Basic Apache settings

Let's take a look at the content of httpd. conf, which is mainly divided into three parts:
Section 1: Global Environment
Section 2: 'main' Server Configuration
Section 3: Virtual Hosts

[Part 1]
· Servertype Standalone
This indicates that Apache is started with standalone or inetd. The so-called standalone refers to starting a connection to answer all connections at a time, while the inetd is started only when it is required to connect to the HTTP connection. As the connection ends, is it a great burden? Therefore, it is generally started with standalone.
· Serverroot "/usr/local/httpd"
This is the Apache directory.
· # Locdfile/use/local/httpd/logs/httpd. Lock
Retain the default value. Do not change the value.
· Pidfile/usr/local/httpd/logs/httpd. PID
This file records the ID of the Apache parent Handler
· Scoreboardfile/usr/local/httpd/logs/httpd. Scoreboard
Information of this file storage Handler
· # Resourceconfig CONF/SRM. conf
· # Accessconfig CONF/access. conf
Because httpd. conf is used for overall management, the preset values of these two files are annotated and can be kept unchanged.
· Timeout 300
Set the staring timeout time. If the client has not connected to the server for more than 300 seconds, or the server has not sent information to the client for more than 300 seconds, it is disconnected.
· Keepalive on
Allow connections on the client to have multiple requests. If this parameter is set to off, the connection is not allowed.
· Maxkeepaliverequests 100
The larger the number, the better the efficiency of the tree with the largest request for each connection. 0 indicates no restriction
· Minspareserver 5
· Maxspareservers 10
Minspareserver 5 indicates that there will be at least five idle handlers. If the actual number is less than this number, the handler will be added. Maxspareservers 10 indicates the maximum number of idle processors. If your website is in high demand, you can increase the number.
· Startservers 5
Number of servers at startup
Maxclients 150
Limit the maximum number of connections at the same time. Of course, it cannot be set too small. Once this number is reached, no more users can be added.
· Maxrequestperchild 0
Limit the number of pre-processing results. 0 indicates no limit.
· # Listen 3000
· # Listen 12.34.56.78: 80
Use other connection ports or IP addresses
· Bindaddress *
You can answer * (all IP addresses), the specified IP address, or the complete domain name.
· # Loadmodule foo_module libexec/mod_foo.so
Use DSO Module
· # Extendedstatus on
View Apache status information. The default value is off (Annotated)
[Part 2]
If the previous servertype is inetd, Jump directly to serveradmin.
· Port 80
The connection port that the standalone server receives. Of course, it can also be another port number smaller than 1023.
· User nobody
· Group nobody
Users and groups executing httpd
· Serveradmin administrator email address
This is the administrator's email address. If Apache is faulty, it will send a message to the Administrator. Of course, you can also create a Web account to receive emails.
· Servername your host name
This is the host name. If there is no domain name, you can also use an IP address
· DocumentRoot "usr/local/httpd/htdocs"
This directory is the place where apacheis set up. The index.html in this directory is the default homepage connected to this host.
·
Options followsymlinks
AllowOverride none
　
This directory sets the execution action of the directory (public_html) where the user places the webpage. The detailed directory access method will be described later
·
Options indexes folloesymlinks
AllowOverride none
Order allow, deny
Allow from all
　
This directory sets the running action of Apache's web directory (htdocs)
· Userdir public_html
You can create a public_html directory in your own directory to place webpages. Enter http: // host address /~ The user name can be connected? /A>
· Directoryindex index.html
Set the default homepage name.
· Accessfilename. htaccess
This is the name of the file that controls access. The default. htaccess name is generally used. The following describes how to use htaccess.
·
Order allow, deny
Deny from all
　
This is used to prevent others from seeing the content of files starting with. Ht. It not only protects the content of. htaccess, but also protects the content of. htpasswd. Of course, it can also be written directly. If you have changed the accessfilename, for example, to change. htaccess to. accessht, remember to make relevant changes here to prevent others from seeing it.
· # Cachenegotiateddocs
The annotation tells the proxy not to store the file generated by the interaction into the cache. If you remove #, it will exist in the cache.
· UseCanonicalName on
Use the standard name. The default value is on. Assume that the full name of a Web server is www.sample.com, which is generally called www.
· Typeconfig/usr/local/httpd/CONF/mime. Types
Specifies the object that stores the MIME file type. You can edit the mime. types file by yourself.
· Defaulttype text/plain
The default format when the server does not recognize this file type.
·
Mimemagicfile/usr/local/httpd/CONF/magic
　
The mod_mime_magic module enables the server to determine its MIME type based on the file content. If the mod_mime_magic module is loaded, the mimemagicfile segment will be processed. If it is ..., It indicates that if the module is not loaded, the process will be processed.
· Hostlookups off
If it is on, the IP address will be resolved to the name server each time, and the name of the connection line (for example, www.apache.org) will be record as self-changing, and only the IP address will be recorded.
· Errorlog/usr/local/httpd/logs/error_log
Specify the location of the Error Log File (error_log. If no error record file is specified, the file will be used
· Loglevel warn
Records are divided into many levels, which are warn here. The levels are as follows:
Debug debug information
Info common information
Notice important information
Warn warning information
Error
Crit emergency
What should alert handle now
Amerg system is about to die
· Logformat "% H % L % u % t/" % R/"%> S % B/" {Referer} I/"/" $ {useragent} I /"" combined
Logformat "% H % L % u % t" % R/"%> S % B" commom
Logformat "% {Referer} I-> % u" Referer
Logformat "% {User-Agent} I" Agent
Custom four record formats: combined, common, Referer, and Agent
· Customlog/usr/local/httpd/logs/access_log common
Access_log uses the custom common format.
· # Customlog/usr/local/httpd/logs/referer_log Referer
# Customlog/usr/local/httpd/logs/agent_log agent
# Customlog/usr/local/httpd/logs/agent_log combined
These three record files also use custom formats (Referer, agent, and combined). However, Annotations indicate that these three files are not used.
· Serversignature on
When set to on, there will be a line of apache version, host, and connection port information on the webpage generated by the server (such as when an error occurs); if set to email, there will be mailto: a hyperlink to the Administrator
· Alias/icons/"/usr/local/httpd/icons /"
Use a shorter alias in the format of Alias alias.
· ScriptAlias/cgi-bin/"/usr/local/httpd/cgi-bin /"
Like alias, This is the directory for setting server scripts.
· Indexoptions fancyindexing
Display the list of nice-looking files (with the corresponding images of the following files)
· Addiconbyencoding (CMP,/icons/compressed.gif) x-conpress X-Gzip
· Addicon/icons/blank.gif ^ blankicon ^ defaulticon/icons/unknow.gif
These are the corresponding images of various file types when displaying the file list (previously called fancyindex. For example, the graphic format of the. PS. Si .epsfile is a.gif.
· # Adddescription "gzip conpressed document". GZ
# Adddescription "TAR archive". Tar
# Adddescription "gzip compressed tar archive". tgz
These are the Descriptions attached to the file when the file list is displayed. The format is as follows:
Adddescription "Description" File Name
Example: adddescription "it is private TXT" my.txt
· Readmename readme
When the file list is displayed, the README file content is displayed at the bottom.

