2.2 httpsd.conf
httpsd.conf sets up the operating environment of the web server.
Description
httpsd.conf defines the operating environment of the web server by the multiple directives. The system administrator manages these directives.
The definitions and directives that can be specified in the file are as follows:
Setting details |
Directive name |
Can be specified multiple times |
---|---|---|
Definition of a block within the httpsd.conf file |
<Directory> |
Y |
<DirectoryMatch> |
Y |
|
<Files> |
Y |
|
<FilesMatch> |
Y |
|
<IfModule> |
Y |
|
<Limit> |
Y |
|
<Location> |
Y |
|
<LocationMatch> |
Y |
|
<Proxy> |
Y |
|
<VirtualHost> |
Y |
|
Basic definition of the server |
ServerName#1, #2 |
N |
User#1, #2 |
N |
|
Group#1, #2 |
N |
|
ServerAdmin |
N |
|
ServerRoot |
N |
|
ServerSignature |
N |
|
Listen |
Y |
|
LoadModule |
Y |
|
LoadFile |
Y |
|
Include |
Y |
|
ExtendedStatus |
N |
|
ServerTokens |
N |
|
CoreDumpDirectory |
N |
|
FileETag |
Y |
|
Definition for managing content |
UserDir |
Y |
DocumentRoot |
N |
|
ErrorDocument |
Y |
|
Definition of requests from the web browser (Alias) |
Alias |
Y |
AliasMatch |
Y |
|
Redirect |
Y |
|
RedirectMatch |
Y |
|
Definition of the MIME type |
TypesConfig |
N |
AddCharset |
Y |
|
AddDefaultCharset |
N |
|
AddType |
Y |
|
ForceType |
N |
|
Definition of the content negotiation |
LanguagePriority |
Y |
AddEncoding |
Y |
|
AddLanguage |
Y |
|
DefaultLanguage |
N |
|
CacheNegotiatedDocs |
N |
|
MultiviewsMatch |
N |
|
Definition of the handler |
AddHandler |
Y |
SetHandler |
N |
|
Definition of the web server performance |
StartServers |
N |
MinSpareServers |
N |
|
MaxSpareServers |
N |
|
MaxRequestWorkers |
N |
|
MaxConnectionsPerChild |
N |
|
Timeout |
N |
|
RequestReadTimeout |
N |
|
ListenBacklog |
N |
|
HWSKeepStartServers |
N |
|
SendBufferSize |
N |
|
Definition of KeepAlive |
KeepAlive |
N |
MaxKeepAliveRequests |
N |
|
KeepAliveTimeout |
N |
|
Definition of limiting requests |
LimitRequestBody |
N |
LimitRequestFields |
N |
|
LimitRequestFieldsize |
N |
|
LimitRequestLine |
N |
|
Definition of CGI and environment variables |
ScriptAlias |
Y |
ScriptAliasMatch |
Y |
|
UseCanonicalName |
N |
|
BrowserMatch |
Y |
|
BrowserMatchNoCase |
Y |
|
PassEnv |
Y |
|
SetEnv |
Y |
|
UnsetEnv |
Y |
|
SetEnvIf |
Y |
|
SetEnvIfNoCase |
Y |
|
Action |
Y |
|
Script |
Y |
|
HWSSetEnvIfIPv6 |
Y |
|
Definition of the displayed content of the directory index |
DirectoryIndex |
N |
AddIconByEncoding |
Y |
|
AddIconByType |
Y |
|
AddIcon |
Y |
|
DefaultIcon |
N |
|
ReadmeName |
N |
|
HeaderName |
N |
|
IndexIgnore |
Y |
|
IndexOrderDefault |
N |
|
AddAltByEncoding |
Y |
|
AddAltByType |
Y |
|
AddAlt |
Y |
|
AddDescription |
Y |
|
IndexOptions |
Y |
|
Definition of access controls for the web browser |
AccessFileName |
N |
AllowOverride |
N |
|
AuthName |
N |
|
AuthType |
N |
|
AuthGroupFile |
N |
|
AuthUserFile |
N |
|
AuthBasicAuthoritative |
N |
|
Require |
Y |
|
Options |
N |
|
Order |
N |
|
Allow from |
Y |
|
Deny from |
Y |
|
Satisfy |
N |
|
TraceEnable |
N |
|
IdentityCheck |
N |
|
Definition of encryption and authentication by SSL |
SSLRequireSSL |
N |
SSLEnable |
N |
|
SSLDisable#1 |
N |
|
SSLCertificateFile#2 |
N |
|
SSLCertificateKeyFile#2 |
N |
|
SSLCACertificatePath |
N |
|
SSLCACertificateFile |
N |
|
SSLVerifyClient |
N |
|
SSLVerifyDepth |
N |
|
SSLRequiredCiphers |
N |
|
SSLRequireCipher |
Y |
|
SSLBanCipher |
Y |
|
SSLDenySSL |
N |
|
SSLFakeBasicAuth |
N |
|
SSLCacheServerPort |
N |
|
SSLSessionCacheTimeout |
N |
|
SSLCacheServerPath |
N |
|
SSLCacheServerRunDir |
N |
|
SSLSessionCacheSize |
N |
|
SSLSessionCacheSizePerChild |
N |
|
