Apache Server Survival Guide asg08.htm

Apache Configuration Files
Organization of the Configuration Directives
Summary

8

Apache Configuration Overview

The Apache server loads most of its configuration settings from a series of files at runtime when the server starts up. These files specify directives that control the behavior of the server. As you explore and exploit additional functionality of your server, you will be referring to the main configuration files for your changes.

Understanding the structure of the configuration files may help you find what you need more effectively. Although you could create a giant master configuration file, this usually doesn't work from a practical point of view because you'll spend a lot of time searching through a single, large file for what you need. Some of the configuration files are already several pages in length. If you were to combine them, it would only make searching a more complicated task.

Apache Configuration Files

Apache reads its configuration from several files located in the conf directory of your server root:

httpd.conf
srm.conf
access.conf
mime.types

httpd.conf

httpd.conf contains the main server configuration information. The basic behavior of the server is contained in this file, such as how it runs, UIDs it runs under, what port it listens to, performance issues, and information on how to find other configuration files.

srm.conf

srm.conf is the server's resource configuration file. The directives in this configuration file define the namespace that users can access on your server and the settings that affect how requests are serviced and formatted. The directives in this file control the location of the various resources that the server will access to retrieve information, such as DocumentRoot, the path to user's home pages, the location of the cgi-bin directory, the file the server looks for when the URL ends in a directory, the icons and format the server uses for displaying automatic directory listings, and so on. Directives in this file also map other areas of your UNIX file system into the server's document tree. This allows you to store resources, such as your cgi-bin directory, and make them available as if they were located within the directory specified by DocumentRoot.

access.conf

access.conf is the server's global access-configuration file. This file defines the types of services that are allowed and under what circumstances. Careful configuration of this file is important because many security issues can be avoided if you do your configuration correctly. access.conf defines whether the server will handle server-side includes, execute CGI programs, follow symbolic links, or generate automatic indexes of directories when an index.html file is not found. Many aspects can be overridden by allowing use of per-directory access files (.htaccess files); however, this has a very adverse consequence on the performance of the server. If you can manage it, it is much better to handle all access-configuration issues in the global access-configuration file.

mime.types

The mime.types file more than likely won't ever need configuration from you. This file maps MIME formats to file types that the server uses to know which files comply with which MIME standard. Remember that your browser always sends a header like


HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

that informs the server of the various types it is able to handle. This file provides the crucial mapping that allows your server to understand the content of a file from its extension.

Organization of the Configuration Directives

It's hard to group directives into descriptive categories. The Apache approach has been to classify directives based on whether their functionality is part of the server core or added by optional modules.

Core directives are directives that are always available; the code and modules that incorporate core functionality are built in. This functionality is central to the operation of the Apache Web server.

Other directives is a broad category that includes everything else that is not part of the core. These directives enhance the server. Many of them are actually included in the default server configuration (also called the base) because they are incredibly useful. Directives that are part of the base build, are available for use without the need to recompile the server.

In addition to core and other directives, there are many other directives provided by optional modules. I call these specialized directives because they add specialized functionality that not all servers will need.

I find this broad classification not clear in terms of providing a good description of what is available right out of the box. I have further classified directives into subgroups (see Tables 8.1 and 8.2). I hope this will help portray the overall set of directives more clearly. Some directives may fit into one or more categories, but for clarity, I included them in only one category each.

Table 8.1. Apache core and base directives.

