The Apache HTTP Server configuration file is
/etc/httpd/conf/httpd.conf. The
httpd.conf file is well-commented and mostly
self-explanatory. The default configuration works for most
situations; however, it is a good idea to become familiar some of the
more important configuration options.
If configuring the Apache HTTP Server, edit
/etc/httpd/conf/httpd.conf and then either reload,
restart, or stop and start the httpd process as
outlined in Section 10.4 Starting and Stopping httpd.
Before editing httpd.conf, make a copy the original
file. Creating a backup makes it easier to recover from mistakes made
while editing the configuration file.
If a mistake is made and the Web server does not work correctly, first
review recently edited passages in httpd.conf
to verify there are no typos.
Next look in the Web server's error log,
/var/log/httpd/error_log. The error log may not be
easy to interpret, depending on your level of expertise. However, the
last entries in the error log should provide useful information.
The following subsections contain a list of short descriptions for many
of the directives included in httpd.conf. These
descriptions are not exhaustive. For more information, refer to the
Apache documentation online at https://httpd.apache.org/docs-2.0/.
For more information about mod_ssl directives,
refer to the documentation online at https://httpd.apache.org/docs-2.0/mod/mod_ssl.html.
The ServerRoot directive specifies the top-level
directory containing website content. By default,
ServerRoot is set to
"/etc/httpd" for both secure and non-secure
servers.
PidFile names the file where the server records its
process ID (PID). By default the PID is listed in
/var/run/httpd.pid.
Timeout defines, in seconds, the amount of time
that the server waits for receipts and transmissions during
communications. Timeout is set to
300 seconds by default, which is appropriate for
most situations.
KeepAlive sets whether the server allows more
than one request per connection and can be used to prevent any one
client from consuming too much of the server's resources.
By default Keepalive is set to
off. If Keepalive is set to
on and the server becomes very busy, the server can
quickly spawn the maximum number of child processes. In this
situation, the server slows down significantly. If
Keepalive is enabled, it is a good idea to set the
the KeepAliveTimeout low (refer to Section 10.5.7 KeepAliveTimeout for more information about the
KeepAliveTimeout directive) and monitor the
/var/log/httpd/error_log log file on the
server. This log reports when the server is running out of child
processes.
This directive sets the maximum number of requests allowed per
persistent connection. The Apache Project recommends a high setting,
which improves the server's performance.
MaxKeepAliveRequests is set to
100 by default, which should be appropriate for
most situations.
KeepAliveTimeout sets the number of seconds the
server waits after a request has been served before it closes the
connection. Once the server receives a request, the
Timeout directive applies instead. The
KeepAliveTimeout directive is set to 15 seconds by
default.
<IfModule> and
</IfModule> tags create a conditional
container which are only activated if the specified module is
loaded. Directives within the IfModule container
are processed under one of two conditions. The directives are
processed if the module contained within the starting
<IfModule> tag is loaded. Or, if an
exclamation point [!] appears before the module name,
the directives are processed only if the module specified in the
<IfModule> tag is not
loaded.
For more information about Apache HTTP Server modules, refer to Section 10.7 Adding Modules.
As explained in Section 10.2.1.2 Server-Pool Size Regulation, the
responsibility for managing characteristics of the server-pool falls
to a module group called MPMs under Apache HTTP Server 2.0. The characteristics
of the server-pool differ depending upon which MPM is used. For this
reason, an IfModule container is necessary to
define the server-pool for the MPM in use.
By default, Apache HTTP Server 2.0 defines the server-pool for both the
prefork and worker MPMs.
The following section list directives found within the MPM-specific
server-pool containers.
The StartServers directive sets how many server
processes are created upon startup. Since the Web server
dynamically kills and creates server processes based on traffic
load, it is not necessary to change this parameter. The Web server
is set to start 8 server processes at startup for
the prefork MPM and 2 for the
worker MPM.
MaxRequestsPerChild sets the total number of
requests each child server process serves before the child dies. The
main reason for setting MaxRequestsPerChild is to
avoid long-lived process induced memory leaks. The default
MaxRequestsPerChild for the
prefork MPM is 4000 and for
the worker MPM is 0.
