1 | # Based upon the NCSA server configuration files originally by Rob McCool. |
---|
2 | # Changed extensively for the Debian package by Daniel Stone <daniel@sfarc.net> |
---|
3 | # and also by Thom May <thom@debian.org>. |
---|
4 | |
---|
5 | # ServerRoot: The top of the directory tree under which the server's |
---|
6 | # configuration, error, and log files are kept. |
---|
7 | # |
---|
8 | # NOTE! If you intend to place this on an NFS (or otherwise network) |
---|
9 | # mounted filesystem then please read the LockFile documentation |
---|
10 | # (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>); |
---|
11 | # you will save yourself a lot of trouble. |
---|
12 | |
---|
13 | ServerRoot "/etc/apache2" |
---|
14 | |
---|
15 | # The LockFile directive sets the path to the lockfile used when Apache |
---|
16 | # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or |
---|
17 | # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at |
---|
18 | # its default value. The main reason for changing it is if the logs |
---|
19 | # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL |
---|
20 | # DISK. The PID of the main server process is automatically appended to |
---|
21 | # the filename. |
---|
22 | |
---|
23 | LockFile /var/lock/apache2/accept.lock |
---|
24 | |
---|
25 | # PidFile: The file in which the server should record its process |
---|
26 | # identification number when it starts. |
---|
27 | |
---|
28 | PidFile /var/run/apache2.pid |
---|
29 | |
---|
30 | # Timeout: The number of seconds before receives and sends time out. |
---|
31 | |
---|
32 | Timeout 60 |
---|
33 | |
---|
34 | # KeepAlive: Whether or not to allow persistent connections (more than |
---|
35 | # one request per connection). Set to "Off" to deactivate. |
---|
36 | |
---|
37 | KeepAlive On |
---|
38 | |
---|
39 | # MaxKeepAliveRequests: The maximum number of requests to allow |
---|
40 | # during a persistent connection. Set to 0 to allow an unlimited amount. |
---|
41 | # We recommend you leave this number high, for maximum performance. |
---|
42 | |
---|
43 | MaxKeepAliveRequests 0 |
---|
44 | |
---|
45 | # KeepAliveTimeout: Number of seconds to wait for the next request from the |
---|
46 | # same client on the same connection. |
---|
47 | |
---|
48 | KeepAliveTimeout 120 |
---|
49 | |
---|
50 | ## |
---|
51 | ## Server-Pool Size Regulation (MPM specific) |
---|
52 | ## |
---|
53 | |
---|
54 | # prefork MPM |
---|
55 | # StartServers ......... number of server processes to start |
---|
56 | # MinSpareServers ...... minimum number of server processes which are kept spare |
---|
57 | # MaxSpareServers ...... maximum number of server processes which are kept spare |
---|
58 | # MaxClients ........... maximum number of server processes allowed to start |
---|
59 | # MaxRequestsPerChild .. maximum number of requests a server process serves |
---|
60 | <IfModule prefork.c> |
---|
61 | ServerLimit 5000 |
---|
62 | StartServers 2 |
---|
63 | MinSpareServers 2 |
---|
64 | MaxSpareServers 5 |
---|
65 | MaxClients 3000 |
---|
66 | MaxRequestsPerChild 0 |
---|
67 | </IfModule> |
---|
68 | |
---|
69 | # pthread MPM |
---|
70 | # StartServers ......... initial number of server processes to start |
---|
71 | # MaxClients ........... maximum number of server processes allowed to start |
---|
72 | # MinSpareThreads ...... minimum number of worker threads which are kept spare |
---|
73 | # MaxSpareThreads ...... maximum number of worker threads which are kept spare |
---|
74 | # ThreadsPerChild ...... constant number of worker threads in each server process |
---|
75 | # MaxRequestsPerChild .. maximum number of requests a server process serves |
---|
76 | <IfModule worker.c> |
---|
77 | StartServers 2 |
---|
78 | MaxClients 150 |
---|
79 | MinSpareThreads 25 |
---|
80 | MaxSpareThreads 75 |
---|
81 | ThreadsPerChild 25 |
---|
82 | MaxRequestsPerChild 0 |
