2.2 httpsd.conf

httpsd.conf sets up the operating environment of the web server.

Description

httpsd.conf defines the operating environment of the web server by the multiple directives. The system administrator manages these directives.

The definitions and directives that can be specified in the file are as follows:

Setting details	Directive name	Can be specified multiple times
Definition of a block within the `httpsd.conf` file	`<Directory>`	Y
	`<DirectoryMatch>`	Y
	`<Files>`	Y
	`<FilesMatch>`	Y
	`<IfModule>`	Y
	`<Limit>`	Y
	`<Location>`	Y
	`<LocationMatch>`	Y
	`<Proxy>`	Y
	`<VirtualHost>`	Y
Basic definition of the server	`ServerName`^{#1, #2}	N
	`User`^{#1, #2}	N
	`Group`^{#1, #2}	N
	`ServerAdmin`	N
	`ServerRoot`	N
	`ServerSignature`	N
	`Listen`	Y
	`LoadModule`	Y
	`LoadFile`	Y
	`Include`	Y
	`ExtendedStatus`	N
	`ServerTokens`	N
	`CoreDumpDirectory`	N
	`FileETag`	Y
Definition for managing content	`UserDir`	Y
	`DocumentRoot`	N
	`ErrorDocument`	Y
Definition of requests from the web browser (Alias)	`Alias`	Y
	`AliasMatch`	Y
	`Redirect`	Y
	`RedirectMatch`	Y
Definition of the MIME type	`TypesConfig`	N
	`AddCharset`	Y
	`AddDefaultCharset`	N
	`AddType`	Y
	`ForceType`	N
Definition of the content negotiation	`LanguagePriority`	Y
	`AddEncoding`	Y
	`AddLanguage`	Y
	`DefaultLanguage`	N
	`CacheNegotiatedDocs`	N
	`MultiviewsMatch`	N
Definition of the handler	`AddHandler`	Y
Definition of the handler	`SetHandler`	N
Definition of the web server performance	`StartServers`	N
	`MinSpareServers`	N
	`MaxSpareServers`	N
	`MaxRequestWorkers`	N
	`MaxConnectionsPerChild`	N
	`Timeout`	N
	`RequestReadTimeout`	N
	`ListenBacklog`	N
	`HWSKeepStartServers`	N
	`SendBufferSize`	N
Definition of KeepAlive	`KeepAlive`	N
	`MaxKeepAliveRequests`	N
	`KeepAliveTimeout`	N
Definition of limiting requests	`LimitRequestBody`	N
	`LimitRequestFields`	N
	`LimitRequestFieldsize`	N
	`LimitRequestLine`	N
Definition of CGI and environment variables	`ScriptAlias`	Y
	`ScriptAliasMatch`	Y
	`UseCanonicalName`	N
	`BrowserMatch`	Y
	`BrowserMatchNoCase`	Y
	`PassEnv`	Y
	`SetEnv`	Y
	`UnsetEnv`	Y
	`SetEnvIf`	Y
	`SetEnvIfNoCase`	Y
	`Action`	Y
	`Script`	Y
	`HWSSetEnvIfIPv6`	Y
Definition of the displayed content of the directory index	`DirectoryIndex`	N
	`AddIconByEncoding`	Y
	`AddIconByType`	Y
	`AddIcon`	Y
	`DefaultIcon`	N
	`ReadmeName`	N
	`HeaderName`	N
	`IndexIgnore`	Y
	`IndexOrderDefault`	N
	`AddAltByEncoding`	Y
	`AddAltByType`	Y
	`AddAlt`	Y
	`AddDescription`	Y
	`IndexOptions`	Y
Definition of access controls for the web browser	`AccessFileName`	N
	`AllowOverride`	N
	`AuthName`	N
	`AuthType`	N
	`AuthGroupFile`	N
	`AuthUserFile`	N
	`AuthBasicAuthoritative`	N
	`Require`	Y
	`Options`	N
	`Order`	N
	`Allow from`	Y
	`Deny from`	Y
	`Satisfy`	N
	`TraceEnable`	N
	`IdentityCheck`	N
Definition of encryption and authentication by SSL	`SSLRequireSSL`	N
	`SSLEnable`	N
	`SSLDisable`^#1	N
	`SSLCertificateFile`^#2	N
	`SSLCertificateKeyFile`^#2	N
	`SSLCACertificatePath`	N
	`SSLCACertificateFile`	N
	`SSLVerifyClient`	N
	`SSLVerifyDepth`	N
	`SSLRequiredCiphers`	N
	`SSLRequireCipher`	Y
	`SSLBanCipher`	Y
	`SSLDenySSL`	N
	`SSLFakeBasicAuth`	N
	`SSLCacheServerPort`	N
	`SSLSessionCacheTimeout`	N
	`SSLCacheServerPath`	N
	`SSLCacheServerRunDir`	N
	`SSLSessionCacheSize`	N
	`SSLSessionCacheSizePerChild`	N
	`SSLCRLAuthoritative`	N
	`SSLCRLDERPath`	N
	`SSLCRLPEMPath`	N
	`SSLExportCertChainDepth`	N
	`SSLExportClientCertificates`	N
	`SSLCertificateKeyPassword`	N
	`SSLProtocol`	N
Definition for showing the web server information to multiple hosts according to the operation mode	`ServerAlias`	Y
	`ServerPath`	N
Definition of image map files	`ImapDefault`	N
	`ImapBase`	N
	`ImapMenu`	N
	`HWSImapMenuCharset`	N
Definition of the logs to be collected	`HostnameLookups`	N
	`ErrorLog`	N
	`LogLevel`	N
	`LogFormat`	Y
	`CustomLog`	Y
	`TransferLog`	Y
	`PidFile`	N
	`ScriptLog`	N
	`ScriptLogBuffer`	N
	`ScriptLogLength`	N
	`HWSLogSSLVerbose`	N
	`HWSLogTimeVerbose`	N
	`HWSRequestLog`	N
	`HWSRequestLogType`	N
	`HWSSuppressModuleTrace`	Y
	`HWSErrorLogClientAddr`	N
Definition of the traces to be collected	`HWSTraceIdFile`	N
	`HWSTraceLogFile`	N
	`HWSPrfId`	N
Definition of the reverse proxy	`ProxyPass`	Y
	`ProxyPassReverse`	Y
	`ProxyVia`	N
	`ProxyErrorOverride`	N
	`ProxyPreserveHost`	N
	`ProxyTimeout`	N
	`HWSProxyPassReverseCookie`	Y
	`BalancerMember`	Y
Definition of the flow restriction functionality	`QOSCookieDomain`	N
	`QOSCookieExpires`	N
	`QOSCookieName`	Y
	`QOSCookieSecure`	N
	`QOSCookieServers`	N
	`QOSRedirect`	Y
	`QOSRejectionServers`	N
	`QOSResponse`	N
Definition of the header customization functionality	`Header`	Y
Definition of the header customization functionality	`RequestHeader`	Y
Definition of the expiration date setting functionality	`ExpiresActive`	N
	`ExpiresByType`	Y
	`ExpiresDefault`	N
Definition of planned termination	`HWSGracefulStopLog`	N
Definition of planned termination	`HWSGracefulStopTimeout`	N