Set CGI scripts/use httpd. conf as the unique configuration file/user authorization and access control.

Many articles have elaborated on the configuration and use of Apache in linuxaid. This article discusses how to use Apache, the usage of configuration files and access control of files can be added to Apache!
If you have some knowledge about Apache, especially several configuration files, it will help you understand the content of this article; if you are not familiar with the use of these configuration files, take this opportunity to get familiar with them.

1. configuration of CGI execution script

There are two methods to set CGI scripts. 1. The CGI script file uses. cgi as the extension. 2. Set the executable directory of the script. However, both methods can be executed only when the file to be executed is set to 711.
In the first method, we need to set the directory to option execcgi all in the access. conf file. In the SRM. conf resource configuration file, add the following sentence:

Addhandle CGI-script. cgi

In this way, in all directories, as long as your file is. if CGI is an extension and the file access permission is 711, it can be called by the Apache server as CGI no matter where the file is stored in your release directory. This method is generally not safe as the second method.
The second method is to use a directory as an executable directory and put all cgi files in it. CGI is a file with an extension that can be executed, but can be executed as long as there is a 711 attribute, and other non-executable files are not accessible. Our default configuration file provides a good example:
Access. conf:
<Directory/home/httpd/cgi-bin/>
Allow override none
Options execcgi
</Directory>
SRM. conf
ScriptAlias/cgi-bin // home/httpd/cgi-bin/
In this way, the executable files in the/home/httpd/cgi-bin/directory can be called by the Web server, and other non-executable files will be denied access.

