| Table of Contents Previous | Next |
Apache Server Survival Guide |
The Apache server loads most of its configuration settings from a series of files at runtime when the server starts up. These files specify directives that control the behavior of the server. As you explore and exploit additional functionality of your server, you will be referring to the main configuration files for your changes.
Understanding the structure of the configuration files may help you find what you need more effectively. Although you could create a giant master configuration file, this usually doesn't work from a practical point of view because you'll spend a lot of time searching through a single, large file for what you need. Some of the configuration files are already several pages in length. If you were to combine them, it would only make searching a more complicated task.
Apache reads its configuration from several files located in the conf directory of your server root:
httpd.conf contains the main server configuration information. The basic behavior of the server is contained in this file, such as how it runs, UIDs it runs under, what port it listens to, performance issues, and information on how to find other configuration files.
srm.conf is the server's resource configuration file. The directives in this configuration file define the namespace that users can access on your server and the settings that affect how requests are serviced and formatted. The directives in this file control the location of the various resources that the server will access to retrieve information, such as DocumentRoot, the path to user's home pages, the location of the cgi-bin directory, the file the server looks for when the URL ends in a directory, the icons and format the server uses for displaying automatic directory listings, and so on. Directives in this file also map other areas of your UNIX file system into the server's document tree. This allows you to store resources, such as your cgi-bin directory, and make them available as if they were located within the directory specified by DocumentRoot.
access.conf is the server's global access-configuration file. This file defines the types of services that are allowed and under what circumstances. Careful configuration of this file is important because many security issues can be avoided if you do your configuration correctly. access.conf defines whether the server will handle server-side includes, execute CGI programs, follow symbolic links, or generate automatic indexes of directories when an index.html file is not found. Many aspects can be overridden by allowing use of per-directory access files (.htaccess files); however, this has a very adverse consequence on the performance of the server. If you can manage it, it is much better to handle all access-configuration issues in the global access-configuration file.
The mime.types file more than likely won't ever need configuration from you. This file maps MIME formats to file types that the server uses to know which files comply with which MIME standard. Remember that your browser always sends a header like
HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
that informs the server of the various types it is able to handle. This file provides the crucial mapping that allows your server to understand the content of a file from its extension.
It's hard to group directives into descriptive categories. The Apache approach has been to classify directives based on whether their functionality is part of the server core or added by optional modules.
Core directives are directives that are always available; the code and modules that incorporate core functionality are built in. This functionality is central to the operation of the Apache Web server.
Other directives is a broad category that includes everything else that is not part of the core. These directives enhance the server. Many of them are actually included in the default server configuration (also called the base) because they are incredibly useful. Directives that are part of the base build, are available for use without the need to recompile the server.
In addition to core and other directives, there are many other directives provided by optional modules. I call these specialized directives because they add specialized functionality that not all servers will need.
I find this broad classification not clear in terms of providing a good description of what is available right out of the box. I have further classified directives into subgroups (see Tables 8.1 and 8.2). I hope this will help portray the overall set of directives more clearly. Some directives may fit into one or more categories, but for clarity, I included them in only one category each.