MaxClients sets a limit on the total number of
server processes, or simultaneously connected clients, that can run at
one time. The main purpose of this directive is to keep a runaway
Apache HTTP Server from crashing the operating system. For busy servers this
value should be set to a high value. The server's default is set to
150 regardless of the MPM in use. However, it is not recommended that
the value for MaxClients exceeds
256 when using the prefork MPM.
These values are only used with the prefork
MPM. They adjust how the Apache HTTP Server dynamically adapts to the perceived
load by maintaining an appropriate number of spare server processes
based on the number of incoming requests. The server checks the number of servers waiting
for a request and kills some if there are more than
MaxSpareServers or creates some if the number of
servers is less than MinSpareServers.
The default MinSpareServers value is
5; the default MaxSpareServers
value is 20. These default settings should be
appropriate for most situations. Be careful not to increase the
MinSpareServers to a large number as doing so
creates a heavy processing load on the server even when traffic is
light.
These values are only used with the worker
MPM. They adjust how the Apache HTTP Server dynamically adapts to the perceived
load by maintaining an appropriate number of spare server threads
based on the number of incoming requests. The server checks the
number of server threads waiting for a request and kills some if
there are more than MaxSpareThreads or creates
some if the number of servers is less than
MinSpareThreads.
The default MinSpareThreads value is
25; the default
MaxSpareThreads value is
75. These default settings should be appropriate
for most situations. The value for
MaxSpareThreads must be greater than or equal to
the sum of MinSpareThreads and
ThreadsPerChild, else the Apache HTTP Server automatically
corrects it.
This value is only used with the worker MPM. It
sets the number of threads within each child process. The default
value for this directive is 25.
The Listen command identifies the ports on which
the Web server accepts incoming requests. By default, the Apache HTTP Server is
set to listen to port 80 for non-secure Web communications and (in the
/etc/httpd/conf.d/ssl.conf file which defines any
secure servers) to port 443 for secure Web communications.
If the Apache HTTP Server is configured to listen to a port under 1024, only the
root user can start it. For port 1024 and above,
httpd can be started as a regular user.
The Listen directive can also be used to specify
particular IP addresses over which the server accepts connections.
Include allows other configuration files to be
included at runtime.
The path to these configuration files can be absolute or relative to
the ServerRoot.
 | Important |
|---|
| | For the server to use individually packaged modules, such
as mod_ssl, mod_perl, and
php, the following directive must be included in
Section 1: Global Environment of
httpd.conf:
|
LoadModule is used to load Dynamic Shared Object
(DSO) modules. More information on the Apache HTTP Server's DSO support,
including instructions for using the LoadModule
directive, can be found in Section 10.7 Adding Modules. Note,
the load order of the modules is no longer
important with Apache HTTP Server 2.0. Refer to Section 10.2.1.3 Dynamic Shared Object (DSO) Support for more information about Apache HTTP Server 2.0
DSO support.
The ExtendedStatus directive controls whether
Apache generates basic (off) or detailed server
status information (on), when the
server-status handler is called. The
server-status handler is called using
Location tags. More information on calling
server-status is included in Section 10.5.60 Location.
The IfDefine tags surround configuration directives
that are applied if the "test" stated in the
IfDefine tag is true. The directives are ignored
if the test is false.
The test in the IfDefine tags is a parameter name
(for example, HAVE_PERL). If the parameter is
defined, meaning that it is provided as an argument to the server's
start-up command, then the test is true. In this case, when the Web
server is started, the test is true and the directives contained in
the IfDefine tags are applied.
The SuexecUserGroup directive, which originates
from the mod_suexec module, allows the
specification of user and group execution privileges for CGI
programs. Non-CGI requests are still processed with the user and group
specified in the User and Group
directives.
 | Note |
|---|
| | The SuexecUserGroup directive replaces the
Apache HTTP Server 1.3 configuration of using the User and
Group directives inside the configuration of
VirtualHosts sections.
|
The User directive sets the username of the server
process and determines what files the server is allowed to access. Any
files inaccessible to this user are also inaccessible to clients
connecting to the Apache HTTP Server.
