2. Tech
  3. Apache server settings

Apache server settings

xiaoxiao2021-03-06  18

The setup file of the Apache server is located in the / usr / local / apache / conf / directory, traditionally uses three configuration files httpd.conf, access.conf, and srm.conf to configure the behavior of the Apache server.

Httpd.conf provides the most basic server configuration, which is a technical description of how the daemon HTTPD is running; SRM.CONF is the server's resource mapping file, telling the MIME type of the server, and how to support these files; access.conf Used to configure access to servers, control access restrictions of different users and computers; these three configuration files control all of the features of the server, so these three files need to be set to normal running the server.

In addition to these three setup files, Apache also uses mime.types files to identify different files.

Corresponding MIME types, the MAGIC file sets some special identifiers for different MIME type files, so that when the Apache server cannot determine the MIME type of the file from the document suffix, it can determine the MIME type of the document through these special tags in the file content.

Bash-2.02 $ ls -l / usr / local / apache / conf

Total 100

-rw-r - r - 1 root wheel 348 APR 16 16:01 Access.conf

-rw-r - r - 1 root wheel 348 Feb 13 13:33 Access.conf.default

-rw-r - r - 1 root wheel 30331 May 26 08:55 httpd.conf

-rw-r - r - 1 root wheel 29953 Feb 13 13:33 httpd.conf.default

-rw-r - r - 1 root wheel 12441 APR 19 15:42 MAGIC

-rw-r - r - 1 root wheel 12441 feb 13 13:33 Magic.default

-rw-r - r - 1 root wheel 7334 Feb 13 13:33 mime.types

-rw-r - r - 1 root wheel 383 May 13 17:01 Srmm.conf

-rw-r - r - 1 root wheeel 357 Feb 13 13:33 Srm.conf.default

In fact, the current version of Apache will be the original httpd.conf, all the configuration parameters in SRM.CONF and Access.conf are in a configuration file httpd.conf, just for the previous version (use these three Setting the file from NCSA-httpd to use three profiles. There is no specific settings in the access.conf and SRM.conf files.

Since all settings are placed in httpd.conf in the new version of Apache, they only need to adjust the settings in this file. The following uses the default httpd.conf as an example, explain Apache service

Each setting option for the instructor. However, it is not necessary to worry about it, it is basically these parameters.

The parameters are clear, or the Apache server can also be run without a change. But if you need to adjust the Apache service

The performance of the device, and support for some feature, you need to understand the meaning of these setting parameters.

Regarding the performance of the Apache server, there is a big controversy on the Internet. Basically, the user who uses Apache almost does not doubt its excellent performance, and Apache has also supported a lot of famous high-load websites, but in the assessment of commercial institutions. Apache tends to score. Many people pointed out that in these reviews, commercial web servers and their operating systems often perform performance adjustments by engineers from their professional companies, and free operating systems and web servers often use their default configuration or only small changes. . It should be pointed out that in addition to the performance adjustment of the operating system, the default configuration of the Apache server itself is never optimized and most efficient, but to adapt to almost all kinds of operating systems, all kinds of hardware settings, multi-platform Software is not possible to provide optimized default configurations for specific platforms and specific hardware. Therefore, performance adjustments are essential when using Apache. Another fact that is ignored in business evaluation is that different types of functions are often comparison trends.

Moreover, for example, the performance of the standard CGI using Apache compares server-side APIs such as ISAPI, NSAPI. In fact, the Apache server can compare the function of modperl, fastcgi, similar to the ASP similar to PHP, but only due to Apache Open mode, these functions are implemented by an independent development group as a stand-alone module. However, in the evaluation, the tester did not join the corresponding module to evaluate its performance.

HTTP daemon running parameters

HTTPD.conf first defines the parameters required for the HTTPD daemon runtime to determine its operating mode and running environment.

Servertype Standalone

ServerType Defines the server's startup method, default is independent mode Standalone, httpd

The server will be launched by itself and resides in the host to monitor connection requests. This way is a recommended settings in the launch file /etc/rc.d/rc.local/init.d/apache under Linux.

Another way to start the Apache server is the inet mode, using the Super Server INETD to monitor the connection request and start the server. When you need to use the inetd startup mode, you need to change to this setting, and mask the /etc/rc.d/rc.local/init.d/apache file, and change /etc/inetd.conf and restart inetd, then apache Can start from inetd.

The difference between the two ways is that the independent mode is manifested by the server itself, which is in this way.

You can immediately start multiple copies of the server. Each copy resides in memory, and a connection request does not need to generate a child process. It can be processed immediately. The request for the customer browser is faster and more performance.

high. The inetd method is to start the HTTP server after the connection request is found by inetd. Since inetd is listening to too many ports, the reaction is slower, the efficiency is low, but saves the resources that the web server occupied when there is no connection request. Therefore, inetd is only used by occasionally accessing and does not require access to a server. In fact, the inetd method is not suitable for http's burst and multi-connection characteristics, because a page may contain multiple images, while each image can cause a connection request, even though the number of visitors teach less, but instantaneous connection request Many, this is limited by inetd performance, and even other server programs started by inetd.

Serverroot "/ usr / local"

Serverroot is used to specify the run directory of the daemon httpd, and HTTPD will automatically

The current directory of the process changes to this directory, so if the file or directory specified in the setup file is relative path, the real path is located under this ServerRoot definition path. Since HTTPD often makes concurrent file operations, you need to use a locking method to ensure that the file operation does not conflict, because the NFS file system is limited in the file lock, so this directory should be a local disk file system, and should not be used NFS file system.

