Detailed explanation of httpd.conf file configuration

Author：Eve Cole Update Time：2009-06-04 17:36:26

The basic settings of Apache are mainly set and managed by httpd.conf. We need to modify the relevant settings of Apache, mainly by modifying httpd.cong. Let's take a look at the contents of httpd.conf, which is mainly divided into 3 parts:
Section 1:Global Environment
Section 2: 'Main' server configuration
Section 3:Virtual Hosts

【Part 1】

·ServerType standalone
This means that Apache is started as standalone, or it can be inetd. The so-called standalone means that it is started once to answer all connections; while inetd is started only after receiving the http connection request, and ends when the connection ends. Isn't this burdensome? Therefore, it is usually started as standalone.
·ServerRoot "/usr/local/httpd"
This is the apache directory
·#LocdFile /use/local/httpd/logs/httpd.lock
Keep the default value and do not change it
·PidFile /usr/local/httpd/logs/httpd.pid
This file records the parent handler ID of apache
·ScoreBoardFile /usr/local/httpd/logs/httpd.scoreboard
This file stores information about the handler
·#ResourceConfig conf/srm.conf
·#AccessConfig conf/access.conf
Since we are managed by httpd.conf, these two files are annotated by default, and the default values can be kept unchanged.
·Timeout 300
Set the timeout period. If the client has not connected to the server for more than 300 seconds, or the server has not sent information to the client for more than 300 seconds, it will be disconnected.
·KeepAliveOn
Allow multiple requests for the client's connection. Set to Off to disallow it.
·MaxKeepAliveRequests 100
The largest request tree for each connection. The larger the number, the better the performance. 0 means no limit
·MinSpareServer 5
·MaxSpareServers 10
MinSpareServer 5 means that there will be at least 5 idle handlers. If the actual number is less than this number, handlers will be added. MaxSpareServers 10 represents the maximum number of idle handlers. If your website has a high demand, you can set this number to a larger number. However, do not set this number to be too large.
·StartServers 5
Number of servers at startup
MaxClients 150
Limit the maximum number of connections at the same time. Of course, it cannot be set too small. Once this number is reached, no more clients can be added.
·MaxRequestPerChild 0
Limit the number of requirements before subhandler results, 0 means no limit
· #Listen 3000
·#Listen 12.34.56.78:80
Use another port or IP
·BindAddress*
Can answer* (all IP addresses), specified IP address or complete domain name
·#LoadModule foo_module libexec/mod_foo.so
Using DSO module
·#ExtendedStatusOn
You can check the status information of apache. The default is Off (annotated) [Cut-Page]

【Part 2】

If the previous ServerType is inetd, please jump directly to ServerAdmin.
·Port 80
The connection port that the Standalone server answers, of course, can also be other port numbers less than 1023
·User nobody
·Group nobody
The user and group that executes httpd
·ServerAdmin Administrator's email address This is the administrator's email address. If there is a problem with Apache, a letter will be sent to notify the administrator. Of course, you can also create an account specifically responsible for the web to receive emails.
·ServerName Your host name. This is the host name. If there is no domain name, you can also use IP.
·DocumentRoot "usr/local/httpd/htdocs"
This directory is where apache places web pages. The index.html inside is the default homepage connected to this host.
·
Options FollowSymLinks
AllowOverride none

This directory sets the execution action of the directory (public_html) where the user places the web page. Detailed directory access methods will be explained later.
·
Options Indexes FolloeSymLinks
AllowOverride None
Order allow,deny
Allow from all

This directory sets the execution action of apache's web directory (htdocs)
·UserDir public_html
Users can create a public_html directory in their own directory to place web pages, enter http://host address/~user name to connect to...Lao San Fat Mei Mu Yin?/a>
·DirectoryIndex index.html
Set the name of the default homepage here
·AccessFileName.htaccess
This is the name of the file that controls access. Generally, the default .htaccess name is used. The use of htaccess will be explained later.
·
Order allow,deny
Deny from all

This is used to prevent others from seeing the contents of files starting with .ht. It not only protects the contents of .htaccess, but also protects the contents of .htpasswd. Of course it can also be written directly. If you have changed the AccessFilename, such as changing .htaccess to .accessht, please remember to make the relevant changes here as well, so as to prevent others from seeing it.
· #CacheNegotiatedDocs
The annotation is to tell the Proxy not to store the files generated by the interaction in the cache. If the # is removed, it will be stored in the cache.
·UseCanonicalNameOn
Use standard names, the default is On. Suppose there is a web server whose full name is www.sample.com, generally called www; if us...youttp://www/abc
·TypeConfig /usr/local/httpd/conf/mime.types
Specifies the file to store the MIME file type. You can edit the mime.types file yourself.
·DefaultType text/plain
The default format when the server does not recognize this file type. This setting is to treat it as normal text.
·
MIMEMagicFile /usr/local/httpd/conf/magic