By default User is set to
apache.
This directive has been deprecated for the configuration of virtual
hosts.
| Note |
|---|
| | For security reasons, the Apache HTTP Server does not run as the root
user.
|
Specifies the group name of the Apache HTTP Server processes.
This directive has been deprecated for the configuration of virtual
hosts.
By default, Group is set to
apache.
Sets the ServerAdmin directive to the email address
of the Web server administrator. This email address shows up in
error messages on server-generated Web pages, so users can report a
problem by sending email to the server administrator.
By default, ServerAdmin is set to
root@localhost.
A common way to set up ServerAdmin is to set it to
[email protected]. Once set, alias
webmaster to the person responsible for the Web
server in /etc/aliases and run
/usr/bin/newaliases.
ServerName specifies a hostname and port number
(matching the Listen directive) for the server. The
ServerName does not need to match the machine's
actual hostname. For example, the Web server may be
www.example.com, but the server's
hostname is actually
foo.example.com. The value specified
in ServerName must be a valid Domain Name Service
(DNS) name that can be resolved by the system — do not make
something up.
The following is a sample ServerName directive:
ServerName www.example.com:80 |
When specifying a ServerName, be sure the IP
address and server name pair are included in the
/etc/hosts file.
When set to on, this directive configures the Apache HTTP Server
to reference itself using the value specified in the
ServerName and Port
directives. When UseCanonicalName is set to
off, the server instead uses the value used by
the requesting client when referring to itself.
UseCanonicalName is set to
off by default.
DocumentRoot is the directory which contains
most of the HTML files which are served in response to requests. The
default DocumentRoot, for both the non-secure and
secure Web servers, is the /var/www/html
directory. For example, the server might receive a request for the
following document:
https://example.com/foo.html |
The server looks for the following file in the default directory:
To change the DocumentRoot so that it is not shared
by the secure and the non-secure Web servers, refer to Section 10.8 Virtual Hosts.
<Directory /path/to/directory> and
</Directory> tags create a container used to
enclose a group of configuration directives which apply only to a
specific directory and its subdirectories. Any directive which is
applicable to a directory may be used within
Directory tags.
By default, very restrictive parameters are applied to the root
directory (/), using the Options (refer to Section 10.5.23 Options) and
AllowOverride (refer to Section 10.5.24 AllowOverride) directives. Under this
configuration, any directory on the system which needs more
permissive settings has to be explicitly given those settings.
In the default configuration, another Directory
container is configured for the DocumentRoot which
assigns less rigid parameters to the directory tree so that the
Apache HTTP Server can access the files residing there.
The Directory container can be also be used to
configure additional cgi-bin directories for
server-side applications outside of the directory specified in the
ScriptAlias directive (refer to Section 10.5.41 ScriptAlias for more information).
To accomplish this, the Directory container must
set the ExecCGI option for that directory.
For example, if CGI scripts are located in
/home/my_cgi_directory, add the following
Directory container to the
httpd.conf file:
<Directory /home/my_cgi_directory>
Options +ExecCGI
</Directory> |
Next, the AddHandler directive must be
uncommented to identify files with the .cgi
extension as CGI scripts. Refer to Section 10.5.56 AddHandler
for instructions on setting AddHandler.
For this to work, permissions for CGI scripts, and the entire path to
the scripts, must be set to 0755.
The Options directive controls which server
features are available in a particular directory. For example, under
the restrictive parameters specified for the root directory,
Options is only set to the
FollowSymLinks directive. No features are enabled,
except that the server is allowed to follow symbolic links in the root
directory.
By default, in the DocumentRoot directory,
Options is set to include
Indexes and
FollowSymLinks. Indexes permits
the server to generate a directory listing for a directory if no
DirectoryIndex (for example,
index.html) is
specified. FollowSymLinks allows the server to
follow symbolic links in that directory.
| Note |
|---|
| | Options statements from the main server
configuration section need to be replicated to each
VirtualHost container individually. Refer to
Section 10.5.65 VirtualHost for more information.
|
The AllowOverride directive sets whether any
Options can be overridden by the declarations in an
.htaccess file. By default, both the root
directory and the DocumentRoot are set to allow no
.htaccess overrides.