#LOCKFILE /VAR/Run/httpd.lock

The LockFile parameter specifies the lock file of the HTTPD daemon, and does not need to set this parameter, and the Apache server will automatically operate in the path below ServerRoot. But if ServerRoot is an NFS file system, you need to use this parameter to specify the path in the local file system.

Pidfile /var/run/httpd.pid

The file specified by the pidfile will record the process number of the HTTPD daemon. Since HTTPD can automatically copy itself, there are multiple httpd processes in the system, but only one process is the initial process, which is the father process of other processes, for this The process sends signal will affect all HTTPD processes. The process number of the HTTPD parent process is recorded in the file defined by the PIDFile.

ScoreboardFile /var/run/httpd.scoreboard

HTTPD uses ScoreboardFile to maintain internal data of the process, so you usually do not need to change this parameter, unless the administrator wants to run a few Apache servers on a computer, each Apache server requires a separate setup file htt pd.conf, And use different scoreboardfiles.

#ResourceConfig conf / srm.conf

#Accessconfig conf / access.conf

These two parameters ResourceConfig and AccessConfig are used to be compatible with the old version Apache that uses srm.conf and Access.conf. If there is no compatible need, you can specify the corresponding setup file as / dev / null, which will indicate that there is no other setup file, but only use httpd.conf a file to save all settings options.

TIMEOUT 300

Timeout defines a user program and a server connection for time separation, which exceeds this time interval (second), the server will disconnect the connection with the client.

Keepalive ON

In HTTP 1.0, a connection can only be transmitted once a HTTP request, while the KeepAlive parameter is used to support a connection, multiple transmission functions, which can pass multiple HTTP requests in a single connection. Although this feature is only supported by a newer browser, it is also open to use this option.

MaxkeepaliveRequests 100

MaxkeepAliveRequests is the maximum number of requests for HTTP requests for a connection. will

Its value is set to 0 will support an unlimited transmission request within a single connection. In fact, there is no customer program to request too many pages in a connection, usually do not reach this upper limit to complete the connection.

KeepaliveTimeout 15

KeepaliveTimeout tests time between multiple request transfers in a connection, if the server

A request has been completed, but it has not received the next request for the client program, and it is more than the interval.

After this parameter is set, the server is disconnected.

MinSpareServers 5MaxSpareServers 10

On the WEB server that uses sub-process to process HTTP requests, the response time is a little delay because of the first generation of a child process to handle the client. However, the Apache server uses a special technique to get rid of this problem. This is the pre-generic sub-process resident in the system. Once there is a request, it will immediately use these empty child processes to handle it, so there is no existence The latency caused by the generated sub-process. In operation, as the customer request increases, the started child process will increase, but these server copies do not quit immediately after processing the HTTP request, but stay in the computer waiting for the next request. However, the sub-process copy of the sub-process cannot be increased, too much, there is no treatment of the task, and the server's processing power is also occupied, so it is necessary to limit the number of empty copies, so that it can always be in time Responding to the customer request and reduces the number of unnecessary processes. Therefore, you can use the parameter minSpareServers to set the minimum amount of the air conditioner process, and

Use parameter maxSpareServers to limit the number of idle child processes, excess server process copies will exit. Set according to the actual situation of the server, if the server performance is high, and also

Access is frequent, you should increase the settings of these two parameters. For high-load professional websites, these two values

Should be substantially the same, and equivalent to the number of larger server copies supported by the system, also reduces unnecessary deputy

This exit.

StartServers 5

The startservers parameter is used to set the number of sub-process replica initiated when HTTPD startup. This parameter is related to the MINSPARSERVERSERSERSERSERVERSERS parameter defined above, which is used to initiate an idle child process to improve the speed of the server. This parameter should be set to a value between the first two values, less than MINSPARSERVERS and greater than MaxS Preservers.

MaxClients 150

On the other hand, the server's ability is limited, it is impossible to handle unlimited connections.

Seeking, the parameter MaxClient S is used to specify the number of customers supported by the server support. If this value is set too large, the system has to cut between too many processes when busy. This will slow down to each customer, and reduce the overall efficiency. If this value is set, it will reject some client connection requests when the system is busy. When the server performance is high, the setting of this value can be appropriately added. For professional websites, it should be used to improve server efficiency, so this parameter cannot exceed the hardware itself, if there is a refusal access phenomenon, you need to upgrade the server hardware. For non-professional websites, it is not very concerned with the reaction speed of the customer browser, or that the reaction speed is slower than the rejection, it can also be slightly over the hardware condition to set this parameter.

This parameter limits the settings for MinSpareServers and MaxSpareServers, which should not be large.

Setting this parameter.

MaxRequestSperchild 30

The use of sub-processes provide services for web services. The common way is a child process as a connection service. The problem caused by generating, exiting the child process is required each time, making these additional processing processes occupying A large amount of processing capabilities of the computer. So the best way is that a child process can be a multiple connection request service, so it does not require these generations, and the system consumption of the process, Apache uses this way, after the connection is completed, the child process does not quit, and It is a stay in the system to wait for the next service request, which greatly improves performance.

However, due to the constant application and release of memory during processing, there will be some memory garbage, which will affect the stability of the system and affect the effective use of system resources. Therefore, after a copy of a copy is handled, the copy copy can be exited, then from the original

A clean copy is re-replicated in the HTTPD process so that the stability of the system can be improved. In this way, each

The number of sub-process processing service requests is defined by Maxre QuestperChild. The default set value is 30,

This value is too conservative for the Linux system with high stability characteristics, which can be set to 1000 or even higher, set to 0 to support each copy to perform unlimited service processing.