---|
83 | </IfModule> |
---|
84 | |
---|
85 | # perchild MPM |
---|
86 | # NumServers ........... constant number of server processes |
---|
87 | # StartThreads ......... initial number of worker threads in each server process |
---|
88 | # MinSpareThreads ...... minimum number of worker threads which are kept spare |
---|
89 | # MaxSpareThreads ...... maximum number of worker threads which are kept spare |
---|
90 | # MaxThreadsPerChild ... maximum number of worker threads in each server process |
---|
91 | # MaxRequestsPerChild .. maximum number of connections per server process (then it dies) |
---|
92 | <IfModule perchild.c> |
---|
93 | NumServers 5 |
---|
94 | StartThreads 5 |
---|
95 | MinSpareThreads 5 |
---|
96 | MaxSpareThreads 10 |
---|
97 | MaxThreadsPerChild 20 |
---|
98 | MaxRequestsPerChild 0 |
---|
99 | AcceptMutex fcntl |
---|
100 | </IfModule> |
---|
101 | |
---|
102 | User www-data |
---|
103 | Group www-data |
---|
104 | |
---|
105 | # The following directives define some format nicknames for use with |
---|
106 | # a CustomLog directive (see below). |
---|
107 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined |
---|
108 | LogFormat "%h %l %u %t \"%r\" %>s %b" common |
---|
109 | LogFormat "%{Referer}i -> %U" referer |
---|
110 | LogFormat "%{User-agent}i" agent |
---|
111 | |
---|
112 | |
---|
113 | # Global error log. |
---|
114 | ErrorLog /var/log/apache2/error.log |
---|
115 | |
---|
116 | # Include module configuration: |
---|
117 | Include /etc/apache2/mods-enabled/*.load |
---|
118 | Include /etc/apache2/mods-enabled/*.conf |
---|
119 | |
---|
120 | # Include all the user configurations: |
---|
121 | Include /etc/apache2/httpd.conf |
---|
122 | |
---|
123 | # Include ports listing |
---|
124 | Include /etc/apache2/ports.conf |
---|
125 | |
---|
126 | # Include generic snippets of statements |
---|
127 | Include /etc/apache2/conf.d/[^.#]* |
---|
128 | |
---|
129 | #Let's have some Icons, shall we? |
---|
130 | Alias /icons/ "/usr/share/apache2/icons/" |
---|
131 | <Directory "/usr/share/apache2/icons"> |
---|
132 | Options Indexes MultiViews |
---|
133 | AllowOverride None |
---|
134 | Order allow,deny |
---|
135 | Allow from all |
---|
136 | </Directory> |
---|
137 | |
---|
138 | # Set up the default error docs. |
---|
139 | # |
---|
140 | # Customizable error responses come in three flavors: |
---|
141 | # 1) plain text 2) local redirects 3) external redirects |
---|
142 | # |
---|
143 | # Some examples: |
---|
144 | #ErrorDocument 500 "The server made a boo boo." |
---|
145 | #ErrorDocument 404 /missing.html |
---|
146 | #ErrorDocument 404 "/cgi-bin/missing_handler.pl" |
---|
147 | #ErrorDocument 402 http://www.example.com/subscription_info.html |
---|
148 | # |
---|
149 | |
---|
150 | # |
---|
151 | # Putting this all together, we can Internationalize error responses. |
---|
152 | # |
---|
153 | # We use Alias to redirect any /error/HTTP_<error>.html.var response to |
---|
154 | # our collection of by-error message multi-language collections. We use |
---|
155 | # includes to substitute the appropriate text. |
---|
156 | # |
---|
157 | # You can modify the messages' appearance without changing any of the |
---|
158 | # default HTTP_<error>.html.var files by adding the line; |
---|
159 | # |
---|
160 | # Alias /error/include/ "/your/include/path/" |
---|
161 | # |
---|
162 | # which allows you to create your own set of files by starting with the |
---|
163 | # /usr/local/apache2/error/include/ files and |
---|
164 | # copying them to /your/include/path/, even on a per-VirtualHost basis. |
---|
165 | # |
---|
166 | |
---|
167 | <IfModule mod_negotiation.c> |
---|
168 | <IfModule mod_include.c> |
---|
169 | Alias /error/ "/usr/share/apache2/error/" |
---|
170 | |
---|
171 | <Directory "/usr/share/apache2/error"> |
---|
172 | AllowOverride None |
---|
