Alias.
Shoot, provide to the browser access.
Once you define the path to the map, you should need to use the Directory statement to set access restrictions.
Scriptalias / cgi-bin / "/ www / cgi-bin /"
ALLOWOVERRIDE NONE
Options none
ORDER ALOW, DENY
ALLOW FROM ALL
Scriptalias is also a map for the URL path, but the difference is different from Alias that
Scriptalias is used to map the path to the CGI program, and the files under this path are defined as CGI.
The order, by performing them, not directly returning the content directly by the server. By default CGI
The program uses the CGI-bin directory as a virtual path.
# Redirect Old-Uri New-URL
The Redirect parameter is used to override the URL, and when the browser accesses one of the servers
When the resource is time, the server returns to the browser's new URL, telling the browser to get resources from the URL. This is mainly used in the original document that exists on the server, and after changing the location, and hope to use
The old URL can be accessed to keep it compatible with previous URLs.
IndexOptions FancyIndexing
AddiconbyEncoding (CMP, / ICONS / Compressed.gif) X-Compress X-Gzip
AddiconByType (txt, / icons / text.gif) text / *
AddiconByType (IMG, / ICONS / Image2.gif) Image / *
AddiconByType (SND, / ICONS / SOUND2.GIF) AUDIO / *
AddiconBytype (VID, / ICONS / MOVIE.GIF) VIDEO / *
Addicon /icons/binary.gif .bin .exe
Addicon /icons/binhex.gif .hqx
Addicon /icons/tar.gif.tar
Addicon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv.
Addicon /icons/compressed.gif.z .z .tgz .gz .zip
Addicon /icons/a.gif.ps .ai .eps
Addicon /icons/Layout.gif .html .shtml .htm .pdf
Addicon /icons/text.gif.txt
Addicon /icons/c.gif .c .c
Addicon /icons/p.gif.pl .py
Addicon /icons/f.gif .for
Addicon /icons/dvi.gif.dvi
Addicon /icons/uuencoded.gif .uu
Addicon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
Addicon /icons/tex.gif .tex
Addicon /icons/bomb.gif core
Addicon /icons/back.gif ..
Addicon /icons/hand.right.gif ready
Addicon /icons/folder.gif ^^ Directory ^^
Addicon /icons/blank.gif ^^ blankicon ^^
Defaulticon /icons/unknown.gif
#Adddscription "gzip compressed document" .gz
#Adddescription "tar archive" .tar
#Adddescription "Gzip Compressed Tar Archive" .tgz
ReadMename Readme
Headername header
Indexignore. ?? * * ~ * # HEADER * README * RCS CVS *, V *, T
When an HTTP request URL is a directory, the server returns the index file in this directory.
But if there is no default index file in a directory, and the server is licensed to display the directory file
At the time, the list of files in this directory will be displayed, in order to make this file list
There is understandability, not just a simple list, you need the previous setting parameters. If you use the indexOptions FancyIndexing option, you can make the directory generated by the server.
Column
Table is a variety of icons for a variety of different types of documents. Which file is used which icon,
use
The following addiconbyEncoding, addiconbytype, and addicon are defined, which icon is determined based on the encoding, type, and the suffix of the MIME. If you cannot determine a document
With the icon, use the default icon defined by Defaulton.
Similarly, use AddDescription can add different descriptions for different types of documents. and
,
The server is still in the directory, query the file defined using readMename and Headername (automatically
.
HTML suffix, if not found, use the .txt suffix for searching), if these files have been found
,
Just show the contents of these files before the file list, so that the list of ordinary directories has greater
can
Understand.
Indexignore lets the server ignore the corresponding file when listing the file list, using the mode here
Match
The way the file name is defined.
Addencoding X-Compress Z
Addencoding X-Gzip GZ
Addencoding is used to tell some MIME types that use compressed, which allows the browser to solve
Compression operation.
Addilaguage en .en
AddLanguage Fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage El .l.
AddLanguage It .it
LanguagePriority En fr de
An HTML document can have multiple languages at the same time, such as for File1.html documents
Hold
Must use different versions such as file1.html.en, file1.html.fr, each language suffix must be used
AddLanguage is defined. This allows the server to pass by customers from different countries.
Line negotiation, send different language versions. LanguagePriority defines the priority of different languages,
In order to use different language versions to use different language versions in order when the browser does not have special requirements
File1.html request.
This internationalization ability is not much practical.
#Addtype application / x-httpd-php .phtml
#Addtype application / x-httpd-php-source .phps
The AddType parameter can specify the MIME type for a specific suffix, where the settings are overwritten
Settings in Mime.Types.
