archive-de.com » DE » K » KW-BERLIN.DE

Total: 256

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Log Files - Apache HTTP Server
    post processor such as logresolve to determine the hostnames The IP address reported here is not necessarily the address of the machine at which the user is sitting If a proxy server exists between the user and the server this address will be the address of the proxy rather than the originating machine l The hyphen in the output indicates that the requested piece of information is not available In this case the information that is not available is the RFC 1413 identity of the client determined by identd on the clients machine This information is highly unreliable and should almost never be used except on tightly controlled internal networks Apache httpd will not even attempt to determine this information unless IdentityCheck is set to On frank u This is the userid of the person requesting the document as determined by HTTP authentication The same value is typically provided to CGI scripts in the REMOTE USER environment variable If the status code for the request see below is 401 then this value should not be trusted because the user is not yet authenticated If the document is not password protected this part will be just like the previous one 10 Oct 2000 13 55 36 0700 t The time that the request was received The format is day month year hour minute second zone day 2 digit month 3 letter year 4 digit hour 2 digit minute 2 digit second 2 digit zone 4 digit It is possible to have the time displayed in another format by specifying format t in the log format string where format is as in strftime 3 from the C standard library GET apache pb gif HTTP 1 0 r The request line from the client is given in double quotes The request line contains a great deal of useful information First the method used by the client is GET Second the client requested the resource apache pb gif and third the client used the protocol HTTP 1 0 It is also possible to log one or more parts of the request line independently For example the format string m U q H will log the method path query string and protocol resulting in exactly the same output as r 200 s This is the status code that the server sends back to the client This information is very valuable because it reveals whether the request resulted in a successful response codes beginning in 2 a redirection codes beginning in 3 an error caused by the client codes beginning in 4 or an error in the server codes beginning in 5 The full list of possible status codes can be found in the HTTP specification RFC2616 section 10 2326 b The last part indicates the size of the object returned to the client not including the response headers If no content was returned to the client this value will be To log 0 for no content use B instead Combined Log Format Another commonly used format string is called the Combined Log Format It can be used as follows LogFormat h l u t r s b Referer i User agent i combined CustomLog log access log combined This format is exactly the same as the Common Log Format with the addition of two more fields Each of the additional fields uses the percent directive header i where header can be any HTTP request header The access log under this format will look like 127 0 0 1 frank 10 Oct 2000 13 55 36 0700 GET apache pb gif HTTP 1 0 200 2326 http www example com start html Mozilla 4 08 en Win98 I Nav The additional fields are http www example com start html Referer i The Referer sic HTTP request header This gives the site that the client reports having been referred from This should be the page that links to or includes apache pb gif Mozilla 4 08 en Win98 I Nav User agent i The User Agent HTTP request header This is the identifying information that the client browser reports about itself Multiple Access Logs Multiple access logs can be created simply by specifying multiple CustomLog directives in the configuration file For example the following directives will create three access logs The first contains the basic CLF information while the second and third contain referer and browser information The last two CustomLog lines show how to mimic the effects of the ReferLog and AgentLog directives LogFormat h l u t r s b common CustomLog logs access log common CustomLog logs referer log Referer i U CustomLog logs agent log User agent i This example also shows that it is not necessary to define a nickname with the LogFormat directive Instead the log format can be specified directly in the CustomLog directive Conditional Logs There are times when it is convenient to exclude certain entries from the access logs based on characteristics of the client request This is easily accomplished with the help of environment variables First an environment variable must be set to indicate that the request meets certain conditions This is usually accomplished with SetEnvIf Then the env clause of the CustomLog directive is used to include or exclude requests where the environment variable is set Some examples Mark requests from the loop back interface SetEnvIf Remote Addr 127 0 0 1 dontlog Mark requests for the robots txt file SetEnvIf Request URI robots txt dontlog Log what remains CustomLog logs access log common env dontlog As another example consider logging requests from english speakers to one log file and non english speakers to a different log file SetEnvIf Accept Language en english CustomLog logs english log common env english CustomLog logs non english log common env english Although we have just shown that conditional logging is very powerful and flexible it is not the only way to control the contents of the logs Log files are more useful when they contain a complete record of

    Original URL path: http://xserve.kw-berlin.de/manual/logs.html (2016-02-16)
    Open archived version from archive


