archive-fr.com » FR » O » OBSPM.FR

Total: 155

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • mod_proxy_http - Apache HTTP Server
    features used for proxying HTTP requests mod proxy http supports HTTP 0 9 HTTP 1 0 and HTTP 1 1 It does not provide any caching abilities If you want to set up a caching proxy you might want to use the additional service of the mod cache module Thus in order to get the ability of handling HTTP proxy requests mod proxy and mod proxy http have to be

    Original URL path: http://ama09.obspm.fr/manual-2.0/mod/mod_proxy_http.html (2015-11-16)
    Open archived version from archive


  • mod_rewrite - Apache HTTP Server
    the release version of Apache 1 3 14 for instance it is 19990320 10 but is mainly of interest to module authors THE REQUEST The full HTTP request line sent by the browser to the server e g GET index html HTTP 1 1 This does not include any additional headers sent by the browser REQUEST URI The resource requested in the HTTP request line In the example above this would be index html REQUEST FILENAME The full local filesystem path to the file or script matching the request Special Notes The variables SCRIPT FILENAME and REQUEST FILENAME contain the same value i e the value of the filename field of the internal request rec structure of the Apache server The first name is just the commonly known CGI variable name while the second is the consistent counterpart to REQUEST URI which contains the value of the uri field of request rec There is the special format ENV variable where variable can be any environment variable This is looked up via internal Apache structures and if not found there via getenv from the Apache server process There is the special format HTTP header where header can be any HTTP MIME header name This is looked up from the HTTP request Example HTTP Proxy Connection is the value of the HTTP header Proxy Connection There is the special format LA U variable for look aheads which perform an internal URL based sub request to determine the final value of variable Use this when you want to use a variable for rewriting which is actually set later in an API phase and thus is not available at the current stage For instance when you want to rewrite according to the REMOTE USER variable from within the per server context httpd conf file you have to use LA U REMOTE USER because this variable is set by the authorization phases which come after the URL translation phase where mod rewrite operates On the other hand because mod rewrite implements its per directory context htaccess file via the Fixup phase of the API and because the authorization phases come before this phase you just can use REMOTE USER there There is the special format LA F variable which performs an internal filename based sub request to determine the final value of variable Most of the time this is the same as LA U above CondPattern is the condition pattern i e a regular expression which is applied to the current instance of the TestString i e TestString is evaluated and then matched against CondPattern Remember CondPattern is a perl compatible regular expression with some additions You can prefix the pattern string with a character exclamation mark to specify a non matching pattern There are some special variants of CondPatterns Instead of real regular expression strings you can also use one of the following CondPattern is lexically lower Treats the CondPattern as a plain string and compares it lexically to TestString True if TestString is lexically lower than CondPattern CondPattern is lexically greater Treats the CondPattern as a plain string and compares it lexically to TestString True if TestString is lexically greater than CondPattern CondPattern is lexically equal Treats the CondPattern as a plain string and compares it lexically to TestString True if TestString is lexically equal to CondPattern i e the two strings are exactly equal character by character If CondPattern is just two quotation marks this compares TestString to the empty string d is d irectory Treats the TestString as a pathname and tests if it exists and is a directory f is regular f ile Treats the TestString as a pathname and tests if it exists and is a regular file s is regular file with s ize Treats the TestString as a pathname and tests if it exists and is a regular file with size greater than zero l is symbolic l ink Treats the TestString as a pathname and tests if it exists and is a symbolic link F is existing file via subrequest Checks if TestString is a valid file and accessible via all the server s currently configured access controls for that path This uses an internal subrequest to determine the check so use it with care because it decreases your servers performance U is existing URL via subrequest Checks if TestString is a valid URL and accessible via all the server s currently configured access controls for that path This uses an internal subrequest to determine the check so use it with care because it decreases your server s performance Notice All of these tests can also be prefixed by an exclamation mark to negate their meaning Additionally you can set special flags for CondPattern by appending flags as the third argument to the RewriteCond directive Flags is a comma separated list of the following flags nocase NC n o c ase This makes the test case insensitive i e there is no difference between A Z and a z both in the expanded TestString and the CondPattern This flag is effective only for comparisons between TestString and CondPattern It has no effect on filesystem and subrequest checks ornext OR or next condition Use this to combine rule conditions with a local OR instead of the implicit AND Typical example RewriteCond REMOTE HOST host1 OR RewriteCond REMOTE HOST host2 OR RewriteCond REMOTE HOST host3 RewriteRule some special stuff for any of these hosts Without this flag you would have to write the cond rule three times Example To rewrite the Homepage of a site according to the User Agent header of the request you can use