Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "FAQ" page has been changed by niq: http://wiki.apache.org/httpd/FAQ?action=diff&rev1=31&rev2=32 <<TableOfContents()>> = Background = - == What is Apache? == - The Apache HTTP Server * is a powerful, flexible, HTTP/1.1 compliant web server @@ -21, +19 @@ * is actively being developed * encourages user feedback through new ideas, bug reports and patches * implements many frequently requested features, including: - * DBM databases as well, as relational databases and LDAP for authentication * allows you to easily set up password-protected pages with enormous numbers of authorized users, without bogging down the server. * Customized responses to errors and problems @@ -33, +30 @@ * Configurable Reliable Piped Logs - You can configure Apache to generate logs in the format that you want. In addition, on most Unix architectures, Apache can send log files to a pipe, allowing for log rotation, hit filtering, real-time splitting of multiple vhosts into separate logs, and asynchronous DNS resolving on the fly. == How and why was Apache HTTP Server created? == - The [[http://httpd.apache.org/ABOUT_APACHE.html|About Apache document]] explains how the Apache project evolved from its beginnings as an outgrowth of the NCSA httpd project to its current status as one of the fastest, most efficient, and most functional web servers in existence. == Why the name "Apache"? == - The name 'Apache' was chosen from respect for the Native American Indian tribe of Apache (Indé), well-known for their superior skills in warfare strategy and their inexhaustible endurance. For more information on the Apache Nation, we suggest searching Google, or AllTheWeb. Secondarily, and more popularly (though incorrectly) accepted, it's a considered cute name which stuck. Apache is "A PAtCHy server". It was based on some existing code and a series of "patch files". @@ -45, +40 @@ These days Apache as such means much more. It's first and foremost the Apache Software Foundation, under which there are dozens of projects. == How does Apache httpd performance compare to other servers? == - Benchmarks tend to be a measure of configuration competance, rather than of server quality. That is, if you're an expert in IIS, you can probably get it to run faster than you can get Apache to run. You can therefore find comparisions of various HTTP servers that prove that each is faster than all the others. We tend to take server performance benchmarks with a grain of salt. == How thoroughly tested is Apache httpd? == - Apache is run on over 120 million Internet servers (as of April 2010) (Source, [[http://news.netcraft.com/archives/category/web-server-survey/|Netcraft]]). It has been tested thoroughly by both developers and users. The Apache HTTP Server Project Management Committee maintains rigorous standards before releasing new versions of their server, and our server runs without a hitch on over one half of all WWW servers available on the Internet. When bugs do show up, we release patches and new versions as soon as they are available. == What are the future plans for Apache httpd? == - * to continue to be an "open source" no-charge-for-use HTTP server, * to keep up with advances in HTTP protocol and web developments in general, * to collect suggestions for fixes/improvements from its users, * to respond to needs of large volume providers as well as occasional users. == Whom do I contact for support? == - See [[http://httpd.apache.org/support.html]]. + See http://httpd.apache.org/support.html. == Is there any more information available on Apache httpd? == Indeed there is. See the [[http://httpd.apache.org|main Apache web server site]]. There are also many books about the Apache HTTP Server available. @@ -75, +67 @@ You may NOT use any original artwork from the Apache Software Foundation, nor make or use modified versions of such artwork, except under the conditions in the [[http://www.apache.org/foundation/marks/|Apache Trademark Policy]] document. = B. General Technical Questions = - == "Why can't I ...? Why won't ... work?" What to do in case of problems == If you are having trouble with your Apache server software, you should take the following steps: Check the errorlog!:: Apache tries to be helpful when it encounters a problem. In many cases, it will provide some details by writing one or messages to the server error log. Sometimes this is enough for you to diagnose & fix the problem yourself (such as file permissions or the like). The default location of the error log is /usr/local/apache/logs/error_log, but see the ErrorLog directive in your config files for the location on your server. - Check the FAQ!:: You're already here. - Check the Apache bug database:: Most problems that get reported to The Apache Group are recorded in the bug database. Please check the existing reports, open and closed, before adding one. If you find that your issue has already been reported, please don't add a "me, too" report. If the original report isn't closed yet, we suggest that you check it periodically. You might also consider contacting the original submitter, because there may be an email exchange going on about the issue that isn't getting recorded in the database. - Ask in a user support group:: A lot of common problems never make it to the bug database because there's already high Q&A traffic about them in the Users mailing