Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 69192 invoked from network); 17 Aug 2006 19:42:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 17 Aug 2006 19:42:25 -0000 Received: (qmail 3462 invoked by uid 500); 17 Aug 2006 19:42:24 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 3424 invoked by uid 500); 17 Aug 2006 19:42:24 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 3412 invoked by uid 99); 17 Aug 2006 19:42:24 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Aug 2006 12:42:24 -0700 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [140.211.166.113] (HELO eris.apache.org) (140.211.166.113) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Aug 2006 12:42:19 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 4FF841A982C; Thu, 17 Aug 2006 12:41:35 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: svn commit: r432360 [8/8] - in /httpd/httpd/trunk/docs/manual: ./ mod/ programs/ Date: Thu, 17 Aug 2006 19:41:11 -0000 To: cvs@httpd.apache.org From: jim@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20060817194135.4FF841A982C@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Modified: httpd/httpd/trunk/docs/manual/suexec.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/suexec.html.en?rev=432360&r1=432359&r2=432360&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/suexec.html.en (original) +++ httpd/httpd/trunk/docs/manual/suexec.html.en Thu Aug 17 12:41:07 2006 @@ -6,21 +6,21 @@ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --> suEXEC Support - Apache HTTP Server - - - - + + + +
-

Modules | Directives | FAQ | Glossary | Sitemap

+

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.3

-
-
<-
+ +
<-

suEXEC Support

-

Available Languages:  en  | - ja  | - ko 

+

Available Languages:  en  | + ja  | + ko 

The suEXEC feature provides @@ -39,18 +39,18 @@ and the security issues they present, we highly recommend that you not consider using suEXEC.

-
top

suEXEC Security Model

@@ -348,7 +348,7 @@ configuration, as well as what security risks can be avoided with a proper suEXEC setup, see the "Beware the Jabberwock" section of this document.

-
top
+
top

Configuring & Installing suEXEC

@@ -456,7 +456,7 @@

Setting paranoid permissions
Although the suEXEC wrapper will check to ensure that its caller is the correct user as specified with the - --with-suexec-caller configure + --with-suexec-caller configure option, there is always the possibility that a system or library call suEXEC uses before this check may be exploitable on your system. To counter @@ -471,7 +471,7 @@ Group webgroup

-

and suexec is installed at +

and suexec is installed at "/usr/local/apache2/sbin/suexec", you should run:

@@ -481,13 +481,13 @@

This will ensure that only the group Apache runs as can even execute the suEXEC wrapper.

-
top
+
top

Enabling & Disabling suEXEC

Upon startup of Apache, it looks for the file - suexec in the directory defined by the + suexec in the directory defined by the --sbindir option (default is "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured suEXEC wrapper, it will print the following message @@ -506,33 +506,33 @@ restart Apache. Restarting it with a simple HUP or USR1 signal will not be enough.

If you want to disable suEXEC you should kill and restart - Apache after you have removed the suexec file.

-
top
+ Apache after you have removed the suexec file.

+
top

Using suEXEC

Requests for CGI programs will call the suEXEC wrapper only if - they are for a virtual host containing a SuexecUserGroup directive or if - they are processed by mod_userdir.

+ they are for a virtual host containing a SuexecUserGroup directive or if + they are processed by mod_userdir.

Virtual Hosts:
One way to use the suEXEC - wrapper is through the SuexecUserGroup directive in - VirtualHost definitions. By + wrapper is through the SuexecUserGroup directive in + VirtualHost definitions. By setting this directive to values different from the main server user ID, all requests for CGI resources will be executed as the - User and Group defined for that <VirtualHost>. If this - directive is not specified for a <VirtualHost> then the main server userid + User and Group defined for that <VirtualHost>. If this + directive is not specified for a <VirtualHost> then the main server userid is assumed.

User directories:
Requests that are - processed by mod_userdir will call the suEXEC + processed by mod_userdir will call the suEXEC wrapper to execute CGI programs under the userid of the requested user directory. The only requirement needed for this feature to work is for CGI execution to be enabled for the user and that the script must meet the scrutiny of the security checks above. See also the --with-suexec-userdir compile - time option.

top
+ time option.

top

Debugging suEXEC

@@ -542,7 +542,7 @@ installed the wrapper properly, have a look at this log and the error_log for the server to see where you may have gone astray.