the following RewriteCond HTTP USER AGENT Mozilla RewriteRule homepage max html L RewriteCond HTTP USER AGENT Lynx RewriteRule homepage min html L RewriteRule homepage std html L Interpretation If you use Netscape Navigator as your browser which identifies itself as Mozilla then you get the max homepage which includes Frames etc If you use the Lynx browser which is Terminal based then you get the min homepage which contains no images no tables etc If you use any other browser you get the standard homepage RewriteEngine Directive Description Enables or disables runtime rewriting engine Syntax RewriteEngine on off Default RewriteEngine off Context server config virtual host directory htaccess Override FileInfo Status Extension Module mod rewrite The RewriteEngine directive enables or disables the runtime rewriting engine If it is set to off this module does no runtime processing at all It does not even update the SCRIPT URx environment variables Use this directive to disable the module instead of commenting out all the RewriteRule directives Note that by default rewrite configurations are not inherited This means that you need to have a RewriteEngine on directive for each virtual host in which you wish to use it RewriteLock Directive Description Sets the name of the lock file used for RewriteMap synchronization Syntax RewriteLock file path Context server config Status Extension Module mod rewrite This directive sets the filename for a synchronization lockfile which mod rewrite needs to communicate with RewriteMap programs Set this lockfile to a local path not on a NFS mounted device when you want to use a rewriting map program It is not required for other types of rewriting maps RewriteLog Directive Description Sets the name of the file used for logging rewrite engine processing Syntax RewriteLog file path Context server config virtual host Status Extension Module mod rewrite The RewriteLog directive sets the name of the file to which the server logs any rewriting actions it performs If the name does not begin with a slash then it is assumed to be relative to the Server Root The directive should occur only once per server config To disable the logging of rewriting actions it is not recommended to set Filename to dev null because although the rewriting engine does not then output to a logfile it still creates the logfile output internally This will slow down the server with no advantage to the administrator To disable logging either remove or comment out the RewriteLog directive or use RewriteLogLevel 0 Security See the Apache Security Tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server Example RewriteLog usr local var apache logs rewrite log RewriteLogLevel Directive Description Sets the verbosity of the log file used by the rewrite engine Syntax RewriteLogLevel Level Default RewriteLogLevel 0 Context server config virtual host Status Extension Module mod rewrite The RewriteLogLevel directive sets the verbosity level of the rewriting logfile The default level 0 means no logging while 9 or more means that practically all actions are logged To disable the logging of rewriting actions simply set Level to 0 This disables all rewrite action logs Using a high value for Level will slow down your Apache server dramatically Use the rewriting logfile at a Level greater than 2 only for debugging Example RewriteLogLevel 3 RewriteMap Directive Description Defines a mapping function for key lookup Syntax RewriteMap MapName MapType MapSource Context server config virtual host Status Extension Module mod rewrite Compatibility The choice of different dbm types is available in Apache 2 0 41 and later The RewriteMap directive defines a Rewriting Map which can be used inside rule substitution strings by the mapping functions to insert substitute fields through a key lookup The source of this lookup can be of various types The MapName is the name of the map and will be used to specify a mapping function for the substitution strings of a rewriting rule via one of the following constructs MapName LookupKey MapName LookupKey DefaultValue When such a construct occurs the map MapName is consulted and the key LookupKey is looked up If the key is found the map function construct is substituted by SubstValue If the key is not found then it is substituted by DefaultValue or by the empty string if no DefaultValue was specified The following combinations for MapType and MapSource can be used Standard Plain Text MapType txt MapSource Unix filesystem path to valid regular file This is the standard rewriting map feature where the MapSource is a plain ASCII file containing either blank lines comment lines starting with a character or pairs like the following one per line MatchingKey SubstValue Example map txt rewriting map Ralf S Engelschall rse Bastard Operator From Hell Mr Joe Average joe Mr Average RewriteMap real to user txt path to file map txt Randomized Plain Text MapType rnd MapSource Unix filesystem path to valid regular file This is identical to the Standard Plain Text variant above but with a special post processing feature After looking up a value it is parsed according to contained characters which have the meaning of or In other words they indicate a set of alternatives from which the actual returned value is chosen randomly Although this sounds crazy and useless it was actually designed for load balancing in a reverse proxy situation where the looked up values are server names Example map txt rewriting map static www1 www2 www3 www4 dynamic www5 www6 RewriteMap servers rnd path to file map txt Hash File MapType dbm type MapSource Unix filesystem path to valid regular file Here the source is a binary format DBM file containing the same contents as a Plain Text format file but in a special representation which is optimized for really fast lookups The type can be sdbm gdbm ndbm or db depending on compile time settings If the type is ommitted the compile time default will be chosen You can create such a file with any DBM tool or with the following