  • Mapping URLs to Filesystem Locations - Apache HTTP Server
    inappropriate to give direct access to a user s home directory from the web Therefore the UserDir directive specifies a directory underneath the user s home directory where web files are located Using the default setting of Userdir public html the above URL maps to a file at a directory like home user public html file html where home user is the user s home directory as specified in etc passwd There are also several other forms of the Userdir directive which you can use on systems where etc passwd does not contain the location of the home directory Some people find the symbol which is often encoded on the web as 7e to be awkward and prefer to use an alternate string to represent user directories This functionality is not supported by mod userdir However if users home directories are structured in a regular way then it is possible to use the AliasMatch directive to achieve the desired effect For example to make http www example com upages user file html map to home user public html file html use the following AliasMatch directive AliasMatch upages a zA Z0 9 home 1 public html 2 URL Redirection The configuration directives discussed in the above sections tell Apache to get content from a specific place in the filesystem and return it to the client Sometimes it is desirable instead to inform the client that the requested content is located at a different URL and instruct the client to make a new request with the new URL This is called redirection and is implemented by the Redirect directive For example if the contents of the directory foo under the DocumentRoot are moved to the new directory bar you can instruct clients to request the content at the new location as follows Redirect permanent foo http www example com bar This will redirect any URL Path starting in foo to the same URL path on the www example com server with bar substituted for foo You can redirect clients to any server not only the origin server Apache also provides a RedirectMatch directive for more complicated rewriting problems For example to redirect requests for the site home page to a different site but leave all other requests alone use the following configuration RedirectMatch permanent http www example com startpage html Alternatively to temporarily redirect all pages on one site to a particular page on another site use the following RedirectMatch temp http othersite example com startpage html Reverse Proxy Apache also allows you to bring remote documents into the URL space of the local server This technique is called reverse proxying because the web server acts like a proxy server by fetching the documents from a remote server and returning them to the client It is different from normal proxying because to the client it appears the documents originate at the reverse proxy server In the following example when clients request documents under the foo directory the server fetches those documents from

    Original URL path: http://xserve.kw-berlin.de/manual/urlmapping.html (2016-02-16)
    Open archived version from archive