SSLCRLAuthoritative |
N |
|
SSLCRLDERPath |
N |
|
SSLCRLPEMPath |
N |
|
SSLExportCertChainDepth |
N |
|
SSLExportClientCertificates |
N |
|
SSLCertificateKeyPassword |
N |
|
SSLProtocol |
N |
|
Definition for showing the web server information to multiple hosts according to the operation mode |
ServerAlias |
Y |
ServerPath |
N |
|
Definition of image map files |
ImapDefault |
N |
ImapBase |
N |
|
ImapMenu |
N |
|
HWSImapMenuCharset |
N |
|
Definition of the logs to be collected |
HostnameLookups |
N |
ErrorLog |
N |
|
LogLevel |
N |
|
LogFormat |
Y |
|
CustomLog |
Y |
|
TransferLog |
Y |
|
PidFile |
N |
|
ScriptLog |
N |
|
ScriptLogBuffer |
N |
|
ScriptLogLength |
N |
|
HWSLogSSLVerbose |
N |
|
HWSLogTimeVerbose |
N |
|
HWSRequestLog |
N |
|
HWSRequestLogType |
N |
|
HWSSuppressModuleTrace |
Y |
|
HWSErrorLogClientAddr |
N |
|
Definition of the traces to be collected |
HWSTraceIdFile |
N |
HWSTraceLogFile |
N |
|
HWSPrfId |
N |
|
Definition of the reverse proxy |
ProxyPass |
Y |
ProxyPassReverse |
Y |
|
ProxyVia |
N |
|
ProxyErrorOverride |
N |
|
ProxyPreserveHost |
N |
|
ProxyTimeout |
N |
|
HWSProxyPassReverseCookie |
Y |
|
BalancerMember |
Y |
|
Definition of the flow restriction functionality |
QOSCookieDomain |
N |
QOSCookieExpires |
N |
|
QOSCookieName |
Y |
|
QOSCookieSecure |
N |
|
QOSCookieServers |
N |
|
QOSRedirect |
Y |
|
QOSRejectionServers |
N |
|
QOSResponse |
N |
|
Definition of the header customization functionality |
Header |
Y |
RequestHeader |
Y |
|
Definition of the expiration date setting functionality |
ExpiresActive |
N |
ExpiresByType |
Y |
|
ExpiresDefault |
N |
|
Definition of planned termination |
HWSGracefulStopLog |
N |
HWSGracefulStopTimeout |
N |
- (Legend)
-
Y: Can be specified multiple times
N: Cannot be specified multiple times
- #1
-
This directive requires a minimum value set in order to activate the web server (when not using SSL).
- #2
-
This directive requires a minimum value set in order to activate the web server (when using SSL).
Some directives have restrictions on the locations where they can be written. The locations where each directive can be specified are indicated in "Locations where it can be written". In addition, when you want to allow directives to be overwritten, you must define the overwrite permission level in the AllowOverride directive. The overwrite permission level for each directive is indicated in "Overwrite permissions".
The following shows the content described in "Locations where it can be written" and "Overwrite permissions" for each directive:
- Content described in "Locations where it can be written":
-
The location where each directive can be specified is given in the following format:
Specifiable locations
Description
httpsd.conf
The httpsd.conf file, except for the VirtualHost block and the Directory block
<VirtualHost>
The VirtualHost block in the httpsd.conf file
<Directory>
The Directory block, Location block, and Files block in the httpsd.conf file
.htaccess
The access control file specified in the AccessFileName directive
<Location>
The Location block in the httpsd.conf file
In addition, the directives are referenced in the following order:
-
The httpsd.conf file, except for the VirtualHost block and the Directory block
-
The VirtualHost block in the httpsd.conf file
-
The Directory block in the httpsd.conf file
-
The access control file
-
The Files block in the httpsd.conf file
-
The Location block in the httpsd.conf file
Depending on the definition (the overwrite permission level) of the AllowOverride directive in the Directory block, the directive defined in the access control file can be enabled or disabled.