list or comp.infosystems.www.servers.unix and related newsgroups. These newsgroups are also available via Google. Many Apache users, and some of the developers, can be found roaming their virtual halls, so it is suggested that you seek wisdom there. The chances are good that you'll get a faster answer there than from the bug database, even if you don't see your question already posted. - If all else fails, report the problem in the bug database:: If you've gone through those steps above that are appropriate and have obtained no relief, then please do let The Apache Group know about the problem by logging a bug report. If your problem involves the server crashing and generating a core dump, please include a backtrace (if possible). As an example, - {{{ + . {{{ # cd ServerRoot # dbx httpd core (dbx) where }}} + (Substitute the appropriate locations for your ServerRoot and your httpd and core files. You may have to use gdb instead of dbx.) == How do I submit a patch to Apache httpd? == - Detailed information for submitting bug reports and patches may be found in the [[http://httpd.apache.org/dev/|Apache HTTP Server developer documentation]]. == Why has Apache stolen my favourite site's Internet address? == @@ -111, +98 @@ No marketing spam originates from the Apache site. The only mail that comes from the site goes only to addresses that have been requested to receive the mail. == May I include the Apache software on a CD or other package I'm distributing? == - The detailed answer to this question can be found in the Apache license, which is included in the Apache distribution in the file LICENSE. You can also find it on the Web at [[http://www.apache.org/licenses/]]. + The detailed answer to this question can be found in the Apache license, which is included in the Apache distribution in the file LICENSE. You can also find it on the Web at http://www.apache.org/licenses/. == What's the best hardware/operating system/... How do I get the most out of my Apache Web server? == Check out the [[http://httpd.apache.org/docs/current/misc/perf-tuning.html|performance tuning page]]. @@ -124, +111 @@ == Why isn't there a binary for my platform? == The developers make sure that the software builds and works correctly on the platforms available to them; this does not necessarily mean that your platform is one of them. In addition, the Apache HTTP server project is primarily source oriented, meaning that distributing valid and buildable source code is the purpose of a release, not making sure that there is a binary package for all of the supported platforms. - If you don't see a kit for your platform listed in the binary distribution area ([[http://httpd.apache.org/dist/httpd/binaries/]]), it means either that the platform isn't available to any of the developers, or that they just haven't gotten around to preparing a binary for it. As this is a voluntary project, they are under no obligation to do so. Users are encouraged and expected to build the software themselves. + If you don't see a kit for your platform listed in the binary distribution area (http://httpd.apache.org/dist/httpd/binaries/), it means either that the platform isn't available to any of the developers, or that they just haven't gotten around to preparing a binary for it. As this is a voluntary project, they are under no obligation to do so. Users are encouraged and expected to build the software themselves. The sole exception to these practices is the Windows package. Unlike most Unix and Unix-like platforms, Windows systems do not come with a bundled software development environment, so we do prepare binary kits for Windows when we make a release. Again, however, it's a voluntary thing and only a limited number of the developers have the capability to build the InstallShield package, so the Windows release may lag somewhat behind the source release. This lag should be no more than a few days at most. = C. Building Apache httpd = - == Why do I get an error about an undefined reference to "__inet_ntoa" or other __inet_* symbols? == If you have installed BIND-8 then this is normally due to a conflict between your include files and your libraries. BIND-8 installs its include files and libraries /usr/local/include/ and /usr/local/lib/, while the resolver that comes with your system is probably installed in /usr/include/ and /usr/lib/. If your system uses the header files in /usr/local/include/ before those in /usr/include/ but you do not use the new resolver library, then the two versions will conflict. @@ -137, +123 @@ Note:As of BIND 8.1.1, the bind libraries and files are installed under /usr/local/bind by default, so you should not run into this problem. Should you want to use the bind resolvers you'll have to add the following to the respective lines: + EXTRA_CFLAGS=-I/usr/local/bind/include EXTRA_LDFLAGS=-L/usr/local/bind/lib EXTRA_LIBS=-lbind - EXTRA_CFLAGS=-I/usr/local/bind/include - EXTRA_LDFLAGS=-L/usr/local/bind/lib - EXTRA_LIBS=-lbind == I get an error about "configure failed for srclib/apr" == ''This only applies to Apache 2.4 and later'' @@ -153, +137 @@ Your system's C compiler is garbage.:: Some operating systems include a default C compiler that is either not ANSI C-compliant or suffers from other deficiencies. The usual recommendation in cases like this is to acquire, install, and use gcc. Your include files may be confused.:: In some cases, we