httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nina Pham <n...@gibbons.com>
Subject Re: [users@httpd] https config
Date Fri, 06 Aug 2004 19:36:31 GMT
I ls /var/www/html, index.htm is there. In httpd.conf
    <Directory "/var/www/html">
       Options Indexes Includes FollowSymLinks
       AllowOverride None
       Allow from all
       Order allow,deny
    </Directory>

in ssl.conf, doesn't matter if I put those Directory block in or not, it 
still show apache test page, and forbidden error message in 
ssl_error_log file.

Tim Burden wrote:

>It means that both you don't have a file (e.g. index.html) in your document
>root that Apache recognizes as being an index, AND the Indexes option is
>off.
>
>----- Original Message ----- 
>From: "Nina Pham" <nina@gibbons.com>
>To: <users@httpd.apache.org>
>Sent: Friday, August 06, 2004 3:09 PM
>Subject: Re: [users@httpd] https config
>
>
>  
>
>>I checked the ssl_error_log, it said "Direcotry index forbidden by rule:
>>/var/www/html/"
>>What does that mean?
>>
>>joon yang wrote:
>>
>>    
>>
>>>Normal port for https is 443 not 4443.
>>>
>>>JoOn
>>>--- Nina Pham <nina@gibbons.com> wrote:
>>>
>>>
>>>
>>>      
>>>
>>>>I uncomment the include /conf.d/ssl.conf, then
>>>>restart apache.  It
>>>>complained about no NameVirtualHost for
>>>>myserver:4443. I put in the
>>>>NameVirtualHost and restart apache, it gave me a
>>>>warning
>>>>NameVirtualHost  myserver:4443 has no
>>>>VirtualHost(however, it's arlready
>>>>there in ssl.conf). But it still start apache. Using
>>>>browser, I still
>>>>can access www.gibbons.com:80, but went i tried to
>>>>https://www.gibbons.com, this time it doesn't
>>>>display the FedoraCore
>>>>apache test page (my system is FC2), but instead,
>>>>gave me error message
>>>>"The connection was refused when attempting to
>>>>contact
>>>>www.gibbons.com:4443. I attached ssl.conf, hand
>>>>httpd.conf files.
>>>>
>>>>
>>>>joon yang wrote:
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>>>You need to add LoadModule in the httpd.conf and
>>>>>uncomment the following.
>>>>><IfModule mod_ssl.c>
>>>>>Include conf.d/ssl.conf
>>>>></IfModule>
>>>>>
>>>>>This tells apache to load ssl.conf if mod_ssl.so
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>have
>>>>
>>>>
>>>>        
>>>>
>>>>>been loaded.
>>>>>
>>>>>Also, in you ssl.conf, you've got port 4443 rather
>>>>>than 443.
>>>>>
>>>>>JoOn
>>>>>
>>>>>
>>>>>--- Nina Pham <nina@gibbons.com> wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>Hi, I have a standard web server, now I want to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>run
>>>>
>>>>
>>>>        
>>>>
>>>>>>it with mod_ssl at
>>>>>>port 4443 ( port 443 has already been used).
>>>>>>Attachment is the
>>>>>>httpd.conf, and ssl.conf. When I type
>>>>>>http://www.gibbons.com, it display
>>>>>>our company webpage, and i expect the same for
>>>>>>https://www.gibbons.com:4443. However, when I
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>tried
>>>>
>>>>
>>>>        
>>>>
>>>>>>to https, it just
>>>>>>displayed the test page of apache. What did I do
>>>>>>wrong here?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>#
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>># This is the Apache server configuration file
>>>>>>providing SSL support.
>>>>>># It contains the configuration directives to
>>>>>>instruct the server how to
>>>>>># serve pages over an https connection. For
>>>>>>detailing information about these
>>>>>># directives see
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>><URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>#
>>>>>># Do NOT simply read the instructions in here
>>>>>>without understanding
>>>>>># what they do.  They're here only as hints or
>>>>>>reminders.  If you are unsure
>>>>>># consult the online docs. You have been warned.
>>>>>>#
>>>>>>
>>>>>>LoadModule ssl_module modules/mod_ssl.so
>>>>>>
>>>>>>#   Until documentation is completed, please check
>>>>>>http://www.modssl.org/
>>>>>>#   for additional config examples and module
>>>>>>docmentation.  Directives
>>>>>>#   and features of mod_ssl are largely unchanged
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>from the mod_ssl project
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>#   for Apache 1.3.
>>>>>>
>>>>>>#
>>>>>># When we also provide SSL we have to listen to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>># standard HTTP port (see above) and to the HTTPS
>>>>>>port
>>>>>>#
>>>>>>Listen 4443
>>>>>>
>>>>>>##
>>>>>>##  SSL Global Context
>>>>>>##
>>>>>>##  All SSL configuration in this context applies
>>>>>>both to
>>>>>>##  the main server and all SSL-enabled virtual
>>>>>>hosts.
>>>>>>##
>>>>>>
>>>>>>#
>>>>>>#   Some MIME-types for downloading Certificates
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>and
>>>>
>>>>
>>>>        
>>>>
>>>>>>CRLs
>>>>>>#
>>>>>>AddType application/x-x509-ca-cert .crt
>>>>>>AddType application/x-pkcs7-crl    .crl
>>>>>>
>>>>>>#   Pass Phrase Dialog:
>>>>>>#   Configure the pass phrase gathering process.
>>>>>>#   The filtering dialog program (`builtin' is a
>>>>>>internal
>>>>>>#   terminal dialog) has to provide the pass
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>phrase
>>>>
>>>>
>>>>        
>>>>
>>>>>>on stdout.
>>>>>>SSLPassPhraseDialog  builtin
>>>>>>
>>>>>>#   Inter-Process Session Cache:
>>>>>>#   Configure the SSL Session Cache: First the
>>>>>>mechanism
>>>>>>#   to use and second the expiring timeout (in
>>>>>>seconds).
>>>>>>#SSLSessionCache        none
>>>>>>#SSLSessionCache
>>>>>>dbm:/var/cache/mod_ssl/scache(512000)
>>>>>>#SSLSessionCache
>>>>>>dc:UNIX/var/cache/mod_ssl/distcache
>>>>>>SSLSessionCache
>>>>>>shmcb:/var/cache/mod_ssl/scache(512000)
>>>>>>SSLSessionCacheTimeout  300
>>>>>>
>>>>>>#   Semaphore:
>>>>>>#   Configure the path to the mutual exclusion
>>>>>>semaphore the
>>>>>>#   SSL engine uses internally for inter-process
>>>>>>synchronization.
>>>>>>SSLMutex default
>>>>>>
>>>>>>#   Pseudo Random Number Generator (PRNG):
>>>>>>#   Configure one or more sources to seed the PRNG
>>>>>>of the
>>>>>>#   SSL library. The seed data should be of good
>>>>>>random quality.
>>>>>>#   WARNING! On some platforms /dev/random blocks
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>if
>>>>
>>>>
>>>>        
>>>>
>>>>>>not enough entropy
>>>>>>#   is available. This means you then cannot use
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>>/dev/random device
>>>>>>#   because it would lead to very long connection
>>>>>>times (as long as
>>>>>>#   it requires to make more entropy available).
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>But
>>>>
>>>>
>>>>        
>>>>
>>>>>>usually those
>>>>>>#   platforms additionally provide a /dev/urandom
>>>>>>device which doesn't
>>>>>>#   block. So, if available, use this one instead.
>>>>>>Read the mod_ssl User
>>>>>>#   Manual for more details.
>>>>>>SSLRandomSeed startup file:/dev/urandom  256
>>>>>>SSLRandomSeed connect builtin
>>>>>>#SSLRandomSeed startup file:/dev/random  512
>>>>>>#SSLRandomSeed connect file:/dev/random  512
>>>>>>#SSLRandomSeed connect file:/dev/urandom 512
>>>>>>
>>>>>>#
>>>>>># Use "SSLCryptoDevice" to enable any supported
>>>>>>hardware
>>>>>># accelerators. Use "openssl engine -v" to list
>>>>>>supported
>>>>>># engine names.  NOTE: If you enable an
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>accelerator
>>>>
>>>>
>>>>        
>>>>
>>>>>>and the
>>>>>># server does not start, consult the error logs
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>and
>>>>
>>>>
>>>>        
>>>>
>>>>>>ensure
>>>>>># your accelerator is functioning properly.
>>>>>>#
>>>>>>SSLCryptoDevice builtin
>>>>>>#SSLCryptoDevice ubsec
>>>>>>
>>>>>>##
>>>>>>## SSL Virtual Host Context
>>>>>>##
>>>>>>
>>>>>><VirtualHost _default_:4443>
>>>>>>
>>>>>># General setup for the virtual host, inherited
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>from
>>>>
>>>>
>>>>        
>>>>
>>>>>>global configuration
>>>>>>DocumentRoot "/var/www/html"
>>>>>>ServerName gibbons.com:4443
>>>>>>
>>>>>># Use separate log files for the SSL virtual host;
>>>>>>note that LogLevel
>>>>>># is not inherited from httpd.conf.
>>>>>>ErrorLog logs/ssl_error_log
>>>>>>TransferLog logs/ssl_access_log
>>>>>>LogLevel warn
>>>>>>
>>>>>>#   SSL Engine Switch:
>>>>>>#   Enable/Disable SSL for this virtual host.
>>>>>>SSLEngine on
>>>>>>
>>>>>>#   SSL Cipher Suite:
>>>>>>#   List the ciphers that the client is permitted
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>to
>>>>
>>>>
>>>>        
>>>>
>>>>>>negotiate.
>>>>>>#   See the mod_ssl documentation for a complete
>>>>>>list.
>>>>>>SSLCipherSuite
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>#   Server Certificate:
>>>>>>#   Point SSLCertificateFile at a PEM encoded
>>>>>>certificate.  If
>>>>>>#   the certificate is encrypted, then you will be
>>>>>>prompted for a
>>>>>>#   pass phrase.  Note that a kill -HUP will
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>prompt
>>>>
>>>>
>>>>        
>>>>
>>>>>>again. A test
>>>>>>#   certificate can be generated with `make
>>>>>>certificate' under
>>>>>>#   built time. Keep in mind that if you've both a
>>>>>>RSA and a DSA
>>>>>>#   certificate you can configure both in parallel
>>>>>>(to also allow
>>>>>>#   the use of DSA ciphers, etc.)
>>>>>>SSLCertificateFile
>>>>>>/etc/httpd/conf/ssl.crt/server.crt
>>>>>>#SSLCertificateFile
>>>>>>/etc/httpd/conf/ssl.crt/server-dsa.crt
>>>>>>
>>>>>>#   Server Private Key:
>>>>>>#   If the key is not combined with the
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>certificate,
>>>>
>>>>
>>>>        
>>>>
>>>>>>use this
>>>>>>#   directive to point at the key file.  Keep in
>>>>>>mind that if
>>>>>>#   you've both a RSA and a DSA private key you
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>can
>>>>
>>>>
>>>>        
>>>>
>>>>>>configure
>>>>>>#   both in parallel (to also allow the use of DSA
>>>>>>ciphers, etc.)
>>>>>>SSLCertificateKeyFile
>>>>>>/etc/httpd/conf/ssl.key/server.key
>>>>>>#SSLCertificateKeyFile
>>>>>>/etc/httpd/conf/ssl.key/server-dsa.key
>>>>>>
>>>>>>#   Server Certificate Chain:
>>>>>>#   Point SSLCertificateChainFile at a file
>>>>>>containing the
>>>>>>#   concatenation of PEM encoded CA certificates
>>>>>>which form the
>>>>>>#   certificate chain for the server certificate.
>>>>>>Alternatively
>>>>>>#   the referenced file can be the same as
>>>>>>SSLCertificateFile
>>>>>>#   when the CA certificates are directly appended
>>>>>>to the server
>>>>>>#   certificate for convinience.
>>>>>>#SSLCertificateChainFile
>>>>>>/etc/httpd/conf/ssl.crt/ca.crt
>>>>>>
>>>>>>#   Certificate Authority (CA):
>>>>>>#   Set the CA certificate verification path where
>>>>>>to find CA
>>>>>>#   certificates for client authentication or
>>>>>>alternatively one
>>>>>>#   huge file containing all of them (file must be
>>>>>>PEM encoded)
>>>>>>#   Note: Inside SSLCACertificatePath you need
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>hash
>>>>
>>>>
>>>>        
>>>>
>>>>>>symlinks
>>>>>>#         to point to the certificate files. Use
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>>provided
>>>>>>#         Makefile to update the hash symlinks
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>after
>>>>
>>>>
>>>>        
>>>>
>>>>>>changes.
>>>>>>#SSLCACertificatePath /etc/httpd/conf/ssl.crt
>>>>>>#SSLCACertificateFile
>>>>>>/usr/share/ssl/certs/ca-bundle.crt
>>>>>>
>>>>>>#   Certificate Revocation Lists (CRL):
>>>>>>#   Set the CA revocation path where to find CA
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>CRLs
>>>>
>>>>
>>>>        
>>>>
>>>>>>for client
>>>>>>#   authentication or alternatively one huge file
>>>>>>containing all
>>>>>>#   of them (file must be PEM encoded)
>>>>>>#   Note: Inside SSLCARevocationPath you need hash
>>>>>>symlinks
>>>>>>#         to point to the certificate files. Use
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>>provided
>>>>>>#         Makefile to update the hash symlinks
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>after
>>>>
>>>>
>>>>        
>>>>
>>>>>>changes.
>>>>>>#SSLCARevocationPath /etc/httpd/conf/ssl.crl
>>>>>>#SSLCARevocationFile
>>>>>>/etc/httpd/conf/ssl.crl/ca-bundle.crl
>>>>>>
>>>>>>#   Client Authentication (Type):
>>>>>>#   Client certificate verification type and
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>depth.