The Order directive controls the order in which
allow and deny directives are
evaluated. The server is configured to evaluate the
Allow directives before the Deny
directives for the DocumentRoot directory.
Allow specifies which client can access a given
directory. The client can be all, a domain name,
an IP address, a partial IP address, a network/netmask pair, and so
on. The DocumentRoot directory is configured to
Allow requests from all, meaning
everyone has access.
Deny works similar to Allow,
except it specifies who is denied access. The
DocumentRoot is not configured to
Deny requests from anyone by default.
UserDir is the subdirectory within each user's home
directory where they should place personal HTML files which are served
by the Web server. This directive is set to disable
by default.
The name for the subdirectory is set to
public_html in the default configuration. For
example, the server might receive the following request:
https://example.com/~username/foo.html |
The server would look for the file:
/home/username/public_html/foo.html |
In the above example, /home/username/ is the
user's home directory (note that the default path to users' home
directories may vary).
Make sure that the permissions on the users' home directories are set
correctly. Users' home directories must be set to 0711. The read (r)
and execute (x) bits must be set on the users'
public_html directories (0755 also works).
Files that are served in a users' public_html
directories must be set to at least 0644.
The DirectoryIndex is the default page served by
the server when a user requests an index of a directory by specifying
a forward slash (/) at the end of the directory name.
When a user requests the page
https://example/this_directory/,
they get either the DirectoryIndex page, if it
exists, or a server-generated directory list. The default for
DirectoryIndex is index.html
and the index.html.var type map. The server tries
to find either of these files and returns the first one it finds. If
it does not find one of these files and Options
Indexes is set for that directory, the server generates and
returns a listing, in HTML format, of the subdirectories and files
within the directory, unless the directory listing feature is turned
off.
AccessFileName names the file which the server
should use for access control information in each directory. The
default is .htaccess.
Immediately after the AccessFileName directive, a
set of Files tags apply access control to any file
beginning with a .ht. These directives deny Web
access to any .htaccess files (or other files
which begin with .ht) for security reasons.
By default, the Web server asks proxy servers not to cache any
documents which were negotiated on the basis of content (that is, they
may change over time or because of the input from the requester). If
CacheNegotiatedDocs is set to on,
this function is disabled and proxy servers are allowed to cache such
documents.
TypesConfig names the file which sets the default
list of MIME type mappings (file name extensions to content types).
The default TypesConfig file is
/etc/mime.types. Instead of editing
/etc/mime.types, the recommended way to add MIME
type mappings is to use the AddType directive.
For more information about AddType, refer to
Section 10.5.55 AddType.
DefaultType sets a default content type for the Web
server to use for documents whose MIME types cannot be determined.
The default is text/plain.
HostnameLookups can be set to on,
off, or double. If
HostnameLookups is set to on, the
server automatically resolves the IP address for each
connection. Resolving the IP address means that the server makes one
or more connections to a DNS server, adding processing overhead. If
HostnameLookups is set to double,
the server performs a double-reverse DNS look up adding even more
processing overhead.
To conserve resources on the server,
HostnameLookups is set to off by
default.
If hostnames are required in server log files, consider running one of
the many log analyzer tools that perform the DNS lookups more
efficiently and in bulk when rotating the Web server log files.
ErrorLog specifies the file where server errors are
logged. By default, this directive is set to
/var/log/httpd/error_log.
LogLevel sets how verbose the error messages in the
error logs are. LogLevel can be set (from
least verbose to most verbose) to emerg,
alert, crit,
error, warn,
notice, info, or
debug. The default LogLevel is
warn.
The LogFormat directive configures the format of
the various Web server log files. The actual
LogFormat used depends on the settings given in
the CustomLog directive (refer to Section 10.5.38 CustomLog).
