1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 4<html xmlns="http://www.w3.org/1999/xhtml"> 5 <head> 6 <meta name="generator" content="HTML Tidy, see www.w3.org" /> 7 8 <title>Apache Server Frequently Asked Questions</title> 9 10 </head> 11 <!-- Background white, links blue (unvisited), navy (visited), red (active) --> 12 13 <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" 14 vlink="#000080" alink="#FF0000"> 15 <div align="CENTER"> 16 <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 17 18 <h3>Apache HTTP Server Version 1.3</h3> 19 </div> 20 21 22 <h1 align="CENTER">Apache Server Frequently Asked 23 Questions</h1> 24 25 <p>The latest version of this FAQ is always available from the 26 main Apache web site, at <<a 27 href="http://httpd.apache.org/docs/misc/FAQ.html" 28 rel="Help"><samp>http://httpd.apache.org/docs/misc/FAQ.html</samp></a>>.</p> 29 <!-- Notes about changes: --> 30 <!-- - If adding a relative link to another part of the --> 31 <!-- documentation, *do* include the ".html" portion. There's a --> 32 <!-- good chance that the user will be reading the documentation --> 33 <!-- on his own system, which may not be configured for --> 34 <!-- multiviews. --> 35 <!-- - When adding items, make sure they're put in the right place --> 36 <!-- - verify that the numbering matches up. --> 37 <!-- - *Don't* use <PRE></PRE> blocks - they don't appear --> 38 <!-- correctly in a reliable way when this is converted to text --> 39 <!-- with Lynx. Use <DL><DD><CODE>xxx<BR>xx</CODE></DD></DL> --> 40 <!-- blocks inside a <P></P> instead. This is necessary to get --> 41 <!-- the horizontal and vertical indenting right. --> 42 <!-- - Don't forget to include an HR tag after the last /P tag --> 43 <!-- but before the /LI in an item. --> 44 45 <p>If you are reading a text-only version of this FAQ, you may 46 find numbers enclosed in brackets (such as "[12]"). These refer 47 to the list of reference URLs to be found at the end of the 48 document. These references do not appear, and are not needed, 49 for the hypertext version.</p> 50 51 <h2>The Questions</h2> 52 <!-- Stuff to Add: --> 53 <!-- - can't bind to port 80 --> 54 <!-- - permission denied --> 55 <!-- - address already in use --> 56 <!-- - mod_auth & passwd lines "user:pw:.*" - ++1st colon onward is --> 57 <!-- treated as pw, not just ++1st to \-\-2nd. --> 58 <!-- - SSL: --> 59 <!-- - Can I use Apache-SSL for free in Canada? --> 60 <!-- - Why can't I use Apache-SSL in the U.S.? --> 61 <!-- - How can I found out how many visitors my site gets? --> 62 <!-- - How do I add a counter? --> 63 <!-- - How do I configure Apache as a proxy? --> 64 <!-- - What browsers support HTTP/1.1? --> 65 <!-- - What's the point of vhosts-by-name is there aren't any --> 66 <!-- HTTP/1.1 browsers? --> 67 <!-- - Is there an Apache for W95/WNT? --> 68 <!-- - Why does Apache die when a vhost can't be DNS-resolved? --> 69 <!-- - Why do I get "send lost connection" messages in my error --> 70 <!-- log? --> 71 <!-- - specifically consider .pdf files which seem to cause this --> 72 <!-- a lot when accessed via the plugin ... and also mention --> 73 <!-- how range-requests can cause bytes served < file size --> 74 <!-- - Why do directory indexes appear as garbage? (A: -lucb) --> 75 <!-- - How do I add a footer to all pages offered by my server? --> 76 <!-- - Fix midi question; a bigger problem than midi vs. x-midi is --> 77 <!-- the simple fact that older versions of Apache (and new ones --> 78 <!-- that have been upgraded without upgrading the mime.types --> 79 <!-- file) don't have the type listed at all. --> 80 <!-- - RewriteRule /~fraggle/* /cgi-bin/fraggle.pl does not work --> 81 <!-- - how do I disable authentication for a subdirectory? --> 82 <!-- (A: you can't but "Satisfy any; Allow from all" can be close --> 83 <!-- - '400 malformed request' on Win32 might mean stale proxy; see --> 84 <!-- PR #2300. --> 85 <!-- - how do I tell what version of Apache I am running? --> 86 87 <ol type="A"> 88 89 90 91 92 93 94 95 96 97 98 99 <li value="1"> 100 <strong>Background</strong> 101 102 <ol> 103 <li><a href="#what">What is Apache?</a></li> 104 105 <li><a href="#why">How and why was Apache 106 created?</a></li> 107 108 <li><a href="#name">Why the name "Apache"?</a></li> 109 110 <li><a href="#compare">OK, so how does Apache compare to 111 other servers?</a></li> 112 113 <li><a href="#tested">How thoroughly tested is 114 Apache?</a></li> 115 116 <li><a href="#future">What are the future plans for 117 Apache?</a></li> 118 119 <li><a href="#support">Whom do I contact for 120 support?</a></li> 121 122 <li><a href="#more">Is there any more information on 123 Apache?</a></li> 124 125 <li><a href="#where">Where can I get Apache?</a></li> 126 127 <li><a href="#logo">May I use the Apache logo on my 128 product or Web site?</a></li> 129 </ol> 130 </li> 131 132 133 134 135 </body> 136</html> 137 138 139 140 141 142 143 144 145 146 147 148 149 150 <li value="2"> 151 <strong>General Technical Questions</strong> 152 153 <ol> 154 <li><a href="#what2do">"Why can't I ...? Why won't ... 155 work?" What to do in case of problems</a></li> 156 157 <li><a href="#compatible">How compatible is Apache with 158 my existing NCSA 1.3 setup?</a></li> 159 160 <li><a href="#year2000">Is Apache Year 2000 161 compliant?</a></li> 162 163 <li><a href="#submit_patch">How do I submit a patch to 164 the Apache Group?</a></li> 165 166 <li><a href="#domination">Why has Apache stolen my 167 favourite site's Internet address?</a></li> 168 169 <li><a href="#apspam">Why am I getting spam mail from the 170 Apache site?</a></li> 171 172 <li><a href="#redist">May I include the Apache software 173 on a CD or other package I'm distributing?</a></li> 174 175 <li><a href="#zoom">What's the best hardware/operating 176 system/... How do I get the most out of my Apache Web 177 server?</a></li> 178 179 <li><a href="#regex">What are "regular 180 expressions"?</a></li> 181 182 <li><a href="#binaries">Why isn't there a binary for my 183 platform?</a></li> 184 </ol> 185 </li> 186 187 188 189 190 </body> 191</html> 192 193 194 195 196 197 198 199 200 201 202 203 204 205 <li value="3"> 206 <strong>Building Apache</strong> 207 208 <ol> 209 <li><a href="#bind8.1">Why do I get an error about an 210 undefined reference to "<samp>__inet_ntoa</samp>" or 211 other <samp>__inet_*</samp> symbols?</a></li> 212 213 <li><a href="#cantbuild">Why won't Apache compile with my 214 system's <samp>cc</samp>?</a></li> 215 216 <li><a href="#linuxiovec">Why do I get complaints about 217 redefinition of "<code>struct iovec</code>" when 218 compiling under Linux?</a></li> 219 220 <li><a href="#broken-gcc">I'm using gcc and I get some 221 compilation errors, what is wrong?</a></li> 222 223 <li><a href="#glibc-crypt">I'm using RedHat Linux 5.0, or 224 some other <samp>glibc</samp>-based Linux system, and I 225 get errors with the <code>crypt</code> function when I 226 attempt to build Apache 1.2.</a></li> 227 </ol> 228 </li> 229 230 231 232 233 </body> 234</html> 235 236 237 238 239 240 241 242 243 244 245 246 247 248 <li value="4"> 249 <strong>Error Log Messages and Problems Starting 250 Apache</strong> 251 252 <ol> 253 <li><a href="#setgid">Why do I get "<samp>setgid: Invalid 254 argument</samp>" at startup?</a></li> 255 256 <li><a href="#nodelay">Why am I getting "<samp>httpd: 257 could not set socket option TCP_NODELAY</samp>" in my 258 error log?</a></li> 259 260 <li><a href="#peerreset">Why am I getting 261 "<samp>connection reset by peer</samp>" in my error 262 log?</a></li> 263 264 <li><a href="#wheres-the-dump">The errorlog says Apache 265 dumped core, but where's the dump file?</a></li> 266 267 <li><a href="#linux-shmget">When I run it under Linux I 268 get "shmget: function not found", what should I 269 do?</a></li> 270 271 <li><a href="#nfslocking">Server hangs, or fails to 272 start, and/or error log fills with "<samp>fcntl: 273 F_SETLKW: No record locks available</samp>" or similar 274 messages</a></li> 275 276 <li><a href="#aixccbug">Why am I getting "<samp>Expected 277 </Directory> but saw </Directory></samp>" 278 when I try to start Apache?</a></li> 279 280 <li><a href="#redhat">I'm using RedHat Linux and I have 281 problems with httpd dying randomly or not restarting 282 properly</a></li> 283 284 <li><a href="#stopping">I upgraded from an Apache version 285 earlier than 1.2.0 and suddenly I have problems with 286 Apache dying randomly or not restarting properly</a></li> 287 288 <li><a href="#setservername">When I try to start Apache 289 from a DOS window, I get a message like "<samp>Cannot 290 determine host name. Use ServerName directive to set it 291 manually.</samp>" What does this mean?</a></li> 292 293 <li><a href="#ws2_32dll">When I try to start Apache for 294 Windows, I get a message like "<samp>Unable To Locate 295 WS2_32.DLL...</samp>". What should I do?</a></li> 296 297 <li><a href="#WSADuplicateSocket">Apache for Windows does 298 not start. Error log contains this message "<samp>[crit] 299 (10045) The attempted operation is not supported for the 300 type of object referenced: Parent: WSADuplicateSocket 301 failed for socket ###</samp>". What does this 302 mean?</a></li> 303 304 <li><a href="#err1067">When I try to start Apache on 305 Windows, I get a message like "<code>System error 1067 306 has occurred. The process terminated 307 unexpectedly.</code>" What does this mean?</a></li> 308 309 <li><a href="#suseFDN">On a SuSE Linux system, I try and 310 configure access control using basic authentication. 311 Although I follow the example exactly, authentication 312 fails, and an error message "<code>admin: not a valid 313 FDN: ....</code>" is logged.</a></li> 314 315 <li><a href="#codered">Why do I have weird entries in my 316 logs asking for <code>default.ida</code> and 317 <code>cmd.exe</code>?</a></li> 318 319 <li><a href="#restart">Why am I getting server restart 320 messages periodically, when I did not restart the 321 server?</a></li> 322 323 <li><a href="#modulemagic">Why am I getting "module 324 <em>module-name</em> is not compatible with this version of 325 Apache" messages in my error log?</a></li> 326 327 </ol> 328 </li> 329 330 331 332 333 </body> 334</html> 335 336 337 338 339 340 341 342 343 344 345 346 347 348 <li value="5"> 349 <strong>Configuration Questions</strong> 350 351 <ol> 352 <li><a href="#fdlim">Why can't I run more than 353 <<em>n</em>> virtual hosts?</a></li> 354 355 <li><a href="#freebsd-setsize">Can I increase 356 <samp>FD_SETSIZE</samp> on FreeBSD?</a></li> 357 358 <li><a href="#errordoc401">Why doesn't my 359 <code>ErrorDocument 401</code> work?</a></li> 360 361 <li><a href="#cookies1">Why does Apache send a cookie on 362 every response?</a></li> 363 364 <li><a href="#jdk1-and-http1.1">Why do my Java app[let]s 365 give me plain text when I request an URL from an Apache 366 server?</a></li> 367 368 <li><a href="#midi">How do I get Apache to send a MIDI 369 file so the browser can play it?</a></li> 370 371 <li><a href="#addlog">How do I add browsers and referrers 372 to my logs?</a></li> 373 374 <li><a href="#set-servername">Why does accessing 375 directories only work when I include the trailing "/" 376 (<em>e.g.</em>, <samp>http://foo.domain.com/~user/</samp>) 377 but not when I omit it 378 (<em>e.g.</em>, <samp>http://foo.domain.com/~user</samp>)?</a></li> 379 380 <li><a href="#no-info-directives">Why doesn't mod_info 381 list any directives?</a></li> 382 383 <li><a href="#namevhost">I upgraded to Apache 1.3 and now 384 my virtual hosts don't work!</a></li> 385 386 <li><a href="#redhat-htm">I'm using RedHat Linux and my 387 .htm files are showing up as HTML source rather than 388 being formatted!</a></li> 389 390 <li><a href="#htaccess-work">My <code>.htaccess</code> 391 files are being ignored.</a></li> 392 393 <li><a href="#forbidden">Why do I get a 394 "<samp>Forbidden</samp>" message whenever I try to access 395 a particular directory?</a></li> 396 397 <li><a href="#malfiles">Why do I get a 398 "<samp>Forbidden/You don't have permission to access / on 399 this server</samp>" message whenever I try to access my 400 server?</a></li> 401 402 <li><a href="#ie-ignores-mime">Why do my files appear 403 correctly in Internet Explorer, but show up as source or 404 trigger a save window with Netscape; or, Why doesn't 405 Internet Explorer render my text/plain document 406 correctly?</a></li> 407 408 <li><a href="#canonical-hostnames">My site is accessible 409 under many different hostnames; how do I redirect clients 410 so that they see only a single name?</a></li> 411 412 <li><a href="#firewall">Why can I access my website from the 413 server or from my local network, but I can't access it from 414 elsewhere on the Internet?</a></li> 415 416 <li><a href="#indexes">How do I turn automatic directory listings 417 on or off?</a></li> 418 419 <li><a href="#options">Why do my Options directives not have 420 the desired effect?</a></li> 421 422 <li><a href="#serverheader">How can I change the information 423 that Apache returns about itself in the headers?</a></li> 424 425 <li><a href="#proxyscan">Why do I see requests for other sites 426 appearing in my log files?</a></li> 427 428 </ol> 429 </li> 430 431 432 433 434 </body> 435</html> 436 437 438 439 440 441 442 443 444 445 446 447 448 449 <li value="6"> 450 <strong>Dynamic Content (CGI and SSI)</strong> 451 452 <ol> 453 <li><a href="#CGIoutsideScriptAlias">How do I enable CGI 454 execution in directories other than the 455 ScriptAlias?</a></li> 456 457 <li><a href="#premature-script-headers">What does it mean 458 when my CGIs fail with "<samp>Premature end of script 459 headers</samp>"?</a></li> 460 461 <li><a href="#POSTnotallowed">Why do I keep getting 462 "Method Not Allowed" for form POST requests?</a></li> 463 464 <li><a href="#nph-scripts">How can I get my script's 465 output without Apache buffering it? Why doesn't my server 466 push work?</a></li> 467 468 <li><a href="#cgi-spec">Where can I find the "CGI 469 specification"?</a></li> 470 471 <li><a href="#fastcgi">Why isn't FastCGI included with 472 Apache any more?</a></li> 473 474 <li><a href="#ssi-part-i">How do I enable SSI (parsed 475 HTML)?</a></li> 476 477 <li><a href="#ssi-part-ii">Why don't my parsed files get 478 cached?</a></li> 479 480 <li><a href="#ssi-part-iii">How can I have my script 481 output parsed?</a></li> 482 483 <li><a href="#ssi-part-iv">SSIs don't work for 484 VirtualHosts and/or user home directories</a></li> 485 486 <li><a href="#errordocssi">How can I use 487 <code>ErrorDocument</code> and SSI to simplify customized 488 error messages?</a></li> 489 490 <li><a href="#remote-user-var">Why is the environment 491 variable <samp>REMOTE_USER</samp> not set?</a></li> 492 493 <li><a href="#user-cgi">How do I allow each of my user 494 directories to have a cgi-bin directory?</a></li> 495 </ol> 496 </li> 497 498 499 500 501 </body> 502</html> 503 504 505 506 507 508 509 510 511 512 513 514 515 516 <li value="7"> 517 <strong>Authentication and Access Restrictions</strong> 518 519 <ol> 520 <li><a href="#dnsauth">Why isn't restricting access by 521 host or domain name working correctly?</a></li> 522 523 <li><a href="#user-authentication">How do I set up Apache 524 to require a username and password to access certain 525 documents?</a></li> 526 527 <li><a href="#remote-auth-only">How do I set up Apache to 528 allow access to certain documents only if a site is 529 either a local site <em>or</em> the user supplies a 530 password and username?</a></li> 531 532 <li><a href="#authauthoritative">Why does my 533 authentication give me a server error?</a></li> 534 535 <li><a href="#auth-on-same-machine">Do I have to keep the 536 (mSQL) authentication information on the same 537 machine?</a></li> 538 539 <li><a href="#msql-slow">Why is my mSQL authentication 540 terribly slow?</a></li> 541 542 <li><a href="#passwdauth">Can I use my 543 <samp>/etc/passwd</samp> file for Web page 544 authentication?</a></li> 545 546 <li><a href="#prompted-twice">Why does Apache ask for my 547 password twice before serving a file?</a></li> 548 549 <li><a href="#image-theft">How can I prevent people from 550 "stealing" the images from my web site?</a></li> 551 552 </ol> 553 </li> 554 555 556 557 558 </body> 559</html> 560 561 562 563 564 565 566 567 568 569 570 571 572 573 <li value="8"> 574 <strong>URL Rewriting</strong> 575 576 <ol> 577 <li><a href="#rewrite-more-config">Where can I find 578 mod_rewrite rulesets which already solve particular 579 URL-related problems?</a></li> 580 581 <li><a href="#rewrite-article">Where can I find any 582 published information about URL-manipulations and 583 mod_rewrite?</a></li> 584 585 <li><a href="#rewrite-complexity">Why is mod_rewrite so 586 difficult to learn and seems so complicated?</a></li> 587 588 <li><a href="#rewrite-dontwork">What can I do if my 589 RewriteRules don't work as expected?</a></li> 590 591 <li><a href="#rewrite-prefixdocroot">Why don't some of my 592 URLs get prefixed with DocumentRoot when using 593 mod_rewrite?</a></li> 594 595 <li><a href="#rewrite-nocase">How can I make all my URLs 596 case-insensitive with mod_rewrite?</a></li> 597 598 <li><a href="#rewrite-virthost">Why are RewriteRules in 599 my VirtualHost parts ignored?</a></li> 600 601 <li><a href="#rewrite-envwhitespace">How can I use 602 strings with whitespaces in RewriteRule's ENV 603 flag?</a></li> 604 </ol> 605 </li> 606 607 608 609 610 </body> 611</html> 612 613 614 615 616 617 618 619 620 621 622 623 624 625 <li value="9"> 626 <strong>Features</strong> 627 628 <ol> 629 <li><a href="#proxy">Does or will Apache act as a Proxy 630 server?</a></li> 631 632 <li><a href="#multiviews">What are "multiviews"?</a></li> 633 634 <li><a href="#putsupport">Why can't I publish to my 635 Apache server using PUT on Netscape Gold and other 636 programs?</a></li> 637 638 <li><a href="#SSL-i">Why doesn't Apache include 639 SSL?</a></li> 640 641 <li><a href="#footer">How can I attach a footer to my 642 documents without using SSI?