#Listen 3000

#Listen 12.34.56.78:80

#Bindaddress *

The Listen parameter can specify that the server has monitored other ports in addition to the 80-port of monitoring standards.

HTTP request. Since the FreeBSD system can have multiple IP addresses simultaneously, you can also specify that the server only listened to the HTTP request for the IP address of a BindAddress . If this is not configured, the server will respond to requests for all IPs.

Even if the BindAddress parameter is used, the server only responds to a request to an IP address, but by using the extended Listen parameter, the HTTP daemon can still respond to the request for other IP addresses. The usage of the Listen parameter is the same as the second example above. This more complex usage is mainly used to set the virtual host. Thereafter, you can define a virtual host for different IPs, but this usage is a method of setting a virtual host in an earlier HTTP 1.0 standard. Each time a virtual host requires an IP address, it is actually not large. In HTTP 1.1, support for virtual hosts of a single IP address multi-domain name have increased, making the settings of the virtual host have greater meaning.

LOADMODULE MIME_MAGIC_MODULE LIBEXEC / APACHE / MOD_MIME_MAGIC.SO

LoadModule Info_Module Libexec / Apache / MOD_INFO.SO

LoadModule Speling_Module Libexec / Apache / MOD_SPELING.SO

LoadModule Proxy_Module Libexec / Apache / LibProxy.so

LoadModule Rewrite_Module Libexec / Apache / MOD_rewrite.so

LOADMODULE Anon_AUTH_MODULE LIBEXEC / APACHE / MOD_AUTH_ANON.SO

LOADMODULE DB_AUTH_MODULE LIBEXEC / APACHE / MOD_AUTH_DB.SO

LoadModule Digest_Module Libexec / Apache / MOD_Digest.so

LOADMODULE CERN_META_MODULE LIBEXEC / APACHE / MOD_CERN_META.SO

LoadModule Expires_Module Libexec / Apache / MOD_EXPIRES.SOSOSOSO

LoadModule Headers_Module Libexec / Apache / MOD_HEADERS.SO

LoadModule Usertrack_Module Libexec / Apache / MOD_USERTRACK.SO

LOADMODULE UNIQUE_ID_MODULE LIBEXEC / APACHE / MOD_UNIQUE_ID.SO

ClearModuleList

AddModule MOD_ENV.C

AddModule MOD_LOG_CONFIG.C

AddModule MOD_MIME_MAGIC.C

AddModule MOD_MIME.C

AddModule MOD_NEGOTINATION.CADDMODULE MOD_STATUS.C

AddModule MOD_INFO.C

AddModule MOD_INCLUDE.C

AddModule MOD_AUTOINDEX.C

AddModule MOD_DIR.C

AddModule MOD_CGI.C

AddModule MOD_ASIS.C

Addmodule MOD_IMAP.C

AddModule MOD_ACTIONS.C

Addmodule MOD_SPELING.C

AddModule MOD_USERDIR.C

AddModule MOD_PROXY.C

AddModule MOD_ALIAS.C

AddModule MOD_REWRITE.C

AddModule MOD_ACCESS.C

AddModule MOD_AUTH.C

AddModule MOD_AUTH_ANON.C

AddModule MOD_AUTH_DB.C

AddModule MOD_Digest.c

AddModule MOD_CERN_META.C

AddModule MOD_EXPIRES.C

AddModule MOD_HEADERS.C

AddModule MOD_USERTRACK.C

AddModule MOD_UNIQUE_ID.C

AddModule MOD_SO.C

AddModule MOD_SETENVIF.C

An important feature of the Apache server is its modular structure, which is not only manifested.

Translate can join new features through the new module, but also behave as its module to be dynamically loaded into the HTTP service

In the order, there is no need to load unwanted modules. Using Apache's dynamic loading module only needs to set the load module and addModule parameters, this feature is the "Dynamic Shared Object" feature, but to fully use the DSO characteristic is still not a simple thing, inappropriate Change the settings here that the server may not start normally. So if it is not to increase or reduce the functionality provided by the server, do not change the settings here.

The above list shows the modules supported by the default Apache server under Linux, in fact

Multi-block is not necessary, unnecessary modules will not be loaded into memory. The module can be staticly connected to the inside of the Pache server, or to dynamically load, compile Apache's characteristics into dynamic loadless modules, rather than Apache's default, while sacrificing small performance It brings great flexibility.

Thus, the dynamic loadable ability is a slight effect on performance, so it can recompile Apache to compile the features you need to the Apache server, allowing the system to be more clean and efficient. Usually recompile Apache only if this purpose is not necessary. If you need to add additional features and recompile Apache, you may wish to connect all modules in the Apache server while adding other modules. Some users prefer to dynamically load modules, so they may wish to use dynamic loading modules.

These modules are placed in / usr / local / apache / libexec / directory, each module corresponding to a characteristic of the Apache server. Detailed explanation of each module requires considerable space, which is more important to explain in the corresponding place, and the functionality and usage of each module need to view the Apache documentation.

#ExtendedStatus on

Apache server can report its own running status through a special HTTP request, open this

The extendedStatus parameter allows the server to report more fully run status information.

Primary server settings

Apache servers require a variety of settings to define yourself to use various parameters to provide web services. For the case of using the virtual host, in addition to the settings overwritten in the definition item of the virtual host (some settings must be redefined), the settings here are the default settings of the virtual host. Port 80

Port defines the ports used in the HTTPD daemon in Standalone mode, and the standard port is 80. This option is only valid for a server that starts in an independent manner. Which port is defined in inetd.conf on an inetd.conf.