  • Apache Performance Tuning - Apache HTTP Server
    On multiprocessor Solaris servers for example Apache 2 x sometimes delivers server parsed files faster when mmap is disabled If you memory map a file located on an NFS mounted filesystem and a process on another NFS client machine deletes or truncates the file your process may get a bus error the next time it tries to access the mapped file content For installations where either of these factors applies you should use EnableMMAP off to disable the memory mapping of delivered files Note This directive can be overridden on a per directory basis Sendfile In situations where Apache 2 x can ignore the contents of the file to be delivered for example when serving static file content it normally uses the kernel sendfile support the file if the OS supports the sendfile 2 operation On most platforms using sendfile improves performance by eliminating separate read and send mechanics However there are cases where using sendfile can harm the stability of the httpd Some platforms may have broken sendfile support that the build system did not detect especially if the binaries were built on another box and moved to such a machine with broken sendfile support With an NFS mounted files the kernel may be unable to reliably serve the network file through it s own cache For installations where either of these factors applies you should use EnableSendfile off to disable sendfile delivery of file contents Note This directive can be overridden on a per directory basis Process Creation Prior to Apache 1 3 the MinSpareServers MaxSpareServers and StartServers settings all had drastic effects on benchmark results In particular Apache required a ramp up period in order to reach a number of children sufficient to serve the load being applied After the initial spawning of StartServers children only one child per second would be created to satisfy the MinSpareServers setting So a server being accessed by 100 simultaneous clients using the default StartServers of 5 would take on the order 95 seconds to spawn enough children to handle the load This works fine in practice on real life servers because they aren t restarted frequently But does really poorly on benchmarks which might only run for ten minutes The one per second rule was implemented in an effort to avoid swamping the machine with the startup of new children If the machine is busy spawning children it can t service requests But it has such a drastic effect on the perceived performance of Apache that it had to be replaced As of Apache 1 3 the code will relax the one per second rule It will spawn one wait a second then spawn two wait a second then spawn four and it will continue exponentially until it is spawning 32 children per second It will stop whenever it satisfies the MinSpareServers setting This appears to be responsive enough that it s almost unnecessary to twiddle the MinSpareServers MaxSpareServers and StartServers knobs When more than 4 children are spawned per second a message will be emitted to the ErrorLog If you see a lot of these errors then consider tuning these settings Use the mod status output as a guide Related to process creation is process death induced by the MaxRequestsPerChild setting By default this is 0 which means that there is no limit to the number of requests handled per child If your configuration currently has this set to some very low number such as 30 you may want to bump this up significantly If you are running SunOS or an old version of Solaris limit this to 10000 or so because of memory leaks When keep alives are in use children will be kept busy doing nothing waiting for more requests on the already open connection The default KeepAliveTimeout of 5 seconds attempts to minimize this effect The tradeoff here is between network bandwidth and server resources In no event should you raise this above about 60 seconds as most of the benefits are lost Compile Time Configuration Issues Choosing an MPM Apache 2 x supports pluggable concurrency models called Multi Processing Modules MPMs When building Apache you must choose an MPM to use There are platform specific MPMs for some platforms beos mpm netware mpmt os2 and mpm winnt For general Unix type systems there are several MPMs from which to choose The choice of MPM can affect the speed and scalability of the httpd The worker MPM uses multiple child processes with many threads each Each thread handles one connection at a time Worker generally is a good choice for high traffic servers because it has a smaller memory footprint than the prefork MPM The prefork MPM uses multiple child processes with one thread each Each process handles one connection at a time On many systems prefork is comparable in speed to worker but it uses more memory Prefork s threadless design has advantages over worker in some situations it can be used with non thread safe third party modules and it is easier to debug on platforms with poor thread debugging support For more information on these and other MPMs please see the MPM documentation Modules Since memory usage is such an important consideration in performance you should attempt to eliminate modules that you are not actually using If you have built the modules as DSOs eliminating modules is a simple matter of commenting out the associated LoadModule directive for that module This allows you to experiment with removing modules and seeing if your site still functions in their absense If on the other hand you have modules statically linked into your Apache binary you will need to recompile Apache in order to remove unwanted modules An associated question that arises here is of course what modules you need and which ones you don t The answer here will of course vary from one web site to another However the minimal list of modules which you can get by with tends to include mod mime mod dir and mod log config mod log config is of course optional as you can run a web site without log files This is however not recommended Atomic Operations Some modules such as mod cache and recent development builds of the worker MPM use APR s atomic API This API provides atomic operations that can be used for lightweight thread synchronization By default APR implements these operations using the most efficient mechanism available on each target OS CPU platform Many modern CPUs for example have an instruction that does an atomic compare and swap CAS operation in hardware On some platforms however APR defaults to a slower mutex based implementation of the atomic API in order to ensure compatibility with older CPU models that lack such instructions If you are building Apache for one of these platforms and you plan to run only on newer CPUs you can select a faster atomic implementation at build time by configuring Apache with the enable nonportable atomics option buildconf configure with mpm worker enable nonportable atomics yes The enable nonportable atomics option is relevant for the following platforms Solaris on SPARC By default APR uses mutex based atomics on Solaris SPARC If you configure with enable nonportable atomics however APR generates code that uses a SPARC v8plus opcode for fast hardware compare and swap If you configure Apache with this option the atomic operations will be more efficient allowing for lower CPU utilization and higher concurrency but the resulting executable will run only on UltraSPARC chips Linux on x86 By default APR uses mutex based atomics on Linux If you configure with enable nonportable atomics however APR generates code that uses a 486 opcode for fast hardware compare and swap This will result in more efficient atomic operations but the resulting executable will run only on 486 and later chips and not on 386 mod status and ExtendedStatus On If you include mod status and you also set ExtendedStatus On when building and running Apache then on every request Apache will perform two calls to gettimeofday 2 or times 2 depending on your operating system and pre 1 3 several extra calls to time 2 This is all done so that the status report contains timing indications For highest performance set ExtendedStatus off which is the default accept Serialization multiple sockets Warning This section has not been fully updated to take into account changes made in the 2 x version of the Apache HTTP Server Some of the information may still be relevant but please use it with care This discusses a shortcoming in the Unix socket API Suppose your web server uses multiple Listen statements to listen on either multiple ports or multiple addresses In order to test each socket to see if a connection is