(Legend)

Y: Can be specified multiple times

N: Cannot be specified multiple times

#1

This directive requires a minimum value set in order to activate the web server (when not using SSL).

#2

This directive requires a minimum value set in order to activate the web server (when using SSL).

Some directives have restrictions on the locations where they can be written. The locations where each directive can be specified are indicated in "Locations where it can be written". In addition, when you want to allow directives to be overwritten, you must define the overwrite permission level in the AllowOverride directive. The overwrite permission level for each directive is indicated in "Overwrite permissions".

The following shows the content described in "Locations where it can be written" and "Overwrite permissions" for each directive:

Content described in "Locations where it can be written":

The location where each directive can be specified is given in the following format:

Specifiable locations	Description
`httpsd.conf`	The `httpsd.conf` file, except for the `VirtualHost` block and the `Directory` block
`<VirtualHost>`	The `VirtualHost` block in the `httpsd.conf` file
`<Directory>`	The `Directory` block, `Location` block, and `Files` block in the `httpsd.conf` file
`.htaccess`	The access control file specified in the `AccessFileName` directive
`<Location>`	The `Location` block in the `httpsd.conf` file

In addition, the directives are referenced in the following order:

The httpsd.conf file, except for the VirtualHost block and the Directory block
The VirtualHost block in the httpsd.conf file
The Directory block in the httpsd.conf file
The access control file
The Files block in the httpsd.conf file
The Location block in the httpsd.conf file

Depending on the definition (the overwrite permission level) of the AllowOverride directive in the Directory block, the directive defined in the access control file can be enabled or disabled.

Content described in "Overwrite permissions":

When you want the AllowOverride directive to allow overwrites, define the permission level.