Perl script Be sure to adjust it to create the appropriate type of DBM The example creates an NDBM file usr bin perl txt2dbm convert txt map to dbm format use NDBM File use Fcntl txtmap dbmmap ARGV open TXT txtmap or die Couldn t open txtmap n tie DB NDBM File dbmmap O RDWR O TRUNC O CREAT 0644 or die Couldn t create dbmmap n while TXT next if s or s DB 1 2 if s S s S untie DB close TXT txt2dbm map txt map db Internal Function MapType int MapSource Internal Apache function Here the source is an internal Apache function Currently you cannot create your own but the following functions already exists toupper Converts the looked up key to all upper case tolower Converts the looked up key to all lower case escape Translates special characters in the looked up key to hex encodings unescape Translates hex encodings in the looked up key back to special characters External Rewriting Program MapType prg MapSource Unix filesystem path to valid regular file Here the source is a program not a map file To create it you can use the language of your choice but the result has to be a executable i e either object code or a script with the magic cookie trick path to interpreter as the first line This program is started once at startup of the Apache servers and then communicates with the rewriting engine over its stdin and stdout file handles For each map function lookup it will receive the key to lookup as a newline terminated string on stdin It then has to give back the looked up value as a newline terminated string on stdout or the four character string NULL if it fails i e there is no corresponding value for the given key A trivial program which will implement a 1 1 map i e key value could be usr bin perl 1 while STDIN put here any transformations or lookups print But be very careful Keep it simple stupid KISS because if this program hangs it will hang the Apache server when the rule occurs Avoid one common mistake never do buffered I O on stdout This will cause a deadloop Hence the 1 in the above example Use the RewriteLock directive to define a lockfile mod rewrite can use to synchronize the communication to the program By default no such synchronization takes place The RewriteMap directive can occur more than once For each mapping function use one RewriteMap directive to declare its rewriting mapfile While you cannot declare a map in per directory context it is of course possible to use this map in per directory context Note For plain text and DBM format files the looked up keys are cached in core until the mtime of the mapfile changes or the server does a restart This way you can have map functions in rules which are used for every request This is no problem because the external lookup only happens once RewriteOptions Directive Description Sets some special options for the rewrite engine Syntax RewriteOptions Options Default RewriteOptions MaxRedirects 10 Context server config virtual host directory htaccess Override FileInfo Status Extension Module mod rewrite Compatibility MaxRedirects is available in Apache 2 0 45 and later The RewriteOptions directive sets some special options for the current per server or per directory configuration The Option strings can be one of the following inherit This forces the current configuration to inherit the configuration of the parent In per virtual server context this means that the maps conditions and rules of the main server are inherited In per directory context this means that conditions and rules of the parent directory s htaccess configuration are inherited MaxRedirects number In order to prevent endless loops of internal redirects issued by per directory RewriteRule s mod rewrite aborts the request after reaching a maximum number of such redirects and responds with an 500 Internal Server Error If you really need more internal redirects than 10 per request you may increase the default to the desired value RewriteRule Directive Description Defines rules for the rewriting engine Syntax RewriteRule Pattern Substitution Context server config virtual host directory htaccess Override FileInfo Status Extension Module mod rewrite Compatibility The cookie flag is available in Apache 2 0 40 and later The RewriteRule directive is the real rewriting workhorse The directive can occur more than once Each directive then defines one single rewriting rule The definition order of these rules is important because this order is used when applying the rules at run time Pattern is a perl compatible regular expression which gets applied to the current URL Here current means the value of the URL when this rule gets applied This may not be the originally requested URL because any number of rules may already have matched and made alterations to it Some hints about the syntax of regular expressions Text Any single character chars Character class One of chars chars Character class None of chars text1 text2 Alternative text1 or text2 Quantifiers 0 or 1 of the preceding text 0 or N of the preceding text N 0 1 or N of the preceding text N 1 Grouping text Grouping of text either to set the borders of an alternative or for making backreferences where the N th group can be used on the RHS of a RewriteRule with N Anchors Start of line anchor End of line anchor Escaping char escape that particular char for instance to specify the chars etc For more information about regular expressions have a look at the perl regular expression manpage perldoc perlre If you are interested in more detailed information about regular expressions and their variants POSIX regex etc have a look at the following dedicated book on this topic Mastering Regular Expressions Jeffrey E F Friedl Nutshell Handbook Series O Reilly Associates Inc 1997 ISBN 1 56592 257 3 Additionally in mod rewrite the NOT character is a possible pattern prefix This gives you the ability to negate a pattern to say for instance if the current URL does NOT match this pattern This can be used for exceptional cases where it is easier to match the negative pattern or as a last default rule

