Configuring Apache

Basic Global Environment Parameters

The following directive gives users of your website some basic information about your software. While the following command tells users that your web server is Apache on a Unix-style system, other commands are possible, as described in Table 30.3:

 ServerTokens OS 

The ServerRoot directive identifies the directory with configuration, error, and log files:

 ServerRoot "/etc/httpd" 

If you run ls -l /etc/httpd , you ll see links to the real location of certain directories; for example, /etc/httpd/logs is linked to the /var/log/httpd directory.

Apache includes parent and child processes for different connections. The ScoreBoardFile parameter helps these processes communicate with each other. Otherwise , the communication is through active memory.

 #ScoreBoardFile run/httpd.scoreboard 

You might note that run is a relative subdirectory. The full directory name is based on the ServerRoot directive ”in other words, /etc/httpd/run .

The PidFile specifies the file where Apache records the process identifier (PID):

 PidFile run/httpd.pid 

If computers are having trouble communicating on your network, you need a Timeout value to keep Apache from hanging. The Timeout directive specifies a stop value in seconds.

 Timeout 300 

Normally, multiple requests are allowed through each connection. The following command disables this behavior:

 KeepAlive Off 

If the KeepAlive directive is on, you can regulate the number of requests per connection with the MaxKeepAliveRequests directive:

 MaxKeepAliveRequests 100 

Once a connection is made between Apache and someone s web browser, the KeepAliveTimeout directive specifies the number of seconds to wait for the next client request:

 KeepAliveTimeout 15 

Detailed Client Parameters

Apache includes a number of Multi-Processing Modules (MPM). These MPMs fall into three categories:

• Prefork MPMs are suited to process-based web servers; they are appropriate to use if you have Apache modules that do not require separate threads, which imitates the behavior of Apache 1.3. x .

• Worker MPMs support both types of modules; however, they should not be used if you re using Apache 1.3 modules, since threads can cause problems.

• Per-child MPMs support websites for clients that need different user IDs.

  Note	MPMs flexible; specific modules are available for Windows NT ( mpm_winnt ) and Novell Netware ( mpm_netware ) networks.

There are a number of common directives that you can specify in each of these MPM categories.

When Apache is started, the StartServers directive sets the number of available child server processes ready for users who want your web pages:

 StartServers 8 

Once Apache is started, requests from other users may come in. If the number of unused server processes falls below the MinSpareServers directive, additional httpd processes are started automatically:

 MinSpareServers 5 

When traffic goes down, the MaxSpareServers directive determines the maximum number of httpd processes that are allowed to run idle:

 MaxSpareServers 20 

You can regulate the number of clients requesting information from your web server with the MaxClients directive:

 MaxClients 150 

You can also regulate the number of requests for information from each client with the MaxRequests- PerChild directive:

 MaxRequestsPerChild 1000 

Apache 2.0 servers can start new threads for each request. The MinSpareThreads directive is similar to MinSpareServers; it allows Apache to handle a surge of additional requests:

 MinSpareThreads 25 

When the number of requests goes down, Apache monitors the number of spare threads; if they exceed the MaxSpareThreads directive, some are killed :

 MaxSpareThreads 75 

Every child process can create several threads to handle requests from each user of your website. The ThreadsPerChild directive is created when each child process starts:

 ThreadsPerChild 25 

You can limit the number of threads allowed for each child process with the MaxRequestsPerChild directive (there is no limit in the default httpd.conf file):

 MaxRequestsPerChild 0 

You can also limit the number of threads allowed for each child process with the MaxThreadsPerChild directive:

 MaxThreadsPerChild 20 

Port Settings

You can set Apache to Listen to requests from only certain IP addresses and or TCP/IP ports. The default httpd.conf file includes the following directives:

 #Listen 12.34.56.78:80 Listen 80 

If you have more than one network adapter, you can also limit Apache to certain networks; for example, the following directive only listens to the network adapter with an IP address of 192.168.13.64 on TCP/IP port 80:

 Listen 192.168.13.64:80 

Pointers to Other Configuration Files

As we noted earlier, there are other configuration files associated with the Apache 2.0. x server. By default, they re in the /etc/httpd/conf.d directory. Normally, file locations are determined by the ServerRoot directive, which is set to /etc/httpd , and the Include directive shown here:

 Include conf.d/*.conf 

Module Locations

When you need a module in Apache, it should be loaded in the httpd.conf configuration file. Normally, modules are listed in the following format:

 LoadModule module_type location 

For example, the following directive loads the module named access_module from the ServerRoot modules subdirectory, /etc/httpd/modules . You will find that this is linked to the actual directory with Apache modules: /usr/lib/httpd/modules .