-
top
+
top

Beware the Jabberwock: Warnings & Examples

@@ -599,10 +599,10 @@
-

Available Languages:  en  | - ja  | - ko 

+

Available Languages:  en  | + ja  | + ko 

+

Modules | Directives | FAQ | Glossary | Sitemap

Modified: httpd/httpd/trunk/docs/manual/suexec.xml.meta URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/suexec.xml.meta?rev=432360&r1=432359&r2=432360&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/suexec.xml.meta (original) +++ httpd/httpd/trunk/docs/manual/suexec.xml.meta Thu Aug 17 12:41:07 2006 @@ -2,8 +2,8 @@ suexec - / - . + /./ + .. en Modified: httpd/httpd/trunk/docs/manual/upgrading.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/upgrading.html.en?rev=432360&r1=432359&r2=432360&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/upgrading.html.en (original) +++ httpd/httpd/trunk/docs/manual/upgrading.html.en Thu Aug 17 12:41:07 2006 @@ -6,24 +6,24 @@ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --> Upgrading to 2.4 from 2.2 - Apache HTTP Server - - - - + + + +
-

Modules | Directives | FAQ | Glossary | Sitemap

+

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.3

-
-
<-
+ +
<-

Upgrading to 2.4 from 2.2

+Apache > HTTP Server > Documentation > Version 2.3

Upgrading to 2.4 from 2.2

-

Available Languages:  de  | - en  | - ja  | - ko  | - pt-br  | - ru 

+

Available Languages:  de  | + en  | + ja  | + ko  | + pt-br  | + ru 

In order to assist folks upgrading, we maintain a document @@ -37,43 +37,43 @@ upgrading document.

-
top

Run-Time Configuration Changes

-
top
+
top

Misc Changes

-
top
+
top

Third Party Modules

-

Available Languages:  de  | - en  | - ja  | - ko  | - pt-br  | - ru 

+

Available Languages:  de  | + en  | + ja  | + ko  | + pt-br  | + ru 

+

Modules | Directives | FAQ | Glossary | Sitemap

Modified: httpd/httpd/trunk/docs/manual/upgrading.xml.meta URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/upgrading.xml.meta?rev=432360&r1=432359&r2=432360&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/upgrading.xml.meta (original) +++ httpd/httpd/trunk/docs/manual/upgrading.xml.meta Thu Aug 17 12:41:07 2006 @@ -2,8 +2,8 @@ upgrading - / - . + /./ + .. de Modified: httpd/httpd/trunk/docs/manual/urlmapping.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/urlmapping.html.en?rev=432360&r1=432359&r2=432360&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/urlmapping.html.en (original) +++ httpd/httpd/trunk/docs/manual/urlmapping.html.en Thu Aug 17 12:41:07 2006 @@ -6,55 +6,55 @@ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --> Mapping URLs to Filesystem Locations - Apache HTTP Server - - - - + + + +
-

Modules | Directives | FAQ | Glossary | Sitemap

+

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.3

-
-
<-
+ +
<-

Mapping URLs to Filesystem Locations

+Apache > HTTP Server > Documentation > Version 2.3

Mapping URLs to Filesystem Locations

-

Available Languages:  en  | - ja  | - ko 

+

Available Languages:  en  | + ja  | + ko 

This document explains how Apache uses the URL of a request to determine the filesystem location from which to serve a file.

-
top

DocumentRoot

In deciding what file to serve for a given request, Apache's default behavior is to take the URL-Path for the request (the part of the URL following the hostname and port) and add it to the end - of the DocumentRoot specified + of the DocumentRoot specified in your configuration files. Therefore, the files and directories - underneath the DocumentRoot + underneath the DocumentRoot make up the basic document tree which will be visible from the web.

-

For example, if DocumentRoot +

For example, if DocumentRoot were set to /var/www/html then a request for http://www.example.com/fish/guppies.html would result in the file /var/www/html/fish/guppies.html being @@ -62,44 +62,44 @@

Apache is also capable of Virtual Hosting, where the server receives requests for more than one - host. In this case, a different DocumentRoot can be specified for each + host. In this case, a different DocumentRoot can be specified for each virtual host, or alternatively, the directives provided by the - module mod_vhost_alias can + module mod_vhost_alias can be used to dynamically determine the appropriate place from which to serve content based on the requested IP address or hostname.

-

The DocumentRoot directive +

The DocumentRoot directive is set in your main server configuration file (httpd.conf) and, possibly, once per additional Virtual Host you create.

-
top
+
top

Files Outside the DocumentRoot

There are frequently circumstances where it is necessary to allow web access to parts of the filesystem that are not strictly - underneath the DocumentRoot. Apache offers several + underneath the DocumentRoot. Apache offers several different ways to accomplish this. On Unix systems, symbolic links - can bring other parts of the filesystem under the DocumentRoot. For security reasons, - Apache will follow symbolic links only if the Options setting for the relevant + can bring other parts of the filesystem under the DocumentRoot. For security reasons, + Apache will follow symbolic links only if the Options setting for the relevant directory includes FollowSymLinks or SymLinksIfOwnerMatch.

-

Alternatively, the Alias directive will map any part +

Alternatively, the Alias directive will map any part of the filesystem into the web space. For example, with

Alias /docs /var/web

the URL http://www.example.com/docs/dir/file.html will be served from /var/web/dir/file.html. The - ScriptAlias directive + ScriptAlias directive works the same way, with the additional effect that all content - located at the target path is treated as CGI scripts.