</a></li> 643 644 <li><a href="#search">Does Apache include a search 645 engine?</a></li> 646 647 <li><a href="#rotate">How can I rotate my log 648 files?</a></li> 649 650 <li><a href="#conditional-logging">How do I keep certain 651 requests from appearing in my logs?</a></li> 652 653 <li><a href="#dbinteg">Does Apache include any sort of 654 database integration?</a></li> 655 656 <li><a href="#asp">Can I use Active Server Pages (ASP) 657 with Apache?</a></li> 658 659 <li><a href="#java">Does Apache come with Java 660 support?</a></li> 661 </ol> 662 </li> 663 664 665 666 667 </body> 668</html> 669 670 671 </ol> 672 <hr /> 673 674 <h2>The Answers</h2> 675 676 677 678 679 680 681 682 683 684 685 686 687 688 <h3>A. Background</h3> 689 690 <ol> 691 <li> 692 <a id="what" name="what"><strong>What is 693 Apache?</strong></a> 694 695 <p>The Apache httpd server</p> 696 697 <ul> 698 <li>is a powerful, flexible, HTTP/1.1 compliant web 699 server</li> 700 701 <li>implements the latest protocols, including HTTP/1.1 702 (RFC2616)</li> 703 704 <li>is highly configurable and extensible with 705 third-party modules</li> 706 707 <li>can be customised by writing 'modules' using the 708 Apache module API</li> 709 710 <li>provides full source code and comes with an 711 unrestrictive license</li> 712 713 <li>runs on Windows NT/9x, Netware 5.x and above, OS/2, and most 714 versions of Unix, as well as several other operating 715 systems</li> 716 717 <li>is actively being developed</li> 718 719 <li>encourages user feedback through new ideas, bug 720 reports and patches</li> 721 722 <li> 723 implements many frequently requested features, 724 including:<br /> 725 <br /> 726 727 728 <dl> 729 <dt>DBM databases for authentication</dt> 730 731 <dd>allows you to easily set up password-protected 732 pages with enormous numbers of authorized users, 733 without bogging down the server.</dd> 734 735 <dt>Customized responses to errors and problems</dt> 736 737 <dd>Allows you to set up files, or even CGI scripts, 738 which are returned by the server in response to 739 errors and problems, e.g. setup a script to intercept 740 <strong>500 Server Error</strong>s and perform 741 on-the-fly diagnostics for both users and 742 yourself.</dd> 743 744 <dt>Multiple DirectoryIndex directives</dt> 745 746 <dd>Allows you to say <code>DirectoryIndex index.html 747 index.cgi</code>, which instructs the server to 748 either send back <code>index.html</code> or run 749 <code>index.cgi</code> when a directory URL is 750 requested, whichever it finds in the directory.</dd> 751 752 <dt>Unlimited flexible URL rewriting and 753 aliasing</dt> 754 755 <dd>Apache has no fixed limit on the numbers of 756 Aliases and Redirects which may be declared in the 757 config files. In addition, a powerful rewriting 758 engine can be used to solve most URL manipulation 759 problems.</dd> 760 761 <dt>Content negotiation</dt> 762 763 <dd>i.e. the ability to automatically serve clients 764 of varying sophistication and HTML level compliance, 765 with documents which offer the best representation of 766 information that the client is capable of 767 accepting.</dd> 768 769 <dt>Virtual Hosts</dt> 770 771 <dd>A much requested feature, sometimes known as 772 multi-homed servers. This allows the server to 773 distinguish between requests made to different IP 774 addresses or names (mapped to the same machine). 775 Apache also offers dynamically configurable 776 mass-virtual hosting.</dd> 777 778 <dt>Configurable Reliable Piped Logs</dt> 779 780 <dd>You can configure Apache to generate logs in the 781 format that you want. In addition, on most Unix 782 architectures, Apache can send log files to a pipe, 783 allowing for log rotation, hit filtering, real-time 784 splitting of multiple vhosts into separate logs, and 785 asynchronous DNS resolving on the fly.</dd> 786 </dl> 787 </li> 788 </ul> 789 <hr /> 790 </li> 791 792 <li> 793 <a id="why" name="why"><strong>How and why was Apache 794 created?</strong></a> 795 796 <p>The <a 797 href="http://httpd.apache.org/ABOUT_APACHE.html">About 798 Apache</a> document explains how the Apache project evolved 799 from its beginnings as an outgrowth of the NCSA httpd 800 project to its current status as one of the fastest, most 801 efficient, and most functional web servers in 802 existence.</p> 803 <hr /> 804 </li> 805 806 <li> 807 <a id="name" name="name"><strong>Why the name 808 "Apache"?</strong></a> 809 810 <p>The name 'Apache' was chosen from respect for 811 the Native American Indian tribe of Apache (Indé), 812 <a href="http://www.indians.org/welker/apache.htm">well-known 813 for their superior skills in warfare strategy and their 814 inexhaustible endurance</a>. For more information on the 815 Apache Nation, we suggest searching 816 <a href="http://www.google.com/search?q=Apache+Nation">Google</a>, 817 <a href="http://www.northernlight.com/nlquery.fcg?qr=Apache+Nation" 818 >Northernlight</a>, or 819 <a href="http://www.alltheweb.com/cgi-bin/asearch?query=Apache+Nation" 820 >AllTheWeb</a>.</p> 821 822 <p>Secondarily, and more popularly (though incorrectly) accepted, 823 it's a considered cute name which stuck. Apache is "<strong>A 824 PA</strong>t<strong>CH</strong>y server". It was based on 825 some existing code and a series of "patch files".</p> 826 827 <hr /> 828 </li> 829 830 <li> 831 <a id="compare" name="compare"><strong>OK, so how does 832 Apache compare to other servers?</strong></a> 833 834 <p>For an independent assessment, see <a 835 href="http://webcompare.internet.com/">Web 836 Compare</a>.</p> 837 838 <p>Apache has been shown to be substantially faster, more 839 stable, and more feature-full than many other web servers. 840 Although certain commercial servers have claimed to surpass 841 Apache's speed (it has not been demonstrated that any of 842 these "benchmarks" are a good way of measuring WWW server 843 speed at any rate), we feel that it is better to have a 844 mostly-fast free server than an extremely-fast server that 845 costs thousands of dollars. Apache is run on sites that get 846 millions of hits per day, and they have experienced no 847 performance difficulties.</p> 848 <hr /> 849 </li> 850 851 <li> 852 <a id="tested" name="tested"><strong>How thoroughly tested 853 is Apache?</strong></a> 854 855 <p>Apache is run on over 6 million Internet servers (as of 856 February 2000). It has been tested thoroughly by both 857 developers and users. The Apache Group maintains rigorous 858 standards before releasing new versions of their server, 859 and our server runs without a hitch on over one half of all 860 WWW servers available on the Internet. When bugs do show 861 up, we release patches and new versions as soon as they are 862 available.</p> 863 <hr /> 864 </li> 865 866 <li> 867 <a id="future" name="future"><strong>What are the future 868 plans for Apache?</strong></a> 869 870 <ul> 871 <li>to continue to be an "open source" no-charge-for-use 872 HTTP server,</li> 873 874 <li>to keep up with advances in HTTP protocol and web 875 developments in general,</li> 876 877 <li>to collect suggestions for fixes/improvements from 878 its users,</li> 879 880 <li>to respond to needs of large volume providers as well 881 as occasional users.</li> 882 </ul> 883 <hr /> 884 </li> 885 886 <li> 887 <a id="support" name="support"><strong>Whom do I contact 888 for support?</strong></a> 889 890 <p>There is no official support for Apache. None of the 891 developers want to be swamped by a flood of trivial 892 questions that can be resolved elsewhere. Bug reports and 893 suggestions should be sent <em>via</em> <a 894 href="http://httpd.apache.org/bug_report.html">the bug 895 report page</a>. Other questions should be directed to the 896 <a href="http://httpd.apache.org/userslist.html">Apache HTTP 897 Server Users List</a> or the 898 <a 899 href="news:comp.infosystems.www.servers.unix">comp.infosystems.www.servers.unix</a> 900 or <a 901 href="news:comp.infosystems.www.servers.ms-windows">comp.infosystems.www.servers.ms-windows</a> 902 newsgroup (as appropriate for the platform you use), where 903 some of the Apache team lurk, in the company of many other 904 httpd gurus who should be able to help.</p> 905 906 <p>Commercial support for Apache is, however, available 907 from a number of third parties.</p> 908 <hr /> 909 </li> 910 911 <li> 912 <a id="more" name="more"><strong>Is there any more 913 information available on Apache?</strong></a> 914 915 <p>Indeed there is. See the main <a 916 href="http://httpd.apache.org/">Apache web site</a>. There 917 is also a regular electronic publication called <a 918 href="http://www.apacheweek.com/" rel="Help"><cite>Apache 919 Week</cite></a> available. Links to relevant <cite>Apache 920 Week</cite> articles are included below where appropriate. 921 There are also some <a 922 href="http://httpd.apache.org/info/apache_books.html">Apache-specific 923 books</a> available.</p> 924 <hr /> 925 </li> 926 927 <li> 928 <a id="where" name="where"><strong>Where can I get 929 Apache?</strong></a> 930 931 <p>You can find out how to download the source for Apache 932 at the project's <a href="http://httpd.apache.org/">main 933 web page</a>.</p> 934 <hr /> 935 </li> 936 937 <li> 938 <a id="logo" name="logo"><b>May I use the Apache logo on my 939 product or Web site?</b></a> 940 941 <p>You may <b>NOT</b> use any original artwork from the 942 Apache Software Foundation, nor make or use modified 943 versions of such artwork, except under the following 944 conditions:</p> 945 946 <ul> 947 <li>You may use the <a 948 href="../../apache_pb.gif">'Powered by Apache' 949 graphic</a> on a Web site that is being served by the 950 Apache HTTP server software.</li> 951 952 <li>You may use the aforementioned 'Powered by Apache' 953 graphic or the <a 954 href="http://www.apache.org/images/asf_logo.gif"> 955 Apache Software Foundation logo</a> in product 956 description and promotional material <b>IF and ONLY 957 IF</b> such use can in no way be interpreted as anything 958 other than an attribution. Using the Apache name and 959 artwork in a manner that implies endorsement of a product 960 or service is <b>strictly forbidden</b>.</li> 961 </ul> 962 <hr /> 963 </li> 964 </ol> 965 966 967 </body> 968</html> 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 <h3>B. General Technical Questions</h3> 985 986 <ol> 987 <li> 988 <a id="what2do" name="what2do"><strong>"Why can't I ...? 989 Why won't ... work?" What to do in case of 990 problems</strong></a> 991 992 <p>If you are having trouble with your Apache server 993 software, you should take the following steps:</p> 994 995 <ol> 996 <li> 997 <strong>Check the errorlog!</strong> 998 999 <p>Apache tries to be helpful when it encounters a 1000 problem. In many cases, it will provide some details by 1001 writing one or messages to the server error log. 1002 Sometimes this is enough for you to diagnose & fix 1003 the problem yourself (such as file permissions or the 1004 like). The default location of the error log is 1005 <samp>/usr/local/apache/logs/error_log</samp>, but see 1006 the <a 1007 href="../mod/core.html#errorlog"><samp>ErrorLog</samp></a> 1008 directive in your config files for the location on your 1009 server.</p> 1010 </li> 1011 1012 <li> 1013 <strong>Check the <a 1014 href="http://httpd.apache.org/docs/misc/FAQ.html">FAQ</a>!</strong> 1015 1016 1017 <p>The latest version of the Apache Frequently-Asked 1018 Questions list can always be found at the main Apache 1019 web site.</p> 1020 </li> 1021 1022 <li> 1023 <strong>Check the Apache bug database</strong> 1024 1025 <p>Most problems that get reported to The Apache Group 1026 are recorded in the <a 1027 href="http://bugs.apache.org/">bug database</a>. 1028 <em><strong>Please</strong> check the existing reports, 1029 open <strong>and</strong> closed, before adding 1030 one.</em> If you find that your issue has already been 1031 reported, please <em>don't</em> add a "me, too" report. 1032 If the original report isn't closed yet, we suggest 1033 that you check it periodically. You might also consider 1034 contacting the original submitter, because there may be 1035 an email exchange going on about the issue that isn't 1036 getting recorded in the database.</p> 1037 </li> 1038 1039 <li> 1040 <strong>Ask in a user support group.</strong> 1041 1042 <p>A lot of common problems never make it to the bug 1043 database because there's already high Q&A traffic 1044 about them in the <a 1045 href="http://httpd.apache.org/userslist.html">Users 1046 mailing list</a> or <a 1047 href="news:comp.infosystems.www.servers.unix"><samp>comp.infosystems.www.servers.unix</samp></a> 1048 and related newsgroups. These newsgroups are also 1049 available via <a 1050 href="http://groups.google.com/groups?group=comp.infosystems.www.servers"> 1051 Google</a>. Many Apache users, and some of the developers, 1052 can be found roaming their virtual halls, so it is suggested 1053 that you seek wisdom there. The chances are good that 1054 you'll get a faster answer there than from the bug 1055 database, even if you <em>don't</em> see your question 1056 already posted.</p> 1057 </li> 1058 1059 <li> 1060 <strong>If all else fails, report the problem in the 1061 bug database</strong> 1062 1063 <p>If you've gone through those steps above that are 1064 appropriate and have obtained no relief, then please 1065 <em>do</em> let The Apache Group know about the problem 1066 by <a 1067 href="http://httpd.apache.org/bug_report.html">logging 1068 a bug report</a>.</p> 1069 1070 <p>If your problem involves the server crashing and 1071 generating a core dump, please include a backtrace (if 1072 possible). As an example,</p> 1073 1074 <dl> 1075 <dd><code># cd <em>ServerRoot</em><br /> 1076 # dbx httpd core<br /> 1077 (dbx) where</code></dd> 1078 </dl> 1079 1080 <p>(Substitute the appropriate locations for your 1081 <samp>ServerRoot</samp> and your <samp>httpd</samp> and 1082 <samp>core</samp> files. You may have to use 1083 <code>gdb</code> instead of <code>dbx</code>.)</p> 1084 </li> 1085 </ol> 1086 <hr /> 1087 </li> 1088 1089 <li> 1090 <a id="compatible" name="compatible"><strong>How compatible 1091 is Apache with my existing NCSA 1.3 setup?</strong></a> 1092 1093 <p>Apache attempts to offer all the features and 1094 configuration options of NCSA httpd 1.3, as well as many of 1095 the additional features found in NCSA httpd 1.4 and NCSA 1096 httpd 1.5.</p> 1097 1098 <p>NCSA httpd appears to be moving toward adding 1099 experimental features which are not generally required at 1100 the moment. Some of the experiments will succeed while 1101 others will inevitably be dropped. The Apache philosophy is 1102 to add what's needed as and when it is needed.</p> 1103 1104 <p>Friendly interaction between Apache and NCSA developers 1105 should ensure that fundamental feature enhancements stay 1106 consistent between the two servers for the foreseeable 1107 future.</p> 1108 <hr /> 1109 </li> 1110 1111 <li> 1112 <a id="year2000" name="year2000"><strong>Is Apache Year 1113 2000 compliant?</strong></a> 1114 1115 <p>Yes, Apache is Year 2000 compliant.</p> 1116 1117 <p>Apache internally never stores years as two digits. On 1118 the HTTP protocol level RFC1123-style addresses are 1119 generated which is the only format a HTTP/1.1-compliant 1120 server should generate. To be compatible with older 1121 applications Apache recognizes ANSI C's 1122 <code>asctime()</code> and RFC850-/RFC1036-style date 1123 formats, too. The <code>asctime()</code> format uses 1124 four-digit years, but the RFC850 and RFC1036 date formats 1125 only define a two-digit year. If Apache sees such a date 1126 with a value less than 70 it assumes that the century is 1127 <samp>20</samp> rather than <samp>19</samp>.</p> 1128 1129 <p>Although Apache is Year 2000 compliant, you may still 1130 get problems if the underlying OS has problems with dates 1131 past year 2000 (<em>e.g.</em>, OS calls which accept or 1132 return year numbers). Most (UNIX) systems store dates 1133 internally as signed 32-bit integers which contain the 1134 number of seconds since 1<sup>st</sup> January 1970, so the 1135 magic boundary to worry about is the year 2038 and not 1136 2000. But modern operating systems shouldn't cause any 1137 trouble at all.</p> 1138 1139 <p>The Apache HTTP Server project is an open-source 1140 software product of the Apache Software Foundation. The 1141 project and the Foundation <b>cannot</b> offer legal 1142 assurances regarding any suitability of the software for 1143 your application. There are several commercial Apache 1144 support organizations and derivative server products 1145 available that may be able to stand behind the software and 1146 provide you with any assurances you may require. You may 1147 find links to some of these vendors at <samp><<a 1148 href="http://www.apache.org/info/support.cgi">http://www.apache.org/info/support.cgi</a>></samp>.</p> 1149 1150 <p>The Apache HTTP server software is distributed with the 1151 following disclaimer, found in the software license:</p> 1152<pre> 1153 THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY 1154 EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1155 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 1156 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR 1157 ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 1158 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1159 NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 1160 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1161 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1162 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 1163 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 1164 OF THE POSSIBILITY OF SUCH DAMAGE. 1165 1166</pre> 1167 <hr /> 1168 </li> 1169 1170 <li> 1171 <a id="submit_patch" name="submit_patch"><strong>How do I 1172 submit a patch to the Apache Group?