| Directive | Type | Implemented In | Base |
| ErrorLog | Accounting | Core | |
| HostNameLookups | Accounting | Core | |
| PidFile | Accounting | Core | |
| TransferLog | Accounting | mod_log_common(mod_log_common) | Yes |
| ResourceConfig | Additional configuration files | Core | |
| AccessConfig | Additional configuration files | Core | |
| AccessFileName | Additional configuration files | Core | |
| TypesConfig | Additional configuration files | mod_mime | Yes |
| AddDescription | Automatic indexing | mod_dir | Yes |
| AddIcon | Automatic indexing | mod_dir | Yes |
| AddIconByEncoding | Automatic indexing | mod_dir | Yes |
| AddIconByType | Automatic indexing | mod_dir | Yes |
| DefaultIcon | Automatic indexing | mod_dir | Yes |
| FancyIndexing | Automatic indexing | mod_dir | Yes |
| HeaderName | Automatic indexing | mod_dir | Yes |
| IndexIgnore | Automatic indexing | mod_dir | Yes |
| IndexOptions | Automatic indexing | mod_dir | Yes |
| ReadmeName | Automatic indexing | mod_dir | Yes |
| DirectoryIndex | Automatic indexing | mod_dir | Yes |
| PassEnv | CGI | mod_env | Yes |
| SetEnv | CGI | mod_env | Yes |
| ErrorDocument | Error handling | Core | |
| ServerAdmin | Error handling | Core | |
| Action | MIME, language, or handler management | mod_actions | Yes |
| Script | MIME, language, or handler management | mod_actions | Yes |
| AddHandler | MIME, language, or handler management | mod_mime | Yes |
| SetHandler | MIME, language, or handler management | mod_mime | Yes |
| DefaultType | MIME, language, or handler management | Core | |
| AddEncoding | MIME, language, or handler management | mod_mime | Yes |
| AddLanguage | MIME, language, or handler management | mod_mime | Yes |
| AddType | MIME, language, or handler management | mod_mime | Yes |
| ForceType | MIME, language, or handler management | mod_mime | Yes |
| LanguagePriority | MIME, language, or handler management | mod_negotiation | Yes |
| XBitHack | MIME, language, or handler management | mod_include | Yes |
| CacheNegotiatedDocs | Proxy server/Cache management | mod_negotiation | Yes |
| ScriptAlias | Resource location | mod_alias | Yes |
| Alias | Resource location | mod_alias | Yes |
| Redirect | Resource location | mod_alias | Yes |
| UserDir | Resource location | mod_userdir | Yes |
| KeepAlive | Resource management | Core | |
| KeepAliveTimeout | Resource management | Core | |
| MaxClients | Resource management | Core | |
| MaxRequestsPerChild | Resource management | Core | |
| MaxSpareServers | Resource management | Core | |
| MinSpareServers | Resource management | Core | |
| StartServers | Resource management | Core | |
| TimeOut | Resource management | Core | |
| <Directory> | Security/Access control | Core | |
| <Limit> | Security/Access control | Core | |
| <Location> | Security/Access control | Core | |
| AllowOverride | Security/Access control | Core | |
| AuthName | Security/Access control | Core | |
| AuthType | Security/Access control | Core | |
| Options | Security/Access control | Core | |
| require | Security/Access control | Core | |
| IdentityCheck | Security/Access control | Core | |
| Group | Security/Access control | Core | |
| User | Security/Access control | Core | |
| allow | Security/Access control | mod_access | Yes |
| deny | Security/Access control | mod_access | Yes |
| order | Security/Access control | mod_access | Yes |
| AuthGroupFile | Security/Access control | mod_auth | Yes |
| AuthUserFile | Security/Access control | mod_auth | Yes |
| ImapBase | Server-side image map | mod_imap | Yes |
| ImapDefault | Server-side image map | mod_imap | Yes |
| ImapMenu | Server-side image map | mod_imap | Yes |
| BindAddress | Server I/O configuration | Core | |
| Listen | Server I/O configuration | Core | |
| Port | Server I/O configuration | Core | |
| <VirtualHost> | Server I/O configuration | Core | |
| ServerAlias | Server I/O configuration | Core | |
| ServerName | Server I/O configuration | Core | |
| ServerType | Server I/O configuration | Core | |
| ServerPath | Server I/O configuration | Core |
| Directive | Type | Implemented In |
| CookieLog | Accounting | mod_cookies |
| AgentLog | Accounting | mod_log_agent |
| LogFormat | Accounting | mod_log_config |
| TransferLog | Accounting | mod_log_config |
| RefererIgnore | Accounting | mod_log_referer |
| RefererLog | Accounting | mod_log_referer |
| LoadFile | External module loading | mod_dld |
| LoadModule | External module loading | mod_dld |
| MetaDir | Meta header | mod_cern_meta |
| MetaSuffix | Meta header | mod_cern_meta |
| CacheDefaultExpire | Proxy server/Cache management | mod_proxy |
| CacheGcInterval | Proxy server/Cache management | mod_proxy |
| CacheLastModified | Proxy server/Cache management | mod_proxy |
| CacheMaxExpire | Proxy server/Cache management | mod_proxy |
| CacheRoot | Proxy server/Cache management | mod_proxy |
| CacheSize | Proxy server/Cache management | mod_proxy |
| NoCache | Proxy server/Cache management | mod_proxy |
| ProxyPass | Proxy server/Cache management | mod_proxy |
| ProxyRemote | Proxy server/Cache management | mod_proxy |
| ProxyRequests | Proxy server/Cache management | mod_proxy |
| Anonymous | Security/Access control | mod_auth_anon |
| Anonymous Authorative | Security/Access control | mod_auth_anon |