have found that a compiler installation or system upgrade has left the C header files in an inconsistent state. Make sure that your include directory tree is in sync with the compiler and the operating system. Your operating system or compiler may be out of revision.:: Software vendors (including those that develop operating systems) issue new releases for a reason; sometimes to add functionality, but more often to fix bugs that have been discovered. Try upgrading your compiler and/or your operating system. + The Apache Group tests the ability to build the server on many different platforms. Unfortunately, we can't test all of the OS platforms there are. If you have verified that none of the above issues is the cause of your problem, and it hasn't been reported before, please submit a problem report. Be sure to include complete details, such as the compiler & OS versions and exact error messages. == Why do I get complaints about redefinition of "struct iovec" when compiling under Linux? == This is a conflict between your C library includes and your kernel includes. You need to make sure that the versions of both are matched properly. There are two workarounds, either one will solve the problem: + Remove the definition of struct iovec from your C library includes. It is located in /usr/include/sys/uio.h. Or, Add -DNO_WRITEV to the EXTRA_CFLAGS line in your Configuration and reconfigure/rebuild. This hurts performance and should only be used as a last resort. - Remove the definition of struct iovec from your C library includes. It is located in /usr/include/sys/uio.h. Or, - Add -DNO_WRITEV to the EXTRA_CFLAGS line in your Configuration and reconfigure/rebuild. This hurts performance and should only be used as a last resort. == I'm using gcc and I get some compilation errors, what is wrong? == GCC parses your system header files and produces a modified subset which it uses for compiling. This behavior ties GCC tightly to the version of your operating system. So, for example, if you were running IRIX 5.3 when you built GCC and then upgrade to IRIX 6.2 later, you will have to rebuild GCC. Similarly for Solaris 2.4, 2.5, or 2.5.1 when you upgrade to 2.6. Sometimes you can type "gcc -v" and it will tell you the version of the operating system it was built against. @@ -167, +151 @@ If you fail to do this, then it is very likely that Apache will fail to build. One of the most common errors is with readv, writev, or uio.h. This is not a bug with Apache. You will need to re-install GCC. = D. Error Log Messages and Problems Starting Apache = - == Why do I get "setgid: Invalid argument" at startup? == Your Group directive (probably in conf/httpd.conf) needs to name a group that actually exists in the /etc/group file (or your system's equivalent). This problem is also frequently seen when a negative number is used in the Group directive (e.g., "Group #-1"). Using a group name -- not group number -- found in your system's group database should solve this problem in all cases. @@ -199, +182 @@ }}} The directory should not be generally writable (e.g., don't use /var/tmp). See the LockFile documentation for more information. - == When I try to start Apache from a DOS window, I get a message like "Cannot determine host name. Use ServerName directive to set it manually." What does this mean? == It means what it says; the Apache software can't determine the hostname of your system. Edit your conf\httpd.conf file, look for the string "ServerName", and make sure there's an uncommented directive such as - ServerName localhost + ServerName localhost or - or - ServerName www.foo.com - in the file. Correct it if there one there with wrong information, or add one if you don't already have one. + ServerName www.foo.com in the file. Correct it if there one there with wrong information, or add one if you don't already have one. Also, make sure that your Windows system has DNS enabled. See the TCP/IP setup component of the Networking or Internet Options control panel. @@ -216, +196 @@ == When I try to start Apache on Windows, I get a message like "System error 1067 has occurred. The process terminated unexpectedly." What does this mean? == This message means that the Web server was unable to start correctly for one reason or another. To find out why, execute the following commands in a DOS window: - c: - cd "\Program Files\Apache Group\Apache" + . c: cd "\Program Files\Apache Group\Apache" apache - apache (If you don't get the prompt back, hit Control-C to cause Apache to exit.) @@ -236, +214 @@ [Thu Jun 6 04:02:01 2002] [notice] SIGHUP received. Attempting to restart [Thu Jun 6 04:02:02 2002] [notice] Apache configured -- resuming normal operations }}} - Check your cron jobs to see when/if your server logs are being rotated. Compare the time of rotation to the error message time. If they are the same, you can somewhat safely assume that the restart is due to your server logs being rotated. == Why am I getting "module module-name is not compatible with this version of Apache" messages in my error log? == @@ -244, +221 @@ If you're getting the above error messages, contact the vendor of the module for the new binary, or compile it if you have access to the source code. + == I've downloaded a module from a source I trust, but my LoadModule line is a syntax error? == + Have you checked for simple errors like a typo, or an incorrect path to the