 LoadModule access_module modules/mod_access.so 

Several modules are listed in the default httpd.conf file; Table 30.4 offers a brief description. The modules are listed in the same order as they appear in the file.

One of the more interesting modules is the info_module; as you ll see toward the end of the next section, it supports a detailed view of your Apache server configuration in your browser at localhost/ server- info .

System User

As determined by the User and Group directives, the Apache daemon, httpd , is assigned a specific user and group name here and in /etc/passwd and /etc/group :

 User apache Group apache 

Administrative Contact

With web pages generated by Apache, there is a listing for an administrative contact, as determined by the ServerAdmin directive:

 ServerAdmin root@localhost 

Web Server Name

If you have an administrative website for your web server, you ll want to set it with the ServerName directive. If you don t have a fully qualified domain name in a DNS server, use the IP address.

 #ServerName new.host.name:80 

If you activate this directive, it will normally be superseded by the name you set for each Virtual Host.

Canonical Name

Technically, every URL, such as http://www.Sybex.com/ , is supposed to have a trailing slash. But I never remember to put it in. Without the following directive, an attempt to navigate to www.Sybex.com would end up at the address specified by the ServerName directive. The standard httpd.conf file includes the UseCanonicalName directive to add the trailing slash automatically.

 UseCanonicalName Off 

Document Root

The root directory for your web server is specified by the DocumentRoot directive:

 DocumentRoot "/var/www/html" 

Web Directory Permissions

Next, we look at the default permissions for users within directories accessible through your server s websites. It s set up by the < Directory / > container, which defines the permissions associated with the DocumentRoot :

 <Directory />    Options FollowSymLinks    AllowOverride None </Directory> 

The Options directive determines where you can go for files from that directory. It can be set to several different values, as described in Table 30.5. The AllowOverride directive can go to the .htaccess file for a list of users or computers allowed to see certain files; the AllowOverride None setting doesn t even look at the .htaccess file.

.htaccess Files

An .htaccess file is a distributed configuration file that you can use to configure individual directories on a website. It is a common way to implement restricted access to a specific directory.

An .htaccess file isn t necessary in most cases; you can configure access on a per-directory basis in the main Apache configuration file, httpd.conf . In the default version of the main Apache configuration file, look for < Directory > containers. Observe how the restrictions vary for different directories.

However, if you have a large number of websites on your server, such as the personal web pages associated with many ISPs, you may want to use .htaccess files to let individual users regulate access to web pages in their home directories. You can set up a standard scheme to read .htaccess files, as described later in the "User Directory Permissions" section.

If you want to implement distributed configuration files, you can do something to make it more secure. Look for the AccessFileName directive in httpd.conf . Assign a hidden file name other than .htaccess . Also see the "Access Control" section later in this chapter.

Specific Directory Permissions

Next, we ll look at the default permissions in httpd.conf for the /var/www/html directory, as specified by the following container:

 <Directory "/var/www/html"> 

The following Options directive supports redirection via symbolic links and the listing of files in the current directory if there is no index.html type file (look ahead to Figure 30.2 for an example):

 Options Indexes FollowSymLinks 

As we mentioned in the previous section, the AllowOverride directive specifies the types of directives in the .htaccess file; the following option doesn t even look at .htaccess :

 AllowOverride None 

Finally, there are access control directives; the following looks for an Allow and then a Deny directive for this directory, in order:

 Order allow,deny Allow from all 

Root Directory Permissions

Now the httpd.conf file adds a couple more directives for users that access the top directory of your website, also known as DocumentRoot :

 <LocationMatch "^/$">    Options -Indexes    ErrorDocument 403 /error/noindex.html </LocationMatch> 

The < LocationMatch "^/$" > container looks a little strange ; this specific directive applies the commands therein ( Options and ErrorDocument ) to the root ( / ) directory.

The Options -Indexes directive prohibits the listing of files, courtesy of the - in front of the Indexes setting. If no index.html page is available, the ErrorDocument directive returns the noted error web page to the user. This location is based on the ServerRoot directive; thus, noindex.html is located in the /etc/httpd/error directory.

Oddly enough, the noindex.html file is the "Test Page" that is shown when Apache starts without the pages associated with a real website. It s shown back in Figure 30.1.