</strong></a> 1173 1174 <p>The Apache Group encourages patches from outside 1175 developers. There are 2 main "types" of patches: small 1176 bugfixes and general improvements. Bugfixes should be 1177 submitting using the Apache <a 1178 href="http://httpd.apache.org/bug_report.html">bug report 1179 page</a>. Improvements, modifications, and additions should 1180 follow the instructions below.</p> 1181 1182 <p>In general, the first course of action is to be a member 1183 of the <samp>dev@httpd.apache.org</samp> mailing list. This 1184 indicates to the Group that you are closely following the 1185 latest Apache developments. Your patch file should be 1186 generated using either '<code>diff -c</code>' or 1187 '<code>diff -u</code>' against the latest CVS tree. To 1188 submit your patch, send email to 1189 <samp>dev@httpd.apache.org</samp> with a 1190 <samp>Subject:</samp> line that starts with 1191 <samp>[PATCH]</samp> and includes a general description of 1192 the patch. In the body of the message, the patch should be 1193 clearly described and then included at the end of the 1194 message. If the patch-file is long, you can note a URL to 1195 the file instead of the file itself. Use of MIME 1196 enclosures/attachments should be avoided.</p> 1197 1198 <p>Be prepared to respond to any questions about your 1199 patches and possibly defend your code. If your patch 1200 results in a lot of discussion, you may be asked to submit 1201 an updated patch that incorporates all changes and 1202 suggestions.</p> 1203 <hr /> 1204 </li> 1205 1206 <li> 1207 <a id="domination" name="domination"><strong>Why has Apache 1208 stolen my favourite site's Internet address?</strong></a> 1209 1210 <p>The simple answer is: "It hasn't." This misconception is 1211 usually caused by the site in question having migrated to 1212 the Apache Web server software, but not having migrated the 1213 site's content yet. When Apache is installed, the default 1214 page that gets installed tells the Webmaster the 1215 installation was successful. The expectation is that this 1216 default page will be replaced with the site's real content. 1217 If it doesn't, complain to the Webmaster, not to the Apache 1218 project -- we just make the software and aren't responsible 1219 for what people do (or don't do) with it.</p> 1220 <hr /> 1221 </li> 1222 1223 <li> 1224 <a id="apspam" name="apspam"><strong>Why am I getting spam 1225 mail from the Apache site?</strong></a> 1226 1227 <p>The short answer is: "You aren't." Usually when someone 1228 thinks the Apache site is originating spam, it's because 1229 they've traced the spam to a Web site, and the Web site 1230 says it's using Apache. See the <a 1231 href="#domination">previous FAQ entry</a> for more details 1232 on this phenomenon.</p> 1233 1234 <p>No marketing spam originates from the Apache site. The 1235 only mail that comes from the site goes only to addresses 1236 that have been <em>requested</em> to receive the mail.</p> 1237 <hr /> 1238 </li> 1239 1240 <li> 1241 <a id="redist" name="redist"><strong>May I include the 1242 Apache software on a CD or other package I'm 1243 distributing?</strong></a> 1244 1245 <p>The detailed answer to this question can be found in the 1246 Apache license, which is included in the Apache 1247 distribution in the file <code>LICENSE</code>. You can also 1248 find it on the Web at <samp><<a 1249 href="http://www.apache.org/LICENSE.txt">http://www.apache.org/LICENSE.txt</a>></samp>.</p> 1250 <hr /> 1251 </li> 1252 1253 <li> 1254 <a id="zoom" name="zoom"><strong>What's the best 1255 hardware/operating system/... How do I get the most out of 1256 my Apache Web server?</strong></a> 1257 1258 <p>Check out Dean Gaudet's <a 1259 href="perf-tuning.html">performance tuning page</a>.</p> 1260 <hr /> 1261 </li> 1262 1263 <li> 1264 <a id="regex" name="regex"><strong>What are "regular 1265 expressions"?</strong></a> 1266 1267 <p>Regular expressions are a way of describing a pattern - 1268 for example, "all the words that begin with the letter A" 1269 or "every 10-digit phone number" or even "Every sentence 1270 with two commas in it, and no capital letter Q". Regular 1271 expressions (aka "regex"s) are useful in Apache because 1272 they let you apply certain attributes against collections 1273 of files or resources in very flexible ways - for example, 1274 all .gif and .jpg files under any "images" directory could 1275 be written as /\/images\/.*(jpg|gif)$/.</p> 1276 1277 <p>The best overview around is probably the one which comes 1278 with Perl. We implement a simple subset of Perl's regex 1279 support, but it's still a good way to learn what they mean. 1280 You can start by going to the <a 1281 href="http://www.perl.com/doc/manual/html/pod/perlre.html">CPAN 1282 page on regular expressions</a>, and branching out from 1283 there.</p> <hr /> 1284 </li> 1285 1286 <li> 1287 <a id="binaries" name="binaries"><b>Why isn't there a 1288 binary for my platform?</b></a> 1289 1290 <p>The developers make sure that the software builds and 1291 works correctly on the platforms available to them; this 1292 does <i>not</i> necessarily mean that <i>your</i> platform 1293 is one of them. In addition, the Apache HTTP server project 1294 is primarily source oriented, meaning that distributing 1295 valid and buildable source code is the purpose of a 1296 release, not making sure that there is a binary package for 1297 all of the supported platforms.</p> 1298 1299 <p>If you don't see a kit for your platform listed in the 1300 binary distribution area (<URL:<a 1301 href="http://httpd.apache.org/dist/httpd/binaries/">http://httpd.apache.org/dist/httpd/binaries/</a>>), 1302 it means either that the platform isn't available to any of 1303 the developers, or that they just haven't gotten around to 1304 preparing a binary for it. As this is a voluntary project, 1305 they are under no obligation to do so. Users are encouraged 1306 and expected to build the software themselves.</p> 1307 1308 <p>The sole exception to these practices is the Windows 1309 package. Unlike most Unix and Unix-like platforms, Windows 1310 systems do not come with a bundled software development 1311 environment, so we <i>do</i> prepare binary kits for 1312 Windows when we make a release. Again, however, it's a 1313 voluntary thing and only a limited number of the developers 1314 have the capability to build the InstallShield package, so 1315 the Windows release may lag somewhat behind the source 1316 release. This lag should be no more than a few days at 1317 most.</p> 1318 <hr /> 1319 </li> 1320 </ol> 1321 1322 1323 </body> 1324</html> 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 <h3>C. Building Apache</h3> 1341 1342 <ol> 1343 <li> 1344 <a id="bind8.1" name="bind8.1"><strong>Why do I get an 1345 error about an undefined reference to 1346 "<samp>__inet_ntoa</samp>" or other <samp>__inet_*</samp> 1347 symbols?</strong></a> 1348 1349 <p>If you have installed <a 1350 href="http://www.isc.org/bind.html">BIND-8</a> then this is 1351 normally due to a conflict between your include files and 1352 your libraries. BIND-8 installs its include files and 1353 libraries <code>/usr/local/include/</code> and 1354 <code>/usr/local/lib/</code>, while the resolver that comes 1355 with your system is probably installed in 1356 <code>/usr/include/</code> and <code>/usr/lib/</code>. If 1357 your system uses the header files in 1358 <code>/usr/local/include/</code> before those in 1359 <code>/usr/include/</code> but you do not use the new 1360 resolver library, then the two versions will conflict.</p> 1361 1362 <p>To resolve this, you can either make sure you use the 1363 include files and libraries that came with your system or 1364 make sure to use the new include files and libraries. 1365 Adding <code>-lbind</code> to the 1366 <code>EXTRA_LDFLAGS</code> line in your 1367 <samp>Configuration</samp> file, then re-running 1368 <samp>Configure</samp>, should resolve the problem. (Apache 1369 versions 1.2.* and earlier use <code>EXTRA_LFLAGS</code> 1370 instead.)</p> 1371 1372 <p><strong>Note:</strong>As of BIND 8.1.1, the bind 1373 libraries and files are installed under 1374 <samp>/usr/local/bind</samp> by default, so you should not 1375 run into this problem. Should you want to use the bind 1376 resolvers you'll have to add the following to the 1377 respective lines:</p> 1378 1379 <dl> 1380 <dd><code>EXTRA_CFLAGS=-I/usr/local/bind/include<br /> 1381 EXTRA_LDFLAGS=-L/usr/local/bind/lib<br /> 1382 EXTRA_LIBS=-lbind</code></dd> 1383 </dl> 1384 <hr /> 1385 </li> 1386 1387 <li> 1388 <a id="cantbuild" name="cantbuild"><strong>Why won't Apache 1389 compile with my system's <samp>cc</samp>?</strong></a> 1390 1391 <p>If the server won't compile on your system, it is 1392 probably due to one of the following causes:</p> 1393 1394 <ul> 1395 <li><strong>The <samp>Configure</samp> script doesn't 1396 recognize your system environment.</strong><br /> 1397 This might be either because it's completely unknown or 1398 because the specific environment (include files, OS 1399 version, <em>et cetera</em>) isn't explicitly handled. If 1400 this happens, you may need to port the server to your OS 1401 yourself.</li> 1402 1403 <li><strong>Your system's C compiler is 1404 garbage.</strong><br /> 1405 Some operating systems include a default C compiler that 1406 is either not ANSI C-compliant or suffers from other 1407 deficiencies. The usual recommendation in cases like this 1408 is to acquire, install, and use <samp>gcc</samp>.</li> 1409 1410 <li><strong>Your <samp>include</samp> files may be 1411 confused.</strong><br /> 1412 In some cases, we have found that a compiler 1413 installation or system upgrade has left the C header 1414 files in an inconsistent state. Make sure that your 1415 include directory tree is in sync with the compiler and 1416 the operating system.</li> 1417 1418 <li><strong>Your operating system or compiler may be out 1419 of revision.</strong><br /> 1420 Software vendors (including those that develop operating 1421 systems) issue new releases for a reason; sometimes to 1422 add functionality, but more often to fix bugs that have 1423 been discovered. Try upgrading your compiler and/or your 1424 operating system.</li> 1425 </ul> 1426 1427 <p>The Apache Group tests the ability to build the server 1428 on many different platforms. Unfortunately, we can't test 1429 all of the OS platforms there are. If you have verified 1430 that none of the above issues is the cause of your problem, 1431 and it hasn't been reported before, please submit a <a 1432 href="http://httpd.apache.org/bug_report.html">problem 1433 report</a>. Be sure to include <em>complete</em> details, 1434 such as the compiler & OS versions and exact error 1435 messages.</p> 1436 <hr /> 1437 </li> 1438 1439 <li> 1440 <a id="linuxiovec" name="linuxiovec"><strong>Why do I get 1441 complaints about redefinition of "<code>struct 1442 iovec</code>" when compiling under Linux?</strong></a> 1443 1444 <p>This is a conflict between your C library includes and 1445 your kernel includes. You need to make sure that the 1446 versions of both are matched properly. There are two 1447 workarounds, either one will solve the problem:</p> 1448 1449 <ul> 1450 <li>Remove the definition of <code>struct iovec</code> 1451 from your C library includes. It is located in 1452 <code>/usr/include/sys/uio.h</code>. 1453 <strong>Or,</strong></li> 1454 1455 <li>Add <code>-DNO_WRITEV</code> to the 1456 <code>EXTRA_CFLAGS</code> line in your 1457 <samp>Configuration</samp> and reconfigure/rebuild. This 1458 hurts performance and should only be used as a last 1459 resort.</li> 1460 </ul> 1461 <hr /> 1462 </li> 1463 1464 <li> 1465 <a id="broken-gcc" name="broken-gcc"><strong>I'm using gcc 1466 and I get some compilation errors, what is 1467 wrong?</strong></a> 1468 1469 <p>GCC parses your system header files and produces a 1470 modified subset which it uses for compiling. This behavior 1471 ties GCC tightly to the version of your operating system. 1472 So, for example, if you were running IRIX 5.3 when you 1473 built GCC and then upgrade to IRIX 6.2 later, you will have 1474 to rebuild GCC. Similarly for Solaris 2.4, 2.5, or 2.5.1 1475 when you upgrade to 2.6. Sometimes you can type "gcc -v" 1476 and it will tell you the version of the operating system it 1477 was built against.</p> 1478 1479 <p>If you fail to do this, then it is very likely that 1480 Apache will fail to build. One of the most common errors is 1481 with <code>readv</code>, <code>writev</code>, or 1482 <code>uio.h</code>. This is <strong>not</strong> a bug with 1483 Apache. You will need to re-install GCC.</p> 1484 <hr /> 1485 </li> 1486 1487 <li> 1488 <a id="glibc-crypt" name="glibc-crypt"><strong>I'm using 1489 RedHat Linux 5.0, or some other <samp>glibc</samp>-based 1490 Linux system, and I get errors with the <code>crypt</code> 1491 function when I attempt to build Apache 1.2.</strong></a> 1492 1493 <p><samp>glibc</samp> puts the <code>crypt</code> function 1494 into a separate library. Edit your 1495 <code>src/Configuration</code> file and set this:</p> 1496 1497 <dl> 1498 <dd><code>EXTRA_LIBS=-lcrypt</code></dd> 1499 </dl> 1500 1501 <p>Then re-run <samp>src/Configure</samp> and re-execute 1502 the make.</p> 1503 <hr /> 1504 </li> 1505 </ol> 1506 1507 1508 </body> 1509</html> 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 <h3>D. Error Log Messages and Problems Starting Apache</h3> 1526 1527 <ol> 1528 <li> 1529 <a id="setgid" name="setgid"><strong>Why do I get 1530 "<samp>setgid: Invalid argument</samp>" at 1531 startup?</strong></a> 1532 1533 <p>Your <a 1534 href="../mod/core.html#group"><samp>Group</samp></a> 1535 directive (probably in <samp>conf/httpd.conf</samp>) needs 1536 to name a group that actually exists in the 1537 <samp>/etc/group</samp> file (or your system's equivalent). 1538 This problem is also frequently seen when a negative number 1539 is used in the <code>Group</code> directive (<em>e.g.</em>, 1540 "<code>Group #-1</code>"). Using a group name -- not 1541 group number -- found in your system's group database 1542 should solve this problem in all cases.</p> 1543 <hr /> 1544 </li> 1545 1546 <li> 1547 <a id="nodelay" name="nodelay"><strong>Why am I getting 1548 "<samp>httpd: could not set socket option 1549 TCP_NODELAY</samp>" in my error log?</strong></a> 1550 1551 <p>This message almost always indicates that the client 1552 disconnected before Apache reached the point of calling 1553 <code>setsockopt()</code> for the connection. It shouldn't 1554 occur for more than about 1% of the requests your server 1555 handles, and it's advisory only in any case.</p> 1556 <hr /> 1557 </li> 1558 1559 <li> 1560 <a id="peerreset" name="peerreset"><strong>Why am I getting 1561 "<samp>connection reset by peer</samp>" in my error 1562 log?</strong></a> 1563 1564 <p>This is a normal message and nothing about which to be 1565 alarmed. It simply means that the client canceled the 1566 connection before it had been completely set up - such as 1567 by the end-user pressing the "Stop" button. People's 1568 patience being what it is, sites with response-time 1569 problems or slow network links may experience this more 1570 than high capacity ones or those with large pipes to the 1571 network.</p> 1572 <hr /> 1573 </li> 1574 1575 <li> 1576 <a id="wheres-the-dump" name="wheres-the-dump"><strong>The 1577 errorlog says Apache dumped core, but where's the dump 1578 file?</strong></a> 1579 1580 <p>In Apache version 1.2, the error log message about 1581 dumped core includes the directory where the dump file 1582 should be located. However, many Unixes do not allow a 1583 process that has called <code>setuid()</code> to dump core 1584 for security reasons; the typical Apache setup has the 1585 server started as root to bind to port 80, after which it 1586 changes UIDs to a non-privileged user to serve 1587 requests.</p> 1588 1589 <p>Dealing with this is extremely operating 1590 system-specific, and may require rebuilding your system 1591 kernel. Consult your operating system documentation or 1592 vendor for more information about whether your system does 1593 this and how to bypass it. If there <em>is</em> a 1594 documented way of bypassing it, it is recommended that you 1595 bypass it only for the <samp>httpd</samp> server process if 1596 possible.</p> 1597 1598 <p>The canonical location for Apache's core-dump files is 1599 the <a href="../mod/core.html#serverroot">ServerRoot</a> 1600 directory. As of Apache version 1.3, the location can be 1601 set <em>via</em> the <a 1602 href="../mod/core.html#coredumpdirectory"><samp>CoreDumpDirectory</samp></a> 1603 directive to a different directory. Make sure that this 1604 directory is writable by the user the server runs as (as 1605 opposed to the user the server is <em>started</em> as).</p> 1606 <hr /> 1607 </li> 1608 1609 <li> 1610 <a id="linux-shmget" name="linux-shmget"><strong>When I run 1611 it under Linux I get "shmget: function not found", what 1612 should I do?</strong></a> 1613 1614 <p>Your kernel has been built without SysV IPC support. You 1615 will have to rebuild the kernel with that support enabled 1616 (it's under the "General Setup" submenu). Documentation for 1617 kernel building is beyond the scope of this FAQ; you should 1618 consult the <a 1619 href="http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html"> 1620 Kernel HOWTO</a>, or the documentation provided with your 1621 distribution, or a <a 1622 href="http://www.redhat.com/mirrors/LDP/HOWTO/META-FAQ.html"> 1623 Linux newsgroup/mailing list</a>. As a last-resort 1624 workaround, you can comment out the 1625 <code>#define USE_SHMGET_SCOREBOARD</code> definition 1626 in the <samp>LINUX</samp> section of 1627 <samp>src/conf.h</samp> and rebuild the server (prior to 1628 1.3b4, simply removing 1629 <code>#define HAVE_SHMGET</code> would have sufficed). 1630 This will produce a server which is slower and less 1631 reliable.