module? + + Another reason you may be unable to load a module is if it relies on libraries (Unix-family .so or Windows .dll) that are not loaded into the server. Such libraries can be loaded using the '''LoadFile''' directive, which must appear '''before''' your LoadModule line in the configuration. The module's provider should document any such dependencies. + + There's a particular Gotcha on Windows: + + {{{ + httpd: Syntax error on line nn of C:/IBM/HTTP/conf/httpd.conf: Cannot load C:/IBM/HTTP/modules/mod_foo.so into server: The specified module could not be found. + }}} + Googling the error message tells us there's a missing library, but there doesn't appear to be, and the identical configuration works on one computer but fails with this message on another. What gives? + + This error may happen because you need to install the Windows C Runtime Libraries on the target machine. Note that this doesn't mean you need to load them explicitly into HTTPD, just install them on the host machine! This is likely to affect users of IBM's httpd trying to load modules not supplied by IBM, and might arise in other circumstances where the server and the module are compiled using different build options. + = E. Configuration Questions = - == Why can't I run more than <n> virtual hosts? == You are probably running into resource limitations in your operating system. The most common limitation is the per-process limit on file descriptors, which is almost always the cause of problems seen when adding virtual hosts. Apache often does not give an intuitive error message because it is normally some library routine (such as gethostbyname()) which needs file descriptors and doesn't complain intelligibly when it can't get them. + Each log file requires a file descriptor, which means that if you are using separat + + {{{ + Syntax error on line nn of C:/IBM/HTTP/conf/load_modules.conf + }}} - Each log file requires a file descriptor, which means that if you are using separate access and error logs for each virtual host, each virtual host needs two file descriptors. Each Listen directive also needs a file descriptor. + e access and error logs for each virtual host, each virtual host needs two file descriptors. Each Listen directive also needs a file descriptor. Typical values for <n> that we've seen are in the neighborhood of 1024 or 2048. When the server bumps into the file descriptor limit, it may dump core with a SIGSEGV, it might just hang, or it may limp along and you'll see (possibly meaningful) errors in the error log. One common problem that occurs when you run into a file descriptor limit is that CGI scripts stop being executed properly. @@ -258, +253 @@ Reduce the number of Listen directives:: If there are no other servers running on the machine on the same port then you normally don't need any Listen directives at all. By default Apache listens to all addresses on port 80. Reduce the number of log files:: You can use mod_log_config to log all requests to a single log file while including the name of the virtual host in the log file. You can then write a script to split the logfile into separate files later if necessary. Such a script is provided with the Apache distribution in the src/support/split-logfile file. Increase the number of file descriptors available to the server:: (see your system's documentation on the limit or ulimit commands). For some systems, information on how to do this is available in the performance hints page. There is a specific note for FreeBSD below. - - "Don't do that" - try to run with fewer virtual hosts:: + "Don't do that" - try to run with fewer virtual hosts:: <<BR>> - Spread your operation across multiple server processes (using Listen for example, but see the first point) and/or ports. - Since this is an operating-system limitation, there's not much else available in the way of solutions. + Spread your operation across multiple server processes (using Listen for example, but see the first point) and/or ports. Since this is an operating-system limitation, there's not much else available in the way of solutions. == Why doesn't my ErrorDocument 401 work? == You need to use it with a URL in the form "/foo/bar" and not one with a method and hostname such as "http://host/foo/bar";. See the ErrorDocument documentation for details. This was incorrectly documented in the past. @@ -291, +284 @@ The other thing that can occasionally cause this symptom is a misunderstanding of the Alias directive, resulting in an alias working with a trailing slash, and not without one. The Alias directive is very literal, and aliases what you tell it to. Consider the following example: - Alias /example/ /home/www/example/ + . Alias /example/ /home/www/example/ The above directive creates an alias for URLs starting with /example/, but does not alias URLs starting with /example. That is to say, a URL such as http://servername.com/example/ will get the desired content, but a URL such as http://servername.com/example will result in a "file not found" error. The following Alias, on the other hand, will work for both cases: - Alias /example /home/www/example + . Alias /example /home/www/example == Why doesn't mod_info list any directives? == The mod_info module allows you to use a Web browser to see how your server is configured. Among the information it displays is the list of modules and their configuration directives. The "current" values for the directives are not necessarily those of the running server; they are extracted from the configuration files themselves at the time of the request. If the files have been changed since the server was last reloaded, the display will not match the values actively in use. If the files and the path to the files are not readable by the user as which the server is running (see the User directive), then mod_info cannot read them in order to list their values. An entry will be made in the error log in this event, however. == My .htaccess files are being ignored. == - This is almost always due to your AllowOverride directive being set incorrectly for the directory in question. If it is set to None then .htaccess files will not even be looked for. That is a good thing. If you have access to edit the httpd.conf, you should not use .htaccess files, ever. If your customers do need support for .htaccess, make sure that AllowOverride is set to something sensible (i.e.: Not All). + This is almost always due to your AllowOverride directive being set incorrectly for the directory in question. If it is set to None then .htaccess files will not even be looked for. That is a good thing. If you have access to edit the httpd.conf, you should not use .htaccess files, ever. If your customers do need support for .htaccess, make sure that AllowOverride is set to something sensible (i.e.: Not All). Be certain it covers the directory you are trying to use the .htaccess file in. This is normally accomplished by ensuring it is inside the proper Directory container. - Be certain it covers the directory you are trying to use the .htaccess file in. This is normally accomplished by ensuring it is inside the proper Directory container. You can tell if this is your problem by adding nonsense text to your .htaccess file and reloading the page. If you ''do not'' get a server error, then Apache httpd is not reading your .htaccess file. @@ -329, +321 @@ There are two techniques to implement canonical hostnames: === Use mod_rewrite as described in the "Canonical Hostnames" section of the URL Rewriting Guide. === - See [[http://httpd.apache.org/docs/current/rewrite/rewrite_guide.html#canonicalurl]]. + See http://httpd.apache.org/docs/current/rewrite/rewrite_guide.html#canonicalurl. + === Use name-based virtual hosting: === - {{{ + . {{{ NameVirtualHost *:80 <VirtualHost *:80> ServerName www.example.net @@ -353, +346 @@ To turn on automatic directory indexing, find the Options directive that applies to the directory and add the Indexes keyword. For example: - {{{ + . {{{ <Directory /path/to/directory> Options +Indexes </Directory> }}} + To turn off automatic directory indexing, remove the Indexes keyword from the appropriate Options line. To turn off directory listing for a particular subdirectory, you can use Options -Indexes. For example: + - {{{ + . {{{ <Directory /path/to/directory> Options -Indexes </Directory> @@ -374, +369 @@ </Directory> Options Includes ExecCGI }}} - Includes and ExecCGI will be off in the /usr/local/apache/htdocs directory. You can usually avoid problems by either finding the Options directive that already applies to a specific directory and changing it, or by putting your Options directive inside the most specific possible <Directory> section. @@ -384, +378 @@ For example: - Server: Apache/2.2.17 (Unix) mod_perl/1.26 - Frequently, people want to remove this information, under the mistaken understanding that this will make the system more secure. This is probably not the case, as the same exploits will likely be attempted regardless of the header information you provide. + Server: Apache/2.2.17 (Unix) mod_perl/1.26 Frequently, people want to remove this information, under the mistaken understanding that this will make the system more secure. This is probably not the case, as the same exploits will likely be attempted regardless of the header information you provide. There are, however, two answers to this question: the correct answer, and the answer that you are probably looking for. The correct answer to this question is that you should use the ServerTokens directive to alter the quantity of information which is passed in the headers. Setting this directive to Prod will pass the least possible amount of information: - Server: Apache - The answer you are probably looking for is how to make Apache lie about what what it is, ie send something like: + Server: Apache The answer you are probably looking for is how to make Apache lie about what what it is, ie send something like: - Server: Bob's Happy HTTPd Server - In order to do this, you will need to modify the Apache source code and rebuild Apache. This is not advised, as it is almost certain not to provide you with the added security you think that you are gaining. The exact method of doing this is left as an exercise for the reader, as we are not keen on helping you do something that is intrinsically a bad idea. + Server: Bob's Happy HTTPd Server In order to do this, you will need to modify the Apache source code and rebuild Apache. This is not advised, as it is almost certain not to provide you with the added security you think that you are gaining. The exact method of doing this is left as an exercise for the reader, as we are not keen on helping you do something that is intrinsically a bad idea. == Why do I see requests for other sites appearing in my log