>>>>
>>>>
>>>>        
>>>>
>>>>>>Types are
>>>>>>#   none, optional, require and optional_no_ca.
>>>>>>Depth is a
>>>>>>#   number which specifies how deeply to verify
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>>certificate
>>>>>>#   issuer chain before deciding the certificate
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>is
>>>>
>>>>
>>>>        
>>>>
>>>>>>not valid.
>>>>>>#SSLVerifyClient require
>>>>>>#SSLVerifyDepth  10
>>>>>>
>>>>>>#   Access Control:
>>>>>>#   With SSLRequire you can do per-directory
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>access
>>>>
>>>>
>>>>        
>>>>
>>>>>>control based
>>>>>>#   on arbitrary complex boolean expressions
>>>>>>containing server
>>>>>>#   variable checks and other lookup directives.
>>>>>>The syntax is a
>>>>>>#   mixture between C and Perl.  See the mod_ssl
>>>>>>documentation
>>>>>>#   for more details.
>>>>>>#<Location />
>>>>>>#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
>>>>>>#            and %{SSL_CLIENT_S_DN_O} eq "Snake
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>Oil,
>>>>
>>>>
>>>>        
>>>>
>>>>>>Ltd." \
>>>>>>#            and %{SSL_CLIENT_S_DN_OU} in
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>{"Staff",
>>>>
>>>>
>>>>        
>>>>
>>>>>>"CA", "Dev"} \
>>>>>>#            and %{TIME_WDAY} >= 1 and
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>%{TIME_WDAY}
>>>>
>>>>
>>>>        
>>>>
>>>>>><= 5 \
>>>>>>#            and %{TIME_HOUR} >= 8 and
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>%{TIME_HOUR}
>>>>
>>>>
>>>>        
>>>>
>>>>>><= 20       ) \
>>>>>>#           or %{REMOTE_ADDR} =~
>>>>>>m/^192\.76\.162\.[0-9]+$/
>>>>>>#</Location>
>>>>>>
>>>>>>#   SSL Engine Options:
>>>>>>#   Set various options for the SSL engine.
>>>>>>#   o FakeBasicAuth:
>>>>>>#     Translate the client X.509 into a Basic
>>>>>>Authorisation.  This means that
>>>>>>#     the standard Auth/DBMAuth methods can be
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>used
>>>>
>>>>
>>>>        
>>>>
>>>>>>for access control.  The
>>>>>>#     user name is the `one line' version of the
>>>>>>client's X.509 certificate.
>>>>>>#     Note that no password is obtained from the
>>>>>>user. Every entry in the user
>>>>>>#     file needs this password: `xxj31ZMTZzkVA'.
>>>>>>#   o ExportCertData:
>>>>>>#     This exports two additional environment
>>>>>>variables: SSL_CLIENT_CERT and
>>>>>>#     SSL_SERVER_CERT. These contain the
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>PEM-encoded
>>>>
>>>>
>>>>        
>>>>
>>>>>>certificates of the
>>>>>>#     server (always existing) and the client
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>(only
>>>>
>>>>
>>>>        
>>>>
>>>>>>existing when client
>>>>>>#     authentication is used). This can be used to
>>>>>>import the certificates
>>>>>>#     into CGI scripts.
>>>>>>#   o StdEnvVars:
>>>>>>#     This exports the standard SSL/TLS related
>>>>>>`SSL_*' environment variables.
>>>>>>#     Per default this exportation is switched off
>>>>>>for performance reasons,
>>>>>>#     because the extraction step is an expensive
>>>>>>operation and is usually
>>>>>>#     useless for serving static content. So one
>>>>>>usually enables the
>>>>>>#     exportation for CGI and SSI requests only.
>>>>>>#   o StrictRequire:
>>>>>>#     This denies access when "SSLRequireSSL" or
>>>>>>"SSLRequire" applied even
>>>>>>#     under a "Satisfy any" situation, i.e. when
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>it
>>>>
>>>>
>>>>        
>>>>
>>>>>>applies access is denied
>>>>>>#     and no other module can change it.
>>>>>>#   o OptRenegotiate:
>>>>>>#     This enables optimized SSL connection
>>>>>>renegotiation handling when SSL
>>>>>>#     directives are used in per-directory
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>context.
>>>>
>>>>
>>>>        
>>>>
>>>>>>#SSLOptions +FakeBasicAuth +ExportCertData
>>>>>>+CompatEnvVars +StrictRequire
>>>>>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>>>>>>  SSLOptions +StdEnvVars
>>>>>></Files>
>>>>>><Directory "/var/www/cgi-bin">
>>>>>>  SSLOptions +StdEnvVars
>>>>>></Directory>
>>>>>>
>>>>>>#   SSL Protocol Adjustments:
>>>>>>#   The safe and default but still SSL/TLS
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>standard
>>>>
>>>>
>>>>        
>>>>
>>>>>>compliant shutdown
>>>>>>#   approach is that mod_ssl sends the close
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>notify
>>>>
>>>>
>>>>        
>>>>
>>>>>>alert but doesn't wait for
>>>>>>#   the close notify alert from client. When you
>>>>>>need a different shutdown
>>>>>>#   approach you can use one of the following
>>>>>>variables:
>>>>>>#   o ssl-unclean-shutdown:
>>>>>>#     This forces an unclean shutdown when the
>>>>>>connection is closed, i.e. no
>>>>>>#     SSL close notify alert is send or allowed to
>>>>>>received.  This violates
>>>>>>#     the SSL/TLS standard but is needed for some
>>>>>>brain-dead browsers. Use
>>>>>>#     this when you receive I/O errors because of
>>>>>>the standard approach where
>>>>>>#     mod_ssl sends the close notify alert.
>>>>>>#   o ssl-accurate-shutdown:
>>>>>>#     This forces an accurate shutdown when the
>>>>>>connection is closed, i.e. a
>>>>>>#     SSL close notify alert is send and mod_ssl
>>>>>>waits for the close notify
>>>>>>#     alert of the client. This is 100% SSL/TLS
>>>>>>standard compliant, but in
>>>>>>#     practice often causes hanging connections
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>with
>>>>
>>>>
>>>>        
>>>>
>>>>>>brain-dead browsers. Use
>>>>>>#     this only for browsers where you know that
>>>>>>their SSL implementation
>>>>>>#     works correctly.
>>>>>>#   Notice: Most problems of broken clients are
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>also
>>>>
>>>>
>>>>        
>>>>
>>>>>>related to the HTTP
>>>>>>#   keep-alive facility, so you usually
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>additionally
>>>>
>>>>
>>>>        
>>>>
>>>>>>want to disable
>>>>>>#   keep-alive for those clients, too. Use
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>variable
>>>>
>>>>
>>>>        
>>>>
>>>>>>"nokeepalive" for this.
>>>>>>#   Similarly, one has to force some clients to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>use
>>>>
>>>>
>>>>        
>>>>
>>>>>>HTTP/1.0 to workaround
>>>>>>#   their broken HTTP/1.1 implementation. Use
>>>>>>variables "downgrade-1.0" and
>>>>>>#   "force-response-1.0" for this.
>>>>>>SetEnvIf User-Agent ".*MSIE.*" \
>>>>>>       nokeepalive ssl-unclean-shutdown \
>>>>>>       downgrade-1.0 force-response-1.0
>>>>>>
>>>>>>#   Per-Server Logging:
>>>>>>#   The home of a custom SSL log file. Use this
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>when
>>>>
>>>>
>>>>        
>>>>
>>>>>>you want a
>>>>>>#   compact non-error SSL logfile on a virtual
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>host
>>>>
>>>>
>>>>        
>>>>
>>>>>>basis.
>>>>>>CustomLog logs/ssl_request_log \
>>>>>>        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
>>>>>>\"%r\" %b"
>>>>>>
>>>>>></VirtualHost>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>#
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>># Based upon the NCSA server configuration files
>>>>>>originally by Rob McCool.
>>>>>>#
>>>>>># This is the main Apache server configuration
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>file.
>>>>
>>>>
>>>>        
>>>>
>>>>>>It contains the
>>>>>># configuration directives that give the server
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>its
>>>>
>>>>
>>>>        
>>>>
>>>>>>instructions.
>>>>>># See URL:http://httpd.apache.org/docs-2.0/ for
>>>>>>detailed information about
>>>>>># the directives.
>>>>>>#
>>>>>># Do NOT simply read the instructions in here
>>>>>>without understanding
>>>>>># what they do.  They're here only as hints or
>>>>>>reminders.  If you are unsure
>>>>>># consult the online docs. You have been warned.
>>>>>>#
>>>>>># The configuration directives are grouped into
>>>>>>three basic sections:
>>>>>>#  1. Directives that control the operation of the
>>>>>>Apache server process as a
>>>>>>#     whole (the 'global environment').
>>>>>>#  2. Directives that define the parameters of the
>>>>>>'main' or 'default' server,
>>>>>>#     which responds to requests that aren't
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>handled
>>>>
>>>>
>>>>        
>>>>
>>>>>>by a virtual host.
>>>>>>#     These directives also provide default values
>>>>>>for the settings
>>>>>>#     of all virtual hosts.
>>>>>>#  3. Settings for virtual hosts, which allow Web
>>>>>>requests to be sent to
>>>>>>#     different IP addresses or hostnames and have
>>>>>>them handled by the
>>>>>>#     same Apache server process.
>>>>>>#
>>>>>># Configuration and logfile names: If the
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>filenames
>>>>
>>>>
>>>>        
>>>>
>>>>>>you specify for many
>>>>>># of the server's control files begin with "/" (or
>>>>>>"drive:/" for Win32), the
>>>>>># server will use that explicit path.  If the
>>>>>>filenames do *not* begin
>>>>>># with "/", the value of ServerRoot is prepended
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>--
>>>>
>>>>
>>>>        
>>>>
>>>>>>so "logs/foo.log"
>>>>>># with ServerRoot set to "/etc/httpd" will be
>>>>>>interpreted by the
>>>>>># server as "/etc/httpd/logs/foo.log".
>>>>>>#
>>>>>>
>>>>>>### Section 1: Global Environment
>>>>>>#
>>>>>># The directives in this section affect the
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>overall
>>>>
>>>>
>>>>        
>>>>
>>>>>>operation of Apache,
>>>>>># such as the number of concurrent requests it can
>>>>>>handle or where it
>>>>>># can find its configuration files.
>>>>>>#
>>>>>>
>>>>>>#
>>>>>># Don't give away too much information about all
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>>subcomponents
>>>>>># we are running.  Comment out this line if you
>>>>>>don't mind remote sites
>>>>>># finding out what major optional modules you are
>>>>>>running
>>>>>>ServerTokens OS
>>>>>>
>>>>>>#
>>>>>># ServerRoot: The top of the directory tree under
>>>>>>which the server's
>>>>>># configuration, error, and log files are kept.
>>>>>>#
>>>>>># NOTE!  If you intend to place this on an NFS (or
>>>>>>otherwise network)
>>>>>># mounted filesystem then please read the LockFile
>>>>>>documentation
>>>>>># (available at
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>><URL:http://httpd.apache.org/docs-2.0/mod/core.html#lockfile>);
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>># you will save yourself a lot of trouble.
>>>>>>#
>>>>>># Do NOT add a slash at the end of the directory
>>>>>>path.
>>>>>>#
>>>>>>ServerRoot "/etc/httpd"
>>>>>>
>>>>>>#
>>>>>># ScoreBoardFile: File used to store internal
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>server
>>>>
>>>>
>>>>        
>>>>
>>>>>>process information.
>>>>>># If unspecified (the default), the scoreboard
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>will
>>>>
>>>>
>>>>        
>>>>
>>>>>>be stored in an
>>>>>># anonymous shared memory segment, and will be
>>>>>>unavailable to third-party
>>>>>># applications.
>>>>>># If specified, ensure that no two invocations of
>>>>>>Apache share the same
>>>>>># scoreboard file. The scoreboard file MUST BE
>>>>>>STORED ON A LOCAL DISK.
>>>>>>#
>>>>>>#ScoreBoardFile run/httpd.scoreboard
>>>>>>
>>>>>>#
>>>>>># PidFile: The file in which the server should
>>>>>>record its process
>>>>>># identification number when it starts.
>>>>>>#
>>>>>>PidFile "/var/run/httpd.pid"
>>>>>>
>>>>>>#
>>>>>># Timeout: The number of seconds before receives
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>and
>>>>
>>>>
>>>>        
>>>>
>>>>>>sends time out.
>>>>>>#
>>>>>>TimeOut 300
>>>>>>
>>>>>>#
>>>>>># KeepAlive: Whether or not to allow persistent
>>>>>>connections (more than
>>>>>># one request per connection). Set to "Off" to
>>>>>>deactivate.
>>>>>>#
>>>>>>KeepAlive true
>>>>>>
>>>>>>#
>>>>>># MaxKeepAliveRequests: The maximum number of
>>>>>>requests to allow
>>>>>># during a persistent connection. Set to 0 to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>allow
>>>>
>>>>
>>>>        
>>>>
>>>>>>an unlimited amount.
>>>>>># We recommend you leave this number high, for
>>>>>>maximum performance.
>>>>>>#
>>>>>>MaxKeepAliveRequests 100
>>>>>>
>>>>>>#
>>>>>># KeepAliveTimeout: Number of seconds to wait for
>>>>>>the next request from the
>>>>>># same client on the same connection.