    Original URL path: http://ama09.obspm.fr/manual-2.0/mod/mod_rewrite.html (2015-11-16)
    Open archived version from archive

  • mod_setenvif - Apache HTTP Server
    value env variable value Context server config virtual host directory htaccess Override FileInfo Status Base Module mod setenvif Compatibility Apache 1 2 and above in Apache 1 2 this directive was found in the now obsolete mod browser module The BrowserMatchNoCase directive is semantically identical to the BrowserMatch directive However it provides for case insensitive matching For example BrowserMatchNoCase mac platform macintosh BrowserMatchNoCase win platform windows The BrowserMatch and BrowserMatchNoCase directives are special cases of the SetEnvIf and SetEnvIfNoCase directives The following two lines have the same effect BrowserMatchNoCase Robot is a robot SetEnvIfNoCase User Agent Robot is a robot SetEnvIf Directive Description Sets environment variables based on attributes of the request Syntax SetEnvIf attribute regex env variable value env variable value Context server config virtual host directory htaccess Override FileInfo Status Base Module mod setenvif The SetEnvIf directive defines environment variables based on attributes of the request The attribute specified in the first argument can be one of three things An HTTP request header field see RFC2616 for more information about these for example Host User Agent Referer and Accept Language A regular expression may be used to specify a set of request headers One of the following aspects of the request Remote Host the hostname if available of the client making the request Remote Addr the IP address of the client making the request Server Addr the IP address of the server on which the request was received only with versions later than 2 0 43 Remote User the authenticated username if available Request Method the name of the method being used GET POST et cetera Request Protocol the name and version of the protocol with which the request was made e g HTTP 0 9 HTTP 1 1 etc Request URI the resource requested on the HTTP request line generally the portion of the URL following the scheme and host portion without the query string The name of an environment variable in the list of those associated with the request This allows SetEnvIf directives to test against the result of prior matches Only those environment variables defined by earlier SetEnvIf NoCase directives are available for testing in this manner Earlier means that they were defined at a broader scope such as server wide or previously in the current directive s scope Environment variables will be considered only if there was no match among request characteristics and a regular expression was not used for the attribute The second argument regex is a Perl compatible regular expression This is similar to a POSIX 2 egrep style regular expression If the regex matches against the attribute then the remainder of the arguments are evaluated The rest of the arguments give the names of variables to set and optionally values to which they should be set These take the form of varname or varname or varname value In the first form the value will be set to 1 The second will remove the given variable if already defined and the third

    Original URL path: http://ama09.obspm.fr/manual-2.0/mod/mod_setenvif.html (2015-11-16)
    Open archived version from archive

  • mod_so - Apache HTTP Server
    the Unix architecture which are not present in Windows and will not work When a module does work it can be added to the server in one of two ways As with Unix it can be compiled into the server Because Apache for Windows does not have the Configure program of Apache for Unix the module s source file must be added to the ApacheCore project file and its symbols must be added to the os win32 modules c file The second way is to compile the module as a DLL a shared library that can be loaded into the server at runtime using the LoadModule directive These module DLLs can be distributed and run on any Apache for Windows installation without recompilation of the server To create a module DLL a small change is necessary to the module s source file The module record must be exported from the DLL which will be created later see below To do this add the AP MODULE DECLARE DATA defined in the Apache header files to your module s module record definition For example if your module has module foo module Replace the above with module AP MODULE DECLARE DATA foo module Note that this will only be activated on Windows so the module can continue to be used unchanged with Unix if needed Also if you are familiar with DEF files you can export the module record with that method instead Now create a DLL containing your module You will need to link this against the libhttpd lib export library that is created when the libhttpd dll shared library is compiled You may also have to change the compiler settings to ensure that the Apache header files are correctly located You can find this library in your server root s modules

    Original URL path: http://ama09.obspm.fr/manual-2.0/mod/mod_so.html (2015-11-16)
    Open archived version from archive

  • mod_speling - Apache HTTP Server
    against the requested document name without regard to case and allowing up to one misspelling character insertion omission transposition or wrong character A list is built with all document names which were matched using this strategy If after scanning the directory no matching document was found Apache will proceed as usual and return a document not found error only one document is found that almost matches the request then it is returned in the form of a redirection response more than one document with a close match was found then the list of the matches is returned to the client and the client can select the correct candidate Directives CheckSpelling CheckSpelling Directive Description Enables the spelling module Syntax CheckSpelling on off Default CheckSpelling Off Context server config virtual host directory htaccess Override Options Status Extension Module mod speling Compatibility CheckSpelling was available as a separately available module for Apache 1 1 but was limited to miscapitalizations As of Apache 1 3 it is part of the Apache distribution Prior to Apache 1 3 2 the CheckSpelling directive was only available in the server and virtual host contexts This directive enables or disables the spelling module When enabled keep in mind