The details of the permission levels are as follows:

AuthConfig level

Allow directives related to the access controls to the server to be overwritten. The directives that are related to the access control to the server are the AuthGroupFile, AuthName, AuthType, AuthUserFile, and Require directives.
FileInfo level

Allow directives related to file information (such as content management, MIME type, and encryption) to be overwritten. The directives that are related to file information are the AddType, AddEncoding, and AddLanguage directives.
Indexes level

Allow directives related to the directory index to be overwritten. The directives that are related to the directive index are the FancyIndexing, AddIcon, and AddDescription directives.
Limit level

Allow directives for access controls that use the host name or an IP address to be overwritten. The directives that are related to access controls that use the host name or an IP address are the Allow from, Deny from, and Order directives.
Options level

Allow the Options directive to be overwritten.
All level

Allow all overwrites.
None level

Prohibit all overwrites.

Note that when the description in each directive indicates that .htaccess is specifiable but the overwrite permission is not given, the permission level will be All.

Syntax

The syntax of the directive is as follows.

Regular expression:

The following are the regular expressions that can be used for defining the directive:

Code	Functionality	Usage example	Meaning of the usage example
`.`	Any single character	`a...c`	`a` is followed by any 3 characters, and then `c`. For example, `abcdc` matches this code.
`*`	The character right before this code is repeated zero or more times	`abcd`	For example, `ac`, `abbbbc`, and `abbbbcd` match this code.
`+`	The character right before this code is repeated one or more times	`ab*c+`	For example, `abbbc` matches this code, but `abbb` does not.
`?`	Whether a character right before this code exists	`abbbc?`	For example, `abbbc` and `abbb` match this code.
`\|`	A delimiter for options	`a\|bc\|d`	`a`, `bc`, or `d`
`\`	A special character (`. ^$*+?\|\[](){}`) comes right after this code. However, `\\\` is used to express `\`.	`\`.	For example, `.` matches this code.
`\`		`\\\`	For example, a single character `\` matches this code.
`^`	The characters are at the beginning of the line	`^ab`	For example, `abcde` matches this code.
`$`	The characters are at the end of the line	`abc$`	For example, `aaabc` matches this code.
`{m}`	The regular expression right before this code is repeated `m` times	`a{5}`	For example, `aaaaa` matches this code.
`{m,}`	The regular expression right before this code is repeated `m` or more times	`a{3,}`	For example, `aaa` and `aaaa` match this code, but `aa` does not.
`{m,n}`	The regular expression right before this code is repeated `m` or more times, and `n` or less times	`a{3,5}`	For example, `aaa`, `aaaa`, and `aaaaa` match this code. `aa` and `aaaaaa` do not match this code.
`[character_string]`	The character is in the character string^#	`[abc]` or `[a-c]`	For example, `aaa`, `bbb`, `ccc`, `cba`, and `aab` match this code.
`[^character_string]`	The character is not in the character string	`[^0-9]`	Any single character other than a numerical character matches this code.
`(character_string)`	The character string is grouped	`(ab)+`	For example, `ababab` matches this code, but `ababb` does not.
`(character_string)`	The character string is grouped	`aa(xx\|yy)bb`	For example, `aaxxbb`, and `aayybb` match this code.

#

The following three characters have special meanings in [character_string].

^: Specify this character after the opening square bracket ([) to indicate characters that are not included in the character string.

]: This character is used to indicate the end of the character string.

-: This character is used specify a range.

In addition, backslashes (\) used before these special characters are omitted.

To use characters that have special meanings in [character_string] as normal characters, specify the character as below. Note that special characters other than the following four characters are treated as normal characters.

^: Specify this character anywhere except at the beginning of the character string. Example: [ab^yz]

]: Specify this character at the beginning of the character string. Example: []abxy]

-: Specify this character at the end of the character string. Example: [abxy-]

\: Specify \\\. Example: [\\\abxy]

Path information to be specified in the directive:

For directives that specify the directory name, file name, or path name, the path information that can be specified differs depending on the types of directives.

The following are the types of paths. The path information for each directive is explained in each directive.

Absolute path.
Relative path from the value specified in the ServerRoot directive (however, note that the ServerRoot directive must be specified in advance).

In addition, you cannot specify directories or files on the network in the path information. You cannot specify directories or files on the file system that uses the network either.

Comment line:

In the configuration file, add a hash mark (#) to the beginning of the line to make a comment line. However, if you write a character string that begins with a hash mark after the directive is specified, the characters after the hash mark will not be treated as comments.

The following shows an example of specifying a comment line:

Correct example:
```
#Deny from all
```
The line beginning with the hash mark is treated as a comment line.
Incorrect example:
```
Deny from all    #comment
```
The #comment part will be treated as a value specified for the directive. This will not be treated as a comment.

Storage location

/opt/hitachi/APServer/httpsd/conf/httpsd.conf

Example

The installation directory in the examples is /opt/hitachi/APServer/httpsd.