User Directory Permissions

You can set up web pages in your users home directories. They are disabled by default with the following command:

 UserDir disable 

You can replace that command with the following:

 UserDir public_html 

Assume you have a user named ez, and she has a set of web page files in the /home/ez/public_html directory. Also, assume that your website is named www.example.abc . You need to set appropriate permissions:

 # chmod 711 /home/ez # chmod 755 /home/ez/public_html # chmod 744 /home/ez/public_html/* 

Then when you direct your browser to www.example.abc/~ez , you will be able to see any index.html web page that you might have stored in the /home/ez/public_html directory.

You can further regulate access to web pages and files in users home directories. Look at the following sample commands from the default httpd.conf file:

 #<Directory /home/*/public_html> #    AllowOverride FileInfo AuthConfig Limit #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec #    <Limit GET POST OPTIONS> #        Order allow,deny #        Allow from all #    </Limit> #    <LimitExcept GET POST OPTIONS> #        Order deny,allow #        Deny from all #    </LimitExcept> #</Directory> 

If you activate these commands, Apache allows you to browse the files in the public_html sub- directory, as described later in the "Directory Listings" section.

As described earlier, the AllowOverride directive relates to the access information that Apache reads from an individual .htaccess file. The different parameters associated with this directive are shown in Table 30.6. All descriptions refer to the commands that you can use in an .htaccess file on a per-directory basis.

The Options directive described in Table 30.5 supports content negotiation, file indexing, following symbolic links, and support for SSIs but not CGIs.

The Limit directive sets options for users who want to send ( POST ) and receive ( GET ) files from the user home directory; the LimitExcept directive denies the use of all other access commands.

Directory Index

When users navigate to your website, they re actually looking in a directory. The DirectoryIndex directive tells Apache the types of web pages to send back to the website user:

 DirectoryIndex index.html index.html.var 

The index.html document is a standard home page file used by many websites; index .html.var is one way to set up a dynamic home page. You can look at an example of .var files in the /var/www/error directory. Open those files in the text editor of your choice. You ll see standard error messages.

Access Control

As described in the sidebar .htaccess Files," you can configure access control files on individual directories. By default, it s the hidden file .htaccess; you can set a different filename with the AccessFileName directive:

 AccessFileName .htaccess 

The following Files directive ensures that any file that starts with .ht is not viewable by users who are browsing your website:

 <Files ~ "^\.ht">    Order allow,deny    Deny from all </Files> 

MIME Types

While the MIME (Multipurpose Internet Mail Extensions) standard was originally created for sending binary files over e-mail, it works for web pages as well. For example, you can configure your browser to open the PDF reader of your choice if you navigate to a PDF file on the Internet. The standard translation between MIME types and file extensions is listed through the TypesConfig directive:

 TypesConfig /etc/mime.types 

Many files do not have extensions such as .pdf or .doc . You can set the DefaultType directive to specify display options on a browser. If you use text files, the following standard should work well:

 DefaultType text/plain 

Alternatively, if most of your files are in binary format, you could end up sending dozens of pages of gibberish to your users unless you changed this directive to something like:

 DefaultType application/octet-stream 

If the extension doesn t provide a clue, you can use the MIMEMagicFile directive, which uses the mod_mime_magic module defined in Table 30.4:

 <IfModule mod_mime_magic.c> #   MIMEMagicFile /usr/share/magic.mime    MIMEMagicFile conf/magic </IfModule> 

Remember, the location of a relative path such as conf/magic is based on the ServerRoot directive. In other words, this section points to the MIMEMagicFile at /etc/httpd/conf/magic .

There is one more related directive, toward the end of the httpd.conf file. The AddType directive allows you to override the configuration as defined by TypesConfig in /etc/mime.types :

 AddType application/x-tar .tgz 

Log Data

Apache logs can be very large. If you re running a large commercial website, you could easily collect hundreds of megabytes of log data every day. The choices you make for log data could easily overload your system.

Normally, HostnameLookups are set to Off; otherwise, Apache will look for the fully qualified domain name of every requesting user. Don t do this unless you have reliable access to a DNS server and the network capacity to handle that volume of information.

 HostnameLookups Off 

You can set the locations of different log files. The ErrorLog directive, as you d expect, sets the location of the error_log file. With the given value of ServerRoot , the following log file is located in the /etc/httpd/logs directory:

 ErrorLog logs/error_log 

You can control the types of messages sent to the ErrorLog file; available values for the LogLevel directive ( debug , info , notice , warn , error , crit , alert , emerg ) are similar to those shown in the standard error log file, /etc/syslog.conf , back in Chapter 13 .