</p> 1632 <hr /> 1633 </li> 1634 1635 <li> 1636 <a id="nfslocking" name="nfslocking"><strong>Server hangs, 1637 or fails to start, and/or error log fills with 1638 "<samp>fcntl: F_SETLKW: No record locks available</samp>" 1639 or similar messages</strong></a> 1640 1641 <p>These are symptoms of a fine locking problem, which 1642 usually means that the server is trying to use a 1643 synchronization file on an NFS filesystem.</p> 1644 1645 <p>Because of its parallel-operation model, the Apache Web 1646 server needs to provide some form of synchronization when 1647 accessing certain resources. One of these synchronization 1648 methods involves taking out locks on a file, which means 1649 that the filesystem whereon the lockfile resides must 1650 support locking. In many cases this means it <em>can't</em> 1651 be kept on an NFS-mounted filesystem.</p> 1652 1653 <p>To cause the Web server to work around the NFS locking 1654 limitations, include a line such as the following in your 1655 server configuration files:</p> 1656 1657 <dl> 1658 <dd><code>LockFile /var/run/apache-lock</code></dd> 1659 </dl> 1660 1661 <p>The directory should not be generally writable 1662 (<em>e.g.</em>, don't use <samp>/var/tmp</samp>). See the 1663 <a 1664 href="../mod/core.html#lockfile"><samp>LockFile</samp></a> 1665 documentation for more information.</p> 1666 <hr /> 1667 </li> 1668 1669 <li> 1670 <a id="aixccbug" name="aixccbug"><strong>Why am I getting 1671 "<samp>Expected </Directory> but saw 1672 </Directory></samp>" when I try to start 1673 Apache?</strong></a> 1674 1675 <p>This is a known problem with certain versions of the AIX 1676 C compiler. IBM are working on a solution, and the issue is 1677 being tracked by <a 1678 href="http://bugs.apache.org/index/full/2312">problem 1679 report #2312</a>.</p> 1680 <hr /> 1681 </li> 1682 1683 <li> 1684 <a id="redhat" name="redhat"><strong>I'm using RedHat Linux 1685 and I have problems with httpd dying randomly or not 1686 restarting properly</strong></a> 1687 1688 <p>RedHat Linux versions 4.x (and possibly earlier) RPMs 1689 contain various nasty scripts which do not stop or restart 1690 Apache properly. These can affect you even if you're not 1691 running the RedHat supplied RPMs.</p> 1692 1693 <p>If you're using the default install then you're probably 1694 running Apache 1.1.3, which is outdated. From RedHat's ftp 1695 site you can pick up a more recent RPM for Apache 1.2.x. 1696 This will solve one of the problems.</p> 1697 1698 <p>If you're using a custom built Apache rather than the 1699 RedHat RPMs then you should <code>rpm -e apache</code>. In 1700 particular you want the mildly broken 1701 <code>/etc/logrotate.d/apache</code> script to be removed, 1702 and you want the broken <code>/etc/rc.d/init.d/httpd</code> 1703 (or <code>httpd.init</code>) script to be removed. The 1704 latter is actually fixed by the apache-1.2.5 RPMs but if 1705 you're building your own Apache then you probably don't 1706 want the RedHat files.</p> 1707 1708 <p>We can't stress enough how important it is for folks, 1709 <em>especially vendors</em> to follow the <a 1710 href="../stopping.html">stopping Apache directions</a> 1711 given in our documentation. In RedHat's defense, the broken 1712 scripts were necessary with Apache 1.1.x because the Linux 1713 support in 1.1.x was very poor, and there were various race 1714 conditions on all platforms. None of this should be 1715 necessary with Apache 1.2 and later.</p> 1716 <hr /> 1717 </li> 1718 1719 <li> 1720 <a id="stopping" name="stopping"><strong>I upgraded from an 1721 Apache version earlier than 1.2.0 and suddenly I have 1722 problems with Apache dying randomly or not restarting 1723 properly</strong></a> 1724 1725 <p>You should read <a href="#redhat">the previous note</a> 1726 about problems with RedHat installations. It is entirely 1727 likely that your installation has start/stop/restart 1728 scripts which were built for an earlier version of Apache. 1729 Versions earlier than 1.2.0 had various race conditions 1730 that made it necessary to use <code>kill -9</code> at times 1731 to take out all the httpd servers. But that should not be 1732 necessary any longer. You should follow the <a 1733 href="../stopping.html">directions on how to stop and 1734 restart Apache</a>.</p> 1735 1736 <p>As of Apache 1.3 there is a script 1737 <code>src/support/apachectl</code> which, after a bit of 1738 customization, is suitable for starting, stopping, and 1739 restarting your server.</p> 1740 <hr /> 1741 </li> 1742 1743 <li> 1744 <a id="setservername" name="setservername"><b>When I try to 1745 start Apache from a DOS window, I get a message like 1746 "<samp>Cannot determine host name. Use ServerName directive 1747 to set it manually.</samp>" What does this mean?</b></a> 1748 1749 <p>It means what it says; the Apache software can't 1750 determine the hostname of your system. Edit your 1751 <samp>conf\httpd.conf</samp> file, look for the string 1752 "ServerName", and make sure there's an uncommented 1753 directive such as</p> 1754 1755 <dl> 1756 <dd><code>ServerName localhost</code></dd> 1757 </dl> 1758 1759 <p>or</p> 1760 1761 <dl> 1762 <dd><code>ServerName www.foo.com</code></dd> 1763 </dl> 1764 1765 <p>in the file. Correct it if there one there with wrong 1766 information, or add one if you don't already have one.</p> 1767 1768 <p>Also, make sure that your Windows system has DNS 1769 enabled. See the TCP/IP setup component of the Networking 1770 or Internet Options control panel.</p> 1771 1772 <p>After verifying that DNS is enabled and that you have a 1773 valid hostname in your <samp>ServerName</samp> directive, 1774 try to start the server again.</p> 1775 <hr /> 1776 </li> 1777 1778 <li> 1779 <a id="ws2_32dll" name="ws2_32dll"><b>When I try to start 1780 Apache for Windows, I get a message like "<samp>Unable To 1781 Locate WS2_32.DLL...</samp>". What should I do?</b></a> 1782 1783 <p>Short answer: You need to install Winsock 2, available 1784 from <a 1785 href="http://www.microsoft.com/windows95/downloads/">http://www.microsoft.com/windows95/downloads/</a></p> 1786 1787 <p>Detailed answer: Prior to version 1.3.9, Apache for 1788 Windows used Winsock 1.1. Beginning with version 1.3.9, 1789 Apache began using Winsock 2 features (specifically, 1790 WSADuplicateSocket()). WS2_32.DLL implements the Winsock 2 1791 API. Winsock 2 ships with Windows NT 4.0 and Windows 98. 1792 Some of the earlier releases of Windows 95 did not include 1793 Winsock 2.</p> 1794 <hr /> 1795 </li> 1796 1797 <li> 1798 <a id="WSADuplicateSocket" 1799 name="WSADuplicateSocket"><b>Apache for Windows does not 1800 start. Error log contains this message: "<samp>[crit] 1801 (10045) The attempted operation is not supported for the 1802 type of object referenced: Parent: WSADuplicateSocket 1803 failed for socket ###</samp>". What does this mean?</b></a> 1804 1805 1806 <p>We have seen this problem when Apache is run on systems 1807 along with Virtual Private Networking clients like Aventail 1808 Connect. Aventail Connect is a Layered Service Provider 1809 (LSP) that inserts itself, as a "shim," between the Winsock 1810 2 API and Window's native Winsock 2 implementation. The 1811 Aventail Connect shim does not implement 1812 WSADuplicateSocket, which is the cause of the failure.</p> 1813 1814 <p>The shim is not unloaded when Aventail Connect is shut 1815 down. Once observed, the problem persists until the shim is 1816 either explicitly unloaded or the machine is rebooted. 1817 Another potential solution (not tested) is to add 1818 <code>apache.exe</code> to the Aventail "Connect Exclusion 1819 List".</p> 1820 1821 <p>Apache is affected in a similar way by <em>any</em> 1822 firewall program that isn't correctly configured. Assure 1823 you exclude your Apache server ports (usually port 80) from 1824 the list of ports to block. Refer to your firewall 1825 program's documentation for the how-to.</p> 1826 <hr /> 1827 </li> 1828 1829 <li> 1830 <a id="err1067" name="err1067"><b>When I try to start 1831 Apache on Windows, I get a message like "<code>System error 1832 1067 has occurred. The process terminated 1833 unexpectedly</code>." What does this mean?</b></a> 1834 1835 <p>This message means that the Web server was unable to 1836 start correctly for one reason or another. To find out why, 1837 execute the following commands in a DOS window:</p> 1838<pre> 1839 c: 1840 cd "\Program Files\Apache Group\Apache" 1841 apache 1842 1843</pre> 1844 1845 <p>(If you don't get the prompt back, hit Control-C to 1846 cause Apache to exit.)</p> 1847 1848 <p>The error you see will probably be one of those 1849 preceding this question in the FAQ.</p> 1850 1851 <p>As of Apache 1.3.14, first check the Windows NT Event 1852 Log for Application errors using the Windows NT/2000 Event 1853 Viewer program. Any errors that occur prior to opening the 1854 Apache error log will be stored here, if Apache is run as a 1855 Service on NT or 2000. As with any error, also check your 1856 Apache error log.</p> 1857 <hr /> 1858 </li> 1859 1860 <li><a id="suseFDN" name="suseFDN"><b>On a SuSE Linux system, I try and 1861 configure access control using basic authentication. 1862 Although I follow the example exactly, authentication 1863 fails, and an error message "<code>admin: not a valid 1864 FDN: ....</code>" is logged.</b></a> 1865 1866 <p> 1867 In the SuSE distribution, additional 3rd party authentication 1868 modules have been added and activated by default. These modules 1869 interfere with the Apache standard modules and cause Basic 1870 authentication to fail. Our recommendation is to comment all 1871 those modules in <code>/etc/httpd/suse_addmodule.conf</code> 1872 and <code>/etc/httpd/suse_loadmodule.conf</code> which are not 1873 actually required for running your server. 1874 </p><hr /> 1875 </li> 1876 1877 <li><a id="codered" name="codered"><b>Why do I have weird entries in my 1878 logs asking for <code>default.ida</code> and 1879 <code>cmd.exe</code>?</b></a> 1880 1881 <p>The host requesting pages from your website and creating 1882 those entries is a Windows machine running IIS that has been 1883 infected by an Internet worm such as Nimda or Code Red. You 1884 can safely ignore these error messages as they do not affect 1885 Apache. ApacheWeek has an <a 1886 href="http://www.apacheweek.com/features/codered">article</a> 1887 with more information.</p><hr /> 1888 </li> 1889 1890 <li><a id="restart" name="restart"><b>Why am I getting server restart 1891 messages periodically, when I did not restart the server?</b></a> 1892 1893 <p>Problem: You are noticing restart messages in your error log, 1894 periodically, when you know you did not restart the server 1895 yourself:</p> 1896 1897<pre> 1898[Thu Jun 6 04:02:01 2002] [notice] SIGHUP received. Attempting to restart 1899[Thu Jun 6 04:02:02 2002] [notice] Apache configured -- resuming normal operations 1900</pre> 1901 1902 <p>Check your cron jobs to see when/if your server logs are being 1903 rotated. Compare the time of rotation to the error message time. 1904 If they are the same, you can somewhat safely assume that the 1905 restart is due to your server logs being rotated.</p><hr /> 1906 </li> 1907 1908 <li><a id="modulemagic" name="modulemagic"><b>Why am I getting 1909 "module <em>module-name</em> is not compatible with this version 1910 of Apache" messages in my error log?</b></a> 1911 1912 <p>Module Magic Number (MMN) is a constant defined in Apache 1913 source that is associated with binary compatibility of 1914 modules. It is changed when internal Apache structures, 1915 function calls and other significant parts of API change in 1916 such a way that binary compatibility cannot be guaranteed any 1917 more. On MMN change, all third party modules have to be at 1918 least recompiled, sometimes even slightly changed in order 1919 to work with the new version of Apache.</p> 1920 1921 <p>If you're getting the above error messages, contact the 1922 vendor of the module for the new binary, or compile it if 1923 you have access to the source code.</p><hr /> 1924 </li> 1925 1926 </ol> 1927 1928 1929 </body> 1930</html> 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 <h3>E. Configuration Questions</h3> 1947 1948 <ol> 1949 <li> 1950 <a id="fdlim" name="fdlim"><strong>Why can't I run more 1951 than <<em>n</em>> virtual hosts?</strong></a> 1952 1953 <p>You are probably running into resource limitations in 1954 your operating system. The most common limitation is the 1955 <em>per</em>-process limit on <strong>file 1956 descriptors</strong>, which is almost always the cause of 1957 problems seen when adding virtual hosts. Apache often does 1958 not give an intuitive error message because it is normally 1959 some library routine (such as <code>gethostbyname()</code>) 1960 which needs file descriptors and doesn't complain 1961 intelligibly when it can't get them.</p> 1962 1963 <p>Each log file requires a file descriptor, which means 1964 that if you are using separate access and error logs for 1965 each virtual host, each virtual host needs two file 1966 descriptors. Each <a 1967 href="../mod/core.html#listen"><samp>Listen</samp></a> 1968 directive also needs a file descriptor.</p> 1969 1970 <p>Typical values for <<em>n</em>> that we've seen 1971 are in the neighborhood of 128 or 250. When the server 1972 bumps into the file descriptor limit, it may dump core with 1973 a SIGSEGV, it might just hang, or it may limp along and 1974 you'll see (possibly meaningful) errors in the error log. 1975 One common problem that occurs when you run into a file 1976 descriptor limit is that CGI scripts stop being executed 1977 properly.</p> 1978 1979 <p>As to what you can do about this:</p> 1980 1981 <ol> 1982 <li>Reduce the number of <a 1983 href="../mod/core.html#listen"><samp>Listen</samp></a> 1984 directives. If there are no other servers running on the 1985 machine on the same port then you normally don't need any 1986 Listen directives at all. By default Apache listens to 1987 all addresses on port 80.</li> 1988 1989 <li>Reduce the number of log files. You can use <a 1990 href="../mod/mod_log_config.html"><samp>mod_log_config</samp></a> 1991 to log all requests to a single log file while including 1992 the name of the virtual host in the log file. You can 1993 then write a script to split the logfile into separate 1994 files later if necessary. Such a script is provided with 1995 the Apache 1.3 distribution in the 1996 <samp>src/support/split-logfile</samp> file.</li> 1997 1998 <li> 1999 Increase the number of file descriptors available to 2000 the server (see your system's documentation on the 2001 <code>limit</code> or <code>ulimit</code> commands). 2002 For some systems, information on how to do this is 2003 available in the <a href="perf.html">performance 2004 hints</a> page. There is a specific note for <a 2005 href="#freebsd-setsize">FreeBSD</a> below. 2006 2007 <p>For Windows 95, try modifying your 2008 <samp>C:\CONFIG.SYS</samp> file to include a line 2009 like</p> 2010 2011 <dl> 2012 <dd><code>FILES=300</code></dd> 2013 </dl> 2014 2015 <p>Remember that you'll need to reboot your Windows 95 2016 system in order for the new value to take effect.</p> 2017 </li> 2018 2019 <li>"Don't do that" - try to run with fewer virtual 2020 hosts</li> 2021 2022 <li>Spread your operation across multiple server 2023 processes (using <a 2024 href="../mod/core.html#listen"><samp>Listen</samp></a> 2025 for example, but see the first point) and/or ports.</li> 2026 </ol> 2027 2028 <p>Since this is an operating-system limitation, there's 2029 not much else available in the way of solutions.</p> 2030 2031 <p>As of 1.2.1 we have made attempts to work around various 2032 limitations involving running with many descriptors. <a 2033 href="descriptors.html">More information is 2034 available.</a></p> 2035 <hr /> 2036 </li> 2037 2038 <li> 2039 <a id="freebsd-setsize" name="freebsd-setsize"><strong>Can 2040 I increase <samp>FD_SETSIZE</samp> on FreeBSD?</strong></a> 2041 2042 2043 <p>On versions of FreeBSD before 3.0, the 2044 <samp>FD_SETSIZE</samp> define defaults to 256. This means 2045 that you will have trouble usefully using more than 256 2046 file descriptors in Apache. This can be increased, but 2047 doing so can be tricky.</p> 2048 2049 <p>If you are using a version prior to 2.2, you need to 2050 recompile your kernel with a larger 2051 <samp>FD_SETSIZE</samp>. This can be done by adding a line 2052 such as:</p> 2053 2054 <dl> 2055 <dd><code>options FD_SETSIZE <em>nnn</em></code></dd> 2056 </dl> 2057 2058 <p>to your kernel config file. Starting at version 2.2, 2059 this is no longer necessary.</p> 2060 2061 <p>If you are using a version of 2.1-stable from after 2062 1997/03/10 or 2.2 or 3.0-current from before 1997/06/28, 2063 there is a limit in the resolver library that prevents it 2064 from using more file descriptors than what 2065 <samp>FD_SETSIZE</samp> is set to when libc is compiled. To 2066 increase this, you have to recompile libc with a higher 2067 <samp>FD_SETSIZE</samp>.</p> 2068 2069 <p>In FreeBSD 3.0, the default <samp>FD_SETSIZE</samp> has 2070 been increased to 1024 and the above limitation in the 2071 resolver library has been removed.</p> 2072 2073 <p>After you deal with the appropriate changes above, you 2074 can increase the setting of <samp>FD_SETSIZE</samp> at 2075 Apache compilation time by adding 2076 "<samp>-DFD_SETSIZE=<em>nnn</em></samp>" to the 2077 <samp>EXTRA_CFLAGS</samp> line in your 2078 <samp>Configuration</samp> file.</p> 2079 <hr /> 2080 </li> 2081 2082 <li> 2083 <a id="errordoc401" name="errordoc401"><strong>Why doesn't 2084 my <code>ErrorDocument 401</code> work?</strong></a> 2085 2086 <p>You need to use it with a URL in the form 2087 "<samp>/foo/bar</samp>" and not one with a method and 2088 hostname such as "<samp>http://host/foo/bar</samp>". See 2089 the <a 2090 href="../mod/core.html#errordocument"><samp>ErrorDocument</samp></a> 2091 documentation for details. This was incorrectly documented 2092 in the past.