Questo contenuto non è disponibile nella lingua selezionata.
25.5. Configuration Directives in httpd.conf
/etc/httpd/conf/httpd.conf
. The httpd.conf
file is well-commented and mostly self-explanatory. The default configuration works for most situations; however, it is a good idea to become familiar some of the more important configuration options.
Warning
25.5.1. General Configuration Tips
/etc/httpd/conf/httpd.conf
and then either reload, restart, or stop and start the httpd
process as outlined in Section 25.3, “Starting and Stopping httpd
”.
httpd.conf
, make a copy the original file. Creating a backup makes it easier to recover from mistakes made while editing the configuration file.
httpd.conf
to verify there are no typos.
/var/log/httpd/error_log
. The error log may not be easy to interpret, depending on your level of expertise. However, the last entries in the error log should provide useful information.
httpd.conf
. These descriptions are not exhaustive. For more information, refer to the Apache documentation online at http://httpd.apache.org/docs/2.2/.
mod_ssl
directives, refer to the documentation online at http://httpd.apache.org/docs/2.2/mod/mod_ssl.html.
AccessFileName
names the file which the server should use for access control information in each directory. The default is .htaccess
.
AccessFileName
directive, a set of Files
tags apply access control to any file beginning with a .ht
. These directives deny Web access to any .htaccess
files (or other files which begin with .ht
) for security reasons.
Action
specifies a MIME content type and CGI script pair, so that when a file of that media type is requested, a particular CGI script is executed.
When using FancyIndexing
as an IndexOptions
parameter, the AddDescription
directive can be used to display user-specified descriptions for certain files or file types in a server generated directory listing. The AddDescription
directive supports listing specific files, wildcard expressions, or file extensions.
AddEncoding
names file name extensions which should specify a particular encoding type. AddEncoding
can also be used to instruct some browsers to uncompress certain files as they are downloaded.
AddHandler
maps file extensions to specific handlers. For example, the cgi-script
handler can be matched with the extension .cgi
to automatically treat a file ending with .cgi
as a CGI script. The following is a sample AddHandler
directive for the .cgi
extension.
AddHandler cgi-script .cgi
cgi-bin
to function in any directory on the server which has the ExecCGI
option within the directories container. Refer to Directory for more information about setting the ExecCGI
option for a directory.
AddHandler
directive is used to process server-parsed HTML and image-map files.
AddIcon
specifies which icon to show in server generated directory listings for files with certain extensions. For example, the Web server is set to show the icon binary.gif
for files with .bin
or .exe
extensions.
This directive names icons which are displayed by files with MIME encoding in server generated directory listings. For example, by default, the Web server shows the compressed.gif
icon next to MIME encoded x-compress and x-gzip files in server generated directory listings.
This directive names icons which are displayed next to files with MIME types in server generated directory listings. For example, the server shows the icon text.gif
next to files with a mime-type of text
, in server generated directory listings.
AddLanguage
associates file name extensions with specific languages. This directive is useful for Apache HTTP Servers which serve content in multiple languages based on the client Web browser's language settings.
Use the AddType
directive to define or override a default MIME type and file extension pairs. The following example directive tells the Apache HTTP Server to recognize the .tgz
file extension:
AddType application/x-tar .tgz
The Alias
setting allows directories outside the DocumentRoot
directory to be accessible. Any URL ending in the alias automatically resolves to the alias' path. By default, one alias for an icons/
directory is already set up. An icons/
directory can be accessed by the Web server, but the directory is not in the DocumentRoot
.
Allow
specifies which client can access a given directory. The client can be all
, a domain name, an IP address, a partial IP address, a network/netmask pair, and so on. The DocumentRoot
directory is configured to Allow
requests from all
, meaning everyone has access.
The AllowOverride
directive sets whether any Options
can be overridden by the declarations in an .htaccess
file. By default, both the root directory and the DocumentRoot
are set to allow no .htaccess
overrides.
The BrowserMatch
directive allows the server to define environment variables and take appropriate actions based on the User-Agent HTTP header field — which identifies the client's Web browser type. By default, the Web server uses BrowserMatch
to deny connections to specific browsers with known problems and also to disable keepalives and HTTP header flushes for browsers that are known to have problems with those actions.
A number of commented cache directives are supplied by the default Apache HTTP Server configuration file. In most cases, uncommenting these lines by removing the hash mark (#
) from the beginning of the line is sufficient. The following, however, is a list of some of the more important cache-related directives.