173 | Options IncludesNoExec |
---|
174 | AddOutputFilter Includes html |
---|
175 | AddHandler type-map var |
---|
176 | Order allow,deny |
---|
177 | Allow from all |
---|
178 | LanguagePriority en es de fr |
---|
179 | ForceLanguagePriority Prefer Fallback |
---|
180 | </Directory> |
---|
181 | |
---|
182 | ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var |
---|
183 | ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var |
---|
184 | ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var |
---|
185 | ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var |
---|
186 | ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var |
---|
187 | ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var |
---|
188 | ErrorDocument 410 /error/HTTP_GONE.html.var |
---|
189 | ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var |
---|
190 | ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var |
---|
191 | ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var |
---|
192 | ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var |
---|
193 | ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var |
---|
194 | ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var |
---|
195 | ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var |
---|
196 | ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var |
---|
197 | ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var |
---|
198 | ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var |
---|
199 | |
---|
200 | </IfModule> |
---|
201 | </IfModule> |
---|
202 | |
---|
203 | #<IfModule mod_security.c> |
---|
204 | # AddHandler application/x-httpd-php .php |
---|
205 | # SecAuditEngine On |
---|
206 | # SecAuditLog /var/log/apache2/audit.log |
---|
207 | # SecFilterScanPOST On |
---|
208 | # SecFilterEngine On |
---|
209 | # SecFilterDefaultAction "deny,log,status:500" |
---|
210 | # SecFilter "<(.|\n)+>" |
---|
211 | # SecFilter "'" |
---|
212 | # SecFilter "\"" |
---|
213 | #</IfModule> |
---|
214 | |
---|
215 | #<IfModule mod_security.c> |
---|
216 | # Only inspect dynamic requests |
---|
217 | # (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED) |
---|
218 | # SecFilterEngine DynamicOnly |
---|
219 | # SecFilterEngine On |
---|
220 | |
---|
221 | # Reject requests with status 500 |
---|
222 | # SecFilterDefaultAction "deny,log,status:403" |
---|
223 | |
---|
224 | # Some sane defaults |
---|
225 | # SecFilterScanPOST On |
---|
226 | # SecFilterCheckURLEncoding On |
---|
227 | # SecFilterCheckCookieFormat On |
---|
228 | # SecFilterCheckUnicodeEncoding Off |
---|
229 | # SecServerResponseToken Off |
---|
230 | |
---|
231 | #If you want to scan the output, uncomment these |
---|
232 | #SecFilterScanOutput On |
---|
233 | #SecFilterOutputMimeTypes "(null) text/html text/plain" |
---|
234 | # Accept almost all byte values |
---|
235 | # SecFilterForceByteRange 1 255 |
---|
236 | # Server masking is optional |
---|
237 | #fake server banner - NOYB used - no one needs to know what we are using |
---|
238 | # SecServerSignature "NOYB" |
---|
239 | #SecUploadDir /tmp |
---|
240 | #SecUploadKeepFiles Off |
---|
241 | # Only record the interesting stuff |
---|
242 | # SecAuditEngine RelevantOnly |
---|
243 | # SecAuditLog /var/log/apache2/audit.log |
---|
244 | # You normally won't need debug logging |
---|
245 | # SecFilterDebugLevel 0 |
---|
246 | # SecFilterDebugLog /var/log/apache2/modsec_debug_log |
---|
247 | #And now, the rules |
---|
248 | #Remove any of these Include lines you do not use or have rules for. |
---|
249 | #Application protection rules |
---|
250 | # Include /etc/apache2/modsecurity/rules.conf |
---|
251 | #Comment spam rules |
---|
252 | # Include /etc/apache2/modsecurity/blacklist.conf |
---|
253 | #</IfModule> |
---|
254 | |
---|
255 | #DirectoryIndex index.html index.cgi index.pl index.php index.xhtml |
---|