files? == An access_log entry showing this situation could look like this: - 63.251.56.142 - - [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/ HTTP/1.0" 200 1456 - The question is: why did a request for www.yahoo.com come to your server instead of Yahoo's server? And why does the response have a status code of 200 (success)? + 63.251.56.142 - - [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/ HTTP/1.0" 200 1456 The question is: why did a request for www.yahoo.com come to your server instead of Yahoo's server? And why does the response have a status code of 200 (success)? This is usually the result of malicious clients trying to exploit open proxy servers to access a website without revealing their true location. If you find entries like this in your log, the first thing to do is to make sure you have properly configured your server not to proxy for unknown clients. If you don't need to provide a proxy server at all, you should simply assure that the ProxyRequests directive is not set on. If you do need to run a proxy server, then you must ensure that you secure your server properly so that only authorized clients can use it. @@ -427, +417 @@ </VirtualHost> ... }}} - = F. Dynamic Content (CGI and SSI) = - == How do I enable CGI execution in directories other than the ScriptAlias? == Apache recognizes all files in a directory named as a ScriptAlias as being eligible for execution rather than processing as normal documents. This applies regardless of the file name, so scripts in a ScriptAlias directory don't need to be named "*.cgi" or "*.pl" or whatever. In other words, all files in a ScriptAlias directory are scripts, as far as Apache is concerned. To persuade Apache to execute scripts in other locations, such as in directories where normal documents may also live, you must tell it how to recognize them - and also that it's okay to execute them. For this, you need to use something like the AddHandler directive. + In an appropriate section of your server configuration files, add a line such as AddHandler cgi-script .cgi The server will then recognize that all files in that location (and its logical descendants) that end in ".cgi" are script files, not documents. - In an appropriate section of your server configuration files, add a line such as - AddHandler cgi-script .cgi - The server will then recognize that all files in that location (and its logical descendants) that end in ".cgi" are script files, not documents. - Make sure that the directory location is covered by an Options declaration that includes the ExecCGI option. - In some situations, you might not want to actually allow all files named "*.cgi" to be executable. Perhaps all you want is to enable a particular file in a normal directory to be executable. This can be alternatively accomplished via mod_rewrite and the following steps: + Make sure that the directory location is covered by an Options declaration that includes the ExecCGI option. In some situations, you might not want to actually allow all files named "*.cgi" to be executable. Perhaps all you want is to enable a particular file in a normal directory to be executable. This can be alternatively accomplished via mod_rewrite and the following steps: Locally add to the corresponding .htaccess file a ruleset similar to this one: + {{{ RewriteEngine on RewriteBase /~foo/bar/ @@ -467, +453 @@ select ($current_file_handle); } }}} - This is generally only necessary when you are calling external programs from your script that send output to stdout, or if there will be a long delay between the time the headers are sent and the actual content starts being emitted. To maximize performance, you should turn buffer-flushing back off (with $| = 0 or the equivalent) after the statements that send the headers, as displayed above. If your script isn't written in Perl, do the equivalent thing for whatever language you are using (e.g., for C, call fflush() after writing the headers). @@ -489, +474 @@ * Build your server with the mod_include module. This is normally compiled in by default. * Make sure your server configuration files have an Options directive which permits Includes. * Make sure that the directory where you want the SSI documents to live is covered by the "INCLUDEES" content filter, either explicitly or in some ancestral location. That can be done with the following directives: + {{{ AddType text/html .shtml AddOutputFilter INCLUDES .shtml @@ -519, +505 @@ There are many ways to give each user directory a cgi-bin directory such that anything requested as http://example.com/~user/cgi-bin/program will be executed as a CGI script. Two alternatives are: Place the cgi-bin directory next to the public_html directory: + {{{ ScriptAliasMatch ^/~([^/]*)/cgi-bin/(.