-
- Content described in "Overwrite permissions":
-
When you want the AllowOverride directive to allow overwrites, define the permission level.
The details of the permission levels are as follows:
-
AuthConfig level
Allow directives related to the access controls to the server to be overwritten. The directives that are related to the access control to the server are the AuthGroupFile, AuthName, AuthType, AuthUserFile, and Require directives.
-
FileInfo level
Allow directives related to file information (such as content management, MIME type, and encryption) to be overwritten. The directives that are related to file information are the AddType, AddEncoding, and AddLanguage directives.
-
Indexes level
Allow directives related to the directory index to be overwritten. The directives that are related to the directive index are the FancyIndexing, AddIcon, and AddDescription directives.
-
Limit level
Allow directives for access controls that use the host name or an IP address to be overwritten. The directives that are related to access controls that use the host name or an IP address are the Allow from, Deny from, and Order directives.
-
Options level
Allow the Options directive to be overwritten.
-
All level
Allow all overwrites.
-
None level
Prohibit all overwrites.
Note that when the description in each directive indicates that .htaccess is specifiable but the overwrite permission is not given, the permission level will be All.
-
Syntax
The syntax of the directive is as follows.
- Regular expression:
-
The following are the regular expressions that can be used for defining the directive:
Code
Functionality
Usage example
Meaning of the usage example
.
Any single character
a...c
a is followed by any 3 characters, and then c. For example, abcdc matches this code.
*
The character right before this code is repeated zero or more times
ab*cd*
For example, ac, abbbbc, and abbbbcd match this code.
+
The character right before this code is repeated one or more times
ab*c+
For example, abbbc matches this code, but abbb does not.
?
Whether a character right before this code exists
abbbc?
For example, abbbc and abbb match this code.
|
A delimiter for options
a|bc|d
a, bc, or d
\
A special character (. ^$*+?|\[](){}) comes right after this code. However, \\\ is used to express \.
\.
For example, . matches this code.
\\\
For example, a single character \ matches this code.
^
The characters are at the beginning of the line
^ab
For example, abcde matches this code.
$
The characters are at the end of the line
abc$
For example, aaabc matches this code.
{m}
The regular expression right before this code is repeated m times
a{5}
For example, aaaaa matches this code.
{m,}
The regular expression right before this code is repeated m or more times
a{3,}
For example, aaa and aaaa match this code, but aa does not.
{m,n}
The regular expression right before this code is repeated m or more times, and n or less times
a{3,5}
For example, aaa, aaaa, and aaaaa match this code. aa and aaaaaa do not match this code.
[character_string]
The character is in the character string#
[abc]* or [a-c]*
For example, aaa, bbb, ccc, cba, and aab match this code.
[^character_string]
The character is not in the character string
[^0-9]
Any single character other than a numerical character matches this code.
(character_string)
The character string is grouped
(ab)+
For example, ababab matches this code, but ababb does not.
aa(xx|yy)bb
For example, aaxxbb, and aayybb match this code.
- #
-
The following three characters have special meanings in [character_string].
^: Specify this character after the opening square bracket ([) to indicate characters that are not included in the character string.
]: This character is used to indicate the end of the character string.
-: This character is used specify a range.
In addition, backslashes (\) used before these special characters are omitted.
To use characters that have special meanings in [character_string] as normal characters, specify the character as below. Note that special characters other than the following four characters are treated as normal characters.
^: Specify this character anywhere except at the beginning of the character string. Example: [ab^yz]
]: Specify this character at the beginning of the character string. Example: []abxy]
-: Specify this character at the end of the character string. Example: [abxy-]
\: Specify \\\. Example: [\\\abxy]
- Path information to be specified in the directive:
-
For directives that specify the directory name, file name, or path name, the path information that can be specified differs depending on the types of directives.
The following are the types of paths. The path information for each directive is explained in each directive.
-
Absolute path.
-
Relative path from the value specified in the ServerRoot directive (however, note that the ServerRoot directive must be specified in advance).
In addition, you cannot specify directories or files on the network in the path information. You cannot specify directories or files on the file system that uses the network either.
-
- Comment line:
-
In the configuration file, add a hash mark (#) to the beginning of the line to make a comment line. However, if you write a character string that begins with a hash mark after the directive is specified, the characters after the hash mark will not be treated as comments.
The following shows an example of specifying a comment line:
-
Correct example:
#Deny from all
The line beginning with the hash mark is treated as a comment line.