</p> 2093 <hr /> 2094 </li> 2095 2096 <li> 2097 <a id="cookies1" name="cookies1"><strong>Why does Apache 2098 send a cookie on every response?</strong></a> 2099 2100 <p>Apache does <em>not</em> automatically send a cookie on 2101 every response, unless you have re-compiled it with the <a 2102 href="../mod/mod_usertrack.html"><samp>mod_usertrack</samp></a> 2103 module, and specifically enabled it with the <a 2104 href="../mod/mod_usertrack.html#cookietracking"><samp>CookieTracking</samp></a> 2105 directive. This module has been in Apache since version 2106 1.2. This module may help track users, and uses cookies to 2107 do this. If you are not using the data generated by 2108 <samp>mod_usertrack</samp>, do not compile it into 2109 Apache.</p> 2110 <hr /> 2111 </li> 2112 2113 <li> 2114 <a id="jdk1-and-http1.1" 2115 name="jdk1-and-http1.1"><strong>Why do my Java app[let]s 2116 give me plain text when I request an URL from an Apache 2117 server?</strong></a> 2118 2119 <p>As of version 1.2, Apache is an HTTP/1.1 (HyperText 2120 Transfer Protocol version 1.1) server. This fact is 2121 reflected in the protocol version that's included in the 2122 response headers sent to a client when processing a 2123 request. Unfortunately, low-level Web access classes 2124 included in the Java Development Kit (JDK) version 1.0.2 2125 expect to see the version string "HTTP/1.0" and do not 2126 correctly interpret the "HTTP/1.1" value Apache is sending 2127 (this part of the response is a declaration of what the 2128 server can do rather than a declaration of the dialect of 2129 the response). The result is that the JDK methods do not 2130 correctly parse the headers, and include them with the 2131 document content by mistake.</p> 2132 2133 <p>This is definitely a bug in the JDK 1.0.2 foundation 2134 classes from Sun, and it has been fixed in version 1.1. 2135 However, the classes in question are part of the virtual 2136 machine environment, which means they're part of the Web 2137 browser (if Java-enabled) or the Java environment on the 2138 client system - so even if you develop <em>your</em> 2139 classes with a recent JDK, the eventual users might 2140 encounter the problem. The classes involved are replaceable 2141 by vendors implementing the Java virtual machine 2142 environment, and so even those that are based upon the 2143 1.0.2 version may not have this problem.</p> 2144 2145 <p>In the meantime, a workaround is to tell Apache to 2146 "fake" an HTTP/1.0 response to requests that come from the 2147 JDK methods; this can be done by including a line such as 2148 the following in your server configuration files:</p> 2149 2150 <dl> 2151 <dd><code>BrowserMatch Java1.0 force-response-1.0<br /> 2152 BrowserMatch JDK/1.0 force-response-1.0</code></dd> 2153 </dl> 2154 2155 <p>More information about this issue can be found in the <a 2156 href="http://httpd.apache.org/info/jdk-102.html"><cite>Java 2157 and HTTP/1.1</cite></a> page at the Apache web site.</p> 2158 <hr /> 2159 </li> 2160 2161 <li> 2162 <a id="midi" name="midi"><strong>How do I get Apache to 2163 send a MIDI file so the browser can play it?</strong></a> 2164 2165 <p>Even though the registered MIME type for MIDI files is 2166 <samp>audio/midi</samp>, some browsers are not set up to 2167 recognize it as such; instead, they look for 2168 <samp>audio/x-midi</samp>. There are two things you can do 2169 to address this:</p> 2170 2171 <ol> 2172 <li>Configure your browser to treat documents of type 2173 <samp>audio/midi</samp> correctly. This is the type that 2174 Apache sends by default. This may not be workable, 2175 however, if you have many client installations to change, 2176 or if some or many of the clients are not under your 2177 control.</li> 2178 2179 <li> 2180 Instruct Apache to send a different 2181 <samp>Content-type</samp> header for these files by 2182 adding the following line to your server's 2183 configuration files: 2184 2185 <dl> 2186 <dd><code>AddType audio/x-midi .mid .midi 2187 .kar</code></dd> 2188 </dl> 2189 2190 <p>Note that this may break browsers that <em>do</em> 2191 recognize the <samp>audio/midi</samp> MIME type unless 2192 they're prepared to also handle 2193 <samp>audio/x-midi</samp> the same way.</p> 2194 </li> 2195 </ol> 2196 <hr /> 2197 </li> 2198 2199 <li> 2200 <a id="addlog" name="addlog"><strong>How do I add browsers 2201 and referrers to my logs?</strong></a> 2202 2203 <p>Apache provides a couple of different ways of doing 2204 this. The recommended method is to compile the <a 2205 href="../mod/mod_log_config.html"><samp>mod_log_config</samp></a> 2206 module into your configuration and use the <a 2207 href="../mod/mod_log_config.html#customlog"><samp>CustomLog</samp></a> 2208 directive.</p> 2209 2210 <p>You can either log the additional information in files 2211 other than your normal transfer log, or you can add them to 2212 the records already being written. For example:</p> 2213 2214 <p> 2215 <code>CustomLog logs/access_log "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""</code></p> 2216 2217 <p>This will add the values of the <samp>User-agent:</samp> 2218 and <samp>Referer:</samp> headers, which indicate the 2219 client and the referring page, respectively, to the end of 2220 each line in the access log.</p> 2221 2222 <p>You may want to check out the <cite>Apache Week</cite> 2223 article entitled: "<a 2224 href="http://www.apacheweek.com/features/logfiles" 2225 rel="Help"><cite>Gathering Visitor Information: Customizing 2226 Your Logfiles</cite></a>".</p> 2227 <hr /> 2228 </li> 2229 2230 <li> 2231 <a id="set-servername" name="set-servername"><strong>Why 2232 does accessing directories only work when I include the 2233 trailing "/" 2234 (<em>e.g.</em>, <samp>http://foo.domain.com/~user/</samp>) 2235 but not when I omit it 2236 (<em>e.g.</em>, <samp>http://foo.domain.com/~user</samp>)?</strong></a> 2237 2238 2239 <p>When you access a directory without a trailing "/", 2240 Apache needs to send what is called a redirect to the 2241 client to tell it to add the trailing slash. If it did not 2242 do so, relative URLs would not work properly. When it sends 2243 the redirect, it needs to know the name of the server so 2244 that it can include it in the redirect. There are two ways 2245 for Apache to find this out; either it can guess, or you 2246 can tell it. If your DNS is configured correctly, it can 2247 normally guess without any problems. If it is not, however, 2248 then you need to tell it.</p> 2249 2250 <p>Add a <a 2251 href="../mod/core.html#servername">ServerName</a> directive 2252 to the config file to tell it what the domain name of the 2253 server is.</p> 2254 2255 <p>The other thing that can occasionally cause this symptom is a 2256 misunderstanding of the <a 2257 href="../mod/mod_alias.html#alias">Alias</a> directive, 2258 resulting in an alias working with a trailing slash, and not 2259 without one. The <code>Alias</code> directive is very literal, 2260 and aliases what you tell it to. Consider the following 2261 example:</p> 2262 2263 <pre> 2264 Alias /example/ /home/www/example/ 2265 </pre> 2266 2267 <p>The above directive creates an alias for URLs starting with 2268 <code>/example/</code>, but does <em>not</em> alias URLs 2269 starting with <code>/example</code>. That is to say, a URL such 2270 as <code>http://servername.com/example/</code> will get the 2271 desired content, but a URL such as 2272 <code>http://servername.com/example</code> will result in a 2273 "file not found" error.</p> 2274 2275 <p>The following <code>Alias</code>, on the other hand, will 2276 work for both cases:</p> 2277 2278 <pre> 2279 Alias /example /home/www/example 2280 </pre> 2281 2282 <hr /> 2283 </li> 2284 2285 <li> 2286 <a id="no-info-directives" 2287 name="no-info-directives"><strong>Why doesn't mod_info list 2288 any directives?</strong></a> 2289 2290 <p>The <a 2291 href="../mod/mod_info.html"><samp>mod_info</samp></a> 2292 module allows you to use a Web browser to see how your 2293 server is configured. Among the information it displays is 2294 the list modules and their configuration directives. The 2295 "current" values for the directives are not necessarily 2296 those of the running server; they are extracted from the 2297 configuration files themselves at the time of the request. 2298 If the files have been changed since the server was last 2299 reloaded, the display will not match the values actively in 2300 use. If the files and the path to the files are not 2301 readable by the user as which the server is running (see 2302 the <a href="../mod/core.html#user"><samp>User</samp></a> 2303 directive), then <samp>mod_info</samp> cannot read them in 2304 order to list their values. An entry <em>will</em> be made 2305 in the error log in this event, however.</p> 2306 <hr /> 2307 </li> 2308 2309 <li> 2310 <a id="namevhost" name="namevhost"><strong>I upgraded to 2311 Apache 1.3 and now my virtual hosts don't 2312 work!</strong></a> 2313 2314 <p>In versions of Apache prior to 1.3b2, there was a lot of 2315 confusion regarding address-based virtual hosts and 2316 (HTTP/1.1) name-based virtual hosts, and the rules 2317 concerning how the server processed 2318 <samp><VirtualHost></samp> definitions were very 2319 complex and not well documented.</p> 2320 2321 <p>Apache 1.3b2 introduced a new directive, <a 2322 href="../mod/core.html#namevirtualhost"><samp>NameVirtualHost</samp></a>, 2323 which simplifies the rules quite a bit. However, changing 2324 the rules like this means that your existing name-based 2325 <samp><VirtualHost></samp> containers probably won't 2326 work correctly immediately following the upgrade.</p> 2327 2328 <p>To correct this problem, add the following line to the 2329 beginning of your server configuration file, before 2330 defining any virtual hosts:</p> 2331 2332 <dl> 2333 <dd><code>NameVirtualHost <em>n.n.n.n</em></code></dd> 2334 </dl> 2335 2336 <p>Replace the "<samp>n.n.n.n</samp>" with the IP address 2337 to which the name-based virtual host names resolve; if you 2338 have multiple name-based hosts on multiple addresses, 2339 repeat the directive for each address.</p> 2340 2341 <p>Make sure that your name-based 2342 <samp><VirtualHost></samp> blocks contain 2343 <samp>ServerName</samp> and possibly 2344 <samp>ServerAlias</samp> directives so Apache can be sure 2345 to tell them apart correctly.</p> 2346 2347 <p>Please see the <a href="../vhosts/">Apache Virtual Host 2348 documentation</a> for further details about 2349 configuration.</p> 2350 <hr /> 2351 </li> 2352 2353 <li> 2354 <a id="redhat-htm" name="redhat-htm"><strong>I'm using 2355 RedHat Linux and my .htm files are showing up as HTML 2356 source rather than being formatted!</strong></a> 2357 2358 <p>RedHat messed up and forgot to put a content type for 2359 <code>.htm</code> files into <code>/etc/mime.types</code>. 2360 Edit <code>/etc/mime.types</code>, find the line containing 2361 <code>html</code> and add <code>htm</code> to it. Then 2362 restart your httpd server:</p> 2363 2364 <dl> 2365 <dd><code>kill -HUP `cat /var/run/httpd.pid`</code></dd> 2366 </dl> 2367 2368 <p>Then <strong>clear your browsers' caches</strong>. (Many 2369 browsers won't re-examine the content type after they've 2370 reloaded a page.)</p> 2371 <hr /> 2372 </li> 2373 2374 <li> 2375 <a id="htaccess-work" name="htaccess-work"><strong>My 2376 <code>.htaccess</code> files are being 2377 ignored.</strong></a> 2378 2379 <p>This is almost always due to your <a 2380 href="../mod/core.html#allowoverride">AllowOverride</a> 2381 directive being set incorrectly for the directory in 2382 question. If it is set to <code>None</code> then .htaccess 2383 files will not even be looked for. If you do have one that 2384 is set, then be certain it covers the directory you are 2385 trying to use the .htaccess file in. This is normally 2386 accomplished by ensuring it is inside the proper <a 2387 href="../mod/core.html#directory">Directory</a> 2388 container.</p> 2389 <hr /> 2390 </li> 2391 2392 <li> 2393 <a id="forbidden" name="forbidden"><strong>Why do I get a 2394 "<samp>Forbidden</samp>" message whenever I try to access a 2395 particular directory?</strong></a> 2396 2397 <p>This message is generally caused because either</p> 2398 2399 <ul> 2400 <li>The underlying file system permissions do not allow 2401 the User/Group under which Apache is running to access 2402 the necessary files; or</li> 2403 2404 <li>The Apache configuration has some access restrictions 2405 in place which forbid access to the files.</li> 2406 </ul> 2407 2408 <p>You can determine which case applies to your situation 2409 by checking the error log.</p> 2410 2411 <p>In the case where file system permission are at fault, 2412 remember that not only must the directory and files in 2413 question be readable, but also all parent directories must 2414 be at least searchable by the web server in order for the 2415 content to be accessible.</p> 2416 <hr /> 2417 </li> 2418 2419 <li> 2420 <a id="malfiles" name="malfiles"><b>Why do I get a 2421 "<samp>Forbidden/You don't have permission to access / on 2422 this server</samp>" message whenever I try to access my 2423 server?</b></a> 2424 2425 <p>Search your <code>conf/httpd.conf</code> file for this 2426 exact string: <code><Files ~></code>. If you find it, 2427 that's your problem -- that particular <Files> 2428 container is malformed. Delete it or replace it with 2429 <code><Files ~ "^\.ht"></code> and restart your 2430 server and things should work as expected.</p> 2431 2432 <p>This error appears to be caused by a problem with the 2433 version of linuxconf distributed with Redhat 6.x. It may 2434 reappear if you use linuxconf again.</p> 2435 2436 <p>If you don't find this string, check out the <a 2437 href="#forbidden">previous question</a>.</p> 2438 <hr /> 2439 </li> 2440 2441 <li> 2442 <a id="ie-ignores-mime" name="ie-ignores-mime"><strong>Why 2443 do my files appear correctly in Internet Explorer, but show 2444 up as source or trigger a save window with 2445 Netscape; or, Why doesn't Internet Explorer render 2446 my text/plain document correctly?</strong></a> 2447 2448 <p>MS Internet Explorer (MSIE) and Netscape handle mime type 2449 detection in different ways, and therefore will display the 2450 document differently. In particular, IE sometimes relies on 2451 the file extension or the contents of the file to determine 2452 the mime type. This can happen when the server specifies a 2453 mime type of <code>application/octet-stream</code> or 2454 <code>text/plain</code>. This behavior violates the the HTTP 2455 standard and makes it impossible to deliver plain text 2456 documents to MSIE clients in some cases. More details are 2457 available on MSIE's mime type detection behavior in an <a 2458 href="http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp"> 2459 MSDN article</a> and a <a 2460 href="http://ppewww.ph.gla.ac.uk/~flavell/www/content-type.html">note</a> 2461 by Alan J. Flavell.</p> 2462 2463 <p>The best you can do as a server administrator is to 2464 accurately configure the mime type of your documents by editing 2465 the <code>mime.types</code> file or using an <a 2466 href="../mod/mod_mime.html#addtype"><code>AddType</code></a> 2467 directive in the Apache configuration files. In some cases, 2468 you may be able to fool MSIE into rendering text/plain documents 2469 correctly by assuring they have a <code>.txt</code> filename 2470 extension, but this will not work if MSIE thinks the content 2471 looks like another file type. 2472</p> <hr /> 2473 </li> 2474 <li> 2475 <a name="canonical-hostnames"><strong>My site is accessible 2476 under many different hostnames; how do I redirect clients 2477 so that they see only a single name?</strong></a> 2478 2479 <p>Many sites map a variety of hostnames to the same content. 2480 For example, <code>www.example.com</code>, 2481 <code>example.com</code> and <code>www.example.net</code> may 2482 all refer to the same site. It is best to make sure that, 2483 regardless of the name clients use to access the site, they 2484 will be redirected to a single, canonical hostname. This 2485 makes the site easier to maintain and assures that there will 2486 be only one version of the site in proxy caches and search 2487 engines.</p> 2488 2489 <p>There are two techniques to implement canonical hostnames:</p> 2490 2491 <ol> 2492 <li>Use <a href="../mod/mod_rewrite.html">mod_rewrite</a> 2493 as described in the "Canonical Hostnames" section of the 2494 <a href="rewriteguide.html">URL Rewriting Guide</a>.</li> 2495 2496 <li>Use <a href="../vhosts/name-based.html">name-based 2497 virtual hosting</a>: 2498 2499<blockquote><code> 2500NameVirtualHost *<br /> 2501<br /> 2502<VirtualHost *><br /> 2503 ServerName www.example.net<br /> 2504 ServerAlias example.com<br /> 2505 Redirect permanent / http://www.example.com/<br /> 2506</VirtualHost><br /> 2507<br /> 2508<VirtualHost *><br /> 2509 ServerName www.example.com<br /> 2510 DocumentRoot /usr/local/apache/htdocs<br /> 2511</VirtualHost> 2512</code></blockquote> 2513 </li></ol> 2514 <hr /></li> 2515 2516 <li><a id="firewall" name="firewall"><strong>Why can I access my 2517 website from the server or from my local network, but I 2518 can't access it from elsewhere on the Internet?</strong></a> 2519 2520 <p>There are many possible reasons for this, and almost all 2521 of them are related to the configuration of your network, not 2522 the configuration of the Apache HTTP Server. One of the most 2523 common problems is that a firewall blocks access to the 2524 default HTTP port 80. In particular, many consumer ISPs 2525 block access to this port. You can see if this is the case 2526 by changing any <code>Port</code> and <code>Listen</code> 2527 directives in <code>httpd.conf</code> to use port 8000 and 2528 then request your site using 2529 <code>http://yourhost.example.com:8000/</code>. (Of course, 2530 a very restrictive firewall may block this port as well.)