Directive	Type	Implemented In	Base
ErrorLog	Accounting	Core
HostNameLookups	Accounting	Core
PidFile	Accounting	Core
TransferLog	Accounting	mod_log_common(mod_log_common)	Yes
ResourceConfig	Additional configuration files	Core
AccessConfig	Additional configuration files	Core
AccessFileName	Additional configuration files	Core
TypesConfig	Additional configuration files	mod_mime	Yes
AddDescription	Automatic indexing	mod_dir	Yes
AddIcon	Automatic indexing	mod_dir	Yes
AddIconByEncoding	Automatic indexing	mod_dir	Yes
AddIconByType	Automatic indexing	mod_dir	Yes
DefaultIcon	Automatic indexing	mod_dir	Yes
FancyIndexing	Automatic indexing	mod_dir	Yes
HeaderName	Automatic indexing	mod_dir	Yes
IndexIgnore	Automatic indexing	mod_dir	Yes
IndexOptions	Automatic indexing	mod_dir	Yes
ReadmeName	Automatic indexing	mod_dir	Yes
DirectoryIndex	Automatic indexing	mod_dir	Yes
PassEnv	CGI	mod_env	Yes
SetEnv	CGI	mod_env	Yes
ErrorDocument	Error handling	Core
ServerAdmin	Error handling	Core
Action	MIME, language, or handler management	mod_actions	Yes
Script	MIME, language, or handler management	mod_actions	Yes
AddHandler	MIME, language, or handler management	mod_mime	Yes
SetHandler	MIME, language, or handler management	mod_mime	Yes
DefaultType	MIME, language, or handler management	Core
AddEncoding	MIME, language, or handler management	mod_mime	Yes
AddLanguage	MIME, language, or handler management	mod_mime	Yes
AddType	MIME, language, or handler management	mod_mime	Yes
ForceType	MIME, language, or handler management	mod_mime	Yes
LanguagePriority	MIME, language, or handler management	mod_negotiation	Yes
XBitHack	MIME, language, or handler management	mod_include	Yes
CacheNegotiatedDocs	Proxy server/Cache management	mod_negotiation	Yes
ScriptAlias	Resource location	mod_alias	Yes
Alias	Resource location	mod_alias	Yes
Redirect	Resource location	mod_alias	Yes
UserDir	Resource location	mod_userdir	Yes
KeepAlive	Resource management	Core
KeepAliveTimeout	Resource management	Core
MaxClients	Resource management	Core
MaxRequestsPerChild	Resource management	Core
MaxSpareServers	Resource management	Core
MinSpareServers	Resource management	Core
StartServers	Resource management	Core
TimeOut	Resource management	Core
<Directory>	Security/Access control	Core
<Limit>	Security/Access control	Core
<Location>	Security/Access control	Core
AllowOverride	Security/Access control	Core
AuthName	Security/Access control	Core
AuthType	Security/Access control	Core
Options	Security/Access control	Core
require	Security/Access control	Core
IdentityCheck	Security/Access control	Core
Group	Security/Access control	Core
User	Security/Access control	Core
allow	Security/Access control	mod_access	Yes
deny	Security/Access control	mod_access	Yes
order	Security/Access control	mod_access	Yes
AuthGroupFile	Security/Access control	mod_auth	Yes
AuthUserFile	Security/Access control	mod_auth	Yes
ImapBase	Server-side image map	mod_imap	Yes
ImapDefault	Server-side image map	mod_imap	Yes
ImapMenu	Server-side image map	mod_imap	Yes
BindAddress	Server I/O configuration	Core
Listen	Server I/O configuration	Core
Port	Server I/O configuration	Core
<VirtualHost>	Server I/O configuration	Core
ServerAlias	Server I/O configuration	Core
ServerName	Server I/O configuration	Core
ServerType	Server I/O configuration	Core
ServerPath	Server I/O configuration	Core

Table 8.2. Apache specialized directives.

Directive	Type	Implemented In
CookieLog	Accounting	mod_cookies
AgentLog	Accounting	mod_log_agent
LogFormat	Accounting	mod_log_config
TransferLog	Accounting	mod_log_config
RefererIgnore	Accounting	mod_log_referer
RefererLog	Accounting	mod_log_referer
LoadFile	External module loading	mod_dld
LoadModule	External module loading	mod_dld
MetaDir	Meta header	mod_cern_meta
MetaSuffix	Meta header	mod_cern_meta
CacheDefaultExpire	Proxy server/Cache management	mod_proxy
CacheGcInterval	Proxy server/Cache management	mod_proxy
CacheLastModified	Proxy server/Cache management	mod_proxy
CacheMaxExpire	Proxy server/Cache management	mod_proxy
CacheRoot	Proxy server/Cache management	mod_proxy
CacheSize	Proxy server/Cache management	mod_proxy
NoCache	Proxy server/Cache management	mod_proxy
ProxyPass	Proxy server/Cache management	mod_proxy
ProxyRemote	Proxy server/Cache management	mod_proxy
ProxyRequests	Proxy server/Cache management	mod_proxy
Anonymous	Security/Access control	mod_auth_anon
Anonymous Authorative	Security/Access control	mod_auth_anon
Anonymous LogEmail	Security/Access control	mod_auth_anon
Anonymous VerifyEmail	Security/Access control	mod_auth_anon
AuthDBGroupFile	Security/Access control	mod_auth_db
AuthDBUserFile	Security/Access control	mod_auth_db
AuthDBMGroupFile	Security/Access control	mod_auth_dbm
AuthDBMUserFile	Security/Access control	mod_auth_dbm
Auth_MSQL_Authorative	Security/Access control	mod_auth_msql
Auth_MSQL_EncryptedPasswords	Security/Access control	mod_auth_msql
Auth_MSQLdatabase	Security/Access control	mod_auth_msql
Auth_MSQLgrp_field	Security/Access control	mod_auth_msql
Auth_MSQLgrp_table	Security/Access control	mod_auth_msql
Auth_MSQLhost	Security/Access control	mod_auth_msql
Auth_MSQLnopasswd	Security/Access control	mod_auth_msql
Auth_MSQLpwd_field	Security/Access control	mod_auth_msql
Auth_MSQLpwd_table	Security/Access control	mod_auth_msql
Auth_MSQLuid_field	Security/Access control	mod_auth_msql
AuthDigestFile	Security/Access control	mod_digest