CacheEnable
— Specifies whether the cache is a disk, memory, or file descriptor cache. By defaultCacheEnable
configures a disk cache for URLs at or below/
.CacheRoot
— Specifies the name of the directory containing cached files. The defaultCacheRoot
is the/var/httpd/proxy/
directory.CacheSize
— Specifies how much space the cache can use in kilobytes. The defaultCacheSize
is5
KB.
CacheMaxExpire
— Specifies how long HTML documents are retained (without a reload from the originating Web server) in the cache. The default is24
hours (86400
seconds).CacheLastModifiedFactor
— Specifies the creation of an expiry (expiration) date for a document which did not come from its originating server with its own expiry set. The defaultCacheLastModifiedFactor
is set to0.1
, meaning that the expiry date for such documents equals one-tenth of the amount of time since the document was last modified.CacheDefaultExpire
— Specifies the expiry time in hours for a document that was received using a protocol that does not support expiry times. The default is set to1
hour (3600
seconds).NoProxy
— Specifies a space-separated list of subnets, IP addresses, domains, or hosts whose content is not cached. This setting is most useful for Intranet sites.
By default, the Web server asks proxy servers not to cache any documents which were negotiated on the basis of content (that is, they may change over time or because of the input from the requester). If CacheNegotiatedDocs
is set to on
, this function is disabled and proxy servers are allowed to cache such documents.
CustomLog
identifies the log file and the log file format. By default, the access log is recorded to the /var/log/httpd/access_log
file while errors are recorded in the /var/log/httpd/error_log
file.
CustomLog
format is the combined
log file format, as illustrated here:
remotehost rfc931 user date "request" status bytes referrer user-agent
DefaultIcon
specifies the icon displayed in server generated directory listings for files which have no other icon specified. The unknown.gif
image file is the default.
DefaultType
sets a default content type for the Web server to use for documents whose MIME types cannot be determined. The default is text/plain
.
Deny
works similar to Allow
, except it specifies who is denied access. The DocumentRoot
is not configured to Deny
requests from anyone by default.
<Directory /path/to/directory>
and </Directory>
tags create a container used to enclose a group of configuration directives which apply only to a specific directory and its subdirectories. Any directive which is applicable to a directory may be used within Directory
tags.
/
), using the Options
(refer to Options) and AllowOverride
(refer to AllowOverride) directives. Under this configuration, any directory on the system which needs more permissive settings has to be explicitly given those settings.
Directory
container is configured for the DocumentRoot
which assigns less rigid parameters to the directory tree so that the Apache HTTP Server can access the files residing there.
Directory
container can be also be used to configure additional cgi-bin
directories for server-side applications outside of the directory specified in the ScriptAlias
directive (refer to ScriptAlias for more information).
Directory
container must set the ExecCGI
option for that directory.
/home/my_cgi_directory
, add the following Directory
container to the httpd.conf
file:
<Directory /home/my_cgi_directory> Options +ExecCGI </Directory>
AddHandler
directive must be uncommented to identify files with the .cgi
extension as CGI scripts. Refer to AddHandler for instructions on setting AddHandler
.
The DirectoryIndex
is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.
DirectoryIndex
page, if it exists, or a server-generated directory list. The default for DirectoryIndex
is index.html
and the index.html.var
type map. The server tries to find either of these files and returns the first one it finds. If it does not find one of these files and Options Indexes
is set for that directory, the server generates and returns a listing, in HTML format, of the subdirectories and files within the directory, unless the directory listing feature is turned off.
DocumentRoot
is the directory which contains most of the HTML files which are served in response to requests. The default DocumentRoot
, for both the non-secure and secure Web servers, is the /var/www/html
directory. For example, the server might receive a request for the following document:
http://example.com/foo.html
/var/www/html/foo.html
DocumentRoot
so that it is not shared by the secure and the non-secure Web servers, refer to Section 25.7, “Virtual Hosts”.
The ErrorDocument
directive associates an HTTP response code with a message or a URL to be sent back to the client. By default, the Web server outputs a simple and usually cryptic error message when an error occurs. The ErrorDocument
directive forces the Web server to instead output a customized message or page.
Important
"
.
ErrorLog
specifies the file where server errors are logged. By default, this directive is set to /var/log/httpd/error_log
.