*) /home/$1/cgi-bin/$2 Place the cgi-bin directory underneath the public_html directory: @@ -530, +517 @@ If you are using suexec, the first technique will not work because CGI scripts must be stored under the public_html directory. = G. Authentication and Access Restrictions = - == Why isn't restricting access by host or domain name working correctly? == Two of the most common causes of this are: - An error, inconsistency, or unexpected mapping in the DNS registration:: + An error, inconsistency, or unexpected mapping in the DNS registration:: <<BR>> + This happens frequently: your configuration restricts access to Host.FooBar.Com, but you can't get in from that host. The usual reason for this is that Host.FooBar.Com is actually an alias for another name, and when Apache performs the address-to-name lookup it's getting the real name, not Host.FooBar.Com. You can verify this by checking the reverse lookup yourself. The easiest way to work around it is to specify the correct host name in your configuration. + - Inadequate checking and verification in your configuration of Apache:: + Inadequate checking and verification in your configuration of Apache:: <<BR>> + If you intend to perform access checking and restriction based upon the client's host or domain name, you really need to configure Apache to double-check the origin information it's supplied. You do this by adding this to your configuration: + {{{ HostnameLookups Double }}} @@ -593, +583 @@ * Web authentication passwords (at least for Basic authentication) generally fly across the wire, and through intermediate proxy systems, in what amounts to plain text. "O'er the net we go/Caching all the way;/O what fun it is to surf/Giving my password away!" * Since HTTP is stateless, information about the authentication is transmitted each and every time a request is made to the server. Essentially, the client caches it after the first successful access, and transmits it without asking for all subsequent requests to the same server. * It's relatively trivial for someone on your system to put up a page that will steal the cached password from a client's cache without them knowing. Can you say "password grabber"? + If you still want to do this in light of the above disadvantages, the method is left as an exercise for the reader. It'll void your Apache warranty, though, and you'll lose all accumulated UNIX guru points. == Why does Apache ask for my password twice before serving a file? == @@ -603, +594 @@ To eliminate this problem you should * Always use the trailing slash when requesting directories; - * Change the ServerName to match the name you are using in the URL; + * Change the ServerName to match the name you are using in the URL; * and/or Set UseCanonicalName off. == How can I prevent people from "stealing" the images from my web site? == @@ -626, +617 @@ Further examples can be found in the Environment Variables documentation. = H. URL Rewriting = - == Where can I find mod_rewrite rulesets which already solve particular URL-related problems? == There is a collection of practical solutions that can be found in the [[http://httpd.apache.org/docs/current/rewrite/|URL Rewriting Guide]]. If you have more interesting rulesets which solve particular problems not currently covered in this document, open a doc suggestion in bugzilla to add it. The other webmasters will thank you for avoiding the reinvention of the wheel. @@ -656, +646 @@ There is only one ugly solution: You have to surround the complete flag argument by quotation marks ("[E=...]"). Notice: The argument to quote here is not the argument to the E-flag, it is the argument of the Apache config file parser, i.e., the third argument of the RewriteRule here. So you have to write "[E=any text with whitespaces]". = I. Features = - == Does or will Apache act as a Proxy server? == - [[http://httpd.apache.org/docs/current/mod/mod_proxy.html|mod_proxy]] provides proxying functionality for a variety of protocols. == What are "multiviews"? == @@ -679, +667 @@ The simple answer: by piping the transfer log into an appropriate log file rotation utility. The longer answer: In the src/support/ directory, you will find a utility called rotatelogs which can be used like this: + {{{ TransferLog "|/path/to/rotatelogs /path/to/logs/access_log 86400 }}} - to enable daily rotation of the log files. - A more sophisticated solution of a logfile rotation utility is available under the name cronolog from Andrew Ford's site at http://www.cronolog.org/. It can automatically create logfile subdirectories based on time and date, and can have a constant symlink point to the rotating logfiles. (As of version 1.6.1, cronolog is available under the Apache License). Use it like this: + to enable daily rotation of the log files. A more sophisticated solution of a logfile rotation utility is available under the name cronolog from Andrew Ford's site at http://www.cronolog.org/. It can automatically create logfile subdirectories based on time and date, and can have a constant symlink point to the rotating logfiles. (As of version 1.6.1, cronolog is available under the Apache License). Use it like this: + {{{ CustomLog "|/path/to/cronolog --symlink=/usr/local/apache/logs/access_log /usr/local/apache/logs/%Y/%m/access_log" combined }}} - == How do I keep certain requests from appearing in my logs? == The maximum flexibility for removing unwanted information from log files is obtained by post-processing the logs, or using piped-logs to feed the logs through a program which does whatever you want. However, Apache does offer the ability to prevent requests from ever appearing in the log files. You can do this by using the SetEnvIf directive to set an environment variable for certain requests and then using the conditional CustomLog syntax to prevent logging when the environment variable is set. @@ -699, +687 @@ * Apache::ASP * mod_mono + See also the related projects page to find out more. == Does Apache come with Java support? == --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