2. Configure the user's release directory

There are two ways to set the parameters:
The first type is the system metadata, that is, the public_html directory under the user's directory is the user's issue directory, and the main page file is index.html, And the directory does not support CGI.
The second is to set the publishing directory for users in other directories. For example, if I want to use the/home/html directory as the user's web directory, then the administrator should set a sub-directory for each user in this directory, such as/home/html/user01 and/home/html/user02. So, your SRM. in the conf file, userdir cannot be followed by public_html. It should be changed to userdir/home/html/*/. Note that "*" indicates anyone, when you try again in the browser to request a http://www.domain like /~ When user01, the apache..ndex.html file.
This setting does not require access. set the access attribute of the directory in Conf. Also, when we set the virtual host, we do not need to set the access attribute of the directory. However, if you want to grant CGI permission to a directory, access is required. configure the access permission for the directory in the conf file. For example, if you want all your users to have CGI access in their release directory. set in conf as follows:
<Directory/home/html/*/cgi-bin/>
Allow override none
Options execcgi
</Dirctory>
Note that the cgi-bin sub-directory in the user directory is set to the CGI execution directory, which is a safe setting and a Unix habit. 3. How to set the Apache server as a sub-service of inetd

After you install Apache, it is set to run in standalone mode by default. If you want to set it as a sub-service of inetd, httpd is not activated every time you activate Linux, then edit/etc/inetd. conf, add the following statement: HTTP stream tcp Nowait root/usr/sbin/httpd
Then reactivate the inetd server. In this way, when you run the PS-Aux command to check the running status of the process, you will not find the existence of the HTTPd process, but once a customer requests a page, inetd activates an httpd process to serve the request, and then releases it automatically. This running method helps to save system resources, but if your web service is very important, it is generally not recommended to run in this mode.

4. Use httpd. conf as the unique configuration file

Three configuration files are provided in Apache: SRM. conf, access. conf, and httpd. conf files. In fact, these three files are equal. All configurations can be placed in a separate httpd. in the conf file, this is actually done in Apache 1.3.2, in httpd. conf should include the following two commands to prevent Apache from using SRM. conf and access. access to the conf configuration files:
Accessconfig/dev/null
Resourceconfig/dev/null
In apache1.3.2, you only need to comment out the following two lines:
Accessconfig CONF/access. conf
Resourceconfig CONF/SRM. conf

V. user authorization and access control

You may have encountered this situation when visiting some websites. When you click a connection, your browser will pop up an authentication dialog box asking you to enter your account and password, if not, you cannot continue browsing. Some people may think that this is done using CGI. In fact, this is because the user authorization and access control mechanisms of the WWW server play a role.
Do you still remember that <directory> ........ <./Directory> This command can provide different protection for different directories. However, this setting takes effect only after the server is restarted. The flexibility is poor. You can use the accessfile command to specify the access control file, to set a user's access control permission on the Apache server, follow these steps:

1. First, set the httpd. conf file as follows:

<Directory/home/httpd/html>
# AllowOverride fileinfo authconfig limit
# Options Multiviews indexes symlinksifownermatch IncludesNOEXEC
Options includes followsymlinks Indexes
AllowOverride all // * Note that AllowOverride must be set to all, so that the later. htaccess file will take effect.
<Limit get post options propfind>
Order allow, deny
Allow from all
</Limit>
# <Limit put Delete patch proppatch mkcol copy move Lock unlock>
# Order deny, allow
# Deny from all
# </Limit>
</Directory>
# Specify the name of the file for configuring access control permissions
Accessfilename. htaccess

2. Create a. htaccess File Content

To control the access permission of a directory, you must create an access control file named ". htaccess" specified before the file name. The content format is as follows:

Authuserfile User Account Password File Name
Authgroupfile group account password file name
Authname text on screen
Authtype authentication method
<Limit Get>
Password Verification Method
</Limit>
User authentication method authtype currently provides two types: basic and digest.
The password verification method is the same as that in httpd. conf.
An example is as follows:
Authuserfile/etc/secure. User
Authname security authentication center
Authtype basic
<Limit Get>
Require valid-user
</Limit>

3. Create a User Password File

If you create a user password for the first time, the command format is as follows:
Htpasswd-C Password File Name User Name
In the preceding example, the user password file is stored in the/etc/secure. User File. Therefore, perform the following operations:
Htpasswd-C/etc/secure. User sword
The program will prompt you to enter the user's password twice, and then the user's password file has been created and added to the sword user.
To add a new user to the password file, follow the command format below:
User Name of the htpasswd Password File
In this way, after the httpd is restarted, a dialog box pops up when the web directory is started. You must enter the user name and password.