| Anonymous LogEmail | Security/Access control | mod_auth_anon |
| Anonymous VerifyEmail | Security/Access control | mod_auth_anon |
| AuthDBGroupFile | Security/Access control | mod_auth_db |
| AuthDBUserFile | Security/Access control | mod_auth_db |
| AuthDBMGroupFile | Security/Access control | mod_auth_dbm |
| AuthDBMUserFile | Security/Access control | mod_auth_dbm |
| Auth_MSQL_Authorative | Security/Access control | mod_auth_msql |
| Auth_MSQL_EncryptedPasswords | Security/Access control | mod_auth_msql |
| Auth_MSQLdatabase | Security/Access control | mod_auth_msql |
| Auth_MSQLgrp_field | Security/Access control | mod_auth_msql |
| Auth_MSQLgrp_table | Security/Access control | mod_auth_msql |
| Auth_MSQLhost | Security/Access control | mod_auth_msql |
| Auth_MSQLnopasswd | Security/Access control | mod_auth_msql |
| Auth_MSQLpwd_field | Security/Access control | mod_auth_msql |
| Auth_MSQLpwd_table | Security/Access control | mod_auth_msql |
| Auth_MSQLuid_field | Security/Access control | mod_auth_msql |
| AuthDigestFile | Security/Access control | mod_digest |
As you can see, Apache is well equipped right from a basic configuration, and the specialized directives add a myriad of features. These additional modules enhance existing functionality by providing additional ways to perform a function, such as user authentication, or add completely new server features. Some modules such as mod_proxy implement a totally different kind of server, a proxy server.
Directives can be subclassified as
These directives set the location of log files where Apache will record data about the server operation, such as server access information.
The server will look for additional configuration information in the files specified by these directives. The server has compiled in defaults settings for these directives so if a directive is not overridden, the server will attempt to read additional configuration information from the compiled-in defaults.
These directives control what gets returned when a request is for a directory: http://localhost/directory/. First, the server will try to return an user-generated index file in directory that matches the DirectoryIndex file specification. If a user-generated index is not found, the server will automatically create an index file. Typical automatic indexes look like directory listings, but they can be quite fancy and graphical. Listings can associate an icon and description based on the file type or name and incorporate headers and readme information.
Apache can be configured to provide informational error messages. It provides a directive that lets you customize what gets returned when an error is generated for a request.
These directives allow you to map a file extension into a MIME type. Some of the MIME types are processed by a program prior to returning data to the server. Programs that perform this processing are called handlers. For example, CGI programs that live in a cgi-bin directory or have a .cgi extension are processed by the mod_cgi module. The server passes execution to a handler program that knows how to deal with the special file type or condition.
These directives help the server find files. They define places where you can put CGI programs, or where documents you publish on the Web live.
Resource-management directives control issues that affect the performance of the server. Default settings for many of these directives should not be changed unless there's a good reason for it, and you understand what you are doing. Apache manages many of its resources dynamically. Arbitrarily modifying these default settings can adversely affect the performance of the server.
Directives of this kind affect the security of your site in one way or another. They set the UID and GUI the server runs as, control who has access to what resources, and implement access control and user-validation measures. The <Directory>, <Limit>, and <Location> sections allow you to group a series of settings on a directory or URL basis.
These directives control the IP and the port the server listens to for requests, as well as some other basic (and not-so-basic) things regarding the normal operation of the server.
Apache has a built-in module to handle server-side image maps. Traditionally, image maps have been implemented with CGI programs. Incorporating image map handling into the server core provides a significant enhancement in performance. This functionality is really a subcategory of the MIME, language management, or handler management directives, but its functionality is distinct enough to merit its own category.
Starting with Apache 1.1, Apache is able to function as a caching proxy server. This allows the server to make transactions on behalf of a browser and store the results in a cache. Future requests to the same URL by a different user in the network are satisfied from the cache, reducing the load of the network. These directives control the cache management: how long files will be cached, and how big the cache can grow.
The next two chapters will explain with great detail all the directives available in Apache. When searching for a directive, you may want to reference the tables in this chapter because the next two chapters organize directives alphabetically and by module for ease of reference.