>>>>>>#
>>>>>>KeepAliveTimeout 15
>>>>>>
>>>>>>##
>>>>>>## Server-Pool Size Regulation (MPM specific)
>>>>>>##
>>>>>>
>>>>>># prefork MPM
>>>>>># StartServers: number of server processes to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>start
>>>>
>>>>
>>>>        
>>>>
>>>>>># MinSpareServers: minimum number of server
>>>>>>processes which are kept spare
>>>>>># MaxSpareServers: maximum number of server
>>>>>>processes which are kept spare
>>>>>># MaxClients: maximum number of server processes
>>>>>>allowed to start
>>>>>># MaxRequestsPerChild: maximum number of requests
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>a
>>>>
>>>>
>>>>        
>>>>
>>>>>>server process serves
>>>>>><IfModule prefork.c>
>>>>>>StartServers 8
>>>>>>MinSpareServers 5
>>>>>>MaxSpareServers 20
>>>>>>MaxClients 150
>>>>>>MaxRequestsPerChild 100
>>>>>></IfModule>
>>>>>>
>>>>>># worker MPM
>>>>>># StartServers: initial number of server processes
>>>>>>to start
>>>>>># MaxClients: maximum number of simultaneous
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>client
>>>>
>>>>
>>>>        
>>>>
>>>>>>connections
>>>>>># MinSpareThreads: minimum number of worker
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>threads
>>>>
>>>>
>>>>        
>>>>
>>>>>>which are kept spare
>>>>>># MaxSpareThreads: maximum number of worker
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>threads
>>>>
>>>>
>>>>        
>>>>
>>>>>>which are kept spare
>>>>>># ThreadsPerChild: constant number of worker
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>threads
>>>>
>>>>
>>>>        
>>>>
>>>>>>in each server process
>>>>>># MaxRequestsPerChild: maximum number of requests
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>a
>>>>
>>>>
>>>>        
>>>>
>>>>>>server process serves
>>>>>><IfModule worker.c>
>>>>>>StartServers         2
>>>>>>MaxClients         150
>>>>>>MinSpareThreads     25
>>>>>>MaxSpareThreads     75
>>>>>>ThreadsPerChild     25
>>>>>>MaxRequestsPerChild  0
>>>>>></IfModule>
>>>>>>
>>>>>>#
>>>>>># Listen: Allows you to bind Apache to specific IP
>>>>>>addresses and/or
>>>>>># ports, in addition to the default. See also the
>>>>>><VirtualHost>
>>>>>># directive.
>>>>>>#
>>>>>># Change this to Listen on specific IP addresses
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>as
>>>>
>>>>
>>>>        
>>>>
>>>>>>shown below to
>>>>>># prevent Apache from glomming onto all bound IP
>>>>>>addresses (0.0.0.0)
>>>>>>#
>>>>>>#Listen 12.34.56.78:80
>>>>>>Listen *:80
>>>>>>
>>>>>>
>>>>>>#
>>>>>># Dynamic Shared Object (DSO) Support
>>>>>>#
>>>>>># To be able to use the functionality of a module
>>>>>>which was built as a DSO you
>>>>>># have to place corresponding `LoadModule' lines
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>at
>>>>
>>>>
>>>>        
>>>>
>>>>>>this location so the
>>>>>># directives contained in it are actually
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>available
>>>>
>>>>
>>>>        
>>>>
>>>>>>_before_ they are used.
>>>>>># Statically compiled modules (those listed by
>>>>>>`httpd -l') do not need
>>>>>># to be loaded here.
>>>>>>#
>>>>>># Example:
>>>>>># LoadModule foo_module modules/mod_foo.so
>>>>>>#
>>>>>>LoadModule access_module modules/mod_access.so
>>>>>>LoadModule auth_module modules/mod_auth.so
>>>>>>LoadModule auth_anon_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_auth_anon.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>LoadModule auth_dbm_module modules/mod_auth_dbm.so
>>>>>>LoadModule auth_digest_module
>>>>>>modules/mod_auth_digest.so
>>>>>>LoadModule ldap_module modules/mod_ldap.so
>>>>>>LoadModule auth_ldap_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_auth_ldap.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>LoadModule include_module modules/mod_include.so
>>>>>>LoadModule log_config_module
>>>>>>modules/mod_log_config.so
>>>>>>LoadModule env_module modules/mod_env.so
>>>>>>LoadModule mime_magic_module
>>>>>>modules/mod_mime_magic.so
>>>>>>LoadModule cern_meta_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_cern_meta.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>LoadModule expires_module modules/mod_expires.so
>>>>>>LoadModule deflate_module modules/mod_deflate.so
>>>>>>LoadModule headers_module modules/mod_headers.so
>>>>>>LoadModule usertrack_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_usertrack.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>LoadModule unique_id_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_unique_id.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>LoadModule setenvif_module modules/mod_setenvif.so
>>>>>>LoadModule mime_module modules/mod_mime.so
>>>>>>LoadModule dav_module modules/mod_dav.so
>>>>>>#Nina added these in for svn server
>>>>>>#
>>>>>>LoadModule dav_svn_module modules/mod_dav_svn.so
>>>>>>LoadModule authz_svn_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_authz_svn.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>#
>>>>>>LoadModule status_module modules/mod_status.so
>>>>>>LoadModule autoindex_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_autoindex.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>LoadModule asis_module modules/mod_asis.so
>>>>>>LoadModule info_module modules/mod_info.so
>>>>>>LoadModule dav_fs_module modules/mod_dav_fs.so
>>>>>>LoadModule vhost_alias_module
>>>>>>modules/mod_vhost_alias.so
>>>>>>LoadModule negotiation_module
>>>>>>modules/mod_negotiation.so
>>>>>>LoadModule dir_module modules/mod_dir.so
>>>>>>LoadModule imap_module modules/mod_imap.so
>>>>>>LoadModule actions_module modules/mod_actions.so
>>>>>>LoadModule speling_module modules/mod_speling.so
>>>>>>LoadModule userdir_module modules/mod_userdir.so
>>>>>>LoadModule alias_module modules/mod_alias.so
>>>>>>LoadModule rewrite_module modules/mod_rewrite.so
>>>>>>LoadModule proxy_module modules/mod_proxy.so
>>>>>>LoadModule proxy_ftp_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_proxy_ftp.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>LoadModule proxy_http_module
>>>>>>modules/mod_proxy_http.so
>>>>>>LoadModule proxy_connect_module
>>>>>>modules/mod_proxy_connect.so
>>>>>>LoadModule cache_module modules/mod_cache.so
>>>>>>LoadModule suexec_module modules/mod_suexec.so
>>>>>>LoadModule disk_cache_module
>>>>>>modules/mod_disk_cache.so
>>>>>>LoadModule file_cache_module
>>>>>>modules/mod_file_cache.so
>>>>>>LoadModule mem_cache_module
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>modules/mod_mem_cache.so
>>>>
>>>>
>>>>        
>>>>
>>>>>>LoadModule cgi_module modules/mod_cgi.so
>>>>>>
>>>>>>#
>>>>>># Load config files from the config directory
>>>>>>"/etc/httpd/conf.d".
>>>>>>#
>>>>>>Include conf.d/*.conf
>>>>>>
>>>>>>#
>>>>>># ExtendedStatus controls whether Apache will
>>>>>>generate "full" status
>>>>>># information (ExtendedStatus On) or just basic
>>>>>>information (ExtendedStatus
>>>>>># Off) when the "server-status" handler is called.
>>>>>>The default is Off.
>>>>>>#
>>>>>>#ExtendedStatus On
>>>>>>
>>>>>>### Section 2: 'Main' server configuration
>>>>>>#
>>>>>># The directives in this section set up the values
>>>>>>used by the 'main'
>>>>>># server, which responds to any requests that
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>aren't
>>>>
>>>>
>>>>        
>>>>
>>>>>>handled by a
>>>>>># <VirtualHost> definition.  These values also
>>>>>>provide defaults for
>>>>>># any <VirtualHost> containers you may define
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>later
>>>>
>>>>
>>>>        
>>>>
>>>>>>in the file.
>>>>>>#
>>>>>># All of these directives may appear inside
>>>>>><VirtualHost> containers,
>>>>>># in which case these default settings will be
>>>>>>overridden for the
>>>>>># virtual host being defined.
>>>>>>#
>>>>>>
>>>>>>#
>>>>>># If you wish httpd to run as a different user or
>>>>>>group, you must run
>>>>>># httpd as root initially and it will switch.
>>>>>>#
>>>>>># User/Group: The name (or #number) of the
>>>>>>user/group to run httpd as.
>>>>>>#  . On SCO (ODT 3) use "User nouser" and "Group
>>>>>>nogroup".
>>>>>>#  . On HPUX you may not be able to use shared
>>>>>>memory as nobody, and the
>>>>>>#    suggested workaround is to create a user www
>>>>>>and use that user.
>>>>>>#  NOTE that some kernels refuse to setgid(Group)
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>or
>>>>
>>>>
>>>>        
>>>>
>>>>>>semctl(IPC_SET)
>>>>>>#  when the value of (unsigned)Group is above
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>60000;
>>>>
>>>>
>>>>        
>>>>
>>>>>>#  don't use Group #-1 on these systems!
>>>>>>#
>>>>>>User apache
>>>>>>Group apache
>>>>>>
>>>>>>#
>>>>>># ServerAdmin: Your address, where problems with
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>>server should be
>>>>>># e-mailed.  This address appears on some
>>>>>>server-generated pages, such
>>>>>># as error documents.  e.g. admin@your-domain.com
>>>>>>#
>>>>>>ServerAdmin root@gibbons.com
>>>>>>
>>>>>>#
>>>>>># ServerName gives the name and port that the
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>server
>>>>
>>>>
>>>>        
>>>>
>>>>>>uses to identify itself.
>>>>>># This can often be determined automatically, but
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>we
>>>>
>>>>
>>>>        
>>>>
>>>>>>recommend you specify
>>>>>># it explicitly to prevent problems during
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>startup.
>>>>
>>>>
>>>>        
>>>>
>>>>>>#
>>>>>># If this is not set to valid DNS name for your
>>>>>>host, server-generated
>>>>>># redirections will not work.  See also the
>>>>>>UseCanonicalName directive.
>>>>>>#
>>>>>># If your host doesn't have a registered DNS name,
>>>>>>enter its IP address here.
>>>>>># You will have to access it by its address
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>anyway,
>>>>
>>>>
>>>>        
>>>>
>>>>>>and this will make
>>>>>># redirections work in a sensible way.
>>>>>>#
>>>>>>ServerName gibbons.com:80
>>>>>>
>>>>>>#
>>>>>># UseCanonicalName: Determines how Apache
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>constructs
>>>>
>>>>
>>>>        
>>>>
>>>>>>self-referencing
>>>>>># URLs and the SERVER_NAME and SERVER_PORT
>>>>>>variables.
>>>>>># When set "Off", Apache will use the Hostname and
>>>>>>Port supplied
>>>>>># by the client.  When set "On", Apache will use
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>>value of the
>>>>>># ServerName directive.
>>>>>>#
>>>>>>UseCanonicalName on
>>>>>>
>>>>>>#
>>>>>># DocumentRoot: The directory out of which you
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>will
>>>>
>>>>
>>>>        
>>>>
>>>>>>serve your
>>>>>># documents. By default, all requests are taken
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>from
>>>>
>>>>
>>>>        
>>>>
>>>>>>this directory, but
>>>>>># symbolic links and aliases may be used to point
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>to
>>>>
>>>>
>>>>        
>>>>
>>>>>>other locations.
>>>>>>#
>>>>>>DocumentRoot "/var/www/html"
>>>>>>
>>>>>>#
>>>>>># Disable autoindex for the root directory, and
>>>>>>present a
>>>>>># default Welcome page if no other index page is
>>>>>>present.
>>>>>>#
>>>>>><LocationMatch "^/$">
>>>>>>  Options -Indexes
>>>>>>  ErrorDocument 403 /error/noindex.html
>>>>>></LocationMatch>
>>>>>>
>>>>>>#
>>>>>># UserDir: The name of the directory that is
>>>>>>appended onto a user's home
>>>>>># directory if a ~user request is received.
>>>>>>#
>>>>>># The path to the end user account 'public_html'
>>>>>>directory must be
>>>>>># accessible to the webserver userid.  This
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>usually
>>>>
>>>>
>>>>        
>>>>
>>>>>>means that ~userid
>>>>>># must have permissions of 711,
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>~userid/public_html
>>>>
>>>>
>>>>        
>>>>
>>>>>>must have permissions
>>>>>># of 755, and documents contained therein must be
>>>>>>world-readable.
>>>>>># Otherwise, the client will only receive a "403
>>>>>>Forbidden" message.
>>>>>>#
>>>>>># See also:
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>http://httpd.apache.org/docs/misc/FAQ.html#forbidden
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>#
>>>>>><IfModule mod_userdir.c>
>>>>>>  #
>>>>>>  # UserDir is disabled by default since it can
>>>>>>confirm the presence
>>>>>>  # of a username on the system (depending on
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>home
>>>>
>>>>
>>>>        
>>>>
>>>>>>directory
>>>>>>  # permissions).
>>>>>>  #
>>>>>>  UserDir "disable"
>>>>>>
>>>>>>  #
>>>>>>  # To enable requests to /~user/ to serve the
>>>>>>user's public_html
>>>>>>  # directory, use this directive instead of
>>>>>>"UserDir disable":
>>>>>>  #
>>>>>>  #UserDir public_html
>>>>>>
>>>>>></IfModule>
>>>>>>
>>>>>>#
>>>>>># DirectoryIndex: sets the file that Apache will
>>>>>>serve if a directory
>>>>>># is requested.
>>>>>>#
>>>>>># The index.html.var file (a type-map) is used to
>>>>>>deliver content-
>>>>>># negotiated documents.  The MultiViews Option can
>>>>>>be used for the
>>>>>># same purpose, but it is much slower.
>>>>>>#
>>>>>>DirectoryIndex
>>>>>>
>>>>>>#
>>>>>># AccessFileName: The name of the file to look for
>>>>>>in each directory
>>>>>># for access control information.  See also the
>>>>>>AllowOverride directive.