Using an 80-port under UNIX requires root privileges, some administrators are for security reasons, it is considered that the HTTPD server is not possible without security vulnerabilities, so it is preferred to use ordinary users' permissions to start the server, so you can't use 80 ports and other less than 1024 Port, but must use ports greater than 1024 to start HTTPD, in general, 8000 or 8080 is also a commonly used port. The Apache HTTPD server itself can be run after opening an 80-port with root permissions, which reduces the risk, thus do not need to consider this security issue. However, if the ordinary users also want to install their WWW servers, they have to use ports greater than 1024.

User Nobody

Group nogroup

User and Group configuration are security assurances, and Apache runs it to the user and group permissions of these two options after opening the port, which reduces the danger of the server. This option is also only used for Standalone mode, inetd mode specifies users who run apache in inetd.conf. Since the server must perform a setUID () operation that changes the identity, the initial process should have root privileges. If you use non-root users to start AAPCHE, this configuration will not work.

The default setting is Nobody and NOGROUP, this user and group do not own files in the system, ensuring that the server itself and the CGI process that is started by the CGI process without permission to change the file system. In some cases, for example, in order to run the CGI and UNIX interaction, it is necessary to allow the server to access files on the server. If you still use Nobody and NOGROUP, then files belonging to Nobody, which is unfavorable for system security. Because other programs will also perform certain operations with Nobody and Nogroup permissions, it is possible to access these Nobody owned files, causing security issues. Under normal circumstances, a specific user and group should be set for web services, and the user and group settings are changed here.

ServerAdmin you@your.address

Perhaps in the configuration file should only have ServerAdmin, which is used to configure the Email address of the administrator of the WWW server, which will return to the browser under the HTTP service error, so that the web user and administrator contacts, Report error. It is accustomed to using WebMaster on the server as the administrator of the WWW server, and the email sent to WebMaster will be sent to the real web administrator.

#Servername new.host.name

By default, you don't need to specify this servername parameter, the server will automatically understand

Analysis process to get its own name, but if the server's name parses problems (usually reverse resolution

Correctly), or there is no official DNS name, you can also specify an IP address here. When ServerName is set

When you are incorrect, the server cannot start normally.

Usually a web server can have multiple names, and the client browser can use all of these names or IP addresses to access this server, but in the case where the virtual host is not defined, the server always responds to the browser with its own formal name. ServerName defines the formal name you recognized by the web server, such as a server name (defined in DNS) is exmaple.org.cn, and for convenient memory, an alias is also defined for www.exmaple .org.cn, then Apache automatically parses the name of Example.org.cn, so that the server always tells the client to Example.org.cn regardless of the customer browser uses which name sends a request. Although this general does not cause any problems, considering that the server may migrate to other computers, but only want to complete the migration task by changing the WWW alias configuration in the DNS, so I don't want customers to use Linux records in their bookmarks. If the address of this server, you must use ServerName to re-specify the official name of the server. DocumentRoot "/ www /"

DocumentRoot defines the path to which the server is stored, and the UR L requested by the client program is mapped to the web file in this directory. Subdaters in this directory, and use

The files and directories indicated by the symbol connection can be accessed by the browser, just to use the same relative directory name on the URL.

Note that although the symbol connection is logically located under the root documentation directory, it can actually be in the computer.

In any of the directory, you can enable the client to access the directory outside of those root documents.

Increased flexibility but reduces security. Apache provides a FollowSymlinks option in the directory access control to open or close the feature of support symbolic connections.

Options Followsymlinks

ALLOWOVERRIDE NONE

Apache servers can access access control for the directory, however access control can pass two

The way is implemented, one is in setting the file httpd.conf (or access.conf) for each purpose

The record is set, the other method is to set the access control file in each directory, usually access the control file

The name is .htaccess. Although it can be used to control the browser access, the method of using the configuration file is required to restart the HTTPD daemon after each change, which is not flexible, so it is mainly used to configure the overall security control strategy of the server system. And use the .htaccess file to set the specific directory for each directory, more flexible and convenient.

The Directory statement is used to define access restrictions on the directory, here you can see its standard syntax, define access restrictions for a directory. This setting for the above example is made to the root directory of the system, setting Options for the symbol connection, and uses the Allowoverride None to indicate that the access control files not allowed to change this directory will change the configuration here, which means no view The corresponding access control file in this directory.

Since Apache's access control settings for a directory can be inherited by the next level,

The root directory will affect its lower-level directory. Note that due to the setting of Allowoverride None, make

The Apache server does not need to view access control files in the root directory, nor does it need to view the following levels.

Recorded access control files until httpd.conf (or access.conf) specified for a directory

Allowing Alloworride, that is, allowing access to access control files. Since Apache's inheritance method is used for directory access control, if you can view access control files from the root directory, then Apache must view access control files at first-level levels, which affect system performance. By default, this feature is closed, so that Apache searches down from the specific directory specified in httpd.conf, reducing the number of searches, and increasing system performance. Therefore, the ALLOWOVERRIDE NONE for the system root directory is not only helpful to system security, but also for system performance. Options Indexes FollowSymlinks

ALLOWOVERRIDE NONE

ORDER ALOW, DENY

ALLOW FROM ALL

Here, it is defined here that the access setting of the directory of the system's external publish document is set, set different AllowOverride options to define the relationship between the directory settings in the configuration file and the security control file in the user directory, and the Options option is used to define the characteristics of the directory.

