Common Apache configurations

Source: Internet
Author: User
Tags apache log

++ How to set the request wait time
Set in httpd. conf:
Timeout n
N is an integer in seconds.

++ How to receive the total time of a GET request
Time Between the TCP packet that receives a post and put request
Response (ACK) interval during TCP packet transmission

++ How to make Apache listening on a specific port
Modify the listen option in httpd. conf, for example:
Listen 8000.
Is to make Apache listening on port 8000
To specify both the listening port and listening address, you can use:
Listen 192.170.2.1: 80
Listen 192.170.2.5: 8000
In this way, Apache listens to port 80 of port 192.170.2.1 and port 8000 of port 192.170.2.5 at the same time.
Of course, you can also set it in httpd. conf:
Port 80
This achieves similar results.

++ How to set the maximum number of idle processes of Apache
Modify httpd. conf and set it in it:
Maxspareservers n
N is an integer. In this way, when the number of idle processes exceeds N, the Apache Master process will kill redundant idle processes and keep the number of idle processes at N, saving system resources. It is necessary to adjust this parameter at a very busy Apache site, but it is not a good idea to adjust this parameter at any time.
You can also set the following parameters:
Minspareservers n
To limit the minimum number of idle processes to speed up the response.

++ how does Apache set the number of sub-service processes at startup
in httpd. in the conf file, set
startservers 5
. After Apache is started, five idle sub-processes are waiting to accept the request.
You can also refer to minspareservers and maxspareservers settings.

++ how to set the maximum number of requests for each connection in apache

in httpd. in the conf file, set
maxkeepaliverequests 100
to ensure that the new connection request is no longer responded if the number of requests reaches 100 at the same time, this ensures that system resources are not greatly occupied by a connection. However, in actual configuration, we recommend that you increase the value as much as possible to achieve high system performance.
# create a new connection after the user continuously accesses several pages. Adjust the connection accordingly.

++ How to set the session duration in Apache
In apache1.2 or a later version, you can set it in httpd. conf:
Keepalive on
Keepalivetimeout 15
In this way, the duration of each session can be limited to 15 seconds. Session usage allows many requests to be sent over the same TCP connection, Saving network resources and system resources.
# Keepalivetimeout allows the user to keep the connection valid for 15 seconds. If the user clicks other pages within 15 seconds and does not need to re-establish the connection, this setting is short, which is not conducive to efficiency reduction, if the length is set, the number of concurrent connections may increase. Generally, the default value is 15.

++ How to enable Apache to verify the domain name of the client
You can set it in httpd. conf:
Hostnamelookups on | off | double
If the on clause is used, only one reverse lookup is performed. If the double clause is used, a forward Parsing is performed after the reverse lookup. Only two results match each other, and off means domain name verification is not performed.
Double is recommended for security purposes. to speed up access, off is recommended.

++ How to make Apache only listen to specific IP addresses
Modify httpd. conf and use
Bindaddress 192.168.0.1
In this way, Apache can only listen to external HTTP requests for 192.168.0.1. If you use:
Bindaddress *
Apache listens to HTTP requests from all network interfaces.
Of course, firewall can also be used.

++ How does one restrict the size of the message body of an HTTP request in Apache?
Set in httpd. conf:
Limitrequestbody n
N is an integer in bytes.
CGI scripts generally submit the content in the form as the message body to the server for processing. Therefore, the size of the message body is useful when CGI is used. For example, if you use CGI to upload files, set the following parameters:
Limitrequestbody 102400
If the number of uploaded files exceeds kb, an error is returned.

++ How to modify the Apache document root directory
Modify the DocumentRoot option in httpd. conf to the specified directory, for example:
DocumentRoot/www/htdocs
In this way, http: // localhost/index.html corresponds to/www/htdocs/index.html

++ How to modify the maximum number of connections of Apache
Set in httpd. conf:
Maxclients n
N is an integer that indicates the maximum number of connections. The value range is between 1 and 256. If you want Apache to support more connections, you need to modify httpd in the source code. h file, change the defined hard_server_limit value to a large value, and then compile.

++ how to make each user have an independent cgi-bin directory
there are two options:
(1) add the following attributes after public_html settings in the Apache configuration file:
scriptaliasmatch ^ /~ ([^/] *)/Cgi-bin /(. *)/home/$1/cgi-bin/$2
(2) Add the following attributes to the public_html settings in the Apache configuration file:

options execcgi
sethandler CGI-script

++ How to adjust the maximum number of Apache Processes
The maximum number of processes allowed for requests in Apache is 256, and the maximum number of processes allowed by maxclients is 256. If there are more users, you can only see waiting
Reply .... Wait until the next available process appears. The maximum number is Apache'sProgramIt is decided-its NT Version can have 1024, but the unix version only has 256. You can see in src/include/httpd. h:
# Ifndef hard_server_limit
# Ifdef Win32
# Define hard_server_limit 1024
# Else
# Define hard_server_limit 256
# Endif
# Endif
You can tune it to 1024 and then compile your system.