ready Apache uses select 2 select 2 indicates that a socket has zero or at least one connection waiting on it Apache s model includes multiple children and all the idle ones test for new connections at the same time A naive implementation looks something like this these examples do not match the code they re contrived for pedagogical purposes for for fd set accept fds FD ZERO accept fds for i first socket i last socket i FD SET i accept fds rc select last socket 1 accept fds NULL NULL NULL if rc 1 continue new connection 1 for i first socket i last socket i if FD ISSET i accept fds new connection accept i NULL NULL if new connection 1 break if new connection 1 break process the new connection But this naive implementation has a serious starvation problem Recall that multiple children execute this loop at the same time and so multiple children will block at select when they are in between requests All those blocked children will awaken and return from select when a single request appears on any socket the number of children which awaken varies depending on the operating system and timing issues They will all then fall down into the loop and try to accept the connection But only one will succeed assuming there s still only one connection ready the rest will be blocked in accept This effectively locks those children into serving requests from that one socket and no other sockets and they ll be stuck there until enough new requests appear on that socket to wake them all up This starvation problem was first documented in PR 467 There are at least two solutions One solution is to make the sockets non blocking In this case the accept won t block the children and they will be allowed to continue immediately But this wastes CPU time Suppose you have ten idle children in select and one connection arrives Then nine of those children will wake up try to accept the connection fail and loop back into select accomplishing nothing Meanwhile none of those children are servicing requests that occurred on other sockets until they get back up to the select again Overall this solution does not seem very fruitful unless you have as many idle CPUs in a multiprocessor box as you have idle children not a very likely situation Another solution the one used by Apache is to serialize entry into the inner loop The loop looks like this differences highlighted for accept mutex on for fd set accept fds FD ZERO accept fds for i first socket i last socket i FD SET i accept fds rc select last socket 1 accept fds NULL NULL NULL if rc 1 continue new connection 1 for i first socket i last socket i if FD ISSET i accept fds new connection accept i NULL NULL if new connection 1 break if new connection 1 break accept mutex off process the new connection The functions accept mutex on and accept mutex off implement a mutual exclusion semaphore Only one child can have the mutex at any time There are several choices for implementing these mutexes The choice is defined in src conf h pre 1 3 or src include ap config h 1 3 or later Some architectures do not have any locking choice made on these architectures it is unsafe to use multiple Listen directives The directive AcceptMutex can be used to change the selected mutex implementation at run time AcceptMutex flock This method uses the flock 2 system call to lock a lock file located by the LockFile directive AcceptMutex fcntl This method uses the fcntl 2 system call to lock a lock file located by the LockFile directive AcceptMutex sysvsem 1 3 or later This method uses SysV style semaphores to implement the mutex Unfortunately SysV style semaphores have some bad side effects One is that it s possible Apache will die without cleaning up the semaphore see the ipcs 8 man page The other is that the semaphore API allows for a denial of service attack by any CGIs running under the same uid as the webserver i e all CGIs unless you use something like suexec or cgiwrapper For these reasons this method is not used on any architecture except IRIX where the previous two are prohibitively expensive on most IRIX boxes AcceptMutex pthread 1 3 or later This method uses POSIX mutexes and should work on any architecture implementing the full POSIX threads specification however appears to only work on Solaris 2 5 or later and even then only in certain configurations If you experiment with this you should watch out for your server hanging and not responding Static content only servers may work just fine AcceptMutex posixsem 2 0 or later This method uses POSIX semaphores The semaphore ownership is not recovered if a thread in the process holding the mutex segfaults resulting in a hang of the web server If your system has another method of serialization which isn t in the above list then it may be worthwhile adding code for it to APR Another solution that has been considered but never implemented is to partially serialize the loop that is let in a certain number of processes This would only be of interest on multiprocessor boxes where it s possible multiple children could run simultaneously and the serialization actually doesn t take advantage of the full bandwidth This is a possible area of future investigation but priority remains low because highly parallel web servers are not the norm Ideally you should run servers without multiple Listen statements if you want the highest performance But read on accept Serialization single socket The above is fine and dandy for multiple socket servers but what about single socket servers In theory they shouldn t experience any of these same problems because all children can just block in accept 2 until a connection arrives and no starvation results In practice this hides almost the same spinning behaviour discussed above in the non blocking solution The way that most TCP stacks are implemented the kernel actually wakes up all processes blocked in accept when a single connection arrives One of those processes gets the connection and returns to user space the rest spin in the kernel and go back to sleep when they discover there s no connection for them This spinning is hidden from the user land code but it s there nonetheless This can result in the same load spiking wasteful behaviour that a non blocking solution to the multiple sockets case can For this reason we have found that many architectures behave more nicely if we serialize even the single socket case So this is actually the default in almost all cases Crude experiments under Linux 2 0 30 on a dual Pentium pro 166 w 128Mb RAM have shown that the serialization of the single socket case causes less than a 3 decrease in requests per second over unserialized single socket But unserialized single socket showed an extra 100ms latency on each request This latency is probably a wash on long haul lines and only an issue on LANs If you want to override the single socket serialization you can define SINGLE LISTEN UNSERIALIZED ACCEPT and then single socket servers will not serialize at all Lingering Close As discussed in draft ietf http connection 00 txt section 8 in order for an HTTP server to reliably implement the protocol it needs to shutdown each direction of the communication independently recall that a TCP connection is bi directional each half is independent of the other This fact is often overlooked by other servers but is correctly implemented in Apache as of 1 2 When this feature was added to Apache it caused a flurry of problems on various versions of Unix because of a shortsightedness The TCP specification does not state that the FIN WAIT 2 state has a timeout but it doesn t prohibit it On systems without the timeout Apache 1 2 induces many sockets stuck forever in the FIN WAIT 2 state In many cases this can be avoided by simply upgrading to the latest TCP IP patches supplied by the vendor In cases where the vendor has never released patches i e SunOS4 although folks with a source license can patch it themselves we have decided to disable this feature There are two ways of accomplishing this One is the socket option SO LINGER But as fate would have it this has never been implemented properly in most TCP IP stacks Even on those stacks with a proper implementation i e Linux 2 0 31 this method proves to be more expensive cputime than the next solution For the most part Apache implements this in a function called lingering close in http main c The function looks roughly like this void lingering close int s char junk buffer 2048 shutdown the sending side shutdown s 1 signal SIGALRM lingering death alarm 30 for select s for reading 2 second timeout if error break if s is ready for reading if read s