256 | DirectoryIndex index.php index.html |
---|
257 | |
---|
258 | # UserDir is now a module |
---|
259 | #UserDir public_html |
---|
260 | #UserDir disabled root |
---|
261 | |
---|
262 | #<Directory /home/*/public_html> |
---|
263 | # AllowOverride FileInfo AuthConfig Limit |
---|
264 | # Options Indexes SymLinksIfOwnerMatch IncludesNoExec |
---|
265 | #</Directory> |
---|
266 | |
---|
267 | AccessFileName .htaccess |
---|
268 | |
---|
269 | <Files ~ "^\.ht"> |
---|
270 | Order allow,deny |
---|
271 | Deny from all |
---|
272 | </Files> |
---|
273 | |
---|
274 | UseCanonicalName Off |
---|
275 | ServerSignature Off |
---|
276 | HostnameLookups Off |
---|
277 | ServerTokens Prod |
---|
278 | ScoreBoardFile /var/log/apache2/scoreboard.log |
---|
279 | |
---|
280 | TypesConfig /etc/mime.types |
---|
281 | DefaultType text/plain |
---|
282 | |
---|
283 | IndexOptions FancyIndexing VersionSort |
---|
284 | |
---|
285 | AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip |
---|
286 | |
---|
287 | AddIconByType (TXT,/icons/text.gif) text/* |
---|
288 | AddIconByType (IMG,/icons/image2.gif) image/* |
---|
289 | AddIconByType (SND,/icons/sound2.gif) audio/* |
---|
290 | AddIconByType (VID,/icons/movie.gif) video/* |
---|
291 | |
---|
292 | # This really should be .jpg. |
---|
293 | |
---|
294 | AddIcon /icons/binary.gif .bin .exe |
---|
295 | AddIcon /icons/binhex.gif .hqx |
---|
296 | AddIcon /icons/tar.gif .tar |
---|
297 | AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv |
---|
298 | AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip |
---|
299 | AddIcon /icons/a.gif .ps .ai .eps |
---|
300 | AddIcon /icons/layout.gif .html .shtml .htm .pdf |
---|
301 | AddIcon /icons/text.gif .txt |
---|
302 | AddIcon /icons/c.gif .c |
---|
303 | AddIcon /icons/p.gif .pl .py |
---|
304 | AddIcon /icons/f.gif .for |
---|
305 | AddIcon /icons/dvi.gif .dvi |
---|
306 | AddIcon /icons/uuencoded.gif .uu |
---|
307 | AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl |
---|
308 | AddIcon /icons/tex.gif .tex |
---|
309 | AddIcon /icons/bomb.gif core |
---|
310 | |
---|
311 | AddIcon /icons/back.gif .. |
---|
312 | AddIcon /icons/hand.right.gif README |
---|
313 | AddIcon /icons/folder.gif ^^DIRECTORY^^ |
---|
314 | AddIcon /icons/blank.gif ^^BLANKICON^^ |
---|
315 | |
---|
316 | |
---|
317 | # This is from Matty J's patch. Anyone want to make the icons? |
---|
318 | #AddIcon /icons/dirsymlink.jpg ^^SYMDIR^^ |
---|
319 | #AddIcon /icons/symlink.jpg ^^SYMLINK^^ |
---|
320 | |
---|
321 | DefaultIcon /icons/unknown.gif |
---|
322 | |
---|
323 | ReadmeName README.html |
---|
324 | HeaderName HEADER.html |
---|
325 | |
---|
326 | IndexIgnore .??* *~ *# HEADER* RCS CVS *,t |
---|
327 | |
---|
328 | AddEncoding x-compress Z |
---|
329 | AddEncoding x-gzip gz tgz |
---|
330 | |
---|
331 | AddLanguage da .dk |
---|
332 | AddLanguage nl .nl |
---|
333 | AddLanguage en .en |
---|
334 | AddLanguage et .et |
---|
335 | AddLanguage fr .fr |
---|
336 | AddLanguage de .de |
---|
337 | AddLanguage el .el |
---|
338 | AddLanguage it .it |
---|
339 | AddLanguage ja .ja |
---|
340 | AddLanguage pl .po |
---|
341 | AddLanguage ko .ko |
---|
342 | AddLanguage pt .pt |
---|
343 | AddLanguage no .no |
---|
344 | AddLanguage pt-br .pt-br |
---|
345 | AddLanguage ltz .ltz |
---|
346 | AddLanguage ca .ca |
---|
347 | AddLanguage es .es |
---|
348 | AddLanguage sv .se |
---|
349 | AddLanguage cz .cz |
---|
350 | AddLanguage ru .ru |
---|
351 | AddLanguage tw .tw |
---|
352 | AddLanguage zh-tw .tw |
---|
353 | |
---|
354 | LanguagePriority en da nl et fr de el it ja ko no pl pt pt-br ltz ca es sv tw |
---|
355 | |
---|
356 | |
---|
357 | AddDefaultCharset iso-8859-1 |
---|
358 | |
---|
359 | AddCharset ISO-8859-1 .iso8859-1 .latin1 |
---|
360 | AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen |
---|
361 | AddCharset ISO-8859-3 .iso8859-3 .latin3 |
---|