++ How to shield users from an Internet address from accessing the Apache server
You can use deny and allow to restrict access. For example, to prohibit access from users in the 202.202.202.xx network:
<Directory/www/htdocs>
Order deny, allow
Deny from 202.202.202.0/24
</Directory>

++ How to record Apache browser and reference information in logs
You need to compile mod_log_config to your Apache server, and then use the following configuration similar to the following:
Customlog logs/access_log "% H % L % u % t" % R "% S % B" % {Referer} I"
"% {User-Agent} I ""

++ How to modify the header information returned by Apache
Problem Analysis: when the client is connected to the Apache server, Apache generally returns the server version, non-default module, and other information, such:
Server: Apache/1.3.26 (UNIX) mod_perl/1.26.
Solution:
You can make the following settings in the Apache configuration file to minimize the server information it returns:
ServerTokens Prod
Note:
After this configuration, Apache will return certain server information, such:
Server: Apache
However, this does not affect server security too much, because many scanning software does not check the header information returned by your server when scanning. If you want to change the information returned by the server:
Server: it is a none-Apache server
Then you have to modify the source code.

++ Generates logs but does not include images.
Logformat "% H % L % u % t \" % R \ "%>; S % B \ "% {Referer} I \" % {User-Agent} I \ "" combined
Setenvif request_uri \. gif $ GIF-Image
Setenvif request_uri \. gif $ GIF-Image
Setenvif request_uri \. jpg $ GIF-Image
Setenvif request_uri \. jpg $ GIF-Image
Setenvif request_uri \. PNG $ GIF-Image
Setenvif request_uri \. SWF $ GIF-Image
Setenvif request_uri \. SWF $ GIF-Image
Setenvif request_uri \. CSS $ GIF-Image
Setenvif request_uri \. CSS $ GIF-Image
Setenvif request_uri \. js $ GIF-Image
Setenvif request_uri \. js $ GIF-Image
Setenvif request_uri \. ICO $ GIF-Image
<Virtualhost 12.34.56.78: 80>;
Serveradmin webmaster@abc.net
DocumentRoot/DB/htdocs/WWW
Servername www.abc.net
Customlog "|/usr/local/cronolog/sbin/cronolog/DB/logs/www. % Y-% m-% d. Log" combined Env =! GIF-Image
# Use cronolog to capture Apache log files generated by date stored in/DB/logs/, excluding Images
</Virtualhost>;

Another method:
<Filesmatch "\. (ICO | GIF | JPG | SWF)">
Setenv imag 1
</Filesmatch>
Customlog logs/access_log combined Env =! Imag

+ First, deny anyone and then allow access from a specific host.
Order deny, allow
Deny from all
Allow from dev.example.com

++ Rewrite the/XYZ/old.html request to a physical file/website/test1/ABC/new.html
1). the 'Alias/XYZ/website/test1/abc' command is available in httpd. conf.
2) create a. htaccess file under/website/test1/ABC/. The content is as follows:
Rewriteengine on
Rewritebase/XYZ
Rewriterule ^ old \. html $ new.html
3). To enable. htaccess, you must configure it in httpd. conf.
<Directory/website/test1/ABC>
AllowOverride all
</Directory>
# Note: The rewritebase command explicitly sets the baseline URL for directory-level rewriting.

++ determines what webpage files are returned Based on the browser type
rewriteengine on
rewritecond % {http_user_agent} ^ Mozilla. *
rewriterule ^/$/homepage.max.html [l]
# others and so on

++ rewrite other
rewriteengine on
rewriteloglevel 3 # a high value may cause a sharp decrease in Apache speed! The value of level for re-writing logs is only used for debugging!
rewritelog "/usr/local/var/Apache/logs/rewrite. log "# Write log
rewriterule ^/$/film/index.shtml [R, l] # redirect the home page to another file
rewriterule ^/$/film/index.shtml [P, L] # redirect the home page to another file, at the same time, do not change the URL address name

++ closing the last line of the error document will contain the server name, Apache version, and other information

serversignature off # The default value is on, you can also change it to serversignature email, which will display the Administrator's email address

++ Maps the URLs starting with/puppy and/puppies to the/www/docs/small_dogs directory.
Aliasmatch ^/pupp (Y | ies)/www/docs/small_dogs

++ The Redirect command redirects a specific URL to another server.
Redirect [Keywords]/example http://www.otherserver.com/new/location
Keywords:
Temp-temporary redirection, returns the 302 status response, and the client will record the URL used by the original request
Permanent-permanent redirection, returns 301 response, the client will remember the new URL
Gone-tells the user that the URL has been removed and will not return. This keyword does not need to be followed by the new URL parameter and returns to the 410 status.
Seeother-the old client URL has been discarded, but the file content has been replaced by the content of the new file to return to the 303 status.