>>>>>>#
>>>>>>AccessFileName .htaccess
>>>>>>
>>>>>>#
>>>>>># The following lines prevent .htaccess and
>>>>>>.htpasswd files from being
>>>>>># viewed by Web clients.
>>>>>>#
>>>>>><Files ~ "^\.ht">
>>>>>>  Order allow,deny
>>>>>>  Deny from all
>>>>>></Files>
>>>>>>
>>>>>>#
>>>>>># TypesConfig describes where the mime.types file
>>>>>>(or equivalent) is
>>>>>># to be found.
>>>>>>#
>>>>>>TypesConfig "/etc/mime.types"
>>>>>>
>>>>>>#
>>>>>># DefaultType is the default MIME type the server
>>>>>>will use for a document
>>>>>># if it cannot otherwise determine one, such as
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>from
>>>>
>>>>
>>>>        
>>>>
>>>>>>filename extensions.
>>>>>># If your server contains mostly text or HTML
>>>>>>documents, "text/plain" is
>>>>>># a good value.  If most of your content is
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>binary,
>>>>
>>>>
>>>>        
>>>>
>>>>>>such as applications
>>>>>># or images, you may want to use
>>>>>>"application/octet-stream" instead to
>>>>>># keep browsers from trying to display binary
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>files
>>>>
>>>>
>>>>        
>>>>
>>>>>>as though they are
>>>>>># text.
>>>>>>#
>>>>>>DefaultType text/plain
>>>>>>
>>>>>>#
>>>>>># The mod_mime_magic module allows the server to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>use
>>>>
>>>>
>>>>        
>>>>
>>>>>>various hints from the
>>>>>># contents of the file itself to determine its
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>type.
>>>>
>>>>
>>>>        
>>>>
>>>>>>The MIMEMagicFile
>>>>>># directive tells the module where the hint
>>>>>>definitions are located.
>>>>>>#
>>>>>><IfModule mod_mime_magic.c>
>>>>>>#   MIMEMagicFile /usr/share/magic.mime
>>>>>>  MIMEMagicFile conf/magic
>>>>>></IfModule>
>>>>>>
>>>>>>#
>>>>>># HostnameLookups: Log the names of clients or
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>just
>>>>
>>>>
>>>>        
>>>>
>>>>>>their IP addresses
>>>>>># e.g., www.apache.org (on) or 204.62.129.132
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>(off).
>>>>
>>>>
>>>>        
>>>>
>>>>>># The default is off because it'd be overall
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>better
>>>>
>>>>
>>>>        
>>>>
>>>>>>for the net if people
>>>>>># had to knowingly turn this feature on, since
>>>>>>enabling it means that
>>>>>># each client request will result in AT LEAST one
>>>>>>lookup request to the
>>>>>># nameserver.
>>>>>>#
>>>>>>HostNameLookups Off
>>>>>>
>>>>>>#
>>>>>># EnableMMAP: Control whether memory-mapping is
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>used
>>>>
>>>>
>>>>        
>>>>
>>>>>>to deliver
>>>>>># files (assuming that the underlying OS supports
>>>>>>it).
>>>>>># The default is on; turn this off if you serve
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>from
>>>>
>>>>
>>>>        
>>>>
>>>>>>NFS-mounted
>>>>>># filesystems.  On some systems, turning it off
>>>>>>(regardless of
>>>>>># filesystem) can improve performance; for
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>details,
>>>>
>>>>
>>>>        
>>>>
>>>>>>please see
>>>>>>#
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>#
>>>>>>#EnableMMAP off
>>>>>>
>>>>>>#
>>>>>># EnableSendfile: Control whether the sendfile
>>>>>>kernel support is
>>>>>># used to deliver files (assuming that the OS
>>>>>>supports it).
>>>>>># The default is on; turn this off if you serve
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>from
>>>>
>>>>
>>>>        
>>>>
>>>>>>NFS-mounted
>>>>>># filesystems.  Please see
>>>>>>#
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>#
>>>>>>#EnableSendfile off
>>>>>>
>>>>>>#
>>>>>># ErrorLog: The location of the error log file.
>>>>>># If you do not specify an ErrorLog directive
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>within
>>>>
>>>>
>>>>        
>>>>
>>>>>>a <VirtualHost>
>>>>>># container, error messages relating to that
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>virtual
>>>>
>>>>
>>>>        
>>>>
>>>>>>host will be
>>>>>># logged here.  If you *do* define an error
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>logfile
>>>>
>>>>
>>>>        
>>>>
>>>>>>for a <VirtualHost>
>>>>>># container, that host's errors will be logged
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>there
>>>>
>>>>
>>>>        
>>>>
>>>>>>and not here.
>>>>>>#
>>>>>>ErrorLog "/var/log/httpd/error_log"
>>>>>>
>>>>>>#
>>>>>># LogLevel: Control the number of messages logged
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>to
>>>>
>>>>
>>>>        
>>>>
>>>>>>the error_log.
>>>>>># Possible values include: debug, info, notice,
>>>>>>warn, error, crit,
>>>>>># alert, emerg.
>>>>>>#
>>>>>>LogLevel warn
>>>>>>
>>>>>>#
>>>>>># The following directives define some format
>>>>>>nicknames for use with
>>>>>># a CustomLog directive (see below).
>>>>>>#
>>>>>>LogFormat "%h %l %u %t \"%r\" %>s %b
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>\"%{Referer}i\"
>>>>
>>>>
>>>>        
>>>>
>>>>>>\"%{User-Agent}i\"" combined
>>>>>>LogFormat "%h %l %u %t \"%r\" %>s %b" common
>>>>>>LogFormat "%{Referer}i -> %U" referer
>>>>>>LogFormat "%{User-agent}i" agent
>>>>>>
>>>>>>
>>>>>>#
>>>>>># The location and format of the access logfile
>>>>>>(Common Logfile Format).
>>>>>># If you do not define any access logfiles within
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>a
>>>>
>>>>
>>>>        
>>>>
>>>>>><VirtualHost>
>>>>>># container, they will be logged here.
>>>>>>Contrariwise, if you *do*
>>>>>># define per-<VirtualHost> access logfiles,
>>>>>>transactions will be
>>>>>># logged therein and *not* in this file.
>>>>>>#
>>>>>># CustomLog logs/access_log common
>>>>>>CustomLog logs/access_log combined
>>>>>>
>>>>>>#
>>>>>># If you would like to have agent and referer
>>>>>>logfiles, uncomment the
>>>>>># following directives.
>>>>>>#
>>>>>>#CustomLog logs/referer_log referer
>>>>>>#CustomLog logs/agent_log agent
>>>>>>
>>>>>>#
>>>>>># If you prefer a single logfile with access,
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>agent,
>>>>
>>>>
>>>>        
>>>>
>>>>>>and referer information
>>>>>># (Combined Logfile Format) you can use the
>>>>>>following directive.
>>>>>>#
>>>>>>#CustomLog logs/access_log combined
>>>>>>
>>>>>>#
>>>>>># Optionally add a line containing the server
>>>>>>version and virtual host
>>>>>># name to server-generated pages (error documents,
>>>>>>FTP directory listings,
>>>>>># mod_status and mod_info output etc., but not CGI
>>>>>>generated documents).
>>>>>># Set to "EMail" to also include a mailto: link to
>>>>>>the ServerAdmin.
>>>>>># Set to one of:  On | Off | EMail
>>>>>>#
>>>>>>ServerSignature on
>>>>>>
>>>>>>#
>>>>>># Aliases: Add here as many aliases as you need
>>>>>>(with no limit). The format is
>>>>>># Alias fakename realname
>>>>>>#
>>>>>># Note that if you include a trailing / on
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>fakename
>>>>
>>>>
>>>>        
>>>>
>>>>>>then the server will
>>>>>># require it to be present in the URL.  So
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>"/icons"
>>>>
>>>>
>>>>        
>>>>
>>>>>>isn't aliased in this
>>>>>># example, only "/icons/".  If the fakename is
>>>>>>slash-terminated, then the
>>>>>># realname must also be slash terminated, and if
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>the
>>>>
>>>>
>>>>        
>>>>
>>>>>>fakename omits the
>>>>>># trailing slash, the realname must also omit it.
>>>>>>#
>>>>>># We include the /icons/ alias for FancyIndexed
>>>>>>directory listings.  If you
>>>>>># do not use FancyIndexing, you may comment this
>>>>>>out.
>>>>>>#
>>>>>>Alias /icons/ "/var/www/icons/"
>>>>>>
>>>>>>#
>>>>>># This should be changed to the
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>ServerRoot/manual/.
>>>>
>>>>
>>>>        
>>>>
>>>>>>The alias provides
>>>>>># the manual, even if you choose to move your
>>>>>>DocumentRoot.  You may comment
>>>>>># this out if you do not care for the
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>documentation.
>>>>
>>>>
>>>>        
>>>>
>>>>>>#
>>>>>>Alias /manual "/var/www/manual"
>>>>>>
>>>>>><IfModule mod_dav_fs.c>
>>>>>>  # Location of the WebDAV lock database.
>>>>>>  DAVLockDB /var/lib/dav/lockdb
>>>>>></IfModule>
>>>>>>
>>>>>>#
>>>>>># ScriptAlias: This controls which directories
>>>>>>contain server scripts.
>>>>>># ScriptAliases are essentially the same as
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>Aliases,
>>>>
>>>>
>>>>        
>>>>
>>>>>>except that
>>>>>># documents in the realname directory are treated
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>as
>>>>
>>>>
>>>>        
>>>>
>>>>>>applications and
>>>>>># run by the server when requested rather than as
>>>>>>documents sent to the client.
>>>>>># The same rules about trailing "/" apply to
>>>>>>ScriptAlias directives as to
>>>>>># Alias.
>>>>>>#
>>>>>>ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>>>>>>
>>>>>><IfModule mod_cgid.c>
>>>>>>#
>>>>>># Additional to mod_cgid.c settings, mod_cgid has
>>>>>>Scriptsock <path>
>>>>>># for setting UNIX socket for communicating with
>>>>>>cgid.
>>>>>>#
>>>>>>#Scriptsock            logs/cgisock
>>>>>></IfModule>
>>>>>>
>>>>>>#Nina added
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>######################################################################
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>#<IfModule mod_ssl.c>
>>>>>>#Include conf.d/ssl.conf
>>>>>>#</IfModule>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>######################################################################
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>#
>>>>>># Redirect allows you to tell clients about
>>>>>>documents which used to exist in
>>>>>># your server's namespace, but do not anymore.
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>This
>>>>
>>>>
>>>>        
>>>>
>>>>>>allows you to tell the
>>>>>># clients where to look for the relocated
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>document.
>>>>
>>>>
>>>>        
>>>>
>>>>>># Example:
>>>>>># Redirect permanent /foo
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>http://www.example.com/bar
>>>>
>>>>
>>>>        
>>>>
>>>>>>#
>>>>>># Directives controlling the display of
>>>>>>server-generated directory listings.
>>>>>>#
>>>>>>
>>>>>>#
>>>>>># FancyIndexing is whether you want fancy
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>directory
>>>>
>>>>
>>>>        
>>>>
>>>>>>indexing or standard.
>>>>>># VersionSort is whether files containing version
>>>>>>numbers should be
>>>>>># compared in the natural way, so that
>>>>>>`apache-1.3.9.tar' is placed before
>>>>>># `apache-1.3.12.tar'.
>>>>>>#
>>>>>>IndexOptions FancyIndexing VersionSort NameWidth=*
>>>>>>
>>>>>>#
>>>>>># AddIcon* directives tell the server which icon
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>to
>>>>
>>>>
>>>>        
>>>>
>>>>>>show for different
>>>>>># files or filename extensions.  These are only
>>>>>>displayed for
>>>>>># FancyIndexed directories.
>>>>>>#
>>>>>>AddIconByEncoding (CMP,/icons/compressed.gif)
>>>>>>x-compress x-gzip
>>>>>>
>>>>>>AddIconByType (TXT,/icons/text.gif) text/*
>>>>>>AddIconByType (IMG,/icons/image2.gif) image/*
>>>>>>AddIconByType (SND,/icons/sound2.gif) audio/*
>>>>>>AddIconByType (VID,/icons/movie.gif) video/*
>>>>>>
>>>>>>AddIcon /icons/binary.gif .bin .exe
>>>>>>AddIcon /icons/binhex.gif .hqx
>>>>>>AddIcon /icons/tar.gif .tar
>>>>>>AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm
>>>>>>.iv
>>>>>>AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
>>>>>>AddIcon /icons/a.gif .ps .ai .eps
>>>>>>AddIcon /icons/layout.gif .html .shtml .htm .pdf
>>>>>>AddIcon /icons/text.gif .txt
>>>>>>AddIcon /icons/c.gif .c
>>>>>>AddIcon /icons/p.gif .pl .py
>>>>>>AddIcon /icons/f.gif .for
>>>>>>AddIcon /icons/dvi.gif .dvi
>>>>>>AddIcon /icons/uuencoded.gif .uu
>>>>>>AddIcon /icons/script.gif .conf .sh .shar .csh
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>.ksh
>>>>
>>>>
>>>>        
>>>>
>>>>>>.tcl
>>>>>>AddIcon /icons/tex.gif .tex
>>>>>>AddIcon /icons/bomb.gif core
>>>>>>
>>>>>>AddIcon /icons/back.gif ..
>>>>>>AddIcon /icons/hand.right.gif README
>>>>>>AddIcon /icons/folder.gif ^^DIRECTORY^^
>>>>>>AddIcon /icons/blank.gif ^^BLANKICON^^
>>>>>>
>>>>>>#
>>>>>># DefaultIcon is which icon to show for files
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>which
>>>>
>>>>
>>>>        
>>>>
>>>>>>do not have an icon
>>>>>># explicitly set.
>>>>>>#
>>>>>>DefaultIcon /icons/unknown.gif
>>>>>>
>>>>>>#
>>>>>># AddDescription allows you to place a short
>>>>>>description after a file in
>>>>>># server-generated indexes.  These are only
>>>>>>displayed for FancyIndexed
>>>>>># directories.