 LogLevel warn 

Log information is sent to the error_log in a specific format, as defined by the following LogFormat directives:

 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent 

Each of these lines specifies a set of data collected in four different formats: combined , common , referer , and agent .

The variables associated with LogFormat are described in Table 30.7. A substantial number of additional variables are available, which you can review in the mod_log_config.html file in the /var/ www/manual/mod directory. Other request fields are per the standards of the World Wide Web consortium, at www.w3.org/Protocols/HTTP/HTRQ_Headers.html .

You can set the location of several other types of logs, as defined through the CustomLog variable. You can set this up within one of your Virtual Hosts, so the owners of individual websites on your server can get their own log files:

 # CustomLog logs/access_log common CustomLog logs/access_log combined #CustomLog logs/referer_log referer #CustomLog logs/agent_log agent #CustomLog logs/access_log combined 

These lines specify the location of your log files. Based on the default ServerRoot , that s /etc/ httpd/logs . The actual information that s sent to each log file is based on the referenced LogFormat . For example, the active CustomLog directive refers to the combined format, which you might recall is:

 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 

The Server Signs the Web Page

The httpd.conf file can add one element to dynamically generated web pages, depending on the ServerSignature directive. Normally it s set as follows:

 ServerSignature On 

When ServerSignature is set to On , you might see a message similar to the following at the bottom of dynamically generated web pages:

 Apache/2.0.40 Server at localhost Port 80 

Alternatively, if you substitute Email for On , you ll get a hyperlink from the name of the computer, in this case, localhost , to the server administrator, as defined by the ServerAdmin directive.

Aliases

You can use the Alias directive to set up a link between a directory in the URL to a directory on your computer. For example, the first Alias directive in the default httpd.conf file links the /icons/ subdirectory from a URL:

 Alias /icons/ "/var/www/icons/" 

to the /var/www/icons/ directory on the web server. This is also a good place to specify the permissions associated with /var/www/icons/ .

 <Directory "/var/www/icons">    Options Indexes MultiViews    AllowOverride None    Order allow,deny    Allow from all </Directory> 

These permissions allow users to read the contents of the directory, unless there s a DirectoryIndex file such as index.html , and support content negotiation, such as different languages, via MultiViews .

If you ve installed the httpd-manual-* RPM and want to include the Apache manual on your website, change the following default Alias directive from

 Alias /manual "/var/www/manual" 

to

 Alias /etc/httpd/manual "/var/www/manual" 

This assumes that your ServerRoot directive is set to /etc/httpd . The following lines set permissions for the noted directory, and include the Web-based Distributed Authoring and Versioning (WebDAV) database:

 <Directory "/var/www/manual">    Options Indexes FollowSymLinks MultiViews    AllowOverride None    Order allow,deny    Allow from all </Directory> <IfModule mod_dav_fs.c>    # Location of the WebDAV lock database.    DAVLockDB /var/lib/dav/lockdb </IfModule> 

Scripts

Scripts in httpd.conf refer to programs that are run through the web server. Apache starts in the default httpd.conf file with a ScriptAlias directive, which is a specialized Alias for scripts:

 ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" 

Some scripts require access to the CGI daemon, which is defined by the Scriptsock directive:

 <IfModule mod_cgid.c>    Scriptsock    run/httpd.cgid </IfModule> 

Once again, this is a good opportunity to define the permissions associated with the scripts associated with your websites:

 <Directory "/var/www/cgi-bin">    AllowOverride None    Options None    Order allow,deny    Allow from all </Directory> 

Note how these permissions don t allow the use of .htaccess but support script execution by all users.

If you change website names, you ll want to redirect users. For example, the following default Redirect directive takes users who navigate to your /bears directory to www.mommabears.com :

 # Redirect permanent /bears http://www.mommabears.com 

Directory Listings

Sometimes you want to see the files in a directory. For example, Figure 30.2 illustrates the files in the /home/mike/public_html directory, based on the UserDir directives described earlier, in the User Directory Permissions section.

Figure 30.2: Viewing home directory files

The IndexOptions directive determines how index files are shown in client web browsers. For example, the default IndexOptions line

 IndexOptions FancyIndexing VersionSort NameWidth=* 

configures FancyIndexing , for icons and file sizes; VersionSort , which sorts numbers such as RPM versions in a specific order; and a NameWidth as large as needed for the filenames in the directory.