4. How to reduce the impact of access control on Apache Performance
Frequent access control may have a great impact on Apache performance. How can this impact be reduced? One of the simplest and most effective methods is to reduce the number of. htaccess files, which prevents Apache from performing authorization checks on each request according to the content of the. htaccess file. It not only searches for the. htaccess file in the current directory, but also searches for the. htaccess file in the parent directory of the current directory.

/
/Usr
/Usr/local
/Usr/local/etc
/Usr/local/etc/httpd
/Usr/local/etc/httpd/htdocs
/Usr/local/etc/httpd/htdocs/docs
There is usually no htaccess file in the root directory, but Apache still performs a routine check to confirm that the file does not exist. This affects the efficiency of the server. The following method can eliminate this annoying process: Set AllowOverride to none, so that Apache will check the. htaccess file. Set the AllowOverride option of the/root directory to none, and set the AllowOverride option under the directory to all. In the following example, the AllowOverride option of the/root directory is disabled, only the allowoerride option under the/usr/local/etc/httpd/htdocs directory is enabled. In this way, the system only checks in/usr/local/etc/httpd/htdocs. to improve service efficiency.

<Directory/>
AllowOverride none
</Directory>

<Directory/usr/local/etc/httpd/htdocs>
AllowOverride all
</Directory>

In addition to the root directory, you can set other directories that store WWW files in the same way. For example, if you use userdir to allow users to access their own directories, set AllowOverride as follows:
<Directory/home/*/public_html>
AllowOverride fileinfo indexes IncludesNOEXEC
</Directory>

5. Prevent users from accessing specified files
Some files in the system are not suitable for WWW users, such as. htaccess, htpasswd, *. pl, etc. You can use <files> to achieve this purpose:
<Files. htaccess>
Order allow, deny
Deny from all
</Files>
User Access Control. htaccess file ,. htpasswd and. htgroup (used for user authorization), to ensure security, users should be prevented from browsing the content, which can be viewed in httpd. add the following content to conf to prevent users from accessing it:
<Files ~" /. Ht ">
Order deny, allow
Deny from all
</Files>
In this way, these three files will not be accessed by users.

6. restrict certain users from accessing specific files
<Directory> You can restrict directories. to restrict access to a specific file, you can use <location>, for example: users not in the domain.com domain are not allowed to access/Prices/internal.html. You can use the following settings:

<Location/Prices/internal.html>
Order deny, allow
Deny from all
Allow from .domain.com
</Location>
If the machine you want to grant permissions to does not have a public domain name, please map its IP address to a specified name in your/etc/hosts file, set it in location. Otherwise, this option does not work.

7. Only access from specific links is allowed.
For example, only allow all users from the http://www.sina.com.cn/* link to this directory, visitors from other links are not allowed to access; "*" indicates all the links under this website. Where the http://www.sina.com.cn/* can also be: http: // 202.106.184.200/* or specify the file http://www.sina.com.cn/news.html
The content of the. htaccess file is as follows:
Authuserfile/dev/null
Authgroupfile/dev/null
Authname exampleallowfromspecificurl
Authtype basic
<Limit Get>
Order deny, allow
Deny from all
Referer allow from http://www.sina.com.cn /*
</Limit>

6. How to access the contents of directories mounted to MNT through Apache
In Linux, to view the content of a CD, you must first connect the CD to/mnt/CDROM, and Access DoS or other partitions in Linux, you must first mount it to/MNT. The following method can be used to display the mounted directory content through Apache:
1. First, connect the content to be mounted to MNT, such:
Mount-T iso9660/dev/CDROM/mnt/CDROM
2. Modify the SRM. conf file in/usr/local/etc/httpd/conf (modify httpd. conf in apache1.3.2)
Alias adding support:
# Alias fakename realname
# Alias for NetWare server //
Alias/Netware // MNT/mydom_nw/vol1/home/htmldocs/
Alias/winnt // MNT/mydom_nt/
Alias/Unix // MNT/mydom_unix
In fact, the simplest method for this step is to directly create a link directory under the WWW file directory, for example:
Ln-S/mnt/mydom_nt/winnt
The same effect can be achieved.
3. Finally, use directory to specify the user's access permissions to the preceding directories:
<Direcory "/mnt/mydom_nt">
Options indexes Multiviews
AllowOverride none
Order allow, deny
Allow from all
</Directory>
Note: The indexesin optionsmust be specified. If no index.html file exists in the opened directory, you cannot view the structure of the entire directory. The server returns an error message.
Do not forget to restart Apache after all these tasks are completed.

Turn: http://www.webdn.com/web_file/Apache/fwq0608025/