>>>>>># Format: AddDescription "description" filename
>>>>>>#
>>>>>>#AddDescription "GZIP compressed document" .gz
>>>>>>#AddDescription "tar archive" .tar
>>>>>>#AddDescription "GZIP compressed tar archive" .tgz
>>>>>>
>>>>>>#
>>>>>># ReadmeName is the name of the README file the
>>>>>>server will look for by
>>>>>># default, and append to directory listings.
>>>>>>#
>>>>>># HeaderName is the name of a file which should be
>>>>>>prepended to
>>>>>># directory indexes.
>>>>>>ReadmeName README.html
>>>>>>HeaderName HEADER.html
>>>>>>
>>>>>>#
>>>>>># IndexIgnore is a set of filenames which
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>directory
>>>>
>>>>
>>>>        
>>>>
>>>>>>indexing should ignore
>>>>>># and not include in the listing.  Shell-style
>>>>>>wildcarding is permitted.
>>>>>>#
>>>>>>IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v
>>>>>>*,t
>>>>>>
>>>>>>#
>>>>>># AddEncoding allows you to have certain browsers
>>>>>>(Mosaic/X 2.1+) uncompress
>>>>>># information on the fly. Note: Not all browsers
>>>>>>support this.
>>>>>># Despite the name similarity, the following Add*
>>>>>>directives have nothing
>>>>>># to do with the FancyIndexing customization
>>>>>>directives above.
>>>>>>#
>>>>>>AddEncoding x-compress Z
>>>>>>AddEncoding x-gzip gz tgz
>>>>>>
>>>>>>#
>>>>>># DefaultLanguage and AddLanguage allows you to
>>>>>>specify the language of
>>>>>># a document. You can then use content negotiation
>>>>>>to give a browser a
>>>>>># file in a language the user can understand.
>>>>>>#
>>>>>># Specify a default language. This means that all
>>>>>>data
>>>>>># going out without a specific language tag (see
>>>>>>below) will
>>>>>># be marked with this one. You probably do NOT
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>want
>>>>
>>>>
>>>>        
>>>>
>>>>>>to set
>>>>>># this unless you are sure it is correct for all
>>>>>>cases.
>>>>>>#
>>>>>># * It is generally better to not mark a page as
>>>>>># * being a certain language than marking it with
>>>>>>the wrong
>>>>>># * language!
>>>>>>#
>>>>>># DefaultLanguage nl
>>>>>>#
>>>>>># Note 1: The suffix does not have to be the same
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>as
>>>>
>>>>
>>>>        
>>>>
>>>>>>the language
>>>>>># keyword --- those with documents in Polish
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>(whose
>>>>
>>>>
>>>>        
>>>>
>>>>>>net-standard
>>>>>># language code is pl) may wish to use
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>"AddLanguage
>>>>
>>>>
>>>>        
>>>>
>>>>>>pl .po" to
>>>>>># avoid the ambiguity with the common suffix for
>>>>>>perl scripts.
>>>>>>#
>>>>>># Note 2: The example entries below illustrate
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>that
>>>>
>>>>
>>>>        
>>>>
>>>>>>in some cases
>>>>>># the two character 'Language' abbreviation is not
>>>>>>identical to
>>>>>># the two character 'Country' code for its
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>country,
>>>>
>>>>
>>>>        
>>>>
>>>>>># E.g. 'Danmark/dk' versus 'Danish/da'.
>>>>>>#
>>>>>># Note 3: In the case of 'ltz' we violate the RFC
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>by
>>>>
>>>>
>>>>        
>>>>
>>>>>>using a three char
>>>>>># specifier. There is 'work in progress' to fix
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>this
>>>>
>>>>
>>>>        
>>>>
>>>>>>and get
>>>>>># the reference data for rfc1766 cleaned up.
>>>>>>#
>>>>>># Danish (da) - Dutch (nl) - English (en) -
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>Estonian
>>>>
>>>>
>>>>        
>>>>
>>>>>>(et)
>>>>>># French (fr) - German (de) - Greek-Modern (el)
>>>>>># Italian (it) - Norwegian (no) - Norwegian
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>Nynorsk
>>>>
>>>>
>>>>        
>>>>
>>>>>>(nn) - Korean (kr)
>>>>>># Portugese (pt) - Luxembourgeois* (ltz)
>>>>>># Spanish (es) - Swedish (sv) - Catalan (ca) -
>>>>>>Czech(cz)
>>>>>># Polish (pl) - Brazilian Portuguese (pt-br) -
>>>>>>Japanese (ja)
>>>>>># Russian (ru) - Croatian (hr)
>>>>>>#
>>>>>>AddLanguage da .dk
>>>>>>AddLanguage nl .nl
>>>>>>AddLanguage en .en
>>>>>>AddLanguage et .et
>>>>>>AddLanguage fr .fr
>>>>>>AddLanguage de .de
>>>>>>AddLanguage he .he
>>>>>>AddLanguage el .el
>>>>>>AddLanguage it .it
>>>>>>AddLanguage ja .ja
>>>>>>AddLanguage pl .po
>>>>>>AddLanguage kr .kr
>>>>>>AddLanguage pt .pt
>>>>>>AddLanguage nn .nn
>>>>>>AddLanguage no .no
>>>>>>AddLanguage pt-br .pt-br
>>>>>>AddLanguage ltz .ltz
>>>>>>AddLanguage ca .ca
>>>>>>AddLanguage es .es
>>>>>>AddLanguage sv .se
>>>>>>AddLanguage cz .cz
>>>>>>AddLanguage ru .ru
>>>>>>AddLanguage tw .tw
>>>>>>AddLanguage zh-tw .tw
>>>>>>AddLanguage hr .hr
>>>>>>
>>>>>>#
>>>>>># LanguagePriority allows you to give precedence
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>to
>>>>
>>>>
>>>>        
>>>>
>>>>>>some languages
>>>>>># in case of a tie during content negotiation.
>>>>>>#
>>>>>># Just list the languages in decreasing order of
>>>>>>preference. We have
>>>>>># more or less alphabetized them here. You
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>probably
>>>>
>>>>
>>>>        
>>>>
>>>>>>want to change this.
>>>>>>#
>>>>>>LanguagePriority en da nl et fr de el it ja kr no
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>pl
>>>>
>>>>
>>>>        
>>>>
>>>>>>pt pt-br ltz ca es sv tw
>>>>>>
>>>>>>#
>>>>>># ForceLanguagePriority allows you to serve a
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>result
>>>>
>>>>
>>>>        
>>>>
>>>>>>page rather than
>>>>>># MULTIPLE CHOICES (Prefer) [in case of a tie] or
>>>>>>NOT ACCEPTABLE (Fallback)
>>>>>># [in case no accepted languages matched the
>>>>>>available variants]
>>>>>>#
>>>>>>ForceLanguagePriority Prefer Fallback
>>>>>>
>>>>>>#
>>>>>># Specify a default charset for all pages sent
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>out.
>>>>
>>>>
>>>>        
>>>>
>>>>>>This is
>>>>>># always a good idea and opens the door for future
>>>>>>internationalisation
>>>>>># of your web site, should you ever want it.
>>>>>>Specifying it as
>>>>>># a default does little harm; as the standard
>>>>>>dictates that a page
>>>>>># is in iso-8859-1 (latin1) unless specified
>>>>>>otherwise i.e. you
>>>>>># are merely stating the obvious. There are also
>>>>>>some security
>>>>>># reasons in browsers, related to javascript and
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>URL
>>>>
>>>>
>>>>        
>>>>
>>>>>>parsing
>>>>>># which encourage you to always set a default char
>>>>>>set.
>>>>>>#
>>>>>>AddDefaultCharset ISO-8859-1
>>>>>>
>>>>>>#
>>>>>># Commonly used filename extensions to character
>>>>>>sets. You probably
>>>>>># want to avoid clashes with the language
>>>>>>extensions, unless you
>>>>>># are good at carefully testing your setup after
>>>>>>each change.
>>>>>># See
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>for
>>>>>># the official list of charset names and their
>>>>>>respective RFCs
>>>>>>#
>>>>>>AddCharset ISO-8859-1  .iso8859-1  .latin1
>>>>>>AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
>>>>>>AddCharset ISO-8859-3  .iso8859-3  .latin3
>>>>>>AddCharset ISO-8859-4  .iso8859-4  .latin4
>>>>>>AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr
>>>>>>.iso-ru
>>>>>>AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
>>>>>>AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
>>>>>>AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
>>>>>>AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
>>>>>>AddCharset ISO-2022-JP .iso2022-jp .jis
>>>>>>AddCharset ISO-2022-KR .iso2022-kr .kis
>>>>>>AddCharset ISO-2022-CN .iso2022-cn .cis
>>>>>>AddCharset Big5        .Big5       .big5
>>>>>># For russian, more than one charset is used
>>>>>>(depends on client, mostly):
>>>>>>AddCharset WINDOWS-1251 .cp-1251   .win-1251
>>>>>>AddCharset CP866       .cp866
>>>>>>AddCharset KOI8-r      .koi8-r .koi8-ru
>>>>>>AddCharset KOI8-ru     .koi8-uk .ua
>>>>>>AddCharset ISO-10646-UCS-2 .ucs2
>>>>>>AddCharset ISO-10646-UCS-4 .ucs4
>>>>>>AddCharset UTF-8       .utf8
>>>>>>
>>>>>># The set below does not map to a specific (iso)
>>>>>>standard
>>>>>># but works on a fairly wide range of browsers.
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>Note
>>>>
>>>>
>>>>        
>>>>
>>>>>>that
>>>>>># capitalization actually matters (it should not,
>>>>>>but it
>>>>>># does for some browsers).
>>>>>>#
>>>>>># See
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>># for a list of sorts. But browsers support few.
>>>>>>#
>>>>>>AddCharset GB2312      .gb2312 .gb
>>>>>>AddCharset utf-7       .utf7
>>>>>>AddCharset utf-8       .utf8
>>>>>>AddCharset big5        .big5 .b5
>>>>>>AddCharset EUC-TW      .euc-tw
>>>>>>AddCharset EUC-JP      .euc-jp
>>>>>>AddCharset EUC-KR      .euc-kr
>>>>>>AddCharset shift_jis   .sjis
>>>>>>
>>>>>>#
>>>>>># AddType allows you to add to or override the
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>MIME
>>>>
>>>>
>>>>        
>>>>
>>>>>>configuration
>>>>>># file mime.types for specific file types.
>>>>>>#
>>>>>>AddType application/x-tar .tgz
>>>>>>#Nina added this line
>>>>>>AddType text/html .shtml
>>>>>>
>>>>>>#
>>>>>># AddHandler allows you to map certain file
>>>>>>extensions to "handlers":
>>>>>># actions unrelated to filetype. These can be
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>either
>>>>
>>>>
>>>>        
>>>>
>>>>>>built into the server
>>>>>># or added with the Action directive (see below)
>>>>>>#
>>>>>># To use CGI scripts outside of ScriptAliased
>>>>>>directories:
>>>>>># (You will also need to add "ExecCGI" to the
>>>>>>"Options" directive.)
>>>>>>#
>>>>>>#AddHandler cgi-script .cgi
>>>>>>
>>>>>>#
>>>>>># For files that include their own HTTP headers:
>>>>>>#
>>>>>>#AddHandler send-as-is asis
>>>>>>
>>>>>>#
>>>>>># For server-parsed imagemap files:
>>>>>>#
>>>>>>AddHandler imap-file map
>>>>>>
>>>>>>#
>>>>>># For type maps (negotiated resources):
>>>>>># (This is enabled by default to allow the Apache
>>>>>>"It Worked" page
>>>>>>#  to be distributed in multiple languages.)
>>>>>>#
>>>>>>AddHandler type-map var
>>>>>>
>>>>>># Filters allow you to process content before it
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>is
>>>>
>>>>
>>>>        
>>>>
>>>>>>sent to the client.
>>>>>>#
>>>>>># To parse .shtml files for server-side includes
>>>>>>(SSI):
>>>>>># (You will also need to add "Includes" to the
>>>>>>"Options" directive.)
>>>>>>#
>>>>>>AddOutputFilter INCLUDES .shtml
>>>>>>
>>>>>>#
>>>>>># Action lets you define media types that will
>>>>>>execute a script whenever
>>>>>># a matching file is called. This eliminates the
>>>>>>need for repeated URL
>>>>>># pathnames for oft-used CGI file processors.
>>>>>># Format: Action media/type /cgi-script/location
>>>>>># Format: Action handler-name /cgi-script/location
>>>>>>#
>>>>>>
>>>>>>#
>>>>>># Customizable error responses come in three
>>>>>>flavors:
>>>>>># 1) plain text 2) local redirects 3) external
>>>>>>redirects
>>>>>>#
>>>>>># Some examples:
>>>>>>#ErrorDocument 500 "The server made a boo boo."
>>>>>>#ErrorDocument 404 /missing.html
>>>>>>#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
>>>>>>#ErrorDocument 402
>>>>>>http://www.example.com/subscription_info.html
>>>>>>#
>>>>>>
>>>>>>
>>>>>>Alias /error/ "/var/www/error/"
>>>>>>
>>>>>>#
>>>>>># The following directives modify normal HTTP
>>>>>>response behavior to
>>>>>># handle known problems with browser
>>>>>>implementations.
>>>>>>#
>>>>>>BrowserMatch "Mozilla/2" nokeepalive
>>>>>>BrowserMatch "MSIE 4\.0b2;" nokeepalive
>>>>>>downgrade-1.0 force-response-1.0
>>>>>>BrowserMatch "RealPlayer 4\.0" force-response-1.0
>>>>>>BrowserMatch "Java/1\.0" force-response-1.0
>>>>>>BrowserMatch "JDK/1\.0" force-response-1.0
>>>>>>
>>>>>>#
>>>>>># The following directive disables redirects on
>>>>>>non-GET requests for
>>>>>># a directory that does not include the trailing
>>>>>>slash.  This fixes a
>>>>>># problem with Microsoft WebFolders which does not
>>>>>>appropriately handle
>>>>>># redirects for folders with DAV methods.