    Original URL path: http://xserve.kw-berlin.de/manual/misc/perf-tuning.html (2016-02-16)
    Open archived version from archive

  • Security Tips - Apache HTTP Server
    parsed by Apache whether or not there are any SSI directives included within the files While this load increase is minor in a shared server environment it can become significant SSI files also pose the same risks that are associated with CGI scripts in general Using the exec cmd element SSI enabled files can execute any CGI script or program under the permissions of the user and group Apache runs as as configured in httpd conf There are ways to enhance the security of SSI files while still taking advantage of the benefits they provide To isolate the damage a wayward SSI file can cause a server administrator can enable suexec as described in the CGI in General section Enabling SSI for files with html or htm extensions can be dangerous This is especially true in a shared or high traffic server environment SSI enabled files should have a separate extension such as the conventional shtml This helps keep server load at a minimum and allows for easier management of risk Another solution is to disable the ability to run scripts and programs from SSI pages To do this replace Includes with IncludesNOEXEC in the Options directive Note that users may still use include virtual to execute CGI scripts if these scripts are in directories designated by a ScriptAlias directive CGI in General First of all you always have to remember that you must trust the writers of the CGI scripts programs or your ability to spot potential security holes in CGI whether they were deliberate or accidental CGI scripts can run essentially arbitrary commands on your system with the permissions of the web server user and can therefore be extremely dangerous if they are not carefully checked All the CGI scripts will run as the same user so they have potential to conflict accidentally or deliberately with other scripts e g User A hates User B so he writes a script to trash User B s CGI database One program which can be used to allow scripts to run as different users is suEXEC which is included with Apache as of 1 2 and is called from special hooks in the Apache server code Another popular way of doing this is with CGIWrap Non Script Aliased CGI Allowing users to execute CGI scripts in any directory should only be considered if You trust your users not to write scripts which will deliberately or accidentally expose your system to an attack You consider security at your site to be so feeble in other areas as to make one more potential hole irrelevant You have no users and nobody ever visits your server Script Aliased CGI Limiting CGI to special directories gives the admin control over what goes into those directories This is inevitably more secure than non script aliased CGI but only if users with write access to the directories are trusted or the admin is willing to test each new CGI script program for potential security holes Most sites

    Original URL path: http://xserve.kw-berlin.de/manual/misc/security_tips.html (2016-02-16)
    Open archived version from archive

  • Server-Wide Configuration - Apache HTTP Server
    will be presented in server generated documents such as error messages The ServerTokens directive sets the value of the Server HTTP response header field The ServerName UseCanonicalName and UseCanonicalPhysicalPort directives are used by the server to determine how to construct self referential URLs For example when a client requests a directory but does not include the trailing slash in the directory name Apache must redirect the client to the full name including the trailing slash so that the client will correctly resolve relative references in the document File Locations Related Modules Related Directives CoreDumpDirectory DocumentRoot ErrorLog LockFile PidFile ScoreBoardFile ServerRoot These directives control the locations of the various files that Apache needs for proper operation When the pathname used does not begin with a slash the files are located relative to the ServerRoot Be careful about locating files in paths which are writable by non root users See the security tips documentation for more details Limiting Resource Usage Related Modules Related Directives LimitRequestBody LimitRequestFields LimitRequestFieldsize LimitRequestLine RLimitCPU RLimitMEM RLimitNPROC ThreadStackSize The LimitRequest directives are used to place limits on the amount of resources Apache will use in reading requests from clients By limiting these values some kinds of denial of