#########################################################################
##
## httpsd.conf - Hitachi Web Server configuration file
##
##  All Rights Reserved. Copyright (C) 2000, 2014, Hitachi, Ltd.
#########################################################################

Listen 80
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 150
MaxConnectionsPerChild 10000
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 3
HostnameLookups Off

User nobody
Group nogroup

ServerRoot "/opt/hitachi/APServer/httpsd"

ServerName www.example.com
DocumentRoot "/opt/hitachi/APServer/httpsd/htdocs"
#ScriptAlias /cgi-bin/ "/opt/hitachi/APServer/httpsd/cgi-bin/"
DirectoryIndex index.html
UseCanonicalName Off
ServerSignature Off
ServerTokens ProductOnly
TraceEnable Off

LogLevel info
ErrorLog "|/opt/hitachi/APServer/httpsd/sbin/rotatelogs2
 /opt/hitachi/APServer/httpsd/logs/error 8192 5"
#ErrorLog logs/error_log
HWSRequestLog "|/opt/hitachi/APServer/httpsd/sbin/rotatelogs
 /opt/hitachi/APServer/httpsd/logs/hwsrequest 86400 -fnum 8 -diff 540"
#HWSRequestLog logs/hwsrequest_log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O"
 combinedio
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
 combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%h %l %u %t \"%r\" %>s %b %P %{hws_ap_root}n %I %O %X %D
 \"%{Referer}i\" \"%{User-Agent}i\"" hws_trace
LogFormat "%h %l %u %t \"%r\" %>s %b %T %P %{hws_ap_root}n" hws_std
HWSLogTimeVerbose On
CustomLog "|/opt/hitachi/APServer/httpsd/sbin/rotatelogs
 /opt/hitachi/APServer/httpsd/logs/access 86400 -fnum 8 -diff 540" hws_std
#CustomLog logs/access_log hws_std
PidFile logs/httpd.pid
HWSTraceIdFile logs/hws.trcid
HWSTraceLogFile logs/hws.trclog

SSLDisable
#SSLEnable
#SSLCertificateFile "/opt/hitachi/APServer/httpsd/conf/ssl/server/httpsd.pem"
#SSLCertificateKeyFile
 "/opt/hitachi/APServer/httpsd/conf/ssl/server/httpsdkey.pem"
#SSLCertificateKeyPassword
 "/opt/hitachi/APServer/httpsd/conf/ssl/server/.keypasswd"
#SSLCACertificateFile
 "/opt/hitachi/APServer/httpsd/conf/ssl/cacert/anycert.pem"
#SSLProtocol SSLv3 TLSv1
#SSLRequiredCiphers RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-SHA
#SSLVerifyClient 0
#SSLVerifyDepth 3
#SSLCacheServerPath sbin/gcache
#SSLCacheServerPort logs/gcache_port
#SSLSessionCacheTimeout 3600
#HWSLogSSLVerbose On

TypesConfig conf/mime.types
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage tr .tr
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
#LanguagePriority ja en ca cs da de el eo es et fr he hr it ko ltz nl nn no pl
 pt pt-BR ru sv tr zh-CN zh-TW

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider"
 redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch " Konqueror/4" redirect-carefully

Alias /icons/ "/opt/hitachi/APServer/httpsd/icons/"
IndexOptions FancyIndexing
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

<Directory />
        Options None
        AllowOverride None
#       <Limit PUT DELETE>
#               Order deny,allow
#               Deny from all
#       </Limit>
#       SSLRequireSSL
</Directory>

<Directory "/opt/hitachi/APServer/httpsd/htdocs">
        Options None
        AllowOverride None
</Directory>

<FilesMatch "^\.(ht|key)">
        Order allow,deny
        Deny from all
</FilesMatch>

#<Location /server-status>
#       SetHandler server-status
#       Order deny,allow
#       Deny from all
#       Allow from example.com
#</Location>

#Include "/opt/hitachi/APServer/httpsd/conf/reverse_proxy.conf"
#Include "/opt/hitachi/APServer/httpsd/conf/proxy_balancer.conf"

Note

To describe the IPv6 address in the directive, enclose the IPv6 address in square brackets ([ ]), such as [IPv6_address]. In addition, when writing both the IPv6 address and the port number in the directive, enclose the IPv6 address in square brackets, and specify the port number after a colon (:), such as [IPv6_address]:port_number.

However, do not enclose the IPv6 address in square brackets when writing the IPv6 address in the following directives:

The Allow from directive
The Deny from directive
The HWSSetEnvIfIPv6 directive

When you want to specify the IPv6 address for these directives, specify a global unicast address.

To Page Top