![[APACHE DOCUMENTATION]](../images/sub.gif)
These configuration parameters control the core Apache features, and are always available.
AcceptFilter
onAcceptFilter controls a BSD specific filter
optimization. It is compiled in by default - and switched on by
default if your system supports it (setsocketopt() option
SO_ACCEPTFILTER). Currently only FreeBSD supports this.
See the filter section on performance hints for more information.
The compile time flag AP_ACCEPTFILTER_OFF can
be used to change the default to 'off'. httpd -V
and httpd -L will show compile time defaults and
whether or not SO_ACCEPTFILTER was defined during the
compile.
AcceptMutex
defaultAcceptMutex controls which accept() mutex
method Apache will use. Not all methods are available on all
platforms, since the suite of methods is determined at
compile-time. For a list of which methods are available for
your particular build, the httpd -V command line
option will list them out.
The compile time flags -D
HAVE_METHOD_SERIALIZED_ACCEPT can be used to add
different methods to your build, or one can edit the
include/ap_config.h file for your particular
platform.
This directive has no effect on Microsoft Windows.
See the performance tuning guide for more information.
AccessConfig
conf/access.confThe server will read this file for more directives after reading the ResourceConfig file. File-path is relative to the ServerRoot. This feature can be disabled using:
AccessConfig /dev/null
Or, on Win32 servers,
AccessConfig nul
Historically, this file only contained <Directory> sections; in fact it
can now contain any server directive allowed in the server
config context. However, since Apache version 1.3.4,
the default access.conf file which ships with
Apache contains only comments, and all directives are placed
in the main server configuration file, httpd.conf.
If AccessConfig points to a directory, rather than a
file, Apache will read all files in that directory, and any
subdirectory, and parse those as configuration files.
Alternatively you can use a wildcard to limit the scope; i.e to only *.conf files.
Note that by default any file in the specified directory will be loaded as a configuration file.
So make sure that you don't have stray files in this directory by mistake, such as temporary files created by your editor, for example.
See also: Include and ResourceConfig.
AccessFileName
.htaccessWhen returning a document to the client the server looks for the first existing access control file from this list of names in every directory of the path to the document, if access control files are enabled for that directory. For example:
AccessFileName .acl
before returning the document /usr/local/web/index.html, the
server will read /.acl, /usr/.acl, /usr/local/.acl and
/usr/local/web/.acl for directives, unless they have been
disabled with
<Directory />
AllowOverride None
</Directory>
See Also: AllowOverride and Configuration Files
AddDefaultCharset OffThis directive specifies the name of the character set that
will be added to any response that does not have any parameter
on the content type in the HTTP headers. This will override any
character set specified in the body of the document via a
META tag. A setting of AddDefaultCharset
Off disables this functionality. AddDefaultCharset
On enables Apache's internal default charset of
iso-8859-1 as required by the directive. You can
also specify an alternate charset to be used.
For example:
AddDefaultCharset utf-8
Note: This will not have any effect on the Content-Type and character set for default Apache-generated status pages (such as '404 Not Found' or '301 Moved Permanently') because those have an actual character set (that in which the hard-coded page content is written) and don't need to have a default applied.
The server can have modules compiled in which are not actively in use. This directive can be used to enable the use of those modules. The server comes with a pre-loaded list of active modules; this list can be cleared with the ClearModuleList directive.
For example:
AddModule mod_include.c
The ordering of AddModule lines is important.
Modules are listed in reverse priority order --- the ones that come
later can override the behavior of those that come earlier. This
can have visible effects; for instance, if UserDir followed Alias,
you couldn't alias out a particular user's home directory. For
more information and a recommended ordering, see
src/Configuration.tmpl in the Apache source
distribution.
See also: ClearModuleList and LoadModule
AllowOverride
AllWhen the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in
Apache 2.0. Equivalent functionality and more control over the
address and ports Apache listens to is available using the
Listen
directive.
BindAddress can be used as an alternative
method for supporting virtual hosts
using multiple independent servers, instead of using <VirtualHost>
sections.
See Also: DNS
Issues
See Also: Setting
which addresses and ports Apache uses
The BS2000Account directive is available for
BS2000 hosts only. It must be used to define the account number
for the non-privileged apache server user (which was configured
using the User directive). This is required
by the BS2000 POSIX subsystem (to change the underlying BS2000
task environment by performing a sub-LOGON) to prevent CGI
scripts from accessing resources of the privileged account
which started the server, usually SYSROOT.
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
Way back when the internet was a safer, more naive place, it
was convenient for the server to take a query string that did not
contain an '=' sign and to parse and pass it to a CGI program as
command line args. For example, <IsIndex>
generated searches often work in this way. The default behavior
in Apache is to maintain this behavior for backwards
compatibility, although it is generally regarded as unsafe
practice today. Most CGI programs do not take command line
parameters, but among those that do, many are unaware of this
method of passing arguments and are therefore vulnerable to
malicious clients passing unsafe material in this way. Setting
CGICommandArgs Off is recommended to protect such
scripts with little loss in functionality.
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
See also: AddModule and LoadModule
ContentDigest
offThis directive enables the generation of
Content-MD5 headers as defined in RFC1864
respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end
message integrity check (MIC) of the entity-body. A proxy or
client may check this header for detecting accidental
modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
Content-MD5 is only sent for documents served
by the core, and not by any module. For example, SSI documents,
output from CGI scripts, and byte range responses do not have
this header.
This controls directive-dict.html#Status" rel="Help">Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Note: AllowOverride is only
valid in <Directory> sections, not in <Location> or
<Files> sections, as implied by the Context
section above.
When this directive is set to None, then
.htaccess files are completely ignored. In this case, the
server will not even attempt to read .htaccess files in the
filesystem.
When this directive is set to All, then any
directive which has the .htaccess Context is allowed in
.htaccess files.
The directive-type can be one of the following groupings of directives.
Example:
AllowOverride AuthConfig IndexesSee Also: AccessFileName and Configuration Files
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.
For example:
AuthName "Top Secret"The string provided for the AuthName is what will
appear in the password dialog provided by most browsers.
See also: Authentication, Authorization, and Access Control
This directive sets a per realm secret nonce prefix which is used to ensure that a captured username, password and realm string during a Digest exchange cannot be replayed at other places.
It only applies to mod_digest.html, the experimental mod_auth_digest.html implements its own (more advanced and also time sensitive) replay protection.
It must be accompanied by AuthType of type Digest, one or more Require directives, and directives such as AuthUserFile and AuthGroupFile to work.See also: Authentication, Authorization, and Access Control
This directive selects the type of user authentication for a
directory. Only Basic and Digest are
currently implemented.
It must be accompanied by AuthName and
Require directives, and directives such
as AuthUserFile and AuthGroupFile to
work.
When AuthDigest is used an AuthDigestRealmSeed should also be set.
See also: Authentication, Authorization, and Access Control
BindAddress
*A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. If the argument to this directive is *, then the server will listen for connections on every IP address. Otherwise, the server can listen to only a specific IP-address or a fully-qualified Internet domain-name.
For example:
BindAddress 192.168.15.48Only one BindAddress directive can be used.
This directive is deprecated and will be eliminated in Apache 2.0. Equivalent functionality and more control over the