The following are the format options if the
CustomLog directive is set to
combined:
- %h (remote host's IP address or hostname)
Lists the remote IP address of the requesting client. If
HostnameLookups is set to on,
the client hostname is recorded unless it is not available
from DNS.
- %l (rfc931)
Not used. A hyphen [-] appears in the log
file for this field.
- %u (authenticated user)
Lists the username of the user recorded if authentication
was required. Usually, this is not used, so a hyphen
[-] appears in the log file for this field.
- %t (date)
Lists the date and time of the request.
- %r (request string)
Lists the request string exactly as it came from the browser or
client.
- %s (status)
Lists the HTTP status code which was returned to the client host.
- %b (bytes)
Lists the size of the document.
- %\"%{Referer}i\" (referrer)
Lists the URL of the webpage which referred the client host
to Web server.
- %\"%{User-Agent}i\" (user-agent)
Lists the type of Web browser making the request.
CustomLog identifies the log file and the log file
format. By default, the log is recorded to the
/var/log/httpd/access_log file.
The default CustomLog format is the
combined log file format, as illustrated here:
remotehost rfc931 user date "request" status bytes referrer user-agent |
The ServerSignature directive adds a line
containing the Apache HTTP Server server version and the
ServerName to any server-generated documents, such
as error messages sent back to
clients. ServerSignature is set to
on by default.
It can also be set to off or to
EMail. EMail, adds a
mailto:ServerAdmin HTML tag to the signature line
of auto-generated responses.
The Alias setting allows directories outside the
DocumentRoot directory to be accessible. Any URL
ending in the alias automatically resolves to the alias' path. By
default, one alias for an icons/ directory is
already set up. An icons/ directory can be
accessed by the Web server, but the directory is not in the
DocumentRoot.
The ScriptAlias directive defines where CGI scripts
are located. Generally, it is not good practice to leave CGI scripts
within the DocumentRoot, where they can potentially
be viewed as text documents. For this reason, a special directory
outside of the DocumentRoot directory containing
server-side executables and scripts is designated
by the ScriptAlias directive. This directory is
known as a cgi-bin and is set to
/var/www/cgi-bin/ by default.
It is possible to establish directories for storing executables outside
of the cgi-bin/ directory. For instructions on
doing so, refer to Section 10.5.56 AddHandler and Section 10.5.22 Directory.
When a webpage is moved, Redirect can be used to
map the file location to a new URL. The format is as follows:
Redirect /<old-path>/<file-name> https://<current-domain>/<current-path>/<file-name> |
In this example, replace <old-path>
with the old path information for
<file-name> and
<current-domain> and
<current-path> with the current
domain and path information for
<file-name>.
In this example, any requests for
<file-name> at the old location is
automatically redirected to the new location.
For more advanced redirection techniques, use the
mod_rewrite module included with the Apache HTTP Server. For
more information about configuring the mod_rewrite
module, refer to the Apache Software Foundation documentation online
at https://httpd.apache.org/docs-2.0/mod/mod_rewrite.html.
IndexOptions controls the appearance of server
generated directing listings, by adding icons, file descriptions, and
so on. If Options Indexes is set (refer to Section 10.5.23 Options), the Web server generates a directory
listing when the Web server receives an HTTP request for a directory
without an index.
First, the Web server looks in the requested directory for a file
matching the names listed in the DirectoryIndex
directive (usually, index.html). If an
index.html file is not found, Apache HTTP Server creates an
HTML directory listing of the requested directory. The appearance of
this directory listing is controlled, in part, by the
IndexOptions directive.
The default configuration turns on FancyIndexing.
This means that a user can re-sort a directory listing by clicking on
column headers. Another click on the same header switches from
ascending to descending order. FancyIndexing also
shows different icons for different files, based upon file extensions.
The AddDescription option, when used in conjunction
with FancyIndexing, presents a short description
for the file in server generated directory listings.
IndexOptions has a number of other parameters which
can be set to control the appearance of server generated
directories. The IconHeight and
IconWidth parameters require the server to include
HTML HEIGHT and WIDTH tags for
the icons in server generated webpages. The
IconsAreLinks parameter combines the graphical icon
with the HTML link anchor, which contains the URL link target.