    Original URL path: http://ama09.obspm.fr/manual-2.0/mod/mod_speling.html (2015-11-16)
    Open archived version from archive

  • mod_ssl - Apache HTTP Server
    DES CBC3 SHA SSLv3 DH None 3DES 168 SHA1 ADH DES CBC SHA SSLv3 DH None DES 56 SHA1 ADH RC4 MD5 SSLv3 DH None RC4 128 MD5 EDH RSA DES CBC3 SHA SSLv3 DH RSA 3DES 168 SHA1 EDH DSS DES CBC3 SHA SSLv3 DH DSS 3DES 168 SHA1 EDH RSA DES CBC SHA SSLv3 DH RSA DES 56 SHA1 EDH DSS DES CBC SHA SSLv3 DH DSS DES 56 SHA1 EXP EDH RSA DES CBC SHA SSLv3 DH 512 RSA DES 40 SHA1 export EXP EDH DSS DES CBC SHA SSLv3 DH 512 DSS DES 40 SHA1 export EXP ADH DES CBC SHA SSLv3 DH 512 None DES 40 SHA1 export EXP ADH RC4 MD5 SSLv3 DH 512 None RC4 40 MD5 export SSLEngine Directive Description SSL Engine Operation Switch Syntax SSLEngine on off Default SSLEngine off Context server config virtual host Status Extension Module mod ssl This directive toggles the usage of the SSL TLS Protocol Engine This is usually used inside a VirtualHost section to enable SSL TLS for a particular virtual host By default the SSL TLS Protocol Engine is disabled for both the main server and all configured virtual hosts Example VirtualHost default 443 SSLEngine on VirtualHost SSLMutex Directive Description Semaphore for internal mutual exclusion of operations Syntax SSLMutex type Default SSLMutex none Context server config Status Extension Module mod ssl This configures the SSL engine s semaphore aka lock which is used for mutual exclusion of operations which have to be done in a synchronized way between the pre forked Apache server processes This directive can only be used in the global server context because it s only useful to have one global mutex This directive is designed to closely match the AcceptMutex directive The following Mutex types are available none no This is the default where no Mutex is used at all Use it at your own risk But because currently the Mutex is mainly used for synchronizing write access to the SSL Session Cache you can live without it as long as you accept a sometimes garbled Session Cache So it s not recommended to leave this the default Instead configure a real Mutex posixsem This is an elegant Mutex variant where a Posix Semaphore is used when possible It is only available when the underlying platform and APR supports it sysvsem This is a somewhat elegant Mutex variant where a SystemV IPC Semaphore is used when possible It is possible to leak SysV semaphores if processes crash before the semaphore is removed It is only available when the underlying platform and APR supports it sem This directive tells the SSL Module to pick the best semaphore implementation available to it choosing between Posix and SystemV IPC in that order It is only available when the underlying platform and APR supports at least one of the 2 pthread This directive tells the SSL Module to use Posix thread mutexes It is only available if the underlying platform and APR supports it fcntl path to mutex This is a portable Mutex variant where a physical lock file and the fcntl fucntion are used as the Mutex Always use a local disk filesystem for path to mutex and never a file residing on a NFS or AFS filesystem It is only available when the underlying platform and APR supports it Note Internally the Process ID PID of the Apache parent process is automatically appended to path to mutex to make it unique so you don t have to worry about conflicts yourself Notice that this type of mutex is not available under the Win32 environment There you have to use the semaphore mutex flock path to mutex This is similar to the fcntl path to mutex method with the exception that the flock function is used to provide file locking It is only available when the underlying platform and APR supports it file path to mutex This directive tells the SSL Module to pick the best file locking implementation available to it choosing between fcntl and flock in that order It is only available when the underlying platform and APR supports at least one of the 2 default yes This directive tells the SSL Module to pick the default locking implementation as determined by the platform and APR Example SSLMutex file usr local apache logs ssl mutex SSLOptions Directive Description Configure various SSL engine run time options Syntax SSLOptions option Context server config virtual host directory htaccess Override Options Status Extension Module mod ssl This directive can be used to control various run time options on a per directory basis Normally if multiple SSLOptions could apply to a directory then the most specific one is taken completely the options are not merged However if all the options on the SSLOptions directive are preceded by a plus or minus symbol the options are merged Any options preceded by a are added to the options currently in force and any options preceded by a are removed from the options currently in force The available option s are StdEnvVars When this option is enabled the standard set of SSL related CGI SSI environment variables are created This per default is disabled for performance reasons because the information extraction step is a rather expensive operation So one usually enables this option for CGI and SSI requests only CompatEnvVars When this option is enabled additional CGI SSI environment variables are created for backward compatibility to other Apache SSL solutions Look in the Compatibility chapter for details on the particular variables generated ExportCertData When this option is enabled additional CGI SSI environment variables are created SSL SERVER CERT SSL CLIENT CERT and SSL CLIENT CERT CHAIN n with n 0 1 2 These contain the PEM encoded X 509 Certificates of server and client for the current HTTPS connection and can be used by CGI scripts for deeper Certificate checking Additionally all other certificates of the client certificate chain are provided too This bloats up the environment a little bit which is why you have to use this option to enable it on demand FakeBasicAuth When this option is enabled the Subject Distinguished Name DN of the Client X509 Certificate is translated into a HTTP Basic Authorization username This means that the standard Apache authentication methods can be used for access control The user name is just the Subject of the Client s X509 Certificate can be determined by running