#Addhandler cgi-script .cgi
AddHandler is used to specify non-static processing types for defining documents as a non-statically.
Text
The type of file needs to be processed, and then return to the browser. For example, the settings in the above comments are
The file ended with .cgi is set to the CGI-Script type, then the server will start this CGI program.
Treatment. If you need to execute the CGI program outside of the path defined by the previous aliasscript, you need
Use this parameter for setting, which will be executed as a CGI program at the end of .cgi.
In the configuration file, this directory must be. Htaccess, and its superior directory.
Allow CGI programs, which requires the Options Execcgi parameter setting.
#Addtype text / html .shtml
#Adddhandler server-pased .shtml
Another type of dynamic processed is Server-Parsed, which is pre-analyzed by the server itself.
The tags in the page change the tag to the correct HTML ID. Since Server-Parsed needs
Text / HTML type documentation is processed, so the corresponding .SHTML is a TEXT / HTML class.
type.
However, to support SSI, you must first use OptionsInCludes in the configuration file (or .htaccess) to allow the document in this directory to be the SSI type, or use Options Includesnoexec.
Let the ordinary SSI logo, but do not perform the external programs included.
Another way to specify the server-pased type is to use the XbitBack setting option, if
XbitHack is set to ON, the server will check all Text / HTML type documents (including .html suffix
Document), if the file attribute has the execution bit "X", the server thinks it is a server division.
Analytical documents require the server to process. It is recommended to use AddHandler to set up XbitBack
Set to OFF, because using Xbitback will perform additional checks for all HTML documents, lowered
effectiveness.
#Addhandler sened-as-is asis
#Addhandler iMap-file map
#Addhandler Type-Map Var
The above annotated AddHandler is used to support ASIS, MAP, and VAR processing capabilities of Apache servers.
.
# Action Media / Type / CGI-Script / Location
# Action Handler-Name / CGI-Script / Location
Because the processing features provided in Apache are limited, you can use ACTION to define external
As the type of dynamic document, these external programs are the same as the standard CGI program.
After the input data processing, the result of the different MIME type is then output. For example, to define a special
The WRI2TXT is executed first, and then the result is returned, and you can use:
Action Windows-Writer / Bin / WRI2TXT
AddHandler Windows-Writer WRI
Further, you can use the Action definition to perform a pre-processing operation on a MIME type.
Require examples of the Action parameter setting method in the first format. This setting is no longer needed.
The addHandler is used to link the processing operation with the file suffix, but use the Action direct processing.
MIME type file. But if the document suffix does not have a formal MIME type, you need to define one first
MIME type.
#Metadir .web
#Metasuffix .meta
META information is pre-sent to the customer browser before the document is sent to the customer, so
The browser can access these Meta information through the HEAD request without truthfully returning all texts.
File data. Server usually sends to the browser is some standard HTTP header information, if you want to increase
Additional information, you need to use metadir to define the directory of META data storage, and MetaS Uffix
Used to specify a file suffix containing META data.
#Errordocument 500 "The Server Made a Boo Boo.
#Errordocument 404 /missing.html
#Errordocument 404 /ci-bin/missing_handler.pl
#Errordocument 402
http://some.other_server.com/subscription_info.html
If the webpage requested by the customer does not exist, or if there is no access, the server will
Produce
A wrong code will also respond to the client browser to identify the wrong web page.
ErrorDocument is used to set the content of the customer browser when setting it.
ErrorDocument's first parameter is the wrong serial number, the second parameter is a response, which can be a simple text, local web page, local CGI program, and web pages on the remote host.
Browsermatch "Mozilla / 2" Nokeepalive
Browsermatch "MSIE 4.0B2;" Nokeepalive Downgrade-1.0 Force-Response-
1.0
Browsermatch "RealPlayer 4.0" Force-Response-1.0
Browsermatch "Java / 1.0" Force-Response-1.0
Browsermatch "JDK / 1.0" Force-Response-1.0
Browsermatch commands for a specific client, set special parameters to ensure older versions
The compatibility of the enchant and supports the new features of the new browser.
#
# SetHandler Server-Status
# Order deny, allow
# Deny from all
# Allow from .your_domain.com
#
#
# SetHandler Server-Info
# Order deny, allow
# Deny from all
# Allow from .your_domain.com
#
#
# Deny from all
# Iredocument 403 http://phf.apache.org/phf_abuse_log.cgi
#
The settings for setting access control are primarily set for directories and files, however
For different URLs, you don't have to worry about whether Scriptalias, Alias is
Set the path to the controlled directory. The statement controlled for the URL is Location language
This sentence, not only provides protection on the server, CGI on the server. In addition, it can also protect
The corresponding file, but is a special function URL provided by the server itself.
http: // servername / server-status is used to report the status of the current Apache server,
http: // servername / server-info is used to report statistics for the Apache server. With this phase
The settings also have an ExtendedStatus parameter that allows the server to output a more detailed report.