Icons

Speaking of icons, a list of icons is available for different file types and extensions. These icons are shown with a file list, assuming you have set IndexOptions FancyIndexing as defined in the previous section. There are three basic AddIcon* directives:

 AddIconByEncoding (CMP,/icons/compressed.gif)  x-compress x-gzip 

The AddIconByEncoding directive shown here applies to compressed binary files. Several AddIconByType directives are also included for four different file types:

 AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* 

Finally, there are a series of AddIcon directives that associate a specific icon with different filename extensions:

 AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ 

These AddIcon directives are straightforward. For example, if Apache sees a file with an .exe extension, it adds the /icons/binary.gif icon as a label for that particular file. But this list is not comprehensive; there is a DefaultIcon directive for files with unknown extensions:

 DefaultIcon /icons/unknown.gif 

If you like, you can activate the following AddDescription directives to give users a bit more information about files with specific extensions:

 #AddDescription "GZIP compressed document" .gz #AddDescription "tar archive" .tar #AddDescription "GZIP compressed tar archive" .tgz 

You can set up directories with various HTML files. For example, the HeaderName directive specifies a file to put before the file list; the ReadmeName directive specifies a file to put after the file list.

 ReadmeName README.html HeaderName HEADER.html 

The IndexIgnore directive sets Apache to avoid listing the noted files in any directory list. Note how the default value includes the HEADER.html and README.html files.

 IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t 

Decompression

Some browsers can read and automatically decompress certain files in your website directories. All you need to do is specify the encoding associated with certain filename extensions by using the AddEncoding directive:

 AddEncoding x-compress Z AddEncoding x-gzip gz tgz 

Languages

Multilingual websites include web pages in multiple languages. The DefaultLanguage directive defines the language associated with all web pages that aren t already labeled. The following inactive directive specifies the Dutch language:

 # DefaultLanguage nl 

You can set up web pages in different languages, as defined by the AddLanguage directive. For example, index.html.cz is a web page associated with the Czech language:

 AddLanguage cz .cz 

Other language codes are listed in Table 30.8.

A web browser should tell the web server the preferred language. However, when this doesn t work, the LanguagePriority directive sets the preferred language:

 LanguagePriority en da nl et fr de el it ja kr no pl pt  pt-br ltz ca es sv tw 

This works hand in hand with the ForceLanguagePriority directive. As defined in the default httpd .conf file, it uses the LanguagePriority directive list to select from languages acceptable to the client web browser. If no acceptable language page is available, the first item on the LanguagePriority list (in this case, English) is used.

Many languages don t work too well unless you have the right set of characters. Most language characters have been organized into different ISO character sets. The default, which works for English and a number of similar languages, is ISO-8859-1. It s forced into the default websites for Apache with the following directive:

 AddDefaultCharset ISO-8859-1 

Several other character sets are available, as defined by the following AddCharset directives. For more information on these character sets, see www.iana.org/assignments/character-sets .

 AddCharset ISO-8859-1  .iso8859-1  .latin1 AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen AddCharset ISO-8859-3  .iso8859-3  .latin3 AddCharset ISO-8859-4  .iso8859-4  .latin4 AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk AddCharset ISO-2022-JP .iso2022-jp .jis AddCharset ISO-2022-KR .iso2022-kr .kis AddCharset ISO-2022-CN .iso2022-cn .cis AddCharset Big5        .Big5       .big5 # For Russian, more than one charset is used (depends on client, mostly): AddCharset WINDOWS-1251 .cp-1251   .win-1251 AddCharset CP866       .cp866 AddCharset KOI8-r      .koi8-r .koi8-ru AddCharset KOI8-ru     .koi8-uk .ua AddCharset ISO-10646-UCS-2 .ucs2 AddCharset ISO-10646-UCS-4 .ucs4 AddCharset UTF-8       .utf8 AddCharset GB2312      .gb2312 .gb  AddCharset utf-7       .utf7 AddCharset utf-8       .utf8 AddCharset big5        .big5 .b5 AddCharset EUC-TW      .euc-tw AddCharset EUC-JP      .euc-jp AddCharset EUC-KR      .euc-kr AddCharset shift_jis   .sjis 

Mapped Handlers

You can map filename extensions to a specific handler. For example, the following commented AddHandler directive activates CGI script handling for files with the .cgi extension, assuming you also have set the Options ExecCGI directive for the subject directory:

 #AddHandler cgi-script .cgi 

The following commented directive makes sure that files that already have HTTP headers don t get processed :

 #AddHandler send-as-is asis 

To activate commented directives, remove the comment mark ( # ) in httpd.conf in the text editor of your choice.