++ Redirects multiple URLs to the same location
Redirectmatch ^/[ff] ISH (ing )? Http://fis.example.com

++ Accept case-insensitive URLs
Checkspelling on # mod_speling module support

++ Change all string1 in the request URL to string2

Rewritecond % {request_uri} "string1 ″
Rewriterule "(. *) string1 (. *)" "$1string2 $2" [N, pt]
# [N] Mark the rules that allow Apache to repeatedly execute rewriting until the rewritecond condition is invalid.

++ Manually install a module (rewrite is used as an example)
/Usr/local/Apache/bin/apxs-C mod_rewrite.c # apxs should specify the absolute path
/Usr/local/Apache/bin/apxs-I-a-n mod_rewrite mod_rewrite.la

# Editing the httpd. conf file
Loadmodule rewrite_module modules/mod_rewrite.so

++ example of a virtual host
namevirtualhost *: 80

serveradmin webmaster@zhangjianfeng.com
servername blog.zhangjianfeng.com
serveralias web1.zhangjianfeng.com
DocumentRoot"/web/web1/"
errorlog/logs/Apache/webjavaserror_log> customlog/logs/Apache/webjavaslog combined
rewriteengine on
# rewriteloglevel 1
# rewritelog "/logs/Apache/rewrite. log "
# rewriterule \. (exe | RAR) $ http://downloads.zhangjianfeng.com/data/#1 [R]

++ ServerTokens command
ServerTokens major | minor | Min [imal] | prod [uctonly] | OS | Full
ServerTokens prod [uctonly] the server will send (for example): SERVER: apache
ServerTokens major server will send (for example): SERVER: Apache/2
ServerTokens minor server will send (for example): Server: apache/2.0
ServerTokens Min [imal] the server will send (for example): SERVER: Apache/2.0.41
ServerTokens OS server will send (for example): Server: apache/2.0.41 (UNIX)
ServerTokens full (or unspecified) server will send (for example): SERVER: Apache/2.0.41 (UNIX) PHP/4.2.2 mymod/1.2

++ Others
<Files ~ "^ \. Ht">
Order allow, deny
Deny from all
</Files>
User Apache
Group Apache
ServeradminRoot@zhangjianfeng.com
Servername websrv1
UseCanonicalName off
Hostnamelookups off
Logformat "% H % L % u % t \" % R \ "%> S % B \" % {Referer} I \ "% {User-Agent} I \ "" combined
Customlog logs/access_log combined
Errorlog logs/error_log
Serversignature on | off | email
ServerTokens major | minor | Min [imal] | prod [uctonly] | OS | full

++ View the current connection protocol
Netstat-an | grep-I "80" | awk '{print $6}' | sort | uniq-c | sort-n

++ A simple implementation of Password Authentication
# Add the following content to httpd. conf
Alias/Test2 "/var/www/html/test"
<Directory "/var/www/html/test">
AllowOverride authconfig
Order deny, allow
Allow from all
</Directory>
# Create a verification file and the first verified user
# Htpasswd-C/etc/userfile user
# Vi/var/www/html/test/usergroup
Usergroup: User user1 user2 # related users use htpasswd to create
# Vi/var/www/html/test/. htaccess
Authname "blog.zhangjianfeng.com user_auth test"
Authtype basic
Authuserfile/etc/userfile
# The following two rows must be managed in groups.
# Authgroupfile/var/www/html/test/usergroup
# Require group usergroup
Require user

++ Manually get data (for testing, etc)
Telnet blog.zhangjianfeng.com 80
Escape Character is '^]'.
Getindex. php HTTP/1.1
Accept: text/plain, text/html, */*; q = 0.3
Accept-encoding: deflate
Host:Http://www.test.com: 8004/
If-None-Match: 418112890: 855172144000 ″
User-Agent: w3crobot/5.1 libwww/5.1
Connection: keep-alive

++ Retrieve the HTTP head
Curl-headHttp://blog.zhangjianfeng.com/

++ Configure mod_deflat compression output for Apache
Loadmodule deflate_module modules/mod_deflate.so
Loadmodule headers_module modules/mod_headers.so
<Ifmodule mod_deflate.c>
Deflatecompressionlevel 9
Setoutputfilter deflate
# Deflatefilternote input instream
# Deflatefilternote output outstream
# Deflatefilternote ratio Ratio
Logformat' "% R" % {outstream} n/% {instream} n (% {ratio} n %) 'deflate
Customlog logs/deflate_log.log deflate
</Ifmodule>
# Need more?Http://httpd.apache.org/docs/2.0/mod/mod_deflate.html

++ mod_proxy application, set request from www.zhangjianfeng.com/news to another host
loadmodule proxy_module modules/mod_proxy.so
proxypass/news http://news.zhangjianfeng.com/ # news.zhangjianfeng.com for another host

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.