#
#ProxyRequests on
#
#
# Order deny, allow
# Deny from all
# Allow from .your_domain.com
#
#Proxyvia on
#Cacheroot "/ www / proxy"
#CACHESIZE 5
#Cachegcinterval 4
#Cachemaxexpire 24
#CacheLastModifiedFactor 0.1
#Cachedefaultexpire 1
#Nocache a_domain.com another_domain.edu joes.garage_sale.com
#
The Apache server itself has a proxy function, however this requires the load into the Mod_Proxy module.
This can use the ifmodule statement to determine if there is a Mod_Proxy module, use
ProxyRequests opens proxy support. Since this, Directory is used to set access to the proxy function.
Limit settings, and each parameter setting for setting buffer.
Virtual host
#NameVirtualHost 12.34.56.78:80
#NameVirtualHost 12.34.56.78
#
# ServerAdmin Webmaster@host.some_domain.com# DocumentRoot / www/docs/host.some_domain.com
# Servername host.some_domain.com
# Rlog logs / host.some_domain.com-error_log
# Customlog logs / host.some_domain.com-access_log Common
#
#
These contents in the default setting file are used when using virtual host servers for setting naming
.
Where NameVirtualHost to specify the IP address used by the virtual host, this IP address will correspond multiple
DNS name, if Apache uses the Listen parameter to control multiple ports, then you can here
Plus the port number to further distinguish different connection requests for different ports. Since then, use
VirtualHost statement, use NameVirtualHost's IP address as a parameter, for each name
Define the corresponding virtual host settings.
The virtual host is on a web server that provides a web service for multiple separate domain names, and
Each domain name is completely independent, including a completely independent document directory structure and setting, which is dominated.
It is completely independent, not only using each domain name, but use another domain name
Unable to visit
Ask other domain names to provide web page content.
The concept of virtual host is very useful for ISP, because although an organization can put your own network
Page is on the lower column recipient on the server with other domain names, but use separate domain names and root URLs.
For formal, it is easy to accept. Traditionally, you must set up a server to achieve a separate domain name.
The purpose, however, this requires maintenance of a separate server, many small units lack sufficient maintenance capabilities.
In a more suitable way is the server that leases others maintained. ISP does not need to provide one for a agency
Separate server, you can use virtual host capabilities to provide Web services for multiple domain names
Different services do not interfere with each other, and it is performed as a plurality of different servers.
There are two ways to set the virtual host, one is based on the HTTP 1.0 standard, need a more
IP
The address of the address, then configure the DNS server, give each IP address in different domain names, and finally
Set the Apache configuration file to return a different web document to different domain names. Because this needs
With additional IP addresses, use separate IP addresses for each domain name to provide services, so this
Made more problems in the way.
You can bind multiple IP addresses on a network interface, and ifconfig needs under Linux.
The Alias parameter is for this configuration, but it will affect network performance at this time.
The HTTP 1.1 standard specifies the communication of the browser and server in the agreement, the server can track
Browse
Which host name is requested by the envelope. Therefore, this new feature can be used, and it is easy to use.
set
Virtual host. This method does not require additional IP addresses, but requires a new version of browser support. This
The method has become a standard way to establish a virtual host.
To establish a non-IP-based virtual host, multiple domain names are indispensable because each domain name is
Correct
A virtual host to be served. Therefore, you need to change the configuration of the DNS server to add multiple parts.
C name option, such as:
Linux in A 192.168.1.64
Vhost1 in CName Linux
vhost2 in cname Linux
Basic setting options are set for Linux hosts, if you want to set up vhost1 and vhost2
Virtual hosts, use the VirtualHost statement to define different options, you can use most of the statements in front of the configuration file to redefine almost all of the settings for the server.
NamevirtualHost 192.168.1.64
Documentroot / WWW / DATA
ServerName Linux.example.org.cn
DocumentRoot / vhost1
ServerName vhost1.example.org.cn
DocumentRoot / vhost2
ServerName vhost2.example.org.cn
It should be noted here that VirtualHost's parameter addresses must be set to NameVirtualHost
The address of the righteous address must ensure that all values are strict, and the Apache server recognizes these definitions.
Is a virtual host defined for this IP address.
In addition, after the NameVirtualHost is defined, the access to this IP address is distinguished.
The same virtual host is handled, and the access to other IP addresses, such as 127.0.0.1, before applying
Defined default options.