This directive names icons which are displayed by files with MIME
encoding in server generated directory listings. For example, by
default, the Web server shows the compressed.gif
icon next to MIME encoded x-compress and x-gzip files in server
generated directory listings.
This directive names icons which are displayed next to files with MIME
types in server generated directory listings. For example, the server
shows the icon text.gif next to files with a
mime-type of text, in server
generated directory listings.
AddIcon specifies which icon to show in server
generated directory listings for files with certain extensions. For
example, the Web server is set to show the icon
binary.gif for files with
.bin or .exe extensions.
DefaultIcon specifies the icon displayed in server
generated directory listings for files which have no other icon
specified. The unknown.gif image file is the
default.
When using FancyIndexing as an
IndexOptions parameter, the
AddDescription directive can be used to display
user-specified descriptions for certain files or file types in a
server generated directory listing. The
AddDescription directive supports listing specific
files, wildcard expressions, or file extensions.
ReadmeName names the file which, if it exists in
the directory, is appended to the end of server generated directory
listings. The Web server first tries to include the file as an HTML
document and then tries to include it as plain text. By default,
ReadmeName is set to
README.html.
HeaderName names the file which, if it exists in
the directory, is prepended to the start of server generated
directory listings. Like ReadmeName, the server
tries to include it as an HTML document if possible or in
plain text if not.
IndexIgnore lists file extensions, partial
file names, wildcard expressions, or full file names. The Web server
does not include any files which match any of those parameters in
server generated directory listings.
AddEncoding names file name extensions which should
specify a particular encoding type. AddEncoding can
also be used to instruct some browsers to uncompress certain files as
they are downloaded.
AddLanguage associates file name extensions with
specific languages. This directive is useful for Apache HTTP Servers which serve
content in multiple languages based on the client Web browser's
language settings.
LanguagePriority sets precedence for different
languages in case the client Web browser has no language preference
set.
Use the AddType directive to define or override a
default MIME type and file extension pairs. The following example
directive tells the Apache HTTP Server to recognize the .tgz
file extension:
AddType application/x-tar .tgz |
AddHandler maps file extensions to specific
handlers. For example, the cgi-script handler can
be matched with the extension .cgi to
automatically treat a file ending with .cgi as a
CGI script. The following is a sample AddHandler
directive for the .cgi extension.
AddHandler cgi-script .cgi |
This directive enables CGIs outside of the
cgi-bin to function in any directory on the
server which has the ExecCGI option within the
directories container. Refer to Section 10.5.22 Directory
for more information about setting the ExecCGI
option for a directory.
In addition to CGI scripts, the AddHandler
directive is used to process server-parsed HTML and image-map files.
Action specifies a MIME content type
and CGI script pair, so that when a file of that media type is
requested, a particular CGI script is executed.
The ErrorDocument directive associates an HTTP
response code with a message or a URL to be sent back to the
client. By default, the Web server outputs a simple and usually
cryptic error message when an error occurs. The
ErrorDocument directive forces the Web server to
instead output a customized message or page.
| Important |
|---|
| | To be valid, the message must be enclosed in a
pair of double quotes ["].
|
The BrowserMatch directive allows the server to
define environment variables and take appropriate actions based on the
User-Agent HTTP header field — which identifies the client's Web
browser type. By default, the Web server uses
BrowserMatch to deny connections to specific
browsers with known problems and also to disable keepalives and HTTP
header flushes for browsers that are known to have problems with those
actions.
The <Location> and
</Location> tags create a container in which access
control based on URL can be specified.
For instance, to allow people connecting from within the server's
domain to see status reports, use the following directives:
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from <.example.com>
</Location> |
Replace <.example.com> with the
second-level domain name for the Web server.
To provide server configuration reports (including
installed modules and configuration directives) to requests from
inside the domain, use the following directives:
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from <.example.com>
</Location> |
Again, replace <.example.com> with the
second-level domain name for the Web server.
