|
|
<FilesMatch>
Syntax: <FilesMatch regex> ... </FilesMatch>
Context: server config, virtual host, .htaccess
Status: core
Compatibility: only available in Apache 1.3 and above.
The <FilesMatch> directive provides for access control by filename, just as the <Files> directive does. However, it accepts a regular expression. For example:
<FilesMatch "\.(gif|jpe?g|png)$">
would match most common Internet graphics formats.
See also: How Directory, Location and Files sections work for an explanation of how these different sections are combined when a request is received
--------------------------------------------------------------------------------
Group directive
Syntax: Group unix-group
Default: Group #-1
Context: server config, virtual host
Status: core
The Group directive sets the group under which the server will answer requests. In order to use this directive, the stand-alone server must be run initially as root. Unix-group is one of:
A group name
Refers to the given group by name.
# followed by a group number.
Refers to a group by its number.
It is recommended that you set up a new group specifically for running the server. Some admins use user nobody, but this is not always possible or desirable.
Note: if you start the server as a non-root user, it will fail to change to the specified group, and will instead continue to run as the group of the original user.
Special note: Use of this directive in <VirtualHost> requires a properly configured suEXEC wrapper. When used inside a <VirtualHost> in this manner, only the group that CGIs are run as is affected. Non-CGI requests are still processed as the group specified in the main Group directive.
SECURITY: See User for a discussion of the security considerations.
--------------------------------------------------------------------------------
HostNameLookups directive
Syntax: HostNameLookups on | off | double
Default: HostNameLookups off
Context: server config, virtual host, directory
Status: core
Compatibility: double available only in Apache 1.3 and above.
Compatibility: Default was on prior to Apache 1.3.
This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). The value double refers to doing double-reverse DNS. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the ip addresses in the forward lookup must match the original address. (In "tcpwrappers" terminology this is called PARANOID.)
Regardless of the setting, when mod_access is used for controlling access by hostname, a double reverse lookup will be performed. This is necessary for security. Note that the result of this double-reverse isn't generally available unless you set HostnameLookups double. For example, if only HostnameLookups on and a request is made to an object that is protected by hostname restrictions, regardless of whether the double-reverse fails or not, CGIs will still be passed the single-reverse result in REMOTE_HOST.
The default for this directive was previously on in versions of Apache prior to 1.3. It was changed to off in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup entails. Heavily loaded sites should leave this directive off, since DNS lookups can take considerable amounts of time. The utility logresolve, provided in the /support directory, can be used to look up host names from logged IP addresses offline.
--------------------------------------------------------------------------------
IdentityCheck directive
Syntax: IdentityCheck boolean
Default: IdentityCheck off
Context: server config, virtual host, directory
Status: core
This directive enables RFC1413-compliant logging of the remote user name for each connection, where the client machine runs identd or something similar. This information is logged in the access log. Boolean is either on or off.
The information should not be trusted in any way except for rudimentary usage tracking.
Note that this can cause serious latency problems accessing your server since every request requires one of these lookups to be performed. When firewalls are involved each lookup might possibly fail and add 30 seconds of latency to each hit. So in general this is not very useful on public servers accessible from the Internet.
--------------------------------------------------------------------------------
<IfDefine> directive
Syntax: <IfDefine [!]parameter-name> ... </IfDefine>
Default: None
Context: all
Status: Core
Compatibility: <IfDefine> is only available in 1.3.1 and later.
The <IfDefine test>...</IfDefine> section is used to mark directives that are conditional. The directives within an IfDefine section are only processed if the test is true. If test is false, everything between the start and end markers is ignored.
The test in the <IfDefine> section directive can be one of two forms:
parameter-name
!parameter-name
In the former case, the directives between the start and end markers are only processed if the parameter named parameter-name is defined. The second format reverses the test, and only processes the directives if parameter-name is not defined.
The parameter-name argument is a define as given on the httpd command line via -Dparameter-, at the time the server was started.
<IfDefine> sections are nest-able, which can be used to implement simple multiple-parameter tests. Example:
$ httpd -DReverseProxy ...
# httpd.conf
<IfDefine ReverseProxy>
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule proxy_module libexec/libproxy.so
</IfDefine>
--------------------------------------------------------------------------------
<IfModule> directive
Syntax: <IfModule [!]module-name> ... </IfModule>
Default: None
Context: all
Status: Core
Compatibility: IfModule is only available in 1.2 and later.
The <IfModule test>...</IfModule> section is used to mark directives that are conditional. The directives within an IfModule section are only processed if the test is true. If test is false, everything between the start and end markers is ignored.
The test in the <IfModule> section directive can be one of two forms:
module name
!module name
In the former case, the directives between the start and end markers are only processed if the module named module name is compiled in to Apache. The second format reverses the test, and only processes the directives if module name is not compiled in.
The module name argument is a module name as given as the file name of the module, at the time it was compiled. For example, mod_rewrite.c.
<IfModule> sections are nest-able, which can be used to implement simple multiple-module tests.
--------------------------------------------------------------------------------
Include directive
Syntax: Include filename
Context: server config
Status: Core
Compatibility: Include is only available in Apache 1.3 and later.
This directive allows inclusion of other configuration files from within the server configuration files.
--------------------------------------------------------------------------------
KeepAlive directive
Syntax: (Apache 1.1) KeepAlive max-requests
Default: (Apache 1.1) KeepAlive 5
Syntax: (Apache 1.2) KeepAlive on/off
Default: (Apache 1.2) KeepAlive On
Context: server config
Status: Core
Compatibility: KeepAlive is only available in Apache 1.1 and later.
This directive enables Keep-Alive support.
Apache 1.1: Set max-requests to the maximum number of requests you want Apache to entertain per request. A limit is imposed to prevent a client from hogging your server resources. Set this to 0 to disable support.
Apache 1.2 and later: Set to "On" to enable persistent connections, "Off" to disable. See also the MaxKeepAliveRequests directive.
-----------------------------------------------
|
|
