httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1302856 - /httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
Date Tue, 20 Mar 2012 12:09:06 GMT
Author: jim
Date: Tue Mar 20 12:09:05 2012
New Revision: 1302856

Merge r1302855 from trunk:

Note that TRACE is not a vuln

Reviewed/backported by: jim


Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml Tue Mar 20 12:09:05 2012
@@ -605,6 +605,37 @@ headers</description>
+<description>Base directory for the server run-time files</description>
+<syntax>DefaultRuntimeDir <var>directory-path</var></syntax>
+<default>DefaultRuntimeDir DEFAULT_REL_RUNTIMEDIR (logs/)</default>
+<contextlist><context>server config</context></contextlist>
+    <p>The <directive>DefaultRuntimeDir</directive> directive sets the
+    directory in which the server will create various run-time files
+    (shared memory, locks, etc.). If set as a relative path, the full path
+    will be relative to <directive>ServerRoot</directive></p>
+    <example><title>Example</title>
+      DefaultRuntimeDir scratch/
+    </example>
+    <p>The default location of <directive>DefaultRuntimeDir</directive>
may be
+    modified by changing the <code>DEFAULT_REL_RUNTIMEDIR</code> #define
+    at build time.</p>
+   <p>Note: <directive>ServerRoot</directive> should be specified before
+   directive is used, otherwise the default value of <directive>ServerRoot</directive>
+   would be used to set the base directory.</p>
+<seealso><a href="../misc/security_tips.html#serverroot">the
+    security tips</a> for information on how to properly set
+    permissions on the <directive>ServerRoot</directive></seealso>
 <description>This directive has no effect other than to emit warnings
 if the value is not <code>none</code>. In prior versions, DefaultType
@@ -4170,6 +4201,13 @@ certain events before failing a request<
     <code>Transfer-Encoding: chunked</code> is used).  The core will
     reflect the full headers and all chunk headers with the response
     body.  As a proxy server, the request body is not restricted to 64k.</p>
+    <note><title>Note</title>
+    <p>Despite claims to the contrary, <code>TRACE</code> is not
+    a security vulnerability and there is no viable reason for
+    it to be disabled. Doing so necessarily makes your server
+    non-compliant.</p>
+    </note>

View raw message