Configuration files and access control files in each directory can set access restrictions, and the setting file is

The administrator is set, and the access control file in each directory is set by the owner of the directory, so management

Customers can specify whether the owner of the directory can override the settings in the setup file, which requires the ALOWOVERRIDE parameter to set, usually set the value:

ALLOWOVERRIDE settings impact on each directory access control file

ALL default, enable access control files to overwrite system configuration

NONE server ignores the settings of the access control file

Options Allows access control files to use Options parameter to define the options for the directory

FILEINFO allows parameter settings such as AddType in the access control file

Authconfig allows access control files to use Authname, Authtype, etc., to protect the directory belonging to the directory Limit to protect directory Limit to the user's IP address and name of the client's client.

Each directory has a certain property, you can use Options to control some access feature settings in this directory, the following is a common feature option:

Options Settings Server Feature Settings

All directory features of all are valid, this is the default state

None all directory features are invalid

FOLLOWSYMLINKS allows you to use symbolic connections, which will enable your browser to access documents other than document root directory SymlinksifownerMatch only with the symbolic connection with the symbolic connection itself, allow access, this setting will add some safety

Execcgi allows this directory to perform CGI programs indexes allow your browser to generate an index of all files in this directory, so that when there is no index.html (or other index file) in this directory, you can send this directory to the browser. List

In addition, the above example also uses parameters such as ORDER, ALLOW, DENY, which is a way to control access to the domain name and IP address of the browser according to the domain name of the browser. ORDER defines the order of Allow and DENY, and Allow, DENY access control settings for the name or IP, using the AlLowFrom All, indicating that all clients are allowed to access this directory without any restrictions.

Userdir public_html

When running the Apache server on a Linux, all users on this computer can have their own webpaths, such as http://example.org.cn/~user, using the wavy symbol, add the username. Map to the user's own web directory. The map directory is a subdirectory in the user's personal home directory, and its name is defined with the parameters of UseDir, default is public_html. If you don't want to provide web services for official users, use Disabled to make Userdir parameters. #

# Allowoverride fileinfo authconfig limited

# Options MultiViews INDEXES SYMLINKSIFOWNERMATCH INCLUDESNOEXEC

#

# Order allow, deny

# Allow from all

#

#

# Order deny, allow

# Deny from all

#

#

Another usage of Directory can be seen here that access control permissions can be defined for subdirectory distribution in different directories by a simple mode matching method. This setting requires an Apache server to make additional processing for each path, so it will reduce the performance of the server, so the default situation does not open this access limit.

Here you can see another statement Limit, the LIMIT statement is used to set access control for the specific request method, where you can use the requesting method supported by various servers such as GET, POST to make limit parameters, to set the pair The access limit of the request method. All three request methods for GET, POST, HEAD can generally be opened, and other request methods can be opened to increase security. In the LIMIT statement, you can use the matching method to limit the domain name and IP in order, allow, deny, allow, and deny, just match the domain name, match the IP address.

DirectoryIndex Index.html

In many cases, there is no name of the document in the URL, but just give a directory name. Then the Apache server automatically returns files defined by DirectoryIndex in this directory, of course, multiple file names can be specified, and the system searches in this directory. When all files specified by DirectoryIndex do not exist, the Apache server can generate all file lists in this directory according to system settings, providing user selection. The indexes option (Options Indexes) in the access control option of this directory must be opened so that the server can generate a directory list, otherwise Apache will reject access.

AccessFileName .htaccess

AccessFileName Defines the file name of the access control file in each directory, default to .htaccess, you can change the access control limit for different directories by changing this file.

ORDER ALOW, DENY

Deny from all

In addition to access control for the directory, you can set access control according to the file.

Is the task of the File statement. Using the File statement, regardless of the directory of the file, as long as the name matches, the corresponding access control must be accepted. This statement is more important for system security, such as the above case, unable to access the .htaccess file, so that key security information inhtaccess is not obtained by customers.

#Cachenegotiatedddocs

By default, if the proxy server and the Apache server negotiate if its webpage is cached, Apache gives

Give a negative answer, do not want your own web page to be cached by the proxy server. However, this is not effective to utilize the advantages of the proxy server, so the cachenegotiatiedocs option can be set so that the proxy server can cache the web page. However, even if this option is not set, some proxy servers (or by adjusting settings) can also cache web pages. Usecanonicalname on

Open this UsecanonicalName is a standard approach to the web server, because most of the requests sent by customers are references to this server, so that the server can build a complete URL using the set content of the ServerName and Port Options, and respond to the customer, enabling the browser to get Specification URL. If this parameter is set to OFF, Apache will use the name and port value of the server from the customer request (which will have this information in the request of the HTTP 1.1), re-build the URL.

Typesconfig /usr/local/apache/etc/mime.types

TYPECONFIG is used to set file names that have different MIME type data, and set to /usr/local/apache/etc/mime.types under Linux.

DefaultType Text / Plain

If the web server cannot determine the default type of a document, this usually means that the document uses a non-standard suffix, then the server sends a document to the client browser using the DEFAULTTYPE defined MIME type. The settings here are text / plain, which sets the problem is that if the server cannot judge the MIME of the document, this document is a binary document, but use the text / place format to send back, the browser will open inside It does not prompt to save. Therefore, it is recommended to change this setting to

Application / OCTET-Stream, so browser will prompt users to save.