>>>>>>#
>>>>>>BrowserMatch "Microsoft Data Access Internet
>>>>>>Publishing Provider" redirect-carefully
>>>>>>BrowserMatch "^WebDrive" redirect-carefully
>>>>>>BrowserMatch "^WebDAVFS/1.[012]"
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>redirect-carefully
>>>>
>>>>
>>>>        
>>>>
>>>>>>BrowserMatch "^gnome-vfs" redirect-carefully
>>>>>>
>>>>>>#
>>>>>># Allow server status reports, with the URL of
>>>>>>http://servername/server-status
>>>>>># Change the ".your-domain.com" to match your
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>domain
>>>>
>>>>
>>>>        
>>>>
>>>>>>to enable.
>>>>>>#
>>>>>>#<Location /server-status>
>>>>>>#    SetHandler server-status
>>>>>>#    Order deny,allow
>>>>>>#    Deny from all
>>>>>>#    Allow from .your-domain.com
>>>>>>#</Location>
>>>>>>
>>>>>>#
>>>>>># Allow remote server configuration reports, with
>>>>>>the URL of
>>>>>>#  http://servername/server-info (requires that
>>>>>>mod_info.c be loaded).
>>>>>># Change the ".your-domain.com" to match your
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>domain
>>>>
>>>>
>>>>        
>>>>
>>>>>>to enable.
>>>>>>#
>>>>>>#<Location /server-info>
>>>>>>#    SetHandler server-info
>>>>>>#    Order deny,allow
>>>>>>#    Deny from all
>>>>>>#    Allow from .your-domain.com
>>>>>>#</Location>
>>>>>>
>>>>>># Nina added this in for svn server
>>>>>># Repository location
>>>>>><Location /svn1>
>>>>>>DAV svn
>>>>>>SVNParentPath /svn1
>>>>>>
>>>>>># access control policy
>>>>>>AuthzSVNAccessFile /etc/svn-access-file
>>>>>># how to authenticate a user
>>>>>>AuthType Basic
>>>>>>AuthName "Subversion repository"
>>>>>>AuthUserFile /etc/svn-auth-file
>>>>>>
>>>>>># only authenticated users may access the
>>>>>>repository
>>>>>>Require valid-user
>>>>>></Location>
>>>>>>
>>>>>># Proxy Server directives. Uncomment the following
>>>>>>lines to
>>>>>># enable the proxy server:
>>>>>>#
>>>>>>#<IfModule mod_proxy.c>
>>>>>>#ProxyRequests On
>>>>>>#
>>>>>>#<Proxy *>
>>>>>>#    Order deny,allow
>>>>>>#    Deny from all
>>>>>>#    Allow from .your-domain.com
>>>>>>#</Proxy>
>>>>>>
>>>>>>#
>>>>>># Enable/disable the handling of HTTP/1.1 "Via:"
>>>>>>headers.
>>>>>># ("Full" adds the server version; "Block" removes
>>>>>>all outgoing Via: headers)
>>>>>># Set to one of: Off | On | Full | Block
>>>>>>#
>>>>>>#ProxyVia On
>>>>>>
>>>>>>#
>>>>>># To enable the cache as well, edit and uncomment
>>>>>>the following lines:
>>>>>># (no cacheing without CacheRoot)
>>>>>>#
>>>>>>#CacheRoot "/etc/httpd/proxy"
>>>>>>#CacheSize 5
>>>>>>#CacheGcInterval 4
>>>>>>#CacheMaxExpire 24
>>>>>>#CacheLastModifiedFactor 0.1
>>>>>>#CacheDefaultExpire 1
>>>>>>#NoCache a-domain.com another-domain.edu
>>>>>>joes.garage-sale.com
>>>>>>
>>>>>>#</IfModule>
>>>>>># End of proxy directives.
>>>>>>
>>>>>>### Section 3: Virtual Hosts
>>>>>>#
>>>>>># VirtualHost: If you want to maintain multiple
>>>>>>domains/hostnames on your
>>>>>># machine you can setup VirtualHost containers for
>>>>>>them. Most configurations
>>>>>># use only name-based virtual hosts so the server
>>>>>>doesn't need to worry about
>>>>>># IP addresses. This is indicated by the asterisks
>>>>>>in the directives below.
>>>>>>#
>>>>>># Please see the documentation at
>>>>>># <URL:http://httpd.apache.org/docs-2.0/vhosts/>
>>>>>># for further details before you try to setup
>>>>>>virtual hosts.
>>>>>>#
>>>>>># You may use the command line option '-S' to
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>verify
>>>>
>>>>
>>>>        
>>>>
>>>>>>your virtual host
>>>>>># configuration.
>>>>>>
>>>>>>#
>>>>>># Use name-based virtual hosting.
>>>>>>#
>>>>>>
>>>>>>
>>>>>># Where do we put the lock and pif files?
>>>>>>LockFile "/var/lock/httpd.lock"
>>>>>>CoreDumpDirectory "/etc/httpd"
>>>>>>
>>>>>># Defaults for virtual hosts
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>># Logs
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>#
>>>>>># Virtual hosts
>>>>>>#
>>>>>>
>>>>>># Virtual host Default Virtual Host
>>>>>><VirtualHost *>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>DirectoryIndex index.php index.html index.htm
>>>>>>index.shtml
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>LogLevel debug
>>>>>>HostNameLookups off
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>></VirtualHost>
>>>>>>
>>>>>>
>>>>>>
>>>>>>#
>>>>>># Each directory to which Apache has access can be
>>>>>>configured with respect
>>>>>># to which services and features are allowed
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>and/or
>>>>
>>>>
>>>>        
>>>>
>>>>>>disabled in that
>>>>>># directory (and its subdirectories).
>>>>>>#
>>>>>># Note that from this point forward you must
>>>>>>specifically allow
>>>>>># particular features to be enabled - so if
>>>>>>something's not working as
>>>>>># you might expect, make sure that you have
>>>>>>specifically enabled it
>>>>>># below.
>>>>>>#
>>>>>>
>>>>>><Directory "/">
>>>>>>      Options FollowSymLinks
>>>>>>
>>>>>>      AllowOverride None
>>>>>>
>>>>>>
>>>>>>
>>>>>></Directory>
>>>>>>
>>>>>><Directory "/var/www/html">
>>>>>>      Options Indexes Includes FollowSymLinks
>>>>>>
>>>>>>      AllowOverride None
>>>>>>      Allow from all
>>>>>>
>>>>>>
>>>>>>      Order allow,deny
>>>>>></Directory>
>>>>>>
>>>>>><Directory "/var/www/icons">
>>>>>>      Options Indexes MultiViews
>>>>>>
>>>>>>      AllowOverride None
>>>>>>      Allow from all
>>>>>>
>>>>>>
>>>>>>      Order allow,deny
>>>>>></Directory>
>>>>>>
>>>>>><Directory "/var/www/cgi-bin">
>>>>>>      Options ExecCGI
>>>>>>
>>>>>>      AllowOverride None
>>>>>>      Allow from all
>>>>>>
>>>>>>
>>>>>>      Order allow,deny
>>>>>></Directory>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>---------------------------------------------------------------------
>>>>
>>>>
>>>>        
>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>The official User-To-User support forum of the
>>>>>>Apache HTTP Server Project.
>>>>>>See <URL:http://httpd.apache.org/userslist.html>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>for
>>>>
>>>>
>>>>        
>>>>
>>>>>>more info.
>>>>>>To unsubscribe, e-mail:
>>>>>>users-unsubscribe@httpd.apache.org
>>>>>> "   from the digest:
>>>>>>users-digest-unsubscribe@httpd.apache.org
>>>>>>For additional commands, e-mail:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>users-help@httpd.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>__________________________________
>>>>>Do you Yahoo!?
>>>>>Yahoo! Mail Address AutoComplete - You start. We
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>finish.
>>>>
>>>>
>>>>        
>>>>
>>>>>http://promotions.yahoo.com/new_mail
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>---------------------------------------------------------------------
>>>>
>>>>
>>>>        
>>>>
>>>>>The official User-To-User support forum of the
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>Apache HTTP Server Project.
>>>>
>>>>
>>>>        
>>>>
>>>>>See <URL:http://httpd.apache.org/userslist.html>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>for more info.
>>>>
>>>>
>>>>        
>>>>
>>>>>To unsubscribe, e-mail:
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>users-unsubscribe@httpd.apache.org
>>>>
>>>>
>>>>        
>>>>
>>>>> "   from the digest:
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>users-digest-unsubscribe@httpd.apache.org
>>>>
>>>>
>>>>        
>>>>
>>>>>For additional commands, e-mail:
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>users-help@httpd.apache.org
>>>>
>>>>
>>>>        
>>>>
>>>>>#
>>>>>
>>>>>
>>>>>          
>>>>>
>>>># This is the Apache server configuration file
>>>>providing SSL support.
>>>># It contains the configuration directives to
>>>>instruct the server how to
>>>># serve pages over an https connection. For
>>>>detailing information about these
>>>># directives see
>>>>
>>>>
>>>>
>>>>        
>>>>
>>><URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
>>>
>>>
>>>      
>>>
>>>>#
>>>># Do NOT simply read the instructions in here
>>>>without understanding
>>>># what they do.  They're here only as hints or
>>>>reminders.  If you are unsure
>>>># consult the online docs. You have been warned.
>>>>#
>>>>
>>>>LoadModule ssl_module modules/mod_ssl.so
>>>>
>>>>#   Until documentation is completed, please check
>>>>http://www.modssl.org/
>>>>#   for additional config examples and module
>>>>docmentation.  Directives
>>>>#   and features of mod_ssl are largely unchanged
>>>>        
>>>>
>>>>from the mod_ssl project
>>>      
>>>
>>>>#   for Apache 1.3.
>>>>
>>>>#
>>>># When we also provide SSL we have to listen to the
>>>># standard HTTP port (see above) and to the HTTPS
>>>>port
>>>>#
>>>>#Nina commented this line out
>>>>#Listen 4443
>>>>
>>>>##
>>>>##  SSL Global Context
>>>>##
>>>>##  All SSL configuration in this context applies
>>>>both to
>>>>##  the main server and all SSL-enabled virtual
>>>>hosts.
>>>>##
>>>>
>>>>#
>>>>#   Some MIME-types for downloading Certificates and
>>>>CRLs
>>>>#
>>>>AddType application/x-x509-ca-cert .crt
>>>>AddType application/x-pkcs7-crl    .crl
>>>>
>>>>#   Pass Phrase Dialog:
>>>>#   Configure the pass phrase gathering process.
>>>>#   The filtering dialog program (`builtin' is a
>>>>internal
>>>>#   terminal dialog) has to provide the pass phrase
>>>>on stdout.
>>>>SSLPassPhraseDialog  builtin
>>>>
>>>>#   Inter-Process Session Cache:
>>>>#   Configure the SSL Session Cache: First the
>>>>mechanism
>>>>#   to use and second the expiring timeout (in
>>>>seconds).
>>>>#SSLSessionCache        none
>>>>#SSLSessionCache
>>>>dbm:/var/cache/mod_ssl/scache(512000)
>>>>#SSLSessionCache
>>>>dc:UNIX/var/cache/mod_ssl/distcache
>>>>SSLSessionCache
>>>>shmcb:/var/cache/mod_ssl/scache(512000)
>>>>SSLSessionCacheTimeout  300
>>>>
>>>>#   Semaphore:
>>>>#   Configure the path to the mutual exclusion
>>>>semaphore the
>>>>#   SSL engine uses internally for inter-process
>>>>synchronization.
>>>>SSLMutex default
>>>>
>>>>#   Pseudo Random Number Generator (PRNG):
>>>>#   Configure one or more sources to seed the PRNG
>>>>of the
>>>>#   SSL library. The seed data should be of good
>>>>random quality.
>>>>#   WARNING! On some platforms /dev/random blocks if
>>>>not enough entropy
>>>>#   is available. This means you then cannot use the
>>>>/dev/random device
>>>>#   because it would lead to very long connection
>>>>times (as long as
>>>>#   it requires to make more entropy available). But
>>>>usually those
>>>>#   platforms additionally provide a /dev/urandom
>>>>device which doesn't
>>>>#   block. So, if available, use this one instead.
>>>>Read the mod_ssl User
>>>>#   Manual for more details.
>>>>SSLRandomSeed startup file:/dev/urandom  256
>>>>SSLRandomSeed connect builtin
>>>>#SSLRandomSeed startup file:/dev/random  512
>>>>#SSLRandomSeed connect file:/dev/random  512
>>>>#SSLRandomSeed connect file:/dev/urandom 512
>>>>
>>>>#
>>>># Use "SSLCryptoDevice" to enable any supported
>>>>hardware
>>>># accelerators. Use "openssl engine -v" to list
>>>>supported
>>>># engine names.  NOTE: If you enable an accelerator
>>>>and the
>>>># server does not start, consult the error logs and
>>>>ensure
>>>># your accelerator is functioning properly.
>>>>#
>>>>SSLCryptoDevice builtin
>>>>#SSLCryptoDevice ubsec
>>>>
>>>>##
>>>>## SSL Virtual Host Context
>>>>##
>>>>
>>>>NameVirtualHost 66.80.7.162:4443
>>>>
>>>>#<VirtualHost _default_:4443>
>>>><VirtualHost 66.80.7.162:4443>
>>>>
>>>># General setup for the virtual host, inherited from
>>>>global configuration
>>>>DocumentRoot "/var/www/html"
>>>>ServerName gibbons.com
>>>>
>>>># Use separate log files for the SSL virtual host;
>>>>note that LogLevel
>>>># is not inherited from httpd.conf.