</p> 2531 2532 <hr /></li> 2533 2534 <li><a id="indexes" name="indexes"><strong>How do I turn automatic 2535 directory listings on or off?</strong></a> 2536 2537 <p>If a client requests a URL that designates a directory and 2538 the directory does not contain a filename that matches the <a 2539 href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a> 2540 directive, then <a 2541 href="../mod/mod_autoindex.html">mod_autoindex</a> can be 2542 configured to present a listing of the directory contents.</p> 2543 2544 <p>To turn on automatic directory indexing, find the 2545 <a href="../mod/core.html#options">Options</a> directive that 2546 applies to the directory and add the <code>Indexes</code> 2547 keyword. For example:</p> 2548 2549 <blockquote><code> 2550 <Directory /path/to/directory><br /> 2551 Options +Indexes<br /> 2552 </Directory> 2553 </code></blockquote> 2554 2555 <p>To turn off automatic directory indexing, remove 2556 the <code>Indexes</code> keyword from the appropriate 2557 <code>Options</code> line. To turn off directory listing 2558 for a particular subdirectory, you can use 2559 <code>Options -Indexes</code>. For example:</p> 2560 2561 <blockquote><code> 2562 <Directory /path/to/directory><br /> 2563 Options -Indexes<br /> 2564 </Directory> 2565 </code></blockquote> 2566 2567 <hr /></li> 2568 2569 <li><a id="options" name="options"><strong>Why do my Options 2570 directives not have the desired effect?</strong></a> 2571 2572 <p>Directives placed in the configuration files are applied 2573 in a very particular order, as described by <a 2574 href="../sections.html">How Directory, Location, and Files 2575 sections work</a>. In addition, each <a 2576 href="../mod/core.html#options">Options</a> directive has the 2577 effect of resetting the options to <code>none</code> before 2578 adding the specified options (unless only "+" and "-" options 2579 are used). The consequence is that <code>Options</code> set 2580 in the main server or virtual host context (outside any 2581 directory, location, or files section) will usually have no 2582 effect, because they are overridden by more specific 2583 <code>Options</code> directives. For example, in the following</p> 2584 2585<blockquote><code> 2586<Directory /usr/local/apache/htdocs><br /> 2587 Options Indexes<br /> 2588</Directory><br /> 2589Options Includes ExecCGI<br /> 2590</code></blockquote> 2591 2592 <p><code>Includes</code> and <code>ExecCGI</code> will be 2593 <strong>off</strong> in the <code>/usr/local/apache/htdocs</code> 2594 directory.</p> 2595 2596 <p>You can usually avoid problems by either finding the 2597 <code>Options</code> directive that already applies to a 2598 specific directory and changing it, or by putting your 2599 <code>Options</code> directive inside the most specific possible 2600 <code><Directory></code> section.</p> 2601 2602 <hr /></li> 2603 2604 2605 <li><a id="serverheader" name="serverheader"><strong>How can I change 2606 the information that Apache returns about itself in the 2607 headers?</strong></a> 2608 2609 <p>When a client connects to Apache, part of the information returned in 2610 the headers is the name "Apache" Additional information that can be sent 2611 is the version number, such as "1.3.26", the operating system, and a 2612 list of non-standard modules you have installed.</p> 2613 2614 <p>For example:</p> 2615 2616<blockquote><code> 2617Server: Apache/1.3.26 (Unix) mod_perl/1.26 2618</code></blockquote> 2619 2620 <p>Frequently, people want to remove this information, under the mistaken 2621 understanding that this will make the system more secure. This is 2622 probably not the case, as the same exploits will likely be attempted 2623 regardless of the header information you provide.</p> 2624 2625 <p>There are, however, two answers to this question: the correct answer, 2626 and the answer that you are probably looking for.</p> 2627 2628 <p>The correct answer to this question is that you should use the 2629 ServerTokens directive to alter the quantity of information which is 2630 passed in the headers. Setting this directive to <code>Prod</code> will 2631 pass the least possible amount of information:</p> 2632 2633<blockquote><code> 2634Server: Apache 2635</code></blockquote> 2636 2637 <p>The answer you are probably looking for is how to make Apache lie 2638 about what what it is, ie send something like:</p> 2639 2640<blockquote><code> 2641Server: Bob's Happy HTTPd Server 2642</code></blockquote> 2643 2644 <p>In order to do this, you will need to modify the Apache source code and 2645 rebuild Apache. This is not advised, as it is almost certain not to 2646 provide you with the added security you think that you are gaining. The 2647 exact method of doing this is left as an exercise for the reader, as we 2648 are not keen on helping you do something that is intrinsically a bad 2649 idea.</p> 2650 2651 <hr /></li> 2652 2653 <li><a id="proxyscan" name="proxyscan"><strong>Why do I see requests 2654 for other sites appearing in my log files?</strong></a> 2655 2656 <p>A an access_log entry showing this situation could look 2657 like this:</p> 2658 2659 <blockquote><code> 63.251.56.142 - - 2660 [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/ 2661 HTTP/1.0" 200 1456 </code></blockquote> 2662 2663 <p>The question is: why did a request for 2664 <code>www.yahoo.com</code> come to your server instead of 2665 Yahoo's server? And why does the response have a status 2666 code of 200 (success)?</p> 2667 2668 <p>This is usually the result of malicious clients trying to 2669 exploit open proxy servers to access a website without 2670 revealing their true location. If you find entries like this 2671 in your log, the first thing to do is to make sure you have 2672 properly configured your server not to proxy for unknown 2673 clients. If you don't need to provide a proxy server at all, 2674 you should simply assure that the <a 2675 href="../mod/mod_proxy.html#proxyrequests">ProxyRequests</a> 2676 directive is <strong>not</strong> set <code>on</code>. 2677 If you do need to run a proxy server, then you must ensure 2678 that you <a href="../mod/mod_proxy.html#access">secure your 2679 server properly</a> so that only authorized clients can use 2680 it.</p> 2681 2682 <p>If your server is configured properly, then the attempt to 2683 proxy through your server will fail. If you see a status 2684 code of <code>404</code> (file not found) in the log, then 2685 you know that the request failed. If you see a status code 2686 of <code>200</code> (success), that does not necessarily mean 2687 that the attempt to proxy succeeded. RFC2616 section 5.1.2 2688 mandates that Apache must accept requests with absolute URLs 2689 in the request-URI, even for non-proxy requests. Since 2690 Apache has no way to know all the different names that your 2691 server may be known under, it cannot simply reject hostnames 2692 it does not recognize. Instead, it will serve requests for 2693 unknown sites locally by stripping off the hostname and using 2694 the default server or virtual host. Therefore you can 2695 compare the size of the file (1456 in the above example) to 2696 the size of the corresponding file in your default server. 2697 If they are the same, then the proxy attempt failed, since a 2698 document from your server was delivered, not a document from 2699 <code>www.yahoo.com</code>.</p> 2700 2701 <p>If you wish to prevent this type of request entirely, then 2702 you need to let Apache know what hostnames to accept and what 2703 hostnames to reject. You do this by configuring name-virtual 2704 hosts, where the first listed host is the default host that 2705 will catch and reject unknown hostnames. For example:</p> 2706 2707<blockquote> 2708<pre> 2709NameVirtualHost * 2710 2711<VirtualHost *> 2712 ServerName default.only 2713 <Location /> 2714 Order allow,deny 2715 Deny from all 2716 </Location> 2717</VirtualHost> 2718 2719<VirtualHost *> 2720 ServerName realhost1.example.com 2721 ServerAlias alias1.example.com alias2.example.com 2722 DocumentRoot /path/to/site1 2723</VirtualHost> 2724 2725... 2726</pre> 2727</blockquote> 2728 <hr /></li> 2729 2730 </ol> 2731 2732 2733 </body> 2734</html> 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 <h3>F. Dynamic Content (CGI and SSI)</h3> 2751 2752 <ol> 2753 <li> 2754 <a id="CGIoutsideScriptAlias" 2755 name="CGIoutsideScriptAlias"><strong>How do I enable CGI 2756 execution in directories other than the 2757 ScriptAlias?</strong></a> 2758 2759 <p>Apache recognizes all files in a directory named as a <a 2760 href="../mod/mod_alias.html#scriptalias"><samp>ScriptAlias</samp></a> 2761 as being eligible for execution rather than processing as 2762 normal documents. This applies regardless of the file name, 2763 so scripts in a ScriptAlias directory don't need to be 2764 named "<samp>*.cgi</samp>" or "<samp>*.pl</samp>" or 2765 whatever. In other words, <em>all</em> files in a 2766 ScriptAlias directory are scripts, as far as Apache is 2767 concerned.</p> 2768 2769 <p>To persuade Apache to execute scripts in other 2770 locations, such as in directories where normal documents 2771 may also live, you must tell it how to recognize them - and 2772 also that it's okay to execute them. For this, you need to 2773 use something like the <a 2774 href="../mod/mod_mime.html#addhandler"><samp>AddHandler</samp></a> 2775 directive.</p> 2776 2777 <ol> 2778 <li> 2779 In an appropriate section of your server configuration 2780 files, add a line such as 2781 2782 <dl> 2783 <dd><code>AddHandler cgi-script .cgi</code></dd> 2784 </dl> 2785 2786 <p>The server will then recognize that all files in 2787 that location (and its logical descendants) that end in 2788 "<samp>.cgi</samp>" are script files, not 2789 documents.</p> 2790 </li> 2791 2792 <li>Make sure that the directory location is covered by 2793 an <a 2794 href="../mod/core.html#options"><samp>Options</samp></a> 2795 declaration that includes the <samp>ExecCGI</samp> 2796 option.</li> 2797 </ol> 2798 2799 <p>In some situations, you might not want to actually allow 2800 all files named "<samp>*.cgi</samp>" to be executable. 2801 Perhaps all you want is to enable a particular file in a 2802 normal directory to be executable. This can be 2803 alternatively accomplished <em>via</em> <a 2804 href="../mod/mod_rewrite.html"><samp>mod_rewrite</samp></a> 2805 and the following steps:</p> 2806 2807 <ol> 2808 <li> 2809 Locally add to the corresponding <samp>.htaccess</samp> 2810 file a ruleset similar to this one: 2811 2812 <dl> 2813 <dd><code>RewriteEngine on<br /> 2814 RewriteBase /~foo/bar/<br /> 2815 RewriteRule ^quux\.cgi$ - 2816 [T=application/x-httpd-cgi]</code></dd> 2817 </dl> 2818 </li> 2819 2820 <li>Make sure that the directory location is covered by 2821 an <a 2822 href="../mod/core.html#options"><samp>Options</samp></a> 2823 declaration that includes the <samp>ExecCGI</samp> and 2824 <samp>FollowSymLinks</samp> option.</li> 2825 </ol> 2826 <hr /> 2827 </li> 2828 2829 <li> 2830 <a id="premature-script-headers" 2831 name="premature-script-headers"><strong>What does it mean 2832 when my CGIs fail with "<samp>Premature end of script 2833 headers</samp>"?</strong></a> 2834 2835 <p>It means just what it says: the server was expecting a 2836 complete set of HTTP headers (one or more followed by a 2837 blank line), and didn't get them.</p> 2838 2839 <p>The most common cause of this problem is the script 2840 dying before sending the complete set of headers, or 2841 possibly any at all, to the server. To see if this is the 2842 case, try running the script standalone from an interactive 2843 session, rather than as a script under the server. If you 2844 get error messages, this is almost certainly the cause of 2845 the "premature end of script headers" message. Even if the 2846 CGI runs fine from the command line, remember that the 2847 environment and permissions may be different when running 2848 under the web server. The CGI can only access resources 2849 allowed for the <a 2850 href="../mod/core.html#user"><code>User</code></a> and <a 2851 href="../mod/core.html#group"><code>Group</code></a> 2852 specified in your Apache configuration. In addition, the 2853 environment will not be the same as the one provided on the 2854 command line, but it can be adjusted using the directives 2855 provided by <a href="../mod/mod_env.html">mod_env</a>.</p> 2856 2857 <p>The second most common cause of this (aside from people 2858 not outputting the required headers at all) is a result of 2859 an interaction with Perl's output buffering. To make Perl 2860 flush its buffers after each output statement, insert the 2861 following statements around the <code>print</code> or 2862 <code>write</code> statements that send your HTTP 2863 headers:</p> 2864 2865 <dl> 2866 <dd><code>{<br /> 2867 local ($oldbar) = $|;<br /> 2868 $cfh = select (STDOUT);<br /> 2869 $| = 1;<br /> 2870 #<br /> 2871 # print your HTTP headers here<br /> 2872 #<br /> 2873 $| = $oldbar;<br /> 2874 select ($cfh);<br /> 2875 }</code></dd> 2876 </dl> 2877 2878 <p>This is generally only necessary when you are calling 2879 external programs from your script that send output to 2880 stdout, or if there will be a long delay between the time 2881 the headers are sent and the actual content starts being 2882 emitted. To maximize performance, you should turn 2883 buffer-flushing back <em>off</em> (with <code>$| = 0</code> 2884 or the equivalent) after the statements that send the 2885 headers, as displayed above.</p> 2886 2887 <p>If your script isn't written in Perl, do the equivalent 2888 thing for whatever language you <em>are</em> using 2889 (<em>e.g.</em>, for C, call <code>fflush()</code> after 2890 writing the headers).</p> 2891 2892 <p>Another cause for the "premature end of script headers" 2893 message are the RLimitCPU and RLimitMEM directives. You may 2894 get the message if the CGI script was killed due to a 2895 resource limit.</p> 2896 2897 <p>In addition, a configuration problem in <a 2898 href="../suexec.html">suEXEC</a>, mod_perl, or another 2899 third party module can often interfere with the execution 2900 of your CGI and cause the "premature end of script headers" 2901 message.</p> 2902 <hr /> 2903 </li> 2904 2905 <li> 2906 <a id="POSTnotallowed" name="POSTnotallowed"><strong>Why do 2907 I keep getting "Method Not Allowed" for form POST 2908 requests?</strong></a> 2909 2910 <p>This is almost always due to Apache not being configured 2911 to treat the file you are trying to POST to as a CGI 2912 script. You can not POST to a normal HTML file; the 2913 operation has no meaning. See the FAQ entry on <a 2914 href="#CGIoutsideScriptAlias">CGIs outside ScriptAliased 2915 directories</a> for details on how to configure Apache to 2916 treat the file in question as a CGI.</p> 2917 <hr /> 2918 </li> 2919 2920 <li> 2921 <a id="nph-scripts" name="nph-scripts"><strong>How can I 2922 get my script's output without Apache buffering it? Why 2923 doesn't my server push work?</strong></a> 2924 2925 <p>As of Apache 1.3, CGI scripts are essentially not 2926 buffered. Every time your script does a "flush" to output 2927 data, that data gets relayed on to the client. Some 2928 scripting languages, for example Perl, have their own 2929 buffering for output - this can be disabled by setting the 2930 <code>$|</code> special variable to 1. Of course this does 2931 increase the overall number of packets being transmitted, 2932 which can result in a sense of slowness for the end 2933 user.</p> 2934 2935 <p>Prior to 1.3, you needed to use "nph-" scripts to 2936 accomplish non-buffering. Today, the only difference 2937 between nph scripts and normal scripts is that nph scripts 2938 require the full HTTP headers to be sent.</p> 2939 <hr /> 2940 </li> 2941 2942 <li> 2943 <a id="cgi-spec" name="cgi-spec"><strong>Where can I find 2944 the "CGI specification"?</strong></a> 2945 2946 <p>The Common Gateway Interface (CGI) specification can be 2947 found at the original NCSA site < <a 2948 href="http://hoohoo.ncsa.uiuc.edu/cgi/interface.html"><samp> 2949 http://hoohoo.ncsa.uiuc.edu/cgi/interface.html</samp></a>>. 2950 This version hasn't been updated since 1995, and there have 2951 been some efforts to update it.</p> 2952 2953 <p>A new draft is being worked on with the intent of making 2954 it an informational RFC; you can find out more about this 2955 project at <<a 2956 href="http://web.golux.com/coar/cgi/"><samp>http://web.golux.com/coar/cgi/</samp></a>>.</p> 2957 <hr /> 2958 </li> 2959 2960 <li> 2961 <a id="fastcgi" name="fastcgi"><strong>Why isn't FastCGI 2962 included with Apache any more?</strong></a> 2963 2964 <p>The simple answer is that it was becoming too difficult 2965 to keep the version being included with Apache synchronized 2966 with the master copy at the <a 2967 href="http://www.fastcgi.com/">FastCGI web site</a>. When a 2968 new version of Apache was released, the version of the 2969 FastCGI module included with it would soon be out of 2970 date.</p> 2971 2972 <p>You can still obtain the FastCGI module for Apache from 2973 the master FastCGI web site.</p> 2974 <hr /> 2975 </li> 2976 2977 <li> 2978 <a id="ssi-part-i" name="ssi-part-i"><strong>How do I 2979 enable SSI (parsed HTML)?</strong></a> 2980 2981 <p>SSI (an acronym for Server-Side Include) directives 2982 allow static HTML documents to be enhanced at run-time 2983 (<em>e.g.</em>, when delivered to a client by Apache). The 2984 format of SSI directives is covered in the <a 2985 href="../mod/mod_include.html">mod_include manual</a>; 2986 suffice it to say that Apache supports not only SSI but 2987 xSSI (eXtended SSI) directives.</p> 2988 2989 <p>Processing a document at run-time is called 2990 <em>parsing</em> it; hence the term "parsed HTML" sometimes 2991 used for documents that contain SSI instructions. Parsing 2992 tends to be resource-consumptive compared to serving static 2993 files, and is not enabled by default. It can also interfere 2994 with the cachability of your documents, which can put a 2995 further load on your server. (See the <a 2996 href="#ssi-part-ii">next question</a> for more information 2997 about this.)