    Original URL path: http://xserve.kw-berlin.de/manual/server-wide.html (2016-02-16)
    Open archived version from archive

  • Apache SSL/TLS Encryption - Apache HTTP Server
    HTTP Server module mod ssl provides an interface to the OpenSSL library which provides Strong Encryption using the Secure Sockets Layer and Transport Layer Security protocols The module and this documentation are based on Ralf S Engelschall s mod ssl project Documentation mod ssl Documentation Introduction Compatibility How To Frequently Asked Questions Glossary mod ssl Extensive documentation on the directives and environment variables provided by this module is provided in

    Original URL path: http://xserve.kw-berlin.de/manual/ssl/ (2016-02-16)
    Open archived version from archive

  • suEXEC Support - Apache HTTP Server
    the requested directory within suEXEC s document root If the request is for a UserDir is the requested directory within the directory configured as suEXEC s userdir see suEXEC s configuration options Is the directory NOT writable by anyone else We don t want to open up the directory to others only the owner user may be able to alter this directories contents Does the target CGI SSI program exist If it doesn t exists it can t very well be executed Is the target CGI SSI program NOT writable by anyone else We don t want to give anyone other than the owner the ability to change the CGI SSI program Is the target CGI SSI program NOT setuid or setgid We do not want to execute programs that will then change our UID GID again Is the target user group the same as the program s user group Is the user the owner of the file Can we successfully clean the process environment to ensure safe operations suEXEC cleans the process environment by establishing a safe execution PATH defined during configuration as well as only passing through those variables whose names are listed in the safe environment list also created during configuration Can we successfully become the target CGI SSI program and execute Here is where suEXEC ends and the target CGI SSI program begins This is the standard operation of the suEXEC wrapper s security model It is somewhat stringent and can impose new limitations and guidelines for CGI SSI design but it was developed carefully step by step with security in mind For more information as to how this security model can limit your possibilities in regards to server configuration as well as what security risks can be avoided with a proper suEXEC setup see the Beware the Jabberwock section of this document Configuring Installing suEXEC Here s where we begin the fun suEXEC configuration options enable suexec This option enables the suEXEC feature which is never installed or activated by default At least one with suexec xxxxx option has to be provided together with the enable suexec option to let APACI accept your request for using the suEXEC feature with suexec bin PATH The path to the suexec binary must be hard coded in the server for security reasons Use this option to override the default path e g with suexec bin usr sbin suexec with suexec caller UID The username under which Apache normally runs This is the only user allowed to execute this program with suexec userdir DIR Define to be the subdirectory under users home directories where suEXEC access should be allowed All executables under this directory will be executable by suEXEC as the user so they should be safe programs If you are using a simple UserDir directive ie one without a in it this should be set to the same value suEXEC will not work properly in cases where the UserDir directive points to a location that is not the

    Original URL path: http://xserve.kw-berlin.de/manual/suexec.html (2016-02-16)
    Open archived version from archive

  • Apache mod_rewrite - Apache HTTP Server
    flexibility of Sendmail Brian Behlendorf Apache Group Despite the tons of examples and docs mod rewrite is voodoo Damned cool voodoo but still voodoo Brian Moore bem news cmc net Welcome to mod rewrite the Swiss Army Knife of URL manipulation This module uses a rule based rewriting engine based on a regular expression parser to rewrite requested URLs on the fly It supports an unlimited number of rules and an unlimited number of attached rule conditions for each rule to provide a really flexible and powerful URL manipulation mechanism The URL manipulations can depend on various tests for instance server variables environment variables HTTP headers time stamps and even external database lookups in various formats can be used to achieve granular URL matching This module operates on the full URLs including the path info part both in per server context httpd conf and per directory context htaccess files and Directory blocks and can even generate query string parts on result The rewritten result can lead to internal sub processing external request redirection or even to an internal proxy throughput But all this functionality and flexibility has its drawback complexity So don t expect to understand this entire module in

    Original URL path: http://xserve.kw-berlin.de/manual/rewrite/ (2016-02-16)
    Open archived version from archive



  •