OpenSSL s openssl x509 command openssl x509 noout subject in certificate crt Note that no password is obtained from the user Every entry in the user file needs this password xxj31ZMTZzkVA which is the DES encrypted version of the word password Those who live under MD5 based encryption for instance under FreeBSD or BSD OS etc should use the following MD5 hash of the same word 1 OXLyS Owx8s2 m9 gfkcRVXzgoE StrictRequire This forces forbidden access when SSLRequireSSL or SSLRequire successfully decided that access should be forbidden Usually the default is that in the case where a Satisfy any directive is used and other access restrictions are passed denial of access due to SSLRequireSSL or SSLRequire is overridden because that s how the Apache Satisfy mechanism should work But for strict access restriction you can use SSLRequireSSL and or SSLRequire in combination with an SSLOptions StrictRequire Then an additional Satisfy Any has no chance once mod ssl has decided to deny access OptRenegotiate This enables optimized SSL connection renegotiation handling when SSL directives are used in per directory context By default a strict scheme is enabled where every per directory reconfiguration of SSL parameters causes a full SSL renegotiation handshake When this option is used mod ssl tries to avoid unnecessary handshakes by doing more granular but still safe parameter checks Nevertheless these granular checks sometimes maybe not what the user expects so enable this on a per directory basis only please Example SSLOptions FakeBasicAuth StrictRequire Files cgi shtml SSLOptions StdEnvVars CompatEnvVars ExportCertData Files SSLPassPhraseDialog Directive Description Type of pass phrase dialog for encrypted private keys Syntax SSLPassPhraseDialog type Default SSLPassPhraseDialog builtin Context server config Status Extension Module mod ssl When Apache starts up it has to read the various Certificate see SSLCertificateFile and Private Key see SSLCertificateKeyFile files of the SSL enabled virtual servers Because for security reasons the Private Key files are usually encrypted mod ssl needs to query the administrator for a Pass Phrase in order to decrypt those files This query can be done in two ways which can be configured by type builtin This is the default where an interactive terminal dialog occurs at startup time just before Apache detaches from the terminal Here the administrator has to manually enter the Pass Phrase for each encrypted Private Key file Because a lot of SSL enabled virtual hosts can be configured the following reuse scheme is used to minimize the dialog When a Private Key file is encrypted all known Pass Phrases at the beginning there are none of course are tried If one of those known Pass Phrases succeeds no dialog pops up for this particular Private Key file If none succeeded another Pass Phrase is queried on the terminal and remembered for the next round where it perhaps can be reused This scheme allows mod ssl to be maximally flexible because for N encrypted Private Key files you can use N different Pass Phrases but then you have to enter all of them of course while minimizing the terminal dialog i e when you use a single Pass Phrase for all N Private Key files this Pass Phrase is queried only once exec path to program Here an external program is configured which is called at startup for each encrypted Private Key file It is called with two arguments the first is of the form servername portnumber the second is either RSA or DSA which indicate for which server and algorithm it has to print the corresponding Pass Phrase to stdout The intent is that this external program first runs security checks to make sure that the system is not compromised by an attacker and only when these checks were passed successfully it provides the Pass Phrase Both these security checks and the way the Pass Phrase is determined can be as complex as you like Mod ssl just defines the interface an executable program which provides the Pass Phrase on stdout Nothing more or less So if you re really paranoid about security here is your interface Anything else has to be left as an exercise to the administrator because local security requirements are so different The reuse algorithm above is used here too In other words The external program is called only once per unique Pass Phrase Example SSLPassPhraseDialog exec usr local apache sbin pp filter SSLProtocol Directive Description Configure usable SSL protocol flavors Syntax SSLProtocol protocol Default SSLProtocol all Context server config virtual host Override Options Status Extension Module mod ssl This directive can be used to control the SSL protocol flavors mod ssl should use when establishing its server environment Clients then can only connect with one of the provided protocols The available case insensitive protocol s are SSLv2 This is the Secure Sockets Layer SSL protocol version 2 0 It is the original SSL protocol as designed by Netscape Corporation SSLv3 This is the Secure Sockets Layer SSL protocol version 3 0 It is the successor to SSLv2 and the currently as of February 1999 de facto standardized SSL protocol from Netscape Corporation It s supported by almost all popular browsers TLSv1 This is the Transport Layer Security TLS protocol version 1 0 It is the successor to SSLv3 and currently as of February 1999 still under construction by the Internet Engineering Task Force IETF It s still not supported by any popular browsers All This is a shortcut for SSLv2 SSLv3 TLSv1 and a convinient way for enabling all protocols except one when used in combination with the minus sign on a protocol as the example above shows Example enable SSLv3 and TLSv1 but not SSLv2 SSLProtocol all SSLv2 SSLProxyCACertificateFile Directive Description File of concatenated PEM encoded CA Certificates for Remote Server Auth Syntax SSLProxyCACertificateFile file path Context server config virtual host Status Extension Module mod ssl This directive sets the all in one file where you can assemble the Certificates of Certification Authorities CA whose remote servers you deal with These are used for Remote Server Authentication Such a file is simply the concatenation of the various PEM encoded Certificate files in order of preference This can be used alternatively and or additionally to