This directive processes image map files:

 AddHandler imap-file map 

Finally, this directive supports .var files, which are associated with finding the language specified by a web browser client:

 AddHandler type-map var 

Part of the process includes output filters. For example, the following AddOutputFilter directive looks in web pages with .shtml extensions for Server Side Includes.

Error Messages

On a web server, if you have an error, you get a message associated with a specific web page. Figure 30.3 illustrates the error message associated with the HTML 404 error code, also known as the file not found error.

Figure 30.3: An HTML 404 Error

The default error directory is /var/www/error; the following Alias directive associates the error directory with those files:

 Alias /error/ "/var/www/error/" 

The following modules provide for content negotiation and SSIs in the web pages in the /var/ www/error/ directory:

 <IfModule mod_negotiation.c> <IfModule mod_include.c> 

The following permissions on the /var/www/error directory set the stage for error messages in English, Spanish, German, and French, in that order. You can read more about the other directives earlier in the "Directory Index" section earlier in this chapter.

 <Directory "/var/www/error">     AllowOverride None    Options IncludesNoExec    AddOutputFilter Includes html    AddHandler type-map var    Order allow,deny    Allow from all    LanguagePriority en es de fr    ForceLanguagePriority Prefer Fallback </Directory> 

This works hand in hand with HTML error codes. The page a user sees depends on the error code and the web page defined by the following ErrorDocument directives:

 ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var ErrorDocument 410 /error/HTTP_GONE.html.var ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var ErrorDocument 413/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var 

Browser Customization

When a web browser asks for a web page, it tells Apache what kind of browser it is. The BrowserMatch directive helps you customize the response to different web browsers:

 BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 

The first two commands create special responses for older browsers; Mozilla/2 corresponds to Netscape 2. x , and MSIE 4\.0b2 corresponds to Microsoft Internet Explorer 4. x . These browsers do not conform to the current HTTP 1.1 standard. The last three commands force HTTP 1.0 “level responses to the specified web browsers.

There is a special issue with Microsoft WebFolders, which does not properly handle WebDAV databases. This issue is addressed with the following BrowserMatch directives:

 BrowserMatch "Microsoft Data Access Internet PublishingProvider"  redirect-carefully BrowserMatch "^WebDrive" redirect-carefully 

Server Reports

You can send out reports on the status and configuration information on your Apache server with various server reports. For example, the following command stanza, when activated, can give you the current status of Apache:

 #<Location /server-status> #    SetHandler server-status #    Order deny,allow #    Deny from all #    Allow from .your-domain.com #</Location> 

I would activate it with the following commands; otherwise, the Deny from all command would stop all traffic to the http://servername/server-status address. In this case, my LAN is on the 192.168.13.0/24 network:

 <Location /server-status>    SetHandler server-status    Order deny,allow    Deny from all    Allow from 192.168.13.0/24 </Location> 

You can see the result from another computer on my LAN through a different web browser in Figure 30.4.

You can get similar reports on your Apache configuration when you properly activate the following commands:

 #<Location /server-info> #    SetHandler server-info #    Order deny,allow #    Deny from all #    Allow from .your-domain.com #</Location> 

Figure 30.4: Checking server status remotely

These commands are direct from the default httpd.conf file; remember to set Allow from your_ network_address , similar to what I did in the previous stanza. When you do, you can see the results remotely, as shown in Figure 30.5.

Figure 30.5: Checking server configuration remotely

Proxy Server

Apache includes its own proxy server. You can set Apache to cache and serve requested web pages on local networks or all users. The basic commands are shown here; I ve changed them a bit to apply the proxy server to my LAN with a network address of 192.168.13.0/24:

 #<IfModule mod_proxy.c> #ProxyRequests On # #<Proxy *> #    Order deny,allow #    Deny from all #    Allow from 192.168.13.0/24 #</Proxy> 

If you have multiple proxy servers, you should activate the following ProxyVia directive, which supports searches through a chain of proxy servers using HTTP 1.1:

 #ProxyVia On 

A proxy server has no purpose unless you configure a cache. Table 30.9 describes the series of special directives associated with caches. If you set up a proxy server, you may want to change some of these settings; for example, you may want a CacheSize larger than 5KB:

 #CacheRoot "/etc/httpd/proxy" #CacheSize 5 #CacheGcInterval 4 #CacheMaxExpire 24 #CacheLastModifiedFactor 0.1 #CacheDefaultExpire 1 #NoCache a-domain.com another-domain.edu joes.garage-sale.com