As you can see, Apache is well equipped right from a basic configuration, and the specialized directives add a myriad of features. These additional modules enhance existing functionality by providing additional ways to perform a function, such as user authentication, or add completely new server features. Some modules such as mod_proxy implement a totally different kind of server, a proxy server.

Directives can be subclassified as

Accounting directives
Additional configuration file directives
Automatic indexing directives
Error-handling directives
MIME type, language, and handler directives
Resource-location directives
Resource-management directives
Security and access-control directives
Server I/O configuration directives
Server-side image map directives
Proxy server and cache-management directives

Accounting Directives

These directives set the location of log files where Apache will record data about the server operation, such as server access information.

Additional Configuration File Directives

The server will look for additional configuration information in the files specified by these directives. The server has compiled in defaults settings for these directives so if a directive is not overridden, the server will attempt to read additional configuration information from the compiled-in defaults.

Automatic Indexing Directives

These directives control what gets returned when a request is for a directory: http://localhost/directory/. First, the server will try to return an user-generated index file in directory that matches the DirectoryIndex file specification. If a user-generated index is not found, the server will automatically create an index file. Typical automatic indexes look like directory listings, but they can be quite fancy and graphical. Listings can associate an icon and description based on the file type or name and incorporate headers and readme information.

Error-Handling Directives

Apache can be configured to provide informational error messages. It provides a directive that lets you customize what gets returned when an error is generated for a request.

MIME, Language-Management, or Handler-Management Directives

These directives allow you to map a file extension into a MIME type. Some of the MIME types are processed by a program prior to returning data to the server. Programs that perform this processing are called handlers. For example, CGI programs that live in a cgi-bin directory or have a .cgi extension are processed by the mod_cgi module. The server passes execution to a handler program that knows how to deal with the special file type or condition.

Resource Location Directives

These directives help the server find files. They define places where you can put CGI programs, or where documents you publish on the Web live.

Resource-Management Directives

Resource-management directives control issues that affect the performance of the server. Default settings for many of these directives should not be changed unless there's a good reason for it, and you understand what you are doing. Apache manages many of its resources dynamically. Arbitrarily modifying these default settings can adversely affect the performance of the server.

Security and Access-Control Directives

Directives of this kind affect the security of your site in one way or another. They set the UID and GUI the server runs as, control who has access to what resources, and implement access control and user-validation measures. The <Directory>, <Limit>, and <Location> sections allow you to group a series of settings on a directory or URL basis.

Server I/O Configuration Directives

These directives control the IP and the port the server listens to for requests, as well as some other basic (and not-so-basic) things regarding the normal operation of the server.

Server-Side Image Map Directives

Apache has a built-in module to handle server-side image maps. Traditionally, image maps have been implemented with CGI programs. Incorporating image map handling into the server core provides a significant enhancement in performance. This functionality is really a subcategory of the MIME, language management, or handler management directives, but its functionality is distinct enough to merit its own category.

Proxy Server and Cache-Management Directives

Starting with Apache 1.1, Apache is able to function as a caching proxy server. This allows the server to make transactions on behalf of a browser and store the results in a cache. Future requests to the same URL by a different user in the network are satisfied from the cache, reducing the load of the network. These directives control the cache management: how long files will be cached, and how big the cache can grow.

Summary

The next two chapters will explain with great detail all the directives available in Apache. When searching for a directive, you may want to reference the tables in this chapter because the next two chapters organize directives alphabetically and by module for ease of reference.

Page Top Next Page