362 | AddCharset ISO-8859-4 .iso8859-4 .latin4 |
---|
363 | AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru |
---|
364 | AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb |
---|
365 | AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk |
---|
366 | AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb |
---|
367 | AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk |
---|
368 | AddCharset ISO-2022-JP .iso2022-jp .jis |
---|
369 | AddCharset ISO-2022-KR .iso2022-kr .kis |
---|
370 | AddCharset ISO-2022-CN .iso2022-cn .cis |
---|
371 | AddCharset Big5 .Big5 .big5 |
---|
372 | # For russian, more than one charset is used (depends on client, mostly): |
---|
373 | AddCharset WINDOWS-1251 .cp-1251 .win-1251 |
---|
374 | AddCharset CP866 .cp866 |
---|
375 | AddCharset KOI8-r .koi8-r .koi8-ru |
---|
376 | AddCharset KOI8-ru .koi8-uk .ua |
---|
377 | AddCharset ISO-10646-UCS-2 .ucs2 |
---|
378 | AddCharset ISO-10646-UCS-4 .ucs4 |
---|
379 | AddCharset UTF-8 .utf8 |
---|
380 | |
---|
381 | AddCharset GB2312 .gb2312 .gb |
---|
382 | AddCharset utf-7 .utf7 |
---|
383 | AddCharset utf-8 .utf8 |
---|
384 | AddCharset big5 .big5 .b5 |
---|
385 | AddCharset EUC-TW .euc-tw |
---|
386 | AddCharset EUC-JP .euc-jp |
---|
387 | AddCharset EUC-KR .euc-kr |
---|
388 | AddCharset shift_jis .sjis |
---|
389 | |
---|
390 | #AddType application/x-httpd-php .php |
---|
391 | #AddType application/x-httpd-php-source .phps |
---|
392 | |
---|
393 | AddType application/x-tar .tgz |
---|
394 | |
---|
395 | # To use CGI scripts outside /cgi-bin/: |
---|
396 | # |
---|
397 | #AddHandler cgi-script .cgi |
---|
398 | |
---|
399 | # To use server-parsed HTML files |
---|
400 | # |
---|
401 | <FilesMatch "\.shtml(\..+)?$"> |
---|
402 | SetOutputFilter INCLUDES |
---|
403 | </FilesMatch> |
---|
404 | |
---|
405 | # If you wish to use server-parsed imagemap files, use |
---|
406 | # |
---|
407 | #AddHandler imap-file map |
---|
408 | |
---|
409 | BrowserMatch "Mozilla/2" nokeepalive |
---|
410 | BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 |
---|
411 | BrowserMatch "RealPlayer 4\.0" force-response-1.0 |
---|
412 | BrowserMatch "Java/1\.0" force-response-1.0 |
---|
413 | BrowserMatch "JDK/1\.0" force-response-1.0 |
---|
414 | |
---|
415 | # |
---|
416 | # The following directive disables redirects on non-GET requests for |
---|
417 | # a directory that does not include the trailing slash. This fixes a |
---|
418 | # problem with Microsoft WebFolders which does not appropriately handle |
---|
419 | # redirects for folders with DAV methods. |
---|
420 | # |
---|
421 | |
---|
422 | BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully |
---|
423 | BrowserMatch "^WebDrive" redirect-carefully |
---|
424 | BrowserMatch "^gnome-vfs" redirect-carefully |
---|
425 | BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully |
---|
426 | |
---|
427 | # Allow server status reports, with the URL of http://servername/server-status |
---|
428 | # Change the ".your_domain.com" to match your domain to enable. |
---|
429 | # |
---|
430 | #<Location /server-status> |
---|
431 | # SetHandler server-status |
---|
432 | # Order deny,allow |
---|
433 | # Deny from all |
---|
434 | # Allow from 10.15.20.30 |
---|
435 | #</Location> |
---|
436 | |
---|
437 | # Allow remote server configuration reports, with the URL of |
---|
438 | # http://servername/server-info (requires that mod_info.c be loaded). |
---|
439 | # Change the ".your_domain.com" to match your domain to enable. |
---|
440 | # |
---|
441 | #<Location /server-info> |
---|
442 | # SetHandler server-info |
---|
443 | # Order deny,allow |
---|
444 | # Deny from all |
---|
445 | # Allow from .your_domain.com |
---|
446 | #</Location> |
---|
447 | |
---|
448 | # Include the virtual host configurations: |
---|
449 | Include /etc/apache2/sites-enabled/[^.#]* |
---|
450 | |
---|