The mod_mime_magic module enables the server to determine its MIME type based on file content. If the mod_mime_magic module is loaded, the MIMEMagicFile section will be processed. If it is..., it means that this section will only be processed if the module is not loaded.
·HostLookups Off
If it is On, the IP will be resolved to the name server every time, and the name of this connection will be recorded (for example, www.apache.org). If it is Off, only the IP will be recorded.
·ErrorLog /usr/local/httpd/logs/error_log
Specify the location of the error log file (error_log). If the error log file is not specified, this file will be used.
·LogLevel warn
Records are divided into many levels, here is warn. Each level is as follows: Level Description
debug debug information
info general information
notice important information
warn warning message
error error occurred
crit emergency
alert: situation to be dealt with immediately
amerg The system is dying.
·LogFormat "%h %l %u %t"%r"%>s %b"{Referer}i""${UserAgent}i""combined
LogFormat "%h %l %u %t"%r"%>s %b"commom
LogFormat "%{Referer}i->%U"referer
LogFormat "%{User-agent}i"agent
Four custom recording formats: combined, common, referer, agent
·CustomLog /usr/local/httpd/logs/access_log common
The access log file (access_log) uses a custom common format
·#CustomLog /usr/local/httpd/logs/referer_log referer
#CustomLog /usr/local/httpd/logs/agent_log agent
#CustomLog /usr/local/httpd/logs/agent_log combined
These three record files also use custom formats (respectively, referer, agent, combined), but annotations indicate that these three files are not used.
·ServerSignatureOn
When set to On, on the web page generated by the server (such as when an error occurs), there will be a line of information about the apache version, host, and connection port; if set to Email, there will be a mailto: hyperlink to the administrator.
·Alias /icons/ "/usr/local/httpd/icons/"
Use a shorter alias in the format: Alias alias original name.
·ScriptAlias /cgi-bin/ "/usr/local/httpd/cgi-bin/"
Same as Alias, except this is the directory where the server script is set
·IndexOptionsFancyIndexing
Display a nice-looking file list (match the graphics corresponding to each file below)
·AddIconByEncoding(CMP,/icons/compressed.gif)x-conpress x-gzip
·AddIcon /icons/blank.gif＾＾BLANKICON＾＾DefaultIcon/icons/unknow.gif
These are the corresponding graphics for various file types when displaying the file list (previously referred to as FancyIndex). For example, the representation graphics of these three files, .ps, .si and .eps, are all a.gif.
·#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
These are the descriptions attached to the files when displaying the file list. The format is:
AddDescription "Description" file name for example: AddDescription "It is private txt" my.txt
·ReadmeName README
When displaying the file list, display the file content of the README at the bottom. Setting up the CGI script / using httpd.conf as the only configuration file / user authorization and access control. There are many articles on the configuration and use of Apache in LinuxAid. For a detailed explanation, this article discusses the use of configuration files and file access control when using Apache. It can be regarded as some supplements to the use of Apache! [Cut-Page]