+ located at the target path is treated as CGI scripts.

For situations where you require additional flexibility, you - can use the AliasMatch - and ScriptAliasMatch - directives to do powerful regular + can use the AliasMatch + and ScriptAliasMatch + directives to do powerful regular expression based matching and substitution. For example,

@@ -110,13 +110,13 @@ http://example.com/~user/cgi-bin/script.cgi to the path /home/user/cgi-bin/script.cgi and will treat the resulting file as a CGI script.

-
top
+
top

User Directories

Traditionally on Unix systems, the home directory of a particular user can be referred to as - ~user/. The module mod_userdir + ~user/. The module mod_userdir extends this idea to the web by allowing files under each user's home directory to be accessed using URLs such as the following.

@@ -125,7 +125,7 @@

For security reasons, it is inappropriate to give direct access to a user's home directory from the web. Therefore, the - UserDir directive + UserDir directive specifies a directory underneath the user's home directory where web files are located. Using the default setting of Userdir public_html, the above URL maps to a file @@ -144,7 +144,7 @@ alternate string to represent user directories. This functionality is not supported by mod_userdir. However, if users' home directories are structured in a regular way, then it is possible - to use the AliasMatch + to use the AliasMatch directive to achieve the desired effect. For example, to make http://www.example.com/upages/user/file.html map to /home/user/public_html/file.html, use the following @@ -152,7 +152,7 @@

AliasMatch ^/upages/([a-zA-Z0-9]+)/?(.*) /home/$1/public_html/$2

-
top
+
top

URL Redirection

@@ -162,9 +162,9 @@ inform the client that the requested content is located at a different URL, and instruct the client to make a new request with the new URL. This is called redirection and is - implemented by the Redirect directive. For example, if + implemented by the Redirect directive. For example, if the contents of the directory /foo/ under the - DocumentRoot are moved + DocumentRoot are moved to the new directory /bar/, you can instruct clients to request the content at the new location as follows:

@@ -177,7 +177,7 @@ substituted for /foo/. You can redirect clients to any server, not only the origin server.

-

Apache also provides a RedirectMatch directive for more +

Apache also provides a RedirectMatch directive for more complicated rewriting problems. For example, to redirect requests for the site home page to a different site, but leave all other requests alone, use the following configuration:

@@ -190,7 +190,7 @@

RedirectMatch temp .* http://othersite.example.com/startpage.html

-
top
+
top

Reverse Proxy

@@ -214,14 +214,14 @@ ProxyPassReverseCookiePath /foo/ /bar/

-

The ProxyPass configures +

The ProxyPass configures the server to fetch the appropriate documents, while the -ProxyPassReverse +ProxyPassReverse directive rewrites redirects originating at internal.example.com so that they target the appropriate directory on the local server. Similarly, the -ProxyPassReverseCookieDomain -and ProxyPassReverseCookieDomain +ProxyPassReverseCookieDomain +and ProxyPassReverseCookieDomain rewrite cookies set by the backend server.

It is important to note, however, that links inside the documents will not be rewritten. So any absolute @@ -230,12 +230,12 @@ internal.example.com. A third-party module mod_proxy_html is available to rewrite links in HTML and XHTML.

-
top
+
top

Rewriting Engine

When even more powerful substitution is required, the rewriting - engine provided by mod_rewrite + engine provided by mod_rewrite can be useful. The directives provided by this module use characteristics of the request such as browser type or source IP address in deciding from where to serve content. In addition, @@ -245,7 +245,7 @@ internal redirects (aliases), external redirects, and proxying. Many practical examples employing mod_rewrite are discussed in the URL Rewriting Guide.

-
top
+
top

File Not Found

@@ -261,7 +261,7 @@

Another common cause of "File Not Found" errors is accidental mistyping of URLs, either directly in the browser, or in HTML links. Apache provides the module - mod_speling (sic) to help with + mod_speling (sic) to help with this problem. When this module is activated, it will intercept "File Not Found" errors and look for a resource with a similar filename. If one such file is found, mod_speling will send an @@ -281,16 +281,16 @@

If all attempts to locate the content fail, Apache returns an error page with HTTP status code 404 (file not found). The appearance of this page is controlled with the - ErrorDocument directive + ErrorDocument directive and can be customized in a flexible manner as discussed in the Custom error responses document.

-

Available Languages:  en  | - ja  | - ko 

+

Available Languages:  en  | + ja  | + ko 

+

Modules | Directives | FAQ | Glossary | Sitemap

Modified: httpd/httpd/trunk/docs/manual/urlmapping.xml.meta URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/urlmapping.xml.meta?rev=432360&r1=432359&r2=432360&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/urlmapping.xml.meta (original) +++ httpd/httpd/trunk/docs/manual/urlmapping.xml.meta Thu Aug 17 12:41:07 2006 @@ -2,8 +2,8 @@ urlmapping - / - . + /./ + .. en