SSLProxyCACertificatePath Example SSLProxyCACertificateFile usr local apache conf ssl crt ca bundle remote server crt SSLProxyCACertificatePath Directive Description Directory of PEM encoded CA Certificates for Remote Server Auth Syntax SSLProxyCACertificatePath directory path Context server config virtual host Status Extension Module mod ssl This directive sets the directory where you keep the Certificates of Certification Authorities CAs whose remote servers you deal with These are used to verify the remote server certificate on Remote Server Authentication The files in this directory have to be PEM encoded and are accessed through hash filenames So usually you can t just place the Certificate files there you also have to create symbolic links named hash value N And you should always make sure this directory contains the appropriate symbolic links Use the Makefile which comes with mod ssl to accomplish this task Example SSLProxyCACertificatePath usr local apache conf ssl crt SSLProxyCARevocationFile Directive Description File of concatenated PEM encoded CA CRLs for Remote Server Auth Syntax SSLProxyCARevocationFile file path Context server config virtual host Status Extension Module mod ssl This directive sets the all in one file where you can assemble the Certificate Revocation Lists CRL of Certification Authorities CA whose remote servers you deal with These are used for Remote Server Authentication Such a file is simply the concatenation of the various PEM encoded CRL files in order of preference This can be used alternatively and or additionally to SSLProxyCARevocationPath Example SSLProxyCARevocationFile usr local apache conf ssl crl ca bundle remote server crl SSLProxyCARevocationPath Directive Description Directory of PEM encoded CA CRLs for Remote Server Auth Syntax SSLProxyCARevocationPath directory path Context server config virtual host Status Extension Module mod ssl This directive sets the directory where you keep the Certificate Revocation Lists CRL of Certification Authorities CAs whose remote servers you deal with These are used to revoke the remote server certificate on Remote Server Authentication The files in this directory have to be PEM encoded and are accessed through hash filenames So usually you have not only to place the CRL files there Additionally you have to create symbolic links named hash value rN And you should always make sure this directory contains the appropriate symbolic links Use the Makefile which comes with mod ssl to accomplish this task Example SSLProxyCARevocationPath usr local apache conf ssl crl SSLProxyCipherSuite Directive Description Cipher Suite available for negotiation in SSL proxy handshake Syntax SSLProxyCipherSuite cipher spec Default SSLProxyCipherSuite ALL ADH RC4 RSA HIGH MEDIUM LOW SSLv2 EXP Context server config virtual host directory htaccess Override AuthConfig Status Extension Module mod ssl Equivalent to SSLCipherSuite but for the proxy connection Please refer to SSLCipherSuite for additional information SSLProxyEngine Directive Description SSL Proxy Engine Operation Switch Syntax SSLProxyEngine on off Default SSLProxyEngine off Context server config virtual host Status Extension Module mod ssl This directive toggles the usage of the SSL TLS Protocol Engine for proxy This is usually used inside a VirtualHost section to enable SSL TLS for proxy usage in a particular virtual host By default the SSL TLS Protocol Engine is disabled for proxy image both for the main server and all configured virtual hosts Example VirtualHost default 443 SSLProxyEngine on VirtualHost SSLProxyMachineCertificateFile Directive Description File of concatenated PEM encoded CA certificates for proxy server client certificates Syntax SSLProxyMachineCertificateFile filename Context server config Override Not applicable Status Extension Module mod ssl This directive sets the all in one file where you keep the certificates of Certification Authorities CAs whose proxy client certificates are used for authentication of the proxy server to remote servers This referenced file is simply the concatenation of the various PEM encoded certificate files in order of preference Use this directive alternatively or additionally to SSLProxyMachineCertificatePath Example SSLProxyMachineCertificatePath usr local apache conf ssl crt SSLProxyMachineCertificatePath Directive Description Directory of PEM encoded CA certificates for proxy server client certificates Syntax SSLProxyMachineCertificatePath directory Context server config Override Not applicable Status Extension Module mod ssl This directive sets the directory where you keep the certificates of Certification Authorities CAs whose proxy client certificates are used for authentication of the proxy server to remote servers The files in this directory must be PEM encoded and are accessed through hash filenames Additionally you must create symbolic links named hash value N And you should always make sure this directory contains the appropriate symbolic links Use the Makefile which comes with mod ssl to accomplish this task Example SSLProxyMachineCertificatePath usr local apache conf ssl crt SSLProxyProtocol Directive Description Configure usable SSL protocol flavors for proxy usage Syntax SSLProxyProtocol protocol Default SSLProxyProtocol all Context server config virtual host Override Options Status Extension Module mod ssl This directive can be used to control the SSL protocol flavors mod ssl should use when establishing its server environment for proxy It will only connect to servers using one of the provided protocols Please refer to SSLProtocol for additional information SSLProxyVerify Directive Description Type of remote server Certificate verification Syntax SSLProxyVerify level Default SSLProxyVerify none Context server config virtual host directory htaccess Override AuthConfig Status Extension Module mod ssl This directive sets the Certificate verification level for the remote server Authentication Notice that this directive can be used both in per server and per directory context In per server context it applies to the remote server authentication process used in the standard SSL handshake when a connection is established In per directory context it forces a SSL renegotation with the reconfigured remote server verification level after