</p> 2998 2999 <p>To enable SSI processing, you need to</p> 3000 3001 <ul> 3002 <li>Build your server with the <a 3003 href="../mod/mod_include.html"><samp>mod_include</samp></a> 3004 module. This is normally compiled in by default.</li> 3005 3006 <li>Make sure your server configuration files have an <a 3007 href="../mod/core.html#options"><samp>Options</samp></a> 3008 directive which permits <samp>Includes</samp>.</li> 3009 3010 <li> 3011 Make sure that the directory where you want the SSI 3012 documents to live is covered by the "server-parsed" 3013 content handler, either explicitly or in some ancestral 3014 location. That can be done with the following <a 3015 href="../mod/mod_mime.html#addhandler"><samp>AddHandler</samp></a> 3016 directive: 3017 3018 <dl> 3019 <dd><code>AddHandler server-parsed .shtml</code></dd> 3020 </dl> 3021 3022 <p>This indicates that all files ending in ".shtml" in 3023 that location (or its descendants) should be parsed. 3024 Note that using ".html" will cause all normal HTML 3025 files to be parsed, which may put an inordinate load on 3026 your server.</p> 3027 </li> 3028 </ul> 3029 3030 <p>For additional information, see the <cite>Apache 3031 Week</cite> article on <a 3032 href="http://www.apacheweek.com/features/ssi" 3033 rel="Help"><cite>Using Server Side Includes</cite></a>.</p> 3034 <hr /> 3035 </li> 3036 3037 <li> 3038 <a id="ssi-part-ii" name="ssi-part-ii"><strong>Why don't my 3039 parsed files get cached?</strong></a> 3040 3041 <p>Since the server is performing run-time processing of 3042 your SSI directives, which may change the content shipped 3043 to the client, it can't know at the time it starts parsing 3044 what the final size of the result will be, or whether the 3045 parsed result will always be the same. This means that it 3046 can't generate <samp>Content-Length</samp> or 3047 <samp>Last-Modified</samp> headers. Caches commonly work by 3048 comparing the <samp>Last-Modified</samp> of what's in the 3049 cache with that being delivered by the server. Since the 3050 server isn't sending that header for a parsed document, 3051 whatever's doing the caching can't tell whether the 3052 document has changed or not - and so fetches it again to be 3053 on the safe side.</p> 3054 3055 <p>You can work around this in some cases by causing an 3056 <samp>Expires</samp> header to be generated. (See the <a 3057 href="../mod/mod_expires.html" 3058 rel="Help"><samp>mod_expires</samp></a> documentation for 3059 more details.) Another possibility is to use the <a 3060 href="../mod/mod_include.html#xbithack" 3061 rel="Help"><samp>XBitHack Full</samp></a> mechanism, which 3062 tells Apache to send (under certain circumstances detailed 3063 in the XBitHack directive description) a 3064 <samp>Last-Modified</samp> header based upon the last 3065 modification time of the file being parsed. Note that this 3066 may actually be lying to the client if the parsed file 3067 doesn't change but the SSI-inserted content does; if the 3068 included content changes often, this can result in stale 3069 copies being cached.</p> 3070 <hr /> 3071 </li> 3072 3073 <li> 3074 <a id="ssi-part-iii" name="ssi-part-iii"><strong>How can I 3075 have my script output parsed?</strong></a> 3076 3077 <p>So you want to include SSI directives in the output from 3078 your CGI script, but can't figure out how to do it? The 3079 short answer is "you can't." This is potentially a security 3080 liability and, more importantly, it can not be cleanly 3081 implemented under the current server API. The best 3082 workaround is for your script itself to do what the SSIs 3083 would be doing. After all, it's generating the rest of the 3084 content.</p> 3085 3086 <p>This is a feature The Apache Group hopes to add in the 3087 next major release after 1.3.</p> 3088 <hr /> 3089 </li> 3090 3091 <li> 3092 <a id="ssi-part-iv" name="ssi-part-iv"><strong>SSIs don't 3093 work for VirtualHosts and/or user home 3094 directories.</strong></a> 3095 3096 <p>This is almost always due to having some setting in your 3097 config file that sets "Options Includes" or some other 3098 setting for your DocumentRoot but not for other 3099 directories. If you set it inside a Directory section, then 3100 that setting will only apply to that directory.</p> 3101 <hr /> 3102 </li> 3103 3104 <li> 3105 <a id="errordocssi" name="errordocssi"><strong>How can I 3106 use <code>ErrorDocument</code> and SSI to simplify 3107 customized error messages?</strong></a> 3108 3109 <p>Have a look at <a href="custom_errordocs.html">this 3110 document</a>. It shows in example form how you can a 3111 combination of XSSI and negotiation to tailor a set of 3112 <code>ErrorDocument</code>s to your personal taste, and 3113 returning different internationalized error responses based 3114 on the client's native language.</p> 3115 <hr /> 3116 </li> 3117 3118 <li> 3119 <a id="remote-user-var" name="remote-user-var"><strong>Why 3120 is the environment variable <samp>REMOTE_USER</samp> not 3121 set?</strong></a> 3122 3123 <p>This variable is set and thus available in SSI or CGI 3124 scripts <strong>if and only if</strong> the requested 3125 document was protected by access authentication. For an 3126 explanation on how to implement these restrictions, see <a 3127 href="http://www.apacheweek.com/"><cite>Apache 3128 Week</cite></a>'s articles on <a 3129 href="http://www.apacheweek.com/features/userauth"><cite>Using 3130 User Authentication</cite></a> or <a 3131 href="http://www.apacheweek.com/features/dbmauth"><cite>DBM 3132 User Authentication</cite></a>.</p> 3133 3134 <p>Hint: When using a CGI script to receive the data of a 3135 HTML <samp>FORM</samp> notice that protecting the document 3136 containing the <samp>FORM</samp> is not sufficient to 3137 provide <samp>REMOTE_USER</samp> to the CGI script. You 3138 have to protect the CGI script, too. Or alternatively only 3139 the CGI script (then authentication happens only after 3140 filling out the form).</p> 3141 <hr /> 3142 </li> 3143 3144 <li> 3145 <a id="user-cgi" name="user-cgi"><strong>How do I allow 3146 each of my user directories to have a cgi-bin 3147 directory?</strong></a> 3148 3149 <p>Remember that CGI execution does not need to be 3150 restricted only to cgi-bin directories. You can <a 3151 href="#CGIoutsideScriptAlias">allow CGI script execution in 3152 arbitrary parts of your filesystem</a>.</p> 3153 3154 <p>There are many ways to give each user directory a 3155 cgi-bin directory such that anything requested as 3156 <samp>http://example.com/~user/cgi-bin/program</samp> will 3157 be executed as a CGI script. Two alternatives are:</p> 3158 3159 <ol> 3160 <li> 3161 Place the cgi-bin directory next to the public_html 3162 directory: 3163 3164 <dl> 3165 <dd><code>ScriptAliasMatch ^/~([^/]*)/cgi-bin/(.*) 3166 /home/$1/cgi-bin/$2</code></dd> 3167 </dl> 3168 </li> 3169 3170 <li> 3171 Place the cgi-bin directory underneath the public_html 3172 directory: 3173 3174 <dl> 3175 <dd><code><Directory 3176 /home/*/public_html/cgi-bin><br /> 3177 Options ExecCGI<br /> 3178 SetHandler cgi-script<br /> 3179 </Directory></code></dd> 3180 </dl> 3181 </li> 3182 </ol> 3183 <p>If you are using suexec, the first technique will not work 3184 because CGI scripts must be stored under the <code>public_html</code> 3185 directory.</p> 3186 3187 <hr /> 3188 </li> 3189 </ol> 3190 3191 3192 </body> 3193</html> 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 <h3>G. Authentication and Access Restrictions</h3> 3210 3211 <ol> 3212 <li> 3213 <a id="dnsauth" name="dnsauth"><strong>Why isn't 3214 restricting access by host or domain name working 3215 correctly?</strong></a> 3216 3217 <p>Two of the most common causes of this are:</p> 3218 3219 <ol> 3220 <li><strong>An error, inconsistency, or unexpected 3221 mapping in the DNS registration</strong><br /> 3222 This happens frequently: your configuration restricts 3223 access to <samp>Host.FooBar.Com</samp>, but you can't get 3224 in from that host. The usual reason for this is that 3225 <samp>Host.FooBar.Com</samp> is actually an alias for 3226 another name, and when Apache performs the 3227 address-to-name lookup it's getting the <em>real</em> 3228 name, not <samp>Host.FooBar.Com</samp>. You can verify 3229 this by checking the reverse lookup yourself. The easiest 3230 way to work around it is to specify the correct host name 3231 in your configuration.</li> 3232 3233 <li> 3234 <strong>Inadequate checking and verification in your 3235 configuration of Apache</strong><br /> 3236 If you intend to perform access checking and 3237 restriction based upon the client's host or domain 3238 name, you really need to configure Apache to 3239 double-check the origin information it's supplied. You 3240 do this by adding the <samp>-DMAXIMUM_DNS</samp> clause 3241 to the <samp>EXTRA_CFLAGS</samp> definition in your 3242 <samp>Configuration</samp> file. For example: 3243 3244 <dl> 3245 <dd><code>EXTRA_CFLAGS=-DMAXIMUM_DNS</code></dd> 3246 </dl> 3247 3248 <p>This will cause Apache to be very paranoid about 3249 making sure a particular host address is 3250 <em>really</em> assigned to the name it claims to be. 3251 Note that this <em>can</em> incur a significant 3252 performance penalty, however, because of all the name 3253 resolution requests being sent to a nameserver.</p> 3254 </li> 3255 </ol> 3256 <hr /> 3257 </li> 3258 3259 <li> 3260 <a id="user-authentication" 3261 name="user-authentication"><strong>How do I set up Apache 3262 to require a username and password to access certain 3263 documents?</strong></a> 3264 3265 <p>There are several ways to do this; some of the more 3266 popular ones are to use the <a 3267 href="../mod/mod_auth.html">mod_auth</a>, <a 3268 href="../mod/mod_auth_db.html">mod_auth_db</a>, or <a 3269 href="../mod/mod_auth_dbm.html">mod_auth_dbm</a> 3270 modules.</p> 3271 3272 <p>For an explanation on how to implement these 3273 restrictions, see <a 3274 href="http://www.apacheweek.com/"><cite>Apache 3275 Week</cite></a>'s articles on <a 3276 href="http://www.apacheweek.com/features/userauth"><cite>Using 3277 User Authentication</cite></a> or <a 3278 href="http://www.apacheweek.com/features/dbmauth"><cite>DBM 3279 User Authentication</cite></a>, or see the <a 3280 href="../howto/auth.html">authentication tutorial</a> in the 3281 Apache documentation.</p> 3282 <hr /> 3283 </li> 3284 3285 <li> 3286 <a id="remote-auth-only" 3287 name="remote-auth-only"><strong>How do I set up Apache to 3288 allow access to certain documents only if a site is either 3289 a local site <em>or</em> the user supplies a password and 3290 username?</strong></a> 3291 3292 <p>Use the <a href="../mod/core.html#satisfy">Satisfy</a> 3293 directive, in particular the <code>Satisfy Any</code> 3294 directive, to require that only one of the access 3295 restrictions be met. For example, adding the following 3296 configuration to a <samp>.htaccess</samp> or server 3297 configuration file would restrict access to people who 3298 either are accessing the site from a host under domain.com 3299 or who can supply a valid username and password:</p> 3300 3301 <dl> 3302 <dd><code>Deny from all<br /> 3303 Allow from .domain.com<br /> 3304 AuthType Basic<br /> 3305 AuthUserFile /usr/local/apache/conf/htpasswd.users<br /> 3306 AuthName "special directory"<br /> 3307 Require valid-user<br /> 3308 Satisfy any</code></dd> 3309 </dl> 3310 3311 <p>See the <a href="#user-authentication">user 3312 authentication</a> question and the <a 3313 href="../mod/mod_access.html">mod_access</a> module for 3314 details on how the above directives work.</p> 3315 <hr /> 3316 </li> 3317 3318 <li> 3319 <a id="authauthoritative" 3320 name="authauthoritative"><strong>Why does my authentication 3321 give me a server error?</strong></a> 3322 3323 <p>Under normal circumstances, the Apache access control 3324 modules will pass unrecognized user IDs on to the next 3325 access control module in line. Only if the user ID is 3326 recognized and the password is validated (or not) will it 3327 give the usual success or "authentication failed" 3328 messages.</p> 3329 3330 <p>However, if the last access module in line 'declines' 3331 the validation request (because it has never heard of the 3332 user ID or because it is not configured), the 3333 <samp>http_request</samp> handler will give one of the 3334 following, confusing, errors:</p> 3335 3336 <ul> 3337 <li><samp>check access</samp></li> 3338 3339 <li><samp>check user. No user file?</samp></li> 3340 3341 <li><samp>check access. No groups file?</samp></li> 3342 </ul> 3343 3344 <p>This does <em>not</em> mean that you have to add an 3345 '<samp>AuthUserFile /dev/null</samp>' line as some 3346 magazines suggest!</p> 3347 3348 <p>The solution is to ensure that at least the last module 3349 is authoritative and <strong>CONFIGURED</strong>. By 3350 default, <samp>mod_auth</samp> is authoritative and will 3351 give an OK/Denied, but only if it is configured with the 3352 proper <samp>AuthUserFile</samp>. Likewise, if a valid 3353 group is required. (Remember that the modules are processed 3354 in the reverse order from that in which they appear in your 3355 compile-time <samp>Configuration</samp> file.)</p> 3356 3357 <p>A typical situation for this error is when you are using 3358 the <samp>mod_auth_dbm</samp>, <samp>mod_auth_msql</samp>, 3359 <samp>mod_auth_mysql</samp>, <samp>mod_auth_anon</samp> or 3360 <samp>mod_auth_cookie</samp> modules on their own. These 3361 are by default <strong>not</strong> authoritative, and this 3362 will pass the buck on to the (non-existent) next 3363 authentication module when the user ID is not in their 3364 respective database. Just add the appropriate 3365 '<samp><em>XXX</em>Authoritative yes</samp>' line to the 3366 configuration.</p> 3367 3368 <p>In general it is a good idea (though not terribly 3369 efficient) to have the file-based <samp>mod_auth</samp> a 3370 module of last resort. This allows you to access the web 3371 server with a few special passwords even if the databases 3372 are down or corrupted. This does cost a file 3373 open/seek/close for each request in a protected area.</p> 3374 <hr /> 3375 </li> 3376 3377 <li> 3378 <a id="auth-on-same-machine" 3379 name="auth-on-same-machine"><strong>Do I have to keep the 3380 (mSQL) authentication information on the same 3381 machine?</strong></a> 3382 3383 <p>Some organizations feel very strongly about keeping the 3384 authentication information on a different machine than the 3385 webserver. With the <samp>mod_auth_msql</samp>, 3386 <samp>mod_auth_mysql</samp>, and other SQL modules 3387 connecting to (R)DBMses this is quite possible. Just 3388 configure an explicit host to contact.</p> 3389 3390 <p>Be aware that with mSQL and Oracle, opening and closing 3391 these database connections is very expensive and time 3392 consuming. You might want to look at the code in the 3393 <samp>auth_*</samp> modules and play with the compile time 3394 flags to alleviate this somewhat, if your RDBMS licences 3395 allow for it.</p> 3396 <hr /> 3397 </li> 3398 3399 <li> 3400 <a id="msql-slow" name="msql-slow"><strong>Why is my mSQL 3401 authentication terribly slow?</strong></a> 3402 3403 <p>You have probably configured the Host by specifying a 3404 FQHN, and thus the <samp>libmsql</samp> will use a full 3405 blown TCP/IP socket to talk to the database, rather than a 3406 fast internal device. The <samp>libmsql</samp>, the mSQL 3407 FAQ, and the <samp>mod_auth_msql</samp> documentation warn 3408 you about this. If you have to use different hosts, check 3409 out the <samp>mod_auth_msql</samp> code for some compile 3410 time flags which might - or might not - suit you.</p> 3411 <hr /> 3412 </li> 3413 3414 <li> 3415 <a id="passwdauth" name="passwdauth"><strong>Can I use my 3416 <samp>/etc/passwd</samp> file for Web page 3417 authentication?</strong></a> 3418 3419 <p>Yes, you can - but it's a <strong>very bad 3420 idea</strong>. Here are some of the reasons:</p> 3421 3422 <ul> 3423 <li>The Web technology provides no governors on how often 3424 or how rapidly password (authentication failure) retries 3425 can be made. That means that someone can hammer away at 3426 your system's <samp>root</samp> password using the Web, 3427 using a dictionary or similar mass attack, just as fast 3428 as the wire and your server can handle the requests. Most 3429 operating systems these days include attack detection 3430 (such as <em>n</em> failed passwords for the same account 3431 within <em>m</em> seconds) and evasion (breaking the 3432 connection, disabling the account under attack, disabling 3433 <em>all</em> logins from that source, <em>et 3434 cetera</em>), but the Web does not.</li> 3435 3436 <li>An account under attack isn't notified (unless the 3437 server is heavily modified); there's no "You have 19483 3438 login failures" message when the legitimate owner logs 3439 in.</li> 3440 3441 <li>Without an exhaustive and error-prone examination of 3442 the server logs, you can't tell whether an account has 3443 been compromised. Detecting that an attack has occurred, 3444 or is in progress, is fairly obvious, though - 3445 <em>if</em> you look at the logs.</li> 3446 3447 <li>Web authentication passwords (at least for Basic 3448 authentication) generally fly across the wire, and 3449 through intermediate proxy systems, in what amounts to 3450 plain text. "O'er the net we go/Caching all the way;/O 3451 what fun it is to surf/Giving my password away!"</li> 3452 3453 <li>Since HTTP is stateless, information about the 3454 authentication is transmitted <em>each and every 3455 time</em> a request is made to the server. Essentially, 3456 the client caches it after the first successful access, 3457 and transmits it without asking for all subsequent 3458 requests to the same server.