To configure the Apache HTTP Server to function as a proxy server, remove the
hash mark (#) from the beginning of the
<IfModule mod_proxy.c> line, the
ProxyRequests, and each line in the <Proxy>
stanza. Set the ProxyRequests directive to
On, and set which domains are allowed access to the
server in the Allow from directive of the
<Proxy> stanza.
<Proxy *> and
</Proxy> tags create a container which
encloses a group of configuration directives meant to apply only to
the proxy server. Many directives which are allowed within a
<Directory> container may also be used within
<Proxy> container.
A number of commented cache directives are supplied by the default
Apache HTTP Server configuration file. In most cases, uncommenting these lines by
removing the hash mark (#) from the beginning of the
line is sufficient. The following, however, is a list of some of the
more important cache-related directives.
CacheEnable — Specifies whether the
cache is a disk, memory, or file descriptor cache. By default
CacheEnable configures a disk cache for URLs at
or below /.
CacheRoot — Specifies the name of
the directory containing cached files. The default
CacheRoot is the
/var/httpd/proxy/ directory.
CacheSize — Specifies how much space
the cache can use in kilobytes. The default
CacheSize is 5 KB.
The following is a list of some of the other common cache-related
directives.
CacheMaxExpire — Specifies how long
HTML documents are retained (without a reload from the originating
Web server) in the cache. The default is 24
hours (86400 seconds).
CacheLastModifiedFactor — Specifies
the creation of an expiry (expiration) date for a document which
did not come from its originating server with its own expiry
set. The default CacheLastModifiedFactor is set
to 0.1, meaning that the expiry date for such
documents equals one-tenth of the amount of time since the
document was last modified.
CacheDefaultExpire — Specifies the
expiry time in hours for a document that was received using a
protocol that does not support expiry times. The default is set to
1 hour (3600 seconds).
NoProxy — Specifies a space-separated
list of subnets, IP addresses, domains, or hosts whose content is
not cached. This setting is most useful for Intranet sites.
The NameVirtualHost directive associates an IP
address and port number, if necessary, for any name-based virtual
hosts. Name-based virtual hosting allows one Apache HTTP Server to serve
different domains without using multiple IP addresses.
| Note |
|---|
| | Name-based virtual hosts only work with
non-secure HTTP connections. If using virtual hosts with a secure
server, use IP address-based virtual hosts instead.
|
To enable name-based virtual hosting, uncomment the
NameVirtualHost configuration directive and add the
correct IP address. Then add additional VirtualHost
containers for each virtual host as is necessary for your
configuration.
<VirtualHost> and
</VirtualHost> tags create a container
outlining the characteristics of a virtual host. The
VirtualHost container accepts most configuration
directives.
A commented VirtualHost container is provided in
httpd.conf, which illustrates the minimum set of
configuration directives necessary for each virtual host. Refer to
Section 10.8 Virtual Hosts for more information about
virtual hosts.
| Note |
|---|
| | The default SSL virtual host container now
resides in the file
/etc/httpd/conf.d/ssl.conf.
|
The directives in /etc/httpd/conf.d/ssl.conf file
can be configured to enable secure Web communications using SSL and
TLS.
SetEnvIf sets environment variables based on the
headers of incoming connections. It is not
solely an SSL directive, though it is present in the supplied
/etc/httpd/conf.d/ssl.conf file. It's purpose
in this context is to disable HTTP keepalive and to allow SSL to
close the connection without a closing notification from the client
browser. This setting is necessary for certain browsers that do not
reliably shut down the SSL connection.
For more information on other directives within the SSL
configuration file, refer to the following URLs:
For information about setting up an Apache HTTP Secure Server, Refer
to the chapter titled Apache HTTP Secure Server
Configuration in the Red Hat Enterprise Linux System Administration Guide.
| Note |
|---|
| | In most cases, SSL directives are configured appropriately during
the installation of Red Hat Enterprise Linux. Be careful when altering Apache HTTP
Secure Server directives, misconfiguration can lead to security
vulnerabilities.
|