MimeMagicfile / usr / local / apache / etc / magic

In addition to judging the MIME type of the file from the verative suffix, Apache can further divide

Analytical features of the document to determine the real MIME type of the file. This feature is implemented by the mod_mime_magic module, which requires a file that records various MIME type features for analysis and judgment. The above setting is a conditional statement. If this module is loaded, you must specify the location of the corresponding flag file MAGIC.

Usually, the server can only get the client's IP address, if you want to get the client's

The host name, in order to use the logging and supplied to the CGI program, you need to use this HostNameLookups option to set it to ON to open the DNS inverse feature. However, this will enable the server to perform DNS queries for each customer request, increase the system overhead, so that the reaction goes slow, so the default setting is to close this option using OFF. After the option is closed, the server will not obtain the host name of the client, and only the IP address can be used to record the customer.

Errorlog /var/log/httpd-error.log

Loglevel Warn

Logformat "% H% L% u% T"% R "%> S% B"% {refere} i ""% {user-agent} "" Combined

Logformat "% H% L% U% T"% r "%> s% B" CommON

Logformat "% {referer} i ->% u" Referer

Logformat "% {User-agent} i" Agent

#Customlog /var/log/httpd-access.log common # Customlog /var/log/httpd-referer.log Referer

#Customlog /var/log/httpd- at theLOG Agent

Customlog /var/log/httpd-access.log Combined

Here, the system log is defined, and the server error record is defined by ERRORLOG, Loglevel to define different error log files and its recorded content.

For system access logs, the default uses CustomLog parameter definition logs, default Using Combined parameters Specify all access logs in a file, but you can also place different types of access logs in different log record files. This is done by specifying a different record type in CustomLog. Common represents a normal pair request access record, Referer means a reference record of each page, you can see the number included in a page, and the agent represents the type record of the client, obviously can set the existing Combined definition. Release it off, and use common, refrer, and agent as Customlog parameters to specify logging files, respectively.

Obviously, logformat is the format used to define different types of logs, here

Use the macro definition of the beginning to record different content.

If these parameters specified by the files are relative path, then relative to ServerRoot

path.

Serversignature ON

In some cases, for example, the server will generate an error document when the webpage requested by the customer requests.

By default, since the Serversignature option is opened, the last line of the error document will contain information such as the server's name, Apache version. Some administrators more inclined to display this information,

This parameter can be set to OFF, or set to email, and the last line will replace the email prompt for ServerAdmin.

Alias ​​/ ICONS / "/ www / icons /"

Options Indexes MultiViews

ALLOWOVERRIDE NONE

ORDER ALOW, DENY

ALLOW FROM ALL

The Alias ​​parameter is used to direct the URL to the real location in the server file system, general

The document will be queried in DocumentRoot, however, using Alias ​​defined paths will be mapped directly to phase

In response to DocumentRoot, you should check it out below. So Alias ​​can be used to map some

The path to the public file, such as the ICONS path of various commonly used icons. This allows the directory outside the document root directory to be available to the browser in addition to using the Alias ​​mapping, in addition to using the Alias ​​mapping.

Once you define the path to the map, you should need to use the Directory statement to set access restrictions.

Scriptalias / cgi-bin / "/ www / cgi-bin /"

ALLOWOVERRIDE NONE

Options none

ORDER ALOW, DENY

ALLOW FROM ALL

Scriptalias is also mapping for the URL path, but different from Alias ​​is that Scriptalias is the path for mapping the CGI program. The files under this path are defined as the CGI program, by performing them, not directly Returns its content. By default, the CGI program uses the CGI-bin directory as a virtual path.

# Redirect OLD-URI New-URLREDIRECT parameter is used to override the URL. When the browser accesses a no-existing resource on the server, the server returns a new URL to the browser, telling the browser to get from the URL. Resource. This is mainly used to exist in the server on the server, and after changing the location, and hopes to use the old URL to access to keep the previous URL compatible.

IndexOptions FancyIndexing

AddiconbyEncoding (CMP, / ICONS / Compressed.gif) X-Compress X-Gzip

AddiconByType (txt, / icons / text.gif) text / *

AddiconByType (IMG, / ICONS / Image2.gif) Image / *

AddiconByType (SND, / ICONS / SOUND2.GIF) AUDIO / *

AddiconBytype (VID, / ICONS / MOVIE.GIF) VIDEO / *

Addicon /icons/binary.gif .bin .exe

Addicon /icons/binhex.gif .hqx

Addicon /icons/tar.gif.tar

Addicon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv.

Addicon /icons/compressed.gif.z .z .tgz .gz .zip

Addicon /icons/a.gif.ps .ai .eps

Addicon /icons/Layout.gif .html .shtml .htm .pdf

Addicon /icons/text.gif.txt

Addicon /icons/c.gif .c .c

Addicon /icons/p.gif.pl .py

Addicon /icons/f.gif .for

Addicon /icons/dvi.gif.dvi

Addicon /icons/uuencoded.gif .uu

Addicon /icons/script.gif .conf .sh .shar .csh .ksh .tcl

Addicon /icons/tex.gif .tex

Addicon /icons/bomb.gif core

Addicon /icons/back.gif ..

Addicon /icons/hand.right.gif ready

Addicon /icons/folder.gif ^^ Directory ^^

Addicon /icons/blank.gif ^^ blankicon ^^

Defaulticon /icons/unknown.gif

#Adddscription "gzip compressed document" .gz

#Adddescription "tar archive" .tar

#Adddescription "Gzip Compressed Tar Archive" .tgz

ReadMename Readme

Headername header

Indexignore. ?? * * ~ * # HEADER * README * RCS CVS *, V *, T

When an HTTP request URL is a directory, the server returns the index file in this directory. However, if there is no default index file in a directory, and the server is licensed to display a list of directory files, the file list in this directory will be displayed, in order to make this file list can be understood, not just It is a simple list that requires the previous setting parameters.