If you have a certain understanding of Apache, especially several configuration files, it will help you understand the content of this article; if you happen to not know the use of these configuration files very well, then Let’s take this opportunity to get acquainted with each other.
1. Regarding the configuration of CGI execution scripts, there are two methods of setting up CGI scripts. First, the CGI script file has a .cgi extension; second, set the script executable directory. However, both methods require the file to be executed to be set to 711 before it can be executed.
The first method is to set the directory you want to distribute to Option ExecCGI All in the access.conf file, and add the following sentence to the srm.conf resource configuration file:
AddHandle cgi-script .cgi
In this way, in all directories, as long as your file has a .cgi extension and the file access permission is 711, no matter where the file is in your distribution directory, it can be called as CGI by the Apache server. This method is generally not as safe as the second method.
The second method is to use a directory as an executable directory and put all cgi files in it. It does not necessarily have to be files with a .cgi extension to be executable, but only files with the 711 attribute. It can be executed, and access to other non-executable files is prohibited. Our default configuration file has a great example:
access.conf:
<Directory /home/httpd/cgi-bin/>
Allow Override None
OptionsExecCGI
</Directory>
srm.conf
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
In this way, as long as the executable files in the /home/httpd/cgi-bin/ directory can be called by the web server, other non-executable files will be denied access.
2. Configure the user's distribution directory. There are two setting methods:
The first is the system's default method, that is, the public_html directory under the user directory is the user's distribution directory, and the default homepage file is index.html, and this directory does not support CGI.
The second is to set up a publishing directory specifically for users in other directories. For example, if I want the /home/html directory to be the user's web directory, then the administrator should set up a subdirectory for each user in this directory, such as ：/home/html/user01, /home/html/user02, etc. Then, the UserDir in your srm.conf file can no longer be followed by public_html. It should be changed to: UserDir /home/html/*/. Note that the "*" here represents anyone. When you request a browser such as When http://www.domain/~user01, the Apache...index.html file.
This setting does not require setting the access attributes of the directory in access.conf. Also, when we set up the virtual host, we do not need to set the access attributes of the directory. However, if you want a directory to have CGI permissions, you must go to Access. Configure the access permissions of the directory in the .conf file. For example, if you want all your users to have CGI access rights in their release directory, you need to set it like this in your access.conf:
<Directory /home/html/*/cgi-bin/>
Allow Override None
OptionsExecCGI
</Directory>
Note that the cgi-bin subdirectory in the user directory is set as the cgi execution directory. This is a safe setting and is also a UNIX habit.
3. How to set the Apache server as a sub-service of inetd. After you install Apache, it is set to run in standalone mode by default. If you want to set it as a sub-service of inetd, first do not activate httpd every time you activate Linux, and then Edit /etc/inetd.conf and add the following statements: http stream tcp nowait root /usr/sbin/httpd httpd
Then reactivate the inetd server. In this way, when you use the ps -aux command to check the running status of the process, you will not find the existence of the httpd process, but once a customer requests a page, inetd activates an httpd process to serve the request, and then automatically releases it. The running mode helps save system resources, but if your web service is very important, it is generally not recommended to set it to run in this mode.
4. Use httpd.conf as the only configuration file. Apache provides users with three configuration files: srm.conf, access.conf and httpd.conf files. In fact, these three files are equal. All configurations can be placed in a separate httpd.conf file. In fact, this has been done in Apache 1.3.2. The following two items should be included in httpd.conf Directive to prevent Apache from accessing the srm.conf and access.conf configuration files:
AccessConfig /dev/null
ResourceConfig /dev/null
In apache1.3.2, just comment out the following two lines:
AccessConfig conf/access.conf
ResourceConfig conf/srm.conf
5. User authorization and access control You may have encountered this situation when visiting some websites. When you click on a link, your browser will pop up an authentication dialog box, requiring you to enter your account number and password. If not, you won't be able to continue browsing. Some people may think that this is done using CGI, but this is not the case. This is the user authorization and access control mechanism of the WWW server at work.