</li> 3459 3460 <li>It's relatively trivial for someone on your system to 3461 put up a page that will steal the cached password from a 3462 client's cache without them knowing. Can you say 3463 "password grabber"?</li> 3464 </ul> 3465 3466 <p>If you still want to do this in light of the above 3467 disadvantages, the method is left as an exercise for the 3468 reader. It'll void your Apache warranty, though, and you'll 3469 lose all accumulated UNIX guru points.</p> 3470 <hr /> 3471 </li> 3472 3473 <li> 3474 <a id="prompted-twice" name="prompted-twice"><strong>Why 3475 does Apache ask for my password twice before serving a 3476 file?</strong></a> 3477 3478 <p>If the hostname under which you are accessing the server 3479 is different than the hostname specified in the <a 3480 href="../mod/core.html#servername"><code>ServerName</code></a> 3481 directive, then depending on the setting of the <a 3482 href="../mod/core.html#usecanonicalname"><code>UseCanonicalName</code></a> 3483 directive, Apache will redirect you to a new hostname when 3484 constructing self-referential URLs. This happens, for 3485 example, in the case where you request a directory without 3486 including the trailing slash.</p> 3487 3488 <p>When this happens, Apache will ask for authentication 3489 once under the original hostname, perform the redirect, and 3490 then ask again under the new hostname. For security 3491 reasons, the browser must prompt again for the password 3492 when the host name changes.</p> 3493 3494 <p>To eliminate this problem you should</p> 3495 3496 <ol> 3497 <li>Always use the trailing slash when requesting 3498 directories;</li> 3499 3500 <li>Change the <code>ServerName</code> to match the name 3501 you are using in the URL; and/or</li> 3502 3503 <li>Set <code>UseCanonicalName off</code>.</li> 3504 </ol> 3505 <hr /> 3506 </li> 3507 3508 <li> 3509 <a id="image-theft" name="image-theft"><strong>How can I prevent 3510 people from "stealing" the images from my web site?</strong></a> 3511 3512 <p>The goal here is to prevent people from inlining your images 3513 directly from their web site, but accessing them only if they 3514 appear inline in your pages.<p> 3515 3516 <p>This can be accomplished with a combination of SetEnvIf and 3517 the Deny and Allow directives. However, it is important to 3518 understand that any access restriction based on the REFERER 3519 header is intrinsically problematic due to the fact that 3520 browsers can send an incorrect REFERER, either because they 3521 want to circumvent your restriction or simply because they don't 3522 send the right thing (or anything at all).</p> 3523 3524 <p>The following configuration will produce the desired effect 3525 if the browser passes correct REFERER headers.</p> 3526 3527<pre> 3528SetEnvIf REFERER "www\.mydomain\.com" linked_from_here 3529SetEnvIf REFERER "^$" linked_from_here 3530 3531<Directory /www/images> 3532 Order deny,allow 3533 Deny from all 3534 Allow from env=linked_from_here 3535</Directory> 3536</pre> 3537 3538<p>Further examples can be found in the <a 3539href="../env.html#examples">Environment Variables</a> documentation.</p> 3540 3541 <hr /> 3542 </li> 3543 3544 3545 </ol> 3546 3547 3548 </body> 3549</html> 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 <h3>H. URL Rewriting</h3> 3566 3567 <ol> 3568 <li> 3569 <a id="rewrite-more-config" 3570 name="rewrite-more-config"><strong>Where can I find 3571 mod_rewrite rulesets which already solve particular 3572 URL-related problems?</strong></a> 3573 3574 <p>There is a collection of <a 3575 href="http://www.engelschall.com/pw/apache/rewriteguide/">Practical 3576 Solutions for URL-Manipulation</a> where you can find all 3577 typical solutions the author of <a 3578 href="../mod/mod_rewrite.html"><samp>mod_rewrite</samp></a> 3579 currently knows of. If you have more interesting rulesets 3580 which solve particular problems not currently covered in 3581 this document, send it to <a 3582 href="mailto:rse@apache.org">Ralf S. Engelschall</a> for 3583 inclusion. The other webmasters will thank you for avoiding 3584 the reinvention of the wheel.</p> 3585 <hr /> 3586 </li> 3587 3588 <li> 3589 <a id="rewrite-article" 3590 name="rewrite-article"><strong>Where can I find any 3591 published information about URL-manipulations and 3592 mod_rewrite?</strong></a> 3593 3594 <p>There is an article from <a 3595 href="mailto:rse@apache.org">Ralf S. Engelschall</a> about 3596 URL-manipulations based on <a 3597 href="../mod/mod_rewrite.html"><samp>mod_rewrite</samp></a> 3598 in the "iX Multiuser Multitasking Magazin" issue #12/96. 3599 The german (original) version can be read online at <<a 3600 href="http://www.heise.de/ix/artikel/9612149/">http://www.heise.de/ix/artikel/9612149/</a>>, 3601 the English (translated) version can be found at <<a 3602 href="http://www.heise.de/ix/artikel/E/9612149/">http://www.heise.de/ix/artikel/E/9612149/</a>>.</p> 3603 <hr /> 3604 </li> 3605 3606 <li> 3607 <a id="rewrite-complexity" 3608 name="rewrite-complexity"><strong>Why is mod_rewrite so 3609 difficult to learn and seems so complicated?</strong></a> 3610 3611 <p>Hmmm... there are a lot of reasons. First, mod_rewrite 3612 itself is a powerful module which can help you in really 3613 <strong>all</strong> aspects of URL rewriting, so it can be 3614 no trivial module per definition. To accomplish its hard 3615 job it uses software leverage and makes use of a powerful 3616 regular expression library by Henry Spencer which is an 3617 integral part of Apache since its version 1.2. And regular 3618 expressions itself can be difficult to newbies, while 3619 providing the most flexible power to the advanced 3620 hacker.</p> 3621 3622 <p>On the other hand mod_rewrite has to work inside the 3623 Apache API environment and needs to do some tricks to fit 3624 there. For instance the Apache API as of 1.x really was not 3625 designed for URL rewriting at the <tt>.htaccess</tt> level 3626 of processing. Or the problem of multiple rewrites in 3627 sequence, which is also not handled by the API per design. 3628 To provide this features mod_rewrite has to do some special 3629 (but API compliant!) handling which leads to difficult 3630 processing inside the Apache kernel. While the user usually 3631 doesn't see anything of this processing, it can be 3632 difficult to find problems when some of your RewriteRules 3633 seem not to work.</p> 3634 <hr /> 3635 </li> 3636 3637 <li> 3638 <a id="rewrite-dontwork" 3639 name="rewrite-dontwork"><strong>What can I do if my 3640 RewriteRules don't work as expected?</strong></a> 3641 3642 <p>Use "<samp>RewriteLog somefile</samp>" and 3643 "<samp>RewriteLogLevel 9</samp>" and have a precise look at 3644 the steps the rewriting engine performs. This is really the 3645 only one and best way to debug your rewriting 3646 configuration.</p> 3647 <hr /> 3648 </li> 3649 3650 <li> 3651 <a id="rewrite-prefixdocroot" 3652 name="rewrite-prefixdocroot"><strong>Why don't some of my 3653 URLs get prefixed with DocumentRoot when using 3654 mod_rewrite?</strong></a> 3655 3656 <p>If the rule starts with <samp>/somedir/...</samp> make 3657 sure that really no <samp>/somedir</samp> exists on the 3658 filesystem if you don't want to lead the URL to match this 3659 directory, <em>i.e.</em>, there must be no root directory 3660 named <samp>somedir</samp> on the filesystem. Because if 3661 there is such a directory, the URL will not get prefixed 3662 with DocumentRoot. This behavior looks ugly, but is really 3663 important for some other aspects of URL rewriting.</p> 3664 <hr /> 3665 </li> 3666 3667 <li> 3668 <a id="rewrite-nocase" name="rewrite-nocase"><strong>How 3669 can I make all my URLs case-insensitive with 3670 mod_rewrite?</strong></a> 3671 3672 <p>You can't! The reasons are: first, that, case 3673 translations for arbitrary length URLs cannot be done 3674 <em>via</em> regex patterns and corresponding 3675 substitutions. One needs a per-character pattern like the 3676 sed/Perl <samp>tr|..|..|</samp> feature. Second, just 3677 making URLs always upper or lower case does not solve the 3678 whole problem of case-INSENSITIVE URLs, because URLs 3679 actually have to be rewritten to the correct case-variant 3680 for the file residing on the filesystem in order to allow 3681 Apache to access the file. And the Unix filesystem is 3682 always case-SENSITIVE.</p> 3683 3684 <p>But there is a module named <code><a 3685 href="../mod/mod_speling.html">mod_speling.c</a></code> in 3686 the Apache distribution. Try this module to help correct 3687 people who use mis-cased URLs.</p> 3688 <hr /> 3689 </li> 3690 3691 <li> 3692 <a id="rewrite-virthost" 3693 name="rewrite-virthost"><strong>Why are RewriteRules in my 3694 VirtualHost parts ignored?</strong></a> 3695 3696 <p>Because you have to enable the engine for every virtual 3697 host explicitly due to security concerns. Just add a 3698 "RewriteEngine on" to your virtual host configuration 3699 parts.</p> 3700 <hr /> 3701 </li> 3702 3703 <li> 3704 <a id="rewrite-envwhitespace" 3705 name="rewrite-envwhitespace"><strong>How can I use strings 3706 with whitespaces in RewriteRule's ENV flag?</strong></a> 3707 3708 <p>There is only one ugly solution: You have to surround 3709 the complete flag argument by quotation marks 3710 (<samp>"[E=...]"</samp>). Notice: The argument to quote 3711 here is not the argument to the E-flag, it is the argument 3712 of the Apache config file parser, <em>i.e.</em>, the third 3713 argument of the RewriteRule here. So you have to write 3714 <samp>"[E=any text with whitespaces]"</samp>.</p> 3715 <hr /> 3716 </li> 3717 </ol> 3718 3719 3720 </body> 3721</html> 3722 3723 3724 3725 3726 3727 3728 3729 3730 3731 3732 3733 3734 3735 3736 3737 <h3>I. Features</h3> 3738 3739 <ol> 3740 <li> 3741 <a id="proxy" name="proxy"><strong>Does or will Apache act 3742 as a Proxy server?</strong></a> 3743 3744 <p>Apache version 1.1 and above comes with a <a 3745 href="../mod/mod_proxy.html">proxy module</a>. If compiled 3746 in, this will make Apache act as a caching-proxy 3747 server.</p> 3748 <hr /> 3749 </li> 3750 3751 <li> 3752 <a id="multiviews" name="multiviews"><strong>What are 3753 "multiviews"?</strong></a> 3754 3755 <p>"Multiviews" is the general name given to the Apache 3756 server's ability to provide language-specific document 3757 variants in response to a request. This is documented quite 3758 thoroughly in the <a href="../content-negotiation.html" 3759 rel="Help">content negotiation</a> description page. In 3760 addition, <cite>Apache Week</cite> carried an article on 3761 this subject entitled "<a 3762 href="http://www.apacheweek.com/features/negotiation" 3763 rel="Help"><cite>Content Negotiation 3764 Explained</cite></a>".</p> 3765 <hr /> 3766 </li> 3767 3768 <li> 3769 <a id="putsupport" name="putsupport"><strong>Why can't I 3770 publish to my Apache server using PUT on Netscape Gold and 3771 other programs?</strong></a> 3772 3773 <p>Because you need to install and configure a script to 3774 handle the uploaded files. This script is often called a 3775 "PUT" handler. There are several available, but they may 3776 have security problems. Using FTP uploads may be easier and 3777 more secure, at least for now. For more information, see 3778 the <cite>Apache Week</cite> article <a 3779 href="http://www.apacheweek.com/features/put"><cite>Publishing 3780 Pages with PUT</cite></a>.</p> 3781 <hr /> 3782 </li> 3783 3784 <li> 3785 <a id="SSL-i" name="SSL-i"><strong>Why doesn't Apache 3786 include SSL?</strong></a> 3787 3788 <p>SSL (Secure Socket Layer) data transport requires 3789 encryption, and many governments have restrictions upon the 3790 import, export, and use of encryption technology. If Apache 3791 included SSL in the base package, its distribution would 3792 involve all sorts of legal and bureaucratic issues, and it 3793 would no longer be freely available. Also, some of the 3794 technology required to talk to current clients using SSL is 3795 patented by <a href="http://www.rsa.com/">RSA Data 3796 Security</a>, who restricts its use without a license.</p> 3797 3798 <p>Some SSL implementations of Apache are available, 3799 however; see the "<a 3800 href="http://httpd.apache.org/related_projects.html">related 3801 projects</a>" page at the main Apache web site.</p> 3802 3803 <p>You can find out more about this topic in the 3804 <cite>Apache Week</cite> article about <a 3805 href="http://www.apacheweek.com/features/ssl" 3806 rel="Help"><cite>Apache and Secure 3807 Transactions</cite></a>.</p> 3808 <hr /> 3809 </li> 3810 3811 <li> 3812 <a id="footer" name="footer"><strong>How can I attach a 3813 footer to my documents without using SSI?</strong></a> 3814 3815 <p>You can make arbitrary changes to static documents by 3816 configuring an <a 3817 href="../mod/mod_actions.html#action">Action</a> which 3818 launches a CGI script. The CGI is then responsible for 3819 setting a content-type and delivering the requested 3820 document (the location of which is passed in the 3821 <samp>PATH_TRANSLATED</samp> environment variable), along 3822 with whatever footer is needed.</p> 3823 3824 <p>Busy sites may not want to run a CGI script on every 3825 request, and should consider using an Apache module to add 3826 the footer. There are several third party modules available 3827 through the <a href="http://modules.apache.org/">Apache 3828 Module Registry</a> which will add footers to documents. 3829 These include mod_trailer, PHP 3830 (<samp>php3_auto_append_file</samp>), mod_layout, and 3831 mod_perl (<samp>Apache::Sandwich</samp>).</p> 3832 <hr /> 3833 </li> 3834 3835 <li> 3836 <a id="search" name="search"><strong>Does Apache include a 3837 search engine?</strong></a> 3838 3839 <p>Apache does not include a search engine, but there are 3840 many good commercial and free search engines which can be 3841 used easily with Apache. Some of them are listed on the <a 3842 href="http://www.searchtools.com/tools/tools.html">Web Site 3843 Search Tools</a> page. Open source search engines that are 3844 often used with Apache include <a 3845 href="http://www.htdig.org/">ht://Dig</a> and <a 3846 href="http://sunsite.berkeley.edu/SWISH-E/">SWISH-E</a>.</p> 3847 <hr /> 3848 </li> 3849 3850 <li> 3851 <a id="rotate" name="rotate"><strong>How can I rotate my 3852 log files?</strong></a> 3853 3854 <p>The simple answer: by piping the transfer log into an 3855 appropriate log file rotation utility.</p> 3856 3857 <p>The longer answer: In the src/support/ directory, you 3858 will find a utility called <a 3859 href="../programs/rotatelogs.html">rotatelogs</a> which can 3860 be used like this:</p> 3861<pre> 3862 TransferLog "|/path/to/rotatelogs /path/to/logs/access_log 86400" 3863</pre> 3864 3865 <p>to enable daily rotation of the log files.<br /> 3866 A more sophisticated solution of a logfile rotation 3867 utility is available under the name <code>cronolog</code> 3868 from Andrew Ford's site at <a 3869 href="http://www.cronolog.org/">http://www.cronolog.org/</a>. 3870 It can automatically create logfile subdirectories based on 3871 time and date, and can have a constant symlink point to the 3872 rotating logfiles. (As of version 1.6.1, cronolog is 3873 available under the <a href="../LICENSE">Apache 3874 License</a>). Use it like this:</p> 3875<pre> 3876 CustomLog "|/path/to/cronolog --symlink=/usr/local/apache/logs/access_log /usr/local/apache/logs/%Y/%m/access_log" combined 3877</pre> 3878 <hr /> 3879 </li> 3880 3881 <li> 3882 <a id="conditional-logging" 3883 name="conditional-logging"><strong>How do I keep certain 3884 requests from appearing in my logs?</strong></a> 3885 3886 <p>The maximum flexibility for removing unwanted 3887 information from log files is obtained by post-processing 3888 the logs, or using piped-logs to feed the logs through a 3889 program which does whatever you want. However, Apache does 3890 offer the ability to prevent requests from ever appearing 3891 in the log files. You can do this by using the <a 3892 href="../mod/mod_setenvif.html#setenvif"><code>SetEnvIf</code></a> 3893 directive to set an environment variable for certain 3894 requests and then using the conditional <a 3895 href="../mod/mod_log_config.html#customlog-conditional"><code> 3896 CustomLog</code></a> syntax to prevent logging when the 3897 environment variable is set.</p> 3898 <hr /> 3899 </li> 3900 3901 <li> 3902 <a id="dbinteg" name="dbinteg"><b>Does Apache support any 3903 sort of database integration?</b></a> 3904 3905 <p>No. Apache is a Web (HTTP) server, not an application 3906 server. The base package does not include any such 3907 functionality. See the <a href="http://www.php.net/">PHP 3908 project</a> and the <a 3909 href="http://perl.apache.org/">mod_perl project</a> for 3910 examples of modules that allow you to work with databases 3911 from within the Apache environment.</p> 3912 <hr /> 3913 </li> 3914 3915 <li> 3916 <a id="asp" name="asp"><b>Can I use Active Server Pages 3917 (ASP) with Apache?</b></a> 3918 3919 <p>The base Apache Web server package does not include ASP 3920 support. However, there are a couple of after-market 3921 solutions that let you add this functionality; see the <a 3922 href="http://httpd.apache.org/related_projects.html">related 3923 projects</a> page to find out more.</p> 3924 <hr /> 3925 </li> 3926 3927 <li> 3928 <a id="java" name="java"><b>Does Apache come with Java 3929 support?</b></a> 3930 3931 <p>The base Apache Web server package does not include 3932 support for Java, Java Server Pages, Enterprise Java Beans, 3933 or Java servlets. Those features are available as add-ons 3934 from the Apache/Java project site, <URL:<a 3935 href="http://jakarta.apache.org">http://jakarta.apache.org/</a>>.</p> 3936 <hr /> 3937 </li> 3938 </ol> 3939 3940 3941 </body> 3942</html> 3943 3944 3945 <hr /> 3946 3947 <h3 align="CENTER">Apache HTTP Server Version 1.3</h3> 3948 <a href="./"><img src="../images/index.gif" alt="Index" /></a> 3949 <a href="../"><img src="../images/home.gif" alt="Home" /></a> 3950 3951 </body> 3952</html> 3953 3954