The ExtendedStatus
directive controls whether Apache generates basic (off
) or detailed server status information (on
), when the server-status
handler is called. The server-status
handler is called using Location
tags. More information on calling server-status
is included in Location.
Group
is set to apache
.
HeaderName
names the file which, if it exists in the directory, is prepended to the start of server generated directory listings. Like ReadmeName
, the server tries to include it as an HTML document if possible or in plain text if not.
HostnameLookups
can be set to on
, off
, or double
. If HostnameLookups
is set to on
, the server automatically resolves the IP address for each connection. Resolving the IP address means that the server makes one or more connections to a DNS server, adding processing overhead. If HostnameLookups
is set to double
, the server performs a double-reverse DNS look up adding even more processing overhead.
HostnameLookups
is set to off
by default.
The IfDefine
tags surround configuration directives that are applied if the "test" stated in the IfDefine
tag is true. The directives are ignored if the test is false.
IfDefine
tags is a parameter name (for example, HAVE_PERL
). If the parameter is defined, meaning that it is provided as an argument to the server's start-up command, then the test is true. In this case, when the Web server is started, the test is true and the directives contained in the IfDefine
tags are applied.
<IfModule>
and </IfModule>
tags create a conditional container which are only activated if the specified module is loaded. Directives within the IfModule
container are processed under one of two conditions. The directives are processed if the module contained within the starting <IfModule>
tag is loaded. Or, if an exclamation point ! appears before the module name, the directives are processed only if the module specified in the <IfModule>
tag is not loaded.
ServerRoot
.
Important
mod_ssl
, mod_perl
, and php
, the following directive must be included in Section 1: Global Environment
of httpd.conf
:
Include conf.d/*.conf
IndexIgnore
lists file extensions, partial file names, wildcard expressions, or full file names. The Web server does not include any files which match any of those parameters in server generated directory listings.
IndexOptions
controls the appearance of server generated directing listings, by adding icons, file descriptions, and so on. If Options Indexes
is set (refer to Options), the Web server generates a directory listing when the Web server receives an HTTP request for a directory without an index.
DirectoryIndex
directive (usually, index.html
). If an index.html
file is not found, Apache HTTP Server creates an HTML directory listing of the requested directory. The appearance of this directory listing is controlled, in part, by the IndexOptions
directive.
FancyIndexing
. This means that a user can re-sort a directory listing by clicking on column headers. Another click on the same header switches from ascending to descending order. FancyIndexing
also shows different icons for different files, based upon file extensions.
AddDescription
option, when used in conjunction with FancyIndexing
, presents a short description for the file in server generated directory listings.
IndexOptions
has a number of other parameters which can be set to control the appearance of server generated directories. The IconHeight
and IconWidth
parameters require the server to include HTML HEIGHT
and WIDTH
tags for the icons in server generated webpages. The IconsAreLinks
parameter combines the graphical icon with the HTML link anchor, which contains the URL link target.
KeepAlive
sets whether the server allows more than one request per connection and can be used to prevent any one client from consuming too much of the server's resources.
Keepalive
is set to off
. If Keepalive
is set to on
and the server becomes very busy, the server can quickly spawn the maximum number of child processes. In this situation, the server slows down significantly. If Keepalive
is enabled, it is a good idea to set the KeepAliveTimeout
low (refer to KeepAliveTimeout for more information about the KeepAliveTimeout
directive) and monitor the /var/log/httpd/error_log
log file on the server. This log reports when the server is running out of child processes.
KeepAliveTimeout
sets the number of seconds the server waits after a request has been served before it closes the connection. Once the server receives a request, the Timeout
directive applies instead. The KeepAliveTimeout
directive is set to 15 seconds by default.
LanguagePriority
sets precedence for different languages in case the client Web browser has no language preference set.
The Listen
command identifies the ports on which the Web server accepts incoming requests. By default, the Apache HTTP Server is set to listen to port 80 for non-secure Web communications and (in the /etc/httpd/conf.d/ssl.conf
file which defines any secure servers) to port 443 for secure Web communications.
httpd
can be started as a regular user.
Listen
directive can also be used to specify particular IP addresses over which the server accepts connections.