Do you still remember that in the process of setting up the Apache service environment, there is the <Directory>........<./Directory> directive, which can provide different protections for different directories. However, such a setting requires restarting the server to take effect, and is less flexible. Specifying access control files through the AccessFile directive is more flexible. The steps to set user access control permissions in the Apache server are as follows:
1. First set the httpd.conf file as follows:
<Directory /home/httpd/html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Options Includes FollowSymLinks Indexes
AllowOverride All //*Note that AllowOverride must be set to All, so that the subsequent .htaccess file will work
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
# <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
# Order deny,allow
# Deny from all
# </Limit>
</Directory>
#Specify the file name for configuring access control permissions
AccessFileName.htaccess
2. Create the .htaccess file content. To control the access permissions of a certain directory, you must create an access control file. ".htaccess" is specified in front of the file name. Its content format is as follows:
AuthUserFile user account password file name
AuthGroupFile group account password file name
AuthName screen prompt text
AuthType authentication method
<Limit GET>
Password verification method
</Limit>
AuthType currently provides two user authentication methods: Basic and Digest.
The password verification setting method is the same as the related settings in httpd.conf.
Specific examples are as follows:
AuthUserFile /etc/secure.user
AuthName Security Certification Center
AuthType Basic
<Limit GET>
require valid-user
</Limit>
3. Create a user password file. If you are creating a user password for the first time, the command format is as follows:
htpasswd -c password file name user name In the above example, we placed the user password file in the /etc/secure.user file, so the operations here should be as follows:
htpasswd -c /etc/secure.user sword
The program will prompt you to enter the user's password twice, and then the user password file has been created and the user sword has been added.
If you want to add a new user to the password file, follow the following command format:
htpasswd password file user name In this way, after restarting httpd, a dialog box will pop up when entering the WEB directory, asking for the user name and user password.
4. How to reduce the impact of access control on Apache performance. Frequent use of access control will have a greater impact on Apache performance. So, how can we reduce this impact? One of the simplest and most effective methods is to reduce the number of .htaccess files. This can avoid Apache from performing authorization checks on each request based on the contents of the .htaccess file. It not only looks for .htaccess files in the current directory, it also looks in the parent directory of the current directory.
/
/usr
/usr/local
/usr/local/etc
/usr/local/etc/httpd
/usr/local/etc/httpd/htdocs
/usr/local/etc/httpd/htdocs/docs
Usually there is no htaccess file in the root directory, but Apache still does a routine check to make sure the file does not exist. This is something that greatly affects the efficiency of the server. The following method can eliminate this annoying process: Set the AllowOverride option to None so that Apache will check the .htaccess file. Set the AllowOverride option of the /root directory to None, and only set the AllowOverride option in the directory that requires access control to all. For example, in the following example, the AllowOverride option of the /root directory is turned off, and only /usr/local/ is opened. AllowOerride option in the etc/httpd/htdocs directory, so that the system only checks the .htaccess file in /usr/local/etc/httpd/htdocs to achieve the purpose of improving service efficiency.
<Directory />
AllowOverride None
</Directory>
<Directory /usr/local/etc/httpd/htdocs>
AllowOverride All
</Directory>
If there are other directories for storing WWW files besides the root directory, you can also set them up in the same way. For example: If you use UserDir to allow users to access their own directories, the AllowOverride settings are as follows:
<Directory /home/*/public_html>
AllowOverride FileInfo Indexes IncludesNOEXEC
</Directory>
5. To prevent users from accessing the specified file system, there are some files that are not suitable for WWW users, such as: .htaccess, htpasswd, *.pl, etc. You can use <Files> to achieve this purpose:
<Files.htaccess>
order allow,deny
deny from all
</Files>
User access controls three .htaccess files, .htpasswd and .htgroup (for user authorization). For security reasons, users should be prevented from browsing their contents. You can add the following content to httpd.conf to prevent users from accessing them:
<Files ~”/.ht”>
Order deny, allow
Deny from all
</Files>
In this way, these three files will not be accessed by users.
6. Restrict certain users from accessing specific files
<Directory> can restrict the directory. To restrict certain users from accessing a specific file, you can use <Location>. For example, if users in non-domain.com domains are not allowed to access /prices/internal.html, you can use The following settings:
<Location /prices/internal.html>
order deny,allow
deny from all
allow from .domain.com
</Location>
If the machine you want to grant the corresponding permissions does not have a public domain name, please map its IP address to a specified name in your /etc/hosts file, and then set it in Location, otherwise this option is Doesn't work.
7. Only accept access from specific links. For example, only users with links from http://www.sina.com.cn/* are allowed to enter this directory, and visitors from other links are not allowed to enter; "*" means All links below this website. Among them, http://www.sina.com.cn/* can also be: http://202.106.184.200/* or the specified file http://www.sina.com.cn/news.html
The contents of the .htaccess file are as follows:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName ExampleAllowFromSpecificURL
AuthType Basic
<Limit GET>
order deny,allow
deny from all
referer allow from http://www.sina.com.cn/*
</Limit>
6. How to access the contents of the directory mounted in mnt through Apache. To browse the contents of the CD, you must first mount the CD to /mnt/cdrom. The same is true for accessing dos or other partitions under Linux. You need to mount it to /mnt first. The method provided below can display the contents of the uploaded directory through Apache:
1. First mount the content that needs to be mounted to mnt, such as:
mount –t iso9660 /dev/cdrom /mnt/cdrom
2. Modify the srm.conf file in /usr/local/etc/httpd/conf (modify httpd.conf in Apache1.3.2)
Add alias support:
# Alias fakename realname
# alias for netware server //
Alias /netware/ /mnt/MYDOM_NW/vol1/home/htmldocs/
Alias /winNT/ /mnt/MYDOM_NT/
Alias /unix/ /mnt/MYDOM_UNIX
In fact, the simplest method for this step is to create a link directory directly under the WWW file directory, such as:
ln –s /mnt/MYDOM_NT/ winNT
The same effect can be achieved.
3. Finally, use Directory to specify the user's access rights to the above directories:
<Direcory “/mnt/MYDOM_NT”>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Note that Indexes in Options must be specified, otherwise if there is no Index.html file in the opened directory, the user will not be able to browse the structure of the entire directory, and the server will return an error indication.
After these tasks are completed, don't forget to restart Apache. Access the CD content on the client through http://www.yourdomain/CDROM/, and so on for other systems.

#DocumentRoot "/usr/local/apache/htdocs"
#Set the directory where the site's html files are stored.
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
#Set/directory directive. Specifically:
Option: Define the operations that can be performed within the directory.
None: means you can only browse,
FollowSymLinks: allows pages to link to elsewhere,
ExecCGI: allows execution of CGI,
MultiViews: allows operations such as watching animations or listening to music,
Indexes: allows the server to return a formatted list of directories,
Includes: Allows the use of SSI. These settings can be checked.
All: can do anything except MultiViews.
AllowOverride: Adding the None parameter means that anyone can browse the files in this directory.
Additional parameters are: FileInfo, AuthConfig, Limit.

[Cut-Page]

【Part 2】