    Original URL path: http://ama09.obspm.fr/manual-2.0/mod/mod_ssl.html (2015-11-16)
    Open archived version from archive

  • mod_status - Apache HTTP Server
    readable list of the current server state The details given are The number of children serving requests The number of idle children The status of each child the number of requests that child has performed and the total number of bytes served by the child A total number of accesses and byte count served The time the server was started restarted and the time it has been running for Averages giving the number of requests per second the number of bytes served per second and the average number of bytes per request The current percentage CPU used by each child and in total by Apache The current hosts and requests being processed A compile time option must be used to display the details marked as the instrumentation required for obtaining these statistics does not exist within standard Apache Directives ExtendedStatus Topics Enabling Status Support Automatic Updates Machine Readable Status File Enabling Status Support To enable status reports only for browsers from the foo com domain add this code to your httpd conf configuration file Location server status SetHandler server status Order Deny Allow Deny from all Allow from foo com Location You can now access server statistics by using a Web browser to access the page http your server name server status Note that mod status will only work when you are running Apache in standalone mode and not inetd mode Automatic Updates You can get the status page to update itself automatically if you have a browser that supports refresh Access the page http your server name server status refresh N to refresh the page every N seconds Machine Readable Status File A machine readable version of the status file is available by accessing the page http your server name server status auto This is useful when automatically run

    Original URL path: http://ama09.obspm.fr/manual-2.0/mod/mod_status.html (2015-11-16)
    Open archived version from archive

  • mod_suexec - Apache HTTP Server
    This module in combination with the suexec support program allows CGI scripts to run as a specified user and Group Directives SuexecUserGroup See also SuEXEC support SuexecUserGroup Directive Description User and group permissions for CGI programs Syntax SuexecUserGroup User Group Context server config virtual host Status Extension Module mod suexec Compatibility SuexecUserGroup is only available in 2 0 and later The SuexecUserGroup directive allows you to specify a user and

    Original URL path: http://ama09.obspm.fr/manual-2.0/mod/mod_suexec.html (2015-11-16)
    Open archived version from archive



  •