If you use the indexOptions FancyIndexing option, you can let the server generated by the server

Table is a variety of icons for a variety of different types of documents. Which file uses which icon used, use the following addiconbyencoding, addiconbytype, and addicon to determine what icon for use in accordance with the MIME's encoding, type, and file suffix. If you cannot determine the icon used by the document, use the default icon defined by defaulticon.

Similarly, use AddDescription can add different descriptions for different types of documents. and,

The server is still in the directory, queries the files defined using ReadMename and Headername (automatically add.

HTML suffix, if you don't find it, use the .txt suffix for searching), if these files are found,

Just shown on the content of these files before the file list, so that the list of ordinary directories has a greater

Understand.

Indexignore lets the server ignore the corresponding file when listing the file list, where the mode is used

The way the file name is defined.

Addencoding X-Compress Z

Addencoding X-Gzip GZ

Addencoding is used to tell some MIME types that use compressed MIME, which allows the browser to decompress the operation.

Addilaguage en .en

AddLanguage Fr .fr

AddLanguage de .de

AddLanguage da .da

AddLanguage El .l.

AddLanguage It .it

LanguagePriority En fr de

An HTML document can have multiple languages ​​at the same time, such as for file1.html documents

Each language suffix must be defined using addition1.html.en, file1.html.fr. Each language suffix must be defined using AddLanguage. This allows the server to send different language versions by negotiating different countries. LanguagePriority defines the priority of different languages ​​so that when there is no special requirements in the browser, use different language versions to refer to File1.html in order.

This internationalization ability is not much practical.

#Addtype application / x-httpd-php .phtml

#Addtype application / x-httpd-php-source .phps

The AddType parameter can specify the MIME type for a specific suffix, where the settings will override the settings in Mime.Types.

#Addhandler cgi-script .cgi

AddHandler is used to specify non-static processing types for defining documents as a non-static text.

The type of file needs to be processed, and then return to the browser. For example, the setting in the above comment is set to the CGI-Script type with the file ending with .cgi, then the server will start this CGI program for processing. If you need to execute the CGI program outside of the path defined by the previous Aliasscript, you need to use this parameter to set, which will be performed as a CGI program at the end of the .cgi.

In the configuration file, this directory. Htaccess, and its upper-level directory must allow the CGI program, which must be performed through the Options Execcgi parameter setting.

#Addtype text / html .shtml

#Adddhandler server-pased .shtml

Another type of dynamically processed is server-pased, and the server itself analyzes the tag within the web page, and the tag changes to the correct HTML ID. Since Server-Parse needs to process text / html type documents, first define the corresponding .SHTML is the TEXT / HTML type.

However, to support SSI, you must first use Options Includes in the configuration file (or .htaccess) to allow the document in this directory to be the SSI type, or use Options IncludesnoExec to make a normal SSI flag, but do not execute the outside of them program. Another way to specify the server-parse type for use the Xbitback setting option, if the XbitHack is set to ON, the server will check all text / html type documents (including .html suffixed documents), if the file properties are found to be executed X ", the server considers that it is a server analysis document and requires a server to process. It is recommended to use AddHandler to set, and set XbitBack to OFF, because using Xbitback will perform additional checks for all HTML documents, reducing efficiency.

#Addhandler sened-as-is asis

#Addhandler iMap-file map

#Addhandler Type-Map Var

The above annotated AddHandler is used to support ASIS, MAP, and VAR processing capabilities of Apache servers.

.

# Action Media / Type / CGI-Script / Location

# Action Handler-Name / CGI-Script / Location

Because the processing features provided in Apache are limited, you can use ACTION to define external

As the type of dynamic document, these external programs are the same as the standard CGI program, and the results of the different MIME types are output after the input data processing. For example, to define a handleable WRI2TXT to perform WRI2TXT first, then return the result of the result, you can use:

Action Windows-Writer / Bin / WRI2TXT

AddHandler Windows-Writer WRI

Further, you can use the Action definition to perform a pre-processing operation on a MIME type.

Require examples of the Action parameter setting method in the first format. This way setting is no longer needed to use additional addHandler to link the processing operation with the file suffix, but use the Action to process the MIME type file. But if the document suffix does not have a formal MIME type, you need to define a MIME type first.

#Metadir .web

#Metasuffix .meta

META information is pre-sent to the customer browser before the document is sent to the customer, so

The browser can access these META information through the HEAD request without having to return all document data through GET. The server usually sends to the browser is some standard HTTP header information. If you want to increase additional information, you need to use metadir to define the directory of the META data store, and MetaS Uffix is ​​used to specify a file suffix containing META data.

#Errordocument 500 "The Server Made a Boo Boo.

#Errordocument 404 /missing.html

#Errordocument 404 /ci-bin/missing_handler.pl

#Errordocument 402

http://some.other_server.com/subscription_info.html

If the webpage requested by the customer does not exist, or if there is no access, the server will produce

A wrong code will also respond to the client browser to identify the wrong web page.

ErrorDocument is used to set the content of the customer browser, the first parameter of ErrorDocument, which is the wrong number, the second parameter, the second parameter, can be simple text, local web, local CGI program And the web page on the remote host. Browsermatch "Mozilla / 2" Nokeepalive

Browsermatch "MSIE 4.0B2;" Nokeepalive Downgrade-1.0 Force-Response-1.0

Browsermatch "RealPlayer 4.0" Force-Response-1.0

Browsermatch "Java / 1.0" Force-Response-1.0

Browsermatch "JDK / 1.0" Force-Response-1.0

Browsermatch commands for a specific client, set special parameters to ensure older versions

The compatibility of the enchant and supports the new features of the new browser.