-
Incorrect example:
Deny from all #comment
The #comment part will be treated as a value specified for the directive. This will not be treated as a comment.
-
Storage location
/opt/hitachi/APServer/httpsd/conf/httpsd.conf
Example
The installation directory in the examples is /opt/hitachi/APServer/httpsd.
######################################################################### ## ## httpsd.conf - Hitachi Web Server configuration file ## ## All Rights Reserved. Copyright (C) 2000, 2014, Hitachi, Ltd. ######################################################################### Listen 80 StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxRequestWorkers 150 MaxConnectionsPerChild 10000 Timeout 60 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 3 HostnameLookups Off User nobody Group nogroup ServerRoot "/opt/hitachi/APServer/httpsd" ServerName www.example.com DocumentRoot "/opt/hitachi/APServer/httpsd/htdocs" #ScriptAlias /cgi-bin/ "/opt/hitachi/APServer/httpsd/cgi-bin/" DirectoryIndex index.html UseCanonicalName Off ServerSignature Off ServerTokens ProductOnly TraceEnable Off LogLevel info ErrorLog "|/opt/hitachi/APServer/httpsd/sbin/rotatelogs2 /opt/hitachi/APServer/httpsd/logs/error 8192 5" #ErrorLog logs/error_log HWSRequestLog "|/opt/hitachi/APServer/httpsd/sbin/rotatelogs /opt/hitachi/APServer/httpsd/logs/hwsrequest 86400 -fnum 8 -diff 540" #HWSRequestLog logs/hwsrequest_log LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%h %l %u %t \"%r\" %>s %b %P %{hws_ap_root}n %I %O %X %D \"%{Referer}i\" \"%{User-Agent}i\"" hws_trace LogFormat "%h %l %u %t \"%r\" %>s %b %T %P %{hws_ap_root}n" hws_std HWSLogTimeVerbose On CustomLog "|/opt/hitachi/APServer/httpsd/sbin/rotatelogs /opt/hitachi/APServer/httpsd/logs/access 86400 -fnum 8 -diff 540" hws_std #CustomLog logs/access_log hws_std PidFile logs/httpd.pid HWSTraceIdFile logs/hws.trcid HWSTraceLogFile logs/hws.trclog SSLDisable #SSLEnable #SSLCertificateFile "/opt/hitachi/APServer/httpsd/conf/ssl/server/httpsd.pem" #SSLCertificateKeyFile "/opt/hitachi/APServer/httpsd/conf/ssl/server/httpsdkey.pem" #SSLCertificateKeyPassword "/opt/hitachi/APServer/httpsd/conf/ssl/server/.keypasswd" #SSLCACertificateFile "/opt/hitachi/APServer/httpsd/conf/ssl/cacert/anycert.pem" #SSLProtocol SSLv3 TLSv1 #SSLRequiredCiphers RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-SHA #SSLVerifyClient 0 #SSLVerifyDepth 3 #SSLCacheServerPath sbin/gcache #SSLCacheServerPort logs/gcache_port #SSLSessionCacheTimeout 3600 #HWSLogSSLVerbose On TypesConfig conf/mime.types AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage tr .tr AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw #LanguagePriority ja en ca cs da de el eo es et fr he hr it ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully BrowserMatch " Konqueror/4" redirect-carefully Alias /icons/ "/opt/hitachi/APServer/httpsd/icons/" IndexOptions FancyIndexing AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README.html HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t <Directory /> Options None AllowOverride None # <Limit PUT DELETE> # Order deny,allow # Deny from all # </Limit> # SSLRequireSSL </Directory> <Directory "/opt/hitachi/APServer/httpsd/htdocs"> Options None AllowOverride None </Directory> <FilesMatch "^\.(ht|key)"> Order allow,deny Deny from all </FilesMatch> #<Location /server-status> # SetHandler server-status # Order deny,allow # Deny from all # Allow from example.com #</Location> #Include "/opt/hitachi/APServer/httpsd/conf/reverse_proxy.conf" #Include "/opt/hitachi/APServer/httpsd/conf/proxy_balancer.conf"
Note
To describe the IPv6 address in the directive, enclose the IPv6 address in square brackets ([ ]), such as [IPv6_address]. In addition, when writing both the IPv6 address and the port number in the directive, enclose the IPv6 address in square brackets, and specify the port number after a colon (:), such as [IPv6_address]:port_number.
However, do not enclose the IPv6 address in square brackets when writing the IPv6 address in the following directives:
-
The Allow from directive
-
The Deny from directive
-
The HWSSetEnvIfIPv6 directive
When you want to specify the IPv6 address for these directives, specify a global unicast address.