LoadModule
is used to load Dynamic Shared Object (DSO) modules. More information on the Apache HTTP Server's DSO support, including instructions for using the LoadModule
directive, can be found in Section 25.6, “Adding Modules”. Note, the load order of the modules is no longer important with Apache HTTP Server 2.0. Refer to Section 25.2.2.1.3, “Dynamic Shared Object (DSO) Support” for more information about Apache HTTP Server 2.0 DSO support.
The <Location>
and </Location>
tags create a container in which access control based on URL can be specified.
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from <.example.com> </Location>
<Location /server-info> SetHandler server-info Order deny,allow Deny from all Allow from <.example.com> </Location>
The LogFormat
directive configures the format of the various Web server log files. The actual LogFormat
used depends on the settings given in the CustomLog
directive (refer to CustomLog).
CustomLog
directive is set to combined
:
%h
(remote host's IP address or hostname)- Lists the remote IP address of the requesting client. If
HostnameLookups
is set toon
, the client hostname is recorded unless it is not available from DNS. %l
(rfc931)- Not used. A hyphen - appears in the log file for this field.
%u
(authenticated user)- Lists the username of the user recorded if authentication was required. Usually, this is not used, so a hyphen - appears in the log file for this field.
%t
(date)- Lists the date and time of the request.
%r
(request string)- Lists the request string exactly as it came from the browser or client.
%s
(status)- Lists the HTTP status code which was returned to the client host.
%b
(bytes)- Lists the size of the document.
%\"%{Referer}i\"
(referrer)- Lists the URL of the webpage which referred the client host to Web server.
%\"%{User-Agent}i\"
(user-agent)- Lists the type of Web browser making the request.
LogLevel
sets how verbose the error messages in the error logs are. LogLevel
can be set (from least verbose to most verbose) to emerg
, alert
, crit
, error
, warn
, notice
, info
, or debug
. The default LogLevel
is warn
.
This directive sets the maximum number of requests allowed per persistent connection. The Apache Project recommends a high setting, which improves the server's performance. MaxKeepAliveRequests
is set to 100
by default, which should be appropriate for most situations.
The NameVirtualHost
directive associates an IP address and port number, if necessary, for any name-based virtual hosts. Name-based virtual hosting allows one Apache HTTP Server to serve different domains without using multiple IP addresses.
Note
NameVirtualHost
configuration directive and add the correct IP address. Then add additional VirtualHost
containers for each virtual host as is necessary for your configuration.
The Options
directive controls which server features are available in a particular directory. For example, under the restrictive parameters specified for the root directory, Options
is only set to the FollowSymLinks
directive. No features are enabled, except that the server is allowed to follow symbolic links in the root directory.
DocumentRoot
directory, Options
is set to include Indexes
and FollowSymLinks
. Indexes
permits the server to generate a directory listing for a directory if no DirectoryIndex
(for example, index.html
) is specified. FollowSymLinks
allows the server to follow symbolic links in that directory.
Note
Options
statements from the main server configuration section need to be replicated to each VirtualHost
container individually. Refer to VirtualHost for more information.
The Order
directive controls the order in which allow
and deny
directives are evaluated. The server is configured to evaluate the Allow
directives before the Deny
directives for the DocumentRoot
directory.
PidFile
names the file where the server records its process ID (PID). By default the PID is listed in /var/run/httpd.pid
.
<Proxy *>
and </Proxy>
tags create a container which encloses a group of configuration directives meant to apply only to the proxy server. Many directives which are allowed within a <Directory>
container may also be used within <Proxy>
container.
To configure the Apache HTTP Server to function as a proxy server, remove the hash mark (#
) from the beginning of the <IfModule mod_proxy.c>
line, the ProxyRequests, and each line in the <Proxy>
stanza. Set the ProxyRequests
directive to On
, and set which domains are allowed access to the server in the Allow from
directive of the <Proxy>
stanza.
ReadmeName
names the file which, if it exists in the directory, is appended to the end of server generated directory listings. The Web server first tries to include the file as an HTML document and then tries to include it as plain text. By default, ReadmeName
is set to README.html
.
When a webpage is moved, Redirect
can be used to map the file location to a new URL. The format is as follows:
Redirect /<old-path>/<file-name> http://<current-domain>/<current-path>/<file-name>
mod_rewrite
module included with the Apache HTTP Server. For more information about configuring the mod_rewrite
module, refer to the Apache Software Foundation documentation online at http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html.