#

# SetHandler Server-Status

# Order deny, allow

# Deny from all

# Allow from .your_domain.com

#

#

# SetHandler Server-Info

# Order deny, allow

# Deny from all

# Allow from .your_domain.com

#

#

# Deny from all

# Iredocument 403 http://phf.apache.org/phf_abuse_log.cgi

#

The settings for setting access control are primarily set for directory and files, however, access control settings for different URLs, so you don't have to worry about Scriptalias, whether Alias ​​sets the path to the controlled directory. The statement controlled for the URL is a Location statement, which not only provides protection on the file on the server, but also protects the corresponding file, but is the special function URL provided by the server itself. http: // servername / server-status is used to report the status of the current Apache server, http: // servername / server-info is used to report statistics for the Apache server. Instructed with this, there is also an ExtendedStatus parameter that allows the server to output a more detailed report.

#

#ProxyRequests on

#

#

# Order deny, allow

# Deny from all

# Allow from .your_domain.com

#

#Proxyvia on

#Cacheroot "/ www / proxy"

#CACHESIZE 5

#Cachegcinterval 4

#Cachemaxexpire 24

#CacheLastModifiedFactor 0.1

#Cachedefaultexpire 1

#Nocache a_domain.com another_domain.edu joes.garage_sale.com

#

The Apache server itself has a proxy function, however this requires the load into the Mod_Proxy module. This can use the IFModule statement to determine if there is a Mod_Proxy module, use ProxyRequests to open proxy support. Since then Directory is used to set access to the proxy function, and each parameter setting for setting the buffer is set.

Virtual host

#NameVirtualHost 12.34.56.78:80

#NameVirtualHost 12.34.56.78

#

# ServerAdmin webmaster@host.some_domain.com

# DocumentRoot / www/docs/host.some_domain.com

# Servername host.some_domain.com

# Rlog logs / host.some_domain.com-error_log

# Customlog logs / host.some_domain.com-access_log Common

#

#

These contents in the default setting file are used when setting up a named virtual host server.

Where NameVirtualHost to specify the IP address used by the virtual host, this IP address will correspond to multiple DNS names. If Apache uses the Listen parameter to control multiple ports, then the port number can be added to further distinguish between different ports. Different connection requests. Since then, use the VirtualHost statement, use the IP address specified by NameVirtualHost to make a parameter, and the corresponding virtual host settings are defined for each name.

The virtual host is on a web server that provides a web service for multiple separate domain names, and each domain name is completely independent, including complete independent document directory structure and settings, which are completely independent, not only each The content of the domain name is completely independent, and it is unable to access another domain name.

Ask other domain names to provide web page content.

The concept of virtual host is very useful for ISP, because although an organization can hook your own web pages on a lower-level recipient on a server with other domain names, but use independent domain names and root URLs more formal, easy to accept people . Traditionally, it is necessary to set up a server to achieve a separate domain name, but this requires a separate server, many small units lack sufficient maintenance capabilities, and more appropriate ways to rent someone else maintained servers. ISP does not necessarily provide a single server to provide a virtual host capability, allowing the server to provide Web services for multiple domain names, and different services do not interfere with each other, and except for multiple different servers.

There are two ways to set the virtual host, one is based on the HTTP 1.0 standard, requires a multi IP

The address of the address, then configure the DNS server, give each IP address at different domain names, and finally configure the Apache configuration file, so that the server returns different web documents for different domain names. Since this requires an additional IP address, you need to use a separate IP address for each domain name to which you want to provide services, so this manner has achieved more problems.

You can bind multiple IP addresses on a network interface. Under Linux, you need to use the Alias ​​parameters of IFConfig to make this configuration, but it will affect network performance.

The HTTP 1.1 standard specifies the server to track the browser and server communication in the agreement.

Which host name is requested by the envelope. So this new feature can be used to use a more easy way

Virtual host. This method does not require additional IP addresses, but requires a new version of browser support. This approach has become a standard way to establish a virtual host.

To establish a non-IP-based virtual host, multiple domain names are indispensable because each domain name is

A virtual host to be served. Therefore, you need to change the configuration of the DNS server to add multiple C name options for the server, such as:

Linux in A 192.168.1.64

Vhost1 in CName Linux

vhost2 in cname Linux

Basic setting options are set for Linux hosts, if you want to set up vhost1 and vhost2

Virtual hosts, use the VirtualHost statement to define different options, you can use most of the statements in front of the configuration file to redefine almost all of the settings for the server. NamevirtualHost 192.168.1.64

Documentroot / WWW / DATA

ServerName Linux.example.org.cn

DocumentRoot / vhost1

ServerName vhost1.example.org.cn

DocumentRoot / vhost2

ServerName vhost2.example.org.cn

It should be noted here that VirtualHost's parameter addresses must be consistent with the address defined by NameVirtualHost, and must ensure that all values ​​are strict, and the Apache server recognizes that these definitions are virtual hosts defined for this IP address.

In addition, after NameVirtualHost is defined, the access to this IP address is detailed, and access to other IP addresses, such as 127.0.0.1, is applied to the default option for the previously defined default.

转载请注明原文地址:https://www.9cbs.com/read-44651.html

9cbs

New Post(0)