>>>>ErrorLog logs/ssl_error_log
>>>>TransferLog logs/ssl_access_log
>>>>LogLevel warn
>>>>
>>>>#   SSL Engine Switch:
>>>>#   Enable/Disable SSL for this virtual host.
>>>>SSLEngine on
>>>>
>>>>#   SSL Cipher Suite:
>>>>#   List the ciphers that the client is permitted to
>>>>negotiate.
>>>>#   See the mod_ssl documentation for a complete
>>>>list.
>>>>SSLCipherSuite
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>>>
>>>
>>>      
>>>
>>>>#   Server Certificate:
>>>>#   Point SSLCertificateFile at a PEM encoded
>>>>certificate.  If
>>>>#   the certificate is encrypted, then you will be
>>>>prompted for a
>>>>#   pass phrase.  Note that a kill -HUP will prompt
>>>>again. A test
>>>>#   certificate can be generated with `make
>>>>certificate' under
>>>>#   built time. Keep in mind that if you've both a
>>>>RSA and a DSA
>>>>#   certificate you can configure both in parallel
>>>>(to also allow
>>>>#   the use of DSA ciphers, etc.)
>>>>SSLCertificateFile
>>>>/etc/httpd/conf/ssl.crt/server.crt
>>>>#SSLCertificateFile
>>>>/etc/httpd/conf/ssl.crt/server-dsa.crt
>>>>
>>>>#   Server Private Key:
>>>>#   If the key is not combined with the certificate,
>>>>use this
>>>>#   directive to point at the key file.  Keep in
>>>>mind that if
>>>>#   you've both a RSA and a DSA private key you can
>>>>configure
>>>>#   both in parallel (to also allow the use of DSA
>>>>ciphers, etc.)
>>>>SSLCertificateKeyFile
>>>>/etc/httpd/conf/ssl.key/server.key
>>>>#SSLCertificateKeyFile
>>>>/etc/httpd/conf/ssl.key/server-dsa.key
>>>>
>>>>#   Server Certificate Chain:
>>>>#   Point SSLCertificateChainFile at a file
>>>>containing the
>>>>#   concatenation of PEM encoded CA certificates
>>>>which form the
>>>>#   certificate chain for the server certificate.
>>>>Alternatively
>>>>#   the referenced file can be the same as
>>>>SSLCertificateFile
>>>>#   when the CA certificates are directly appended
>>>>to the server
>>>>#   certificate for convinience.
>>>>#SSLCertificateChainFile
>>>>/etc/httpd/conf/ssl.crt/ca.crt
>>>>
>>>>#   Certificate Authority (CA):
>>>>#   Set the CA certificate verification path where
>>>>to find CA
>>>>#   certificates for client authentication or
>>>>alternatively one
>>>>#   huge file containing all of them (file must be
>>>>PEM encoded)
>>>>#   Note: Inside SSLCACertificatePath you need hash
>>>>symlinks
>>>>#         to point to the certificate files. Use the
>>>>provided
>>>>#         Makefile to update the hash symlinks after
>>>>changes.
>>>>#SSLCACertificatePath /etc/httpd/conf/ssl.crt
>>>>#SSLCACertificateFile
>>>>/usr/share/ssl/certs/ca-bundle.crt
>>>>
>>>>#   Certificate Revocation Lists (CRL):
>>>>#   Set the CA revocation path where to find CA CRLs
>>>>for client
>>>>#   authentication or alternatively one huge file
>>>>containing all
>>>>#   of them (file must be PEM encoded)
>>>>#   Note: Inside SSLCARevocationPath you need hash
>>>>symlinks
>>>>#         to point to the certificate files. Use the
>>>>provided
>>>>#         Makefile to update the hash symlinks after
>>>>changes.
>>>>#SSLCARevocationPath /etc/httpd/conf/ssl.crl
>>>>#SSLCARevocationFile
>>>>/etc/httpd/conf/ssl.crl/ca-bundle.crl
>>>>
>>>>#   Client Authentication (Type):
>>>>#   Client certificate verification type and depth.
>>>>Types are
>>>>#   none, optional, require and optional_no_ca.
>>>>Depth is a
>>>>#   number which specifies how deeply to verify the
>>>>certificate
>>>>#   issuer chain before deciding the certificate is
>>>>not valid.
>>>>#SSLVerifyClient require
>>>>#SSLVerifyDepth  10
>>>>
>>>>#   Access Control:
>>>>#   With SSLRequire you can do per-directory access
>>>>control based
>>>>#   on arbitrary complex boolean expressions
>>>>containing server
>>>>#   variable checks and other lookup directives.
>>>>The syntax is a
>>>>#   mixture between C and Perl.  See the mod_ssl
>>>>documentation
>>>>#   for more details.
>>>>#<Location />
>>>>#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
>>>>#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil,
>>>>Ltd." \
>>>>#            and %{SSL_CLIENT_S_DN_OU} in {"Staff",
>>>>"CA", "Dev"} \
>>>>#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY}
>>>><= 5 \
>>>>#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR}
>>>><= 20       ) \
>>>>#           or %{REMOTE_ADDR} =~
>>>>m/^192\.76\.162\.[0-9]+$/
>>>>#</Location>
>>>>
>>>>#   SSL Engine Options:
>>>>#   Set various options for the SSL engine.
>>>>#   o FakeBasicAuth:
>>>>#     Translate the client X.509 into a Basic
>>>>Authorisation.  This means that
>>>>#     the standard Auth/DBMAuth methods can be used
>>>>for access control.  The
>>>>#     user name is the `one line' version of the
>>>>client's X.509 certificate.
>>>>#     Note that no password is obtained from the
>>>>user. Every entry in the user
>>>>#     file needs this password: `xxj31ZMTZzkVA'.
>>>>#   o ExportCertData:
>>>>#     This exports two additional environment
>>>>variables: SSL_CLIENT_CERT and
>>>>#     SSL_SERVER_CERT. These contain the PEM-encoded
>>>>certificates of the
>>>>#     server (always existing) and the client (only
>>>>existing when client
>>>>#     authentication is used). This can be used to
>>>>import the certificates
>>>>#     into CGI scripts.
>>>>#   o StdEnvVars:
>>>>#     This exports the standard SSL/TLS related
>>>>`SSL_*' environment variables.
>>>>#     Per default this exportation is switched off
>>>>for performance reasons,
>>>>#     because the extraction step is an expensive
>>>>operation and is usually
>>>>#     useless for serving static content. So one
>>>>usually enables the
>>>>#     exportation for CGI and SSI requests only.
>>>>#   o StrictRequire:
>>>>#     This denies access when "SSLRequireSSL" or
>>>>"SSLRequire" applied even
>>>>#     under a "Satisfy any" situation, i.e. when it
>>>>applies access is denied
>>>>#     and no other module can change it.
>>>>#   o OptRenegotiate:
>>>>#     This enables optimized SSL connection
>>>>renegotiation handling when SSL
>>>>#     directives are used in per-directory context.
>>>>#SSLOptions +FakeBasicAuth +ExportCertData
>>>>+CompatEnvVars +StrictRequire
>>>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>>>>   SSLOptions +StdEnvVars
>>>></Files>
>>>><Directory "/var/www/cgi-bin">
>>>>   SSLOptions +StdEnvVars
>>>></Directory>
>>>>
>>>>#   SSL Protocol Adjustments:
>>>>#   The safe and default but still SSL/TLS standard
>>>>compliant shutdown
>>>>#   approach is that mod_ssl sends the close notify
>>>>alert but doesn't wait for
>>>>#   the close notify alert from client. When you
>>>>need a different shutdown
>>>>#   approach you can use one of the following
>>>>variables:
>>>>#   o ssl-unclean-shutdown:
>>>>#     This forces an unclean shutdown when the
>>>>connection is closed, i.e. no
>>>>#     SSL close notify alert is send or allowed to
>>>>received.  This violates
>>>>#     the SSL/TLS standard but is needed for some
>>>>brain-dead browsers. Use
>>>>#     this when you receive I/O errors because of
>>>>the standard approach where
>>>>#     mod_ssl sends the close notify alert.
>>>>#   o ssl-accurate-shutdown:
>>>>#     This forces an accurate shutdown when the
>>>>connection is closed, i.e. a
>>>>#     SSL close notify alert is send and mod_ssl
>>>>waits for the close notify
>>>>#     alert of the client. This is 100% SSL/TLS
>>>>standard compliant, but in
>>>>#     practice often causes hanging connections with
>>>>brain-dead browsers. Use
>>>>#     this only for browsers where you know that
>>>>their SSL implementation
>>>>#     works correctly.
>>>>#   Notice: Most problems of broken clients are also
>>>>related to the HTTP
>>>>#   keep-alive facility, so you usually additionally
>>>>want to disable
>>>>#   keep-alive for those clients, too. Use variable
>>>>"nokeepalive" for this.
>>>>#   Similarly, one has to force some clients to use
>>>>HTTP/1.0 to workaround
>>>>#   their broken HTTP/1.1 implementation. Use
>>>>variables "downgrade-1.0" and
>>>>#   "force-response-1.0" for this.
>>>>SetEnvIf User-Agent ".*MSIE.*" \
>>>>        nokeepalive ssl-unclean-shutdown \
>>>>        downgrade-1.0 force-response-1.0
>>>>
>>>>#   Per-Server Logging:
>>>>#   The home of a custom SSL log file. Use this when
>>>>you want a
>>>>#   compact non-error SSL logfile on a virtual host
>>>>basis.
>>>>CustomLog logs/ssl_request_log \
>>>>         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
>>>>\"%r\" %b"
>>>>
>>>></VirtualHost>
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>>>#
>>>>>
>>>>>
>>>>>          
>>>>>
>>>># Based upon the NCSA server configuration files
>>>>originally by Rob McCool.
>>>>#
>>>># This is the main Apache server configuration file.
>>>>It contains the
>>>># configuration directives that give the server its
>>>>instructions.
>>>># See URL:http://httpd.apache.org/docs-2.0/ for
>>>>detailed information about
>>>># the directives.
>>>>#
>>>># Do NOT simply read the instructions in here
>>>>without understanding
>>>># what they do.  They're here only as hints or
>>>>reminders.  If you are unsure
>>>># consult the online docs. You have been warned.
>>>>#
>>>># The configuration directives are grouped into
>>>>three basic sections:
>>>>#  1. Directives that control the operation of the
>>>>Apache server process as a
>>>>#     whole (the 'global environment').
>>>>#  2. Directives that define the parameters of the
>>>>'main' or 'default' server,
>>>>#     which responds to requests that aren't handled
>>>>by a virtual host.
>>>>#     These directives also provide default values
>>>>for the settings
>>>>#     of all virtual hosts.
>>>>#  3. Settings for virtual hosts, which allow Web
>>>>requests to be sent to
>>>>#     different IP addresses or hostnames and have
>>>>them handled by the
>>>>#     same Apache server process.
>>>>#
>>>># Configuration and logfile names: If the filenames
>>>>you specify for many
>>>># of the server's control files begin with "/" (or
>>>>"drive:/" for Win32), the
>>>># server will use that explicit path.  If the
>>>>filenames do *not* begin
>>>># with "/", the value of ServerRoot is prepended --
>>>>so "logs/foo.log"
>>>># with ServerRoot set to "/etc/httpd" will be
>>>>interpreted by the
>>>># server as "/etc/httpd/logs/foo.log".
>>>>#
>>>>
>>>>### Section 1: Global Environment
>>>>#
>>>># The directives in this section affect the overall
>>>>operation of Apache,
>>>># such as the number of concurrent requests it can
>>>>handle or where it
>>>># can find its configuration files.
>>>>#
>>>>
>>>>#
>>>># Don't give away too much information about all the
>>>>subcomponents
>>>># we are running.  Comment out this line if you
>>>>don't mind remote sites
>>>># finding out what major optional modules you are
>>>>running
>>>>ServerTokens OS
>>>>
>>>>#
>>>># ServerRoot: The top of the directory tree under
>>>>which the server's
>>>># configuration, error, and log files are kept.
>>>>#
>>>># NOTE!  If you intend to place this on an NFS (or
>>>>otherwise network)
>>>># mounted filesystem then please read the LockFile
>>>>documentation
>>>># (available at
>>>>
>>>>
>>>>
>>>>        
>>>>
>>><URL:http://httpd.apache.org/docs-2.0/mod/core.html#lockfile>);
>>>
>>>
>>>      
>>>
>>>># you will save yourself a lot of trouble.
>>>>#
>>>># Do NOT add a slash at the end of the directory
>>>>path.
>>>>#
>>>>ServerRoot "/etc/httpd"
>>>>
>>>>#
>>>># ScoreBoardFile: File used to store internal server
>>>>process information.
>>>># If unspecified (the default), the scoreboard will
>>>>be stored in an
>>>># anonymous shared memory segment, and will be
>>>>unavailable to third-party
>>>># applications.
>>>># If specified, ensure that no two invocations of
>>>>Apache share the same
>>>># scoreboard file. The scoreboard file MUST BE
>>>>STORED ON A LOCAL DISK.
>>>>#
>>>>#ScoreBoardFile run/httpd.scoreboard
>>>>
>>>>#
>>>># PidFile: The file in which the server should
>>>>record its process
>>>># identification number when it starts.
>>>>#
>>>>PidFile "/var/run/httpd.pid"
>>>>
>>>>#
>>>># Timeout: The number of seconds before receives and
>>>>sends time out.
>>>>#
>>>>TimeOut 300
>>>>
>>>>#
>>>># KeepAlive: Whether or not to allow persistent
>>>>connections (more than
>>>># one request per connection). Set to "Off" to
>>>>deactivate.