The ScriptAlias
directive defines where CGI scripts are located. Generally, it is not good practice to leave CGI scripts within the DocumentRoot
, where they can potentially be viewed as text documents. For this reason, a special directory outside of the DocumentRoot
directory containing server-side executables and scripts is designated by the ScriptAlias
directive. This directory is known as a cgi-bin
and is set to /var/www/cgi-bin/
by default.
cgi-bin/
directory. For instructions on doing so, refer to AddHandler and Directory.
Sets the ServerAdmin
directive to the email address of the Web server administrator. This email address shows up in error messages on server-generated Web pages, so users can report a problem by sending email to the server administrator.
ServerAdmin
is set to root@localhost
.
ServerAdmin
is to set it to webmaster@example.com
. Once set, alias webmaster
to the person responsible for the Web server in /etc/aliases
and run /usr/bin/newaliases
.
ServerName
specifies a hostname and port number (matching the Listen
directive) for the server. The ServerName
does not need to match the machine's actual hostname. For example, the Web server may be www.example.com
, but the server's hostname is actually foo.example.com
. The value specified in ServerName
must be a valid Domain Name Service (DNS) name that can be resolved by the system — do not make something up.
ServerName
directive:
ServerName www.example.com:80
ServerName
, be sure the IP address and server name pair are included in the /etc/hosts
file.
The ServerRoot
directive specifies the top-level directory containing website content. By default, ServerRoot
is set to "/etc/httpd"
for both secure and non-secure servers.
The ServerSignature
directive adds a line containing the Apache HTTP Server server version and the ServerName
to any server-generated documents, such as error messages sent back to clients. ServerSignature
is set to on
by default.
ServerSignature
can be set to EMail
which adds a mailto:ServerAdmin
HTML tag to the signature line of auto-generated responses. ServerSignature
can also be set to Off
to stop Apache from sending out its version number and module information. Please also check the ServerTokens
settings.
The ServerTokens
directive determines if the Server response header field sent back to clients should include details of the Operating System type and information about compiled-in modules. By default, ServerTokens
is set to Full
which sends information about the Operating System type and compiled-in modules. Setting the ServerTokens
to Prod
sends the product name only and is recommended as many hackers check information in the Server header when scanning for vulnerabilities. You can also set the ServerTokens
to Min
(minimal) or to OS
(operating system).
The SuexecUserGroup
directive, which originates from the mod_suexec
module, allows the specification of user and group execution privileges for CGI programs. Non-CGI requests are still processed with the user and group specified in the User
and Group
directives.
Note
SuexecUserGroup
directive replaced the Apache HTTP Server 1.3 configuration of using the User
and Group
directives inside the configuration of VirtualHosts
sections.
Timeout
defines, in seconds, the amount of time that the server waits for receipts and transmissions during communications. Timeout
is set to 300
seconds by default, which is appropriate for most situations.
TypesConfig
names the file which sets the default list of MIME type mappings (file name extensions to content types). The default TypesConfig
file is /etc/mime.types
. Instead of editing /etc/mime.types
, the recommended way to add MIME type mappings is to use the AddType
directive.
AddType
, refer to AddType.
When set to on
, this directive configures the Apache HTTP Server to reference itself using the value specified in the ServerName
and Port
directives. When UseCanonicalName
is set to off
, the server instead uses the value used by the requesting client when referring to itself.
UseCanonicalName
is set to off
by default.
The User
directive sets the username of the server process and determines what files the server is allowed to access. Any files inaccessible to this user are also inaccessible to clients connecting to the Apache HTTP Server.
User
is set to apache
.
Note
UserDir
is the subdirectory within each user's home directory where they should place personal HTML files which are served by the Web server. This directive is set to disable
by default.
public_html
in the default configuration. For example, the server might receive the following request:
http://example.com/~username/foo.html
/home/username/public_html/foo.html
/home/username/
is the user's home directory (note that the default path to users' home directories may vary).
public_html
directories (0755 also works). Files that are served in a users' public_html
directories must be set to at least 0644.
<VirtualHost>
and </VirtualHost>
tags create a container outlining the characteristics of a virtual host. The VirtualHost
container accepts most configuration directives.
VirtualHost
container is provided in httpd.conf
, which illustrates the minimum set of configuration directives necessary for each virtual host. Refer to Section 25.7, “Virtual Hosts” for more information about virtual hosts.
Note
/etc/httpd/conf.d/ssl.conf
.