>>>>#
>>>>KeepAlive true
>>>>
>>>>#
>>>># MaxKeepAliveRequests: The maximum number of
>>>>requests to allow
>>>># during a persistent connection. Set to 0 to allow
>>>>an unlimited amount.
>>>># We recommend you leave this number high, for
>>>>maximum performance.
>>>>#
>>>>MaxKeepAliveRequests 100
>>>>
>>>>#
>>>># KeepAliveTimeout: Number of seconds to wait for
>>>>the next request from the
>>>># same client on the same connection.
>>>>#
>>>>KeepAliveTimeout 15
>>>>
>>>>##
>>>>## Server-Pool Size Regulation (MPM specific)
>>>>##
>>>>
>>>># prefork MPM
>>>># StartServers: number of server processes to start
>>>># MinSpareServers: minimum number of server
>>>>processes which are kept spare
>>>># MaxSpareServers: maximum number of server
>>>>processes which are kept spare
>>>># MaxClients: maximum number of server processes
>>>>allowed to start
>>>># MaxRequestsPerChild: maximum number of requests a
>>>>server process serves
>>>><IfModule prefork.c>
>>>>StartServers 8
>>>>MinSpareServers 5
>>>>MaxSpareServers 20
>>>>MaxClients 150
>>>>MaxRequestsPerChild 100
>>>></IfModule>
>>>>
>>>># worker MPM
>>>># StartServers: initial number of server processes
>>>>to start
>>>># MaxClients: maximum number of simultaneous client
>>>>connections
>>>># MinSpareThreads: minimum number of worker threads
>>>>which are kept spare
>>>># MaxSpareThreads: maximum number of worker threads
>>>>which are kept spare
>>>># ThreadsPerChild: constant number of worker threads
>>>>in each server process
>>>># MaxRequestsPerChild: maximum number of requests a
>>>>server process serves
>>>><IfModule worker.c>
>>>>StartServers         2
>>>>MaxClients         150
>>>>MinSpareThreads     25
>>>>MaxSpareThreads     75
>>>>ThreadsPerChild     25
>>>>MaxRequestsPerChild  0
>>>></IfModule>
>>>>
>>>>#
>>>># Listen: Allows you to bind Apache to specific IP
>>>>addresses and/or
>>>># ports, in addition to the default. See also the
>>>><VirtualHost>
>>>># directive.
>>>>#
>>>># Change this to Listen on specific IP addresses as
>>>>shown below to
>>>># prevent Apache from glomming onto all bound IP
>>>>addresses (0.0.0.0)
>>>>#
>>>>#Listen 12.34.56.78:80
>>>>Listen *:80
>>>>
>>>>
>>>>#
>>>># Dynamic Shared Object (DSO) Support
>>>>#
>>>># To be able to use the functionality of a module
>>>>which was built as a DSO you
>>>># have to place corresponding `LoadModule' lines at
>>>>this location so the
>>>># directives contained in it are actually available
>>>>_before_ they are used.
>>>># Statically compiled modules (those listed by
>>>>`httpd -l') do not need
>>>># to be loaded here.
>>>>#
>>>># Example:
>>>># LoadModule foo_module modules/mod_foo.so
>>>>#
>>>>LoadModule access_module modules/mod_access.so
>>>>LoadModule auth_module modules/mod_auth.so
>>>>LoadModule auth_anon_module modules/mod_auth_anon.so
>>>>LoadModule auth_dbm_module modules/mod_auth_dbm.so
>>>>LoadModule auth_digest_module
>>>>modules/mod_auth_digest.so
>>>>LoadModule ldap_module modules/mod_ldap.so
>>>>LoadModule auth_ldap_module modules/mod_auth_ldap.so
>>>>LoadModule include_module modules/mod_include.so
>>>>LoadModule log_config_module
>>>>modules/mod_log_config.so
>>>>LoadModule env_module modules/mod_env.so
>>>>LoadModule mime_magic_module
>>>>modules/mod_mime_magic.so
>>>>LoadModule cern_meta_module modules/mod_cern_meta.so
>>>>LoadModule expires_module modules/mod_expires.so
>>>>LoadModule deflate_module modules/mod_deflate.so
>>>>LoadModule headers_module modules/mod_headers.so
>>>>LoadModule usertrack_module modules/mod_usertrack.so
>>>>LoadModule unique_id_module modules/mod_unique_id.so
>>>>LoadModule setenvif_module modules/mod_setenvif.so
>>>>LoadModule mime_module modules/mod_mime.so
>>>>LoadModule dav_module modules/mod_dav.so
>>>>#Nina added these in for svn server
>>>>#
>>>>LoadModule dav_svn_module modules/mod_dav_svn.so
>>>>LoadModule authz_svn_module modules/mod_authz_svn.so
>>>>#
>>>>LoadModule status_module modules/mod_status.so
>>>>LoadModule autoindex_module modules/mod_autoindex.so
>>>>LoadModule asis_module modules/mod_asis.so
>>>>LoadModule info_module modules/mod_info.so
>>>>LoadModule dav_fs_module modules/mod_dav_fs.so
>>>>LoadModule vhost_alias_module
>>>>modules/mod_vhost_alias.so
>>>>LoadModule negotiation_module
>>>>modules/mod_negotiation.so
>>>>LoadModule dir_module modules/mod_dir.so
>>>>LoadModule imap_module modules/mod_imap.so
>>>>LoadModule actions_module modules/mod_actions.so
>>>>LoadModule speling_module modules/mod_speling.so
>>>>LoadModule userdir_module modules/mod_userdir.so
>>>>LoadModule alias_module modules/mod_alias.so
>>>>LoadModule rewrite_module modules/mod_rewrite.so
>>>>LoadModule proxy_module modules/mod_proxy.so
>>>>LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
>>>>LoadModule proxy_http_module
>>>>modules/mod_proxy_http.so
>>>>LoadModule proxy_connect_module
>>>>modules/mod_proxy_connect.so
>>>>LoadModule cache_module modules/mod_cache.so
>>>>LoadModule suexec_module modules/mod_suexec.so
>>>>LoadModule disk_cache_module
>>>>modules/mod_disk_cache.so
>>>>LoadModule file_cache_module
>>>>modules/mod_file_cache.so
>>>>LoadModule mem_cache_module modules/mod_mem_cache.so
>>>>LoadModule cgi_module modules/mod_cgi.so
>>>>
>>>>#
>>>># Load config files from the config directory
>>>>"/etc/httpd/conf.d".
>>>>#
>>>>Include conf.d/*.conf
>>>>
>>>>#
>>>># ExtendedStatus controls whether Apache will
>>>>generate "full" status
>>>># information (ExtendedStatus On) or just basic
>>>>information (ExtendedStatus
>>>># Off) when the "server-status" handler is called.
>>>>The default is Off.
>>>>#
>>>>#ExtendedStatus On
>>>>
>>>>### Section 2: 'Main' server configuration
>>>>#
>>>># The directives in this section set up the values
>>>>used by the 'main'
>>>># server, which responds to any requests that aren't
>>>>handled by a
>>>># <VirtualHost> definition.  These values also
>>>>provide defaults for
>>>># any <VirtualHost> containers you may define later
>>>>in the file.
>>>>#
>>>># All of these directives may appear inside
>>>><VirtualHost> containers,
>>>># in which case these default settings will be
>>>>overridden for the
>>>># virtual host being defined.
>>>>#
>>>>
>>>>#
>>>># If you wish httpd to run as a different user or
>>>>group, you must run
>>>># httpd as root initially and it will switch.
>>>>#
>>>># User/Group: The name (or #number) of the
>>>>user/group to run httpd as.
>>>>#  . On SCO (ODT 3) use "User nouser" and "Group
>>>>nogroup".
>>>>#  . On HPUX you may not be able to use shared
>>>>memory as nobody, and the
>>>>#    suggested workaround is to create a user www
>>>>and use that user.
>>>>#  NOTE that some kernels refuse to setgid(Group) or
>>>>semctl(IPC_SET)
>>>>#  when the value of (unsigned)Group is above 60000;
>>>>
>>>>#  don't use Group #-1 on these systems!
>>>>#
>>>>User apache
>>>>Group apache
>>>>
>>>>#
>>>># ServerAdmin: Your address, where problems with the
>>>>server should be
>>>># e-mailed.  This address appears on some
>>>>server-generated pages, such
>>>># as error documents.  e.g. admin@your-domain.com
>>>>#
>>>>ServerAdmin root@gibbons.com
>>>>
>>>>#
>>>># ServerName gives the name and port that the server
>>>>uses to identify itself.
>>>># This can often be determined automatically, but we
>>>>recommend you specify
>>>># it explicitly to prevent problems during startup.
>>>>#
>>>># If this is not set to valid DNS name for your
>>>>host, server-generated
>>>># redirections will not work.  See also the
>>>>UseCanonicalName directive.
>>>>#
>>>># If your host doesn't have a registered DNS name,
>>>>enter its IP address here.
>>>># You will have to access it by its address anyway,
>>>>and this will make
>>>># redirections work in a sensible way.
>>>>#
>>>>ServerName gibbons.com:80
>>>>
>>>>#
>>>># UseCanonicalName: Determines how Apache constructs
>>>>self-referencing
>>>># URLs and the SERVER_NAME and SERVER_PORT
>>>>variables.
>>>># When set "Off", Apache will use the Hostname and
>>>>Port supplied
>>>># by the client.  When set "On", Apache will use the
>>>>value of the
>>>># ServerName directive.
>>>>#
>>>>UseCanonicalName on
>>>>
>>>>#
>>>># DocumentRoot: The directory out of which you will
>>>>serve your
>>>># documents. By default, all requests are taken from
>>>>this directory, but
>>>># symbolic links and aliases may be used to point to
>>>>other locations.
>>>>#
>>>>DocumentRoot "/var/www/html"
>>>>
>>>>#
>>>># Disable autoindex for the root directory, and
>>>>present a
>>>># default Welcome page if no other index page is
>>>>present.
>>>>#
>>>><LocationMatch "^/$">
>>>>   Options -Indexes
>>>>   ErrorDocument 403 /error/noindex.html
>>>></LocationMatch>
>>>>
>>>>#
>>>># UserDir: The name of the directory that is
>>>>appended onto a user's home
>>>># directory if a ~user request is received.
>>>>#
>>>># The path to the end user account 'public_html'
>>>>directory must be
>>>># accessible to the webserver userid.  This usually
>>>>means that ~userid
>>>># must have permissions of 711, ~userid/public_html
>>>>must have permissions
>>>># of 755, and documents contained therein must be
>>>>world-readable.
>>>># Otherwise, the client will only receive a "403
>>>>Forbidden" message.
>>>>#
>>>># See also:
>>>>http://httpd.apache.org/docs/misc/FAQ.html#forbidden
>>>>#
>>>><IfModule mod_userdir.c>
>>>>   #
>>>>   # UserDir is disabled by default since it can
>>>>confirm the presence
>>>>   # of a username on the system (depending on home
>>>>directory
>>>>   # permissions).
>>>>   #
>>>>   UserDir "disable"
>>>>
>>>>   #
>>>>   # To enable requests to /~user/ to serve the
>>>>user's public_html
>>>>   # directory, use this directive instead of
>>>>"UserDir disable":
>>>>   #
>>>>   #UserDir public_html
>>>>
>>>></IfModule>
>>>>
>>>>#
>>>># DirectoryIndex: sets the file that Apache will
>>>>serve if a directory
>>>># is requested.
>>>>#
>>>># The index.html.var file (a type-map) is used to
>>>>deliver content-
>>>># negotiated documents.  The MultiViews Option can
>>>>be used for the
>>>># same purpose, but it is much slower.
>>>>#
>>>>DirectoryIndex
>>>>
>>>>#
>>>># AccessFileName: The name of the file to look for
>>>>in each directory
>>>># for access control information.  See also the
>>>>AllowOverride directive.
>>>>#
>>>>AccessFileName .htaccess
>>>>
>>>>#
>>>># The following lines prevent .htaccess and
>>>>.htpasswd files from being
>>>># viewed by Web clients.
>>>>#
>>>><Files ~ "^\.ht">
>>>>   Order allow,deny
>>>>   Deny from all
>>>></Files>
>>>>
>>>>#
>>>># TypesConfig describes where the mime.types file
>>>>(or equivalent) is
>>>># to be found.
>>>>#
>>>>TypesConfig "/etc/mime.types"
>>>>
>>>>#
>>>># DefaultType is the default MIME type the server
>>>>will use for a document
>>>># if it cannot otherwise determine one, such as from
>>>>filename extensions.
>>>># If your server contains mostly text or HTML
>>>>documents, "text/plain" is
>>>># a good value.  If most of your content is binary,
>>>>such as applications
>>>># or images, you may want to use
>>>>"application/octet-stream" instead to
>>>># keep browsers from trying to display binary files
>>>>as though they are
>>>># text.
>>>>#
>>>>DefaultType text/plain
>>>>
>>>>#
>>>># The mod_mime_magic module allows the server to use
>>>>various hints from the
>>>># contents of the file itself to determine its type.
>>>>The MIMEMagicFile
>>>># directive tells the module where the hint
>>>>definitions are located.
>>>>#
>>>><IfModule mod_mime_magic.c>
>>>>#   MIMEMagicFile /usr/share/magic.mime
>>>>   MIMEMagicFile conf/magic
>>>></IfModule>
>>>>
>>>>#
>>>># HostnameLookups: Log the names of clients or just
>>>>their IP addresses
>>>># e.g., www.apache.org (on) or 204.62.129.132 (off).
>>>># The default is off because it'd be overall better
>>>>for the net if people
>>>># had to knowingly turn this feature on, since
>>>>enabling it means that
>>>># each client request will result in AT LEAST one
>>>>lookup request to the
>>>># nameserver.
>>>>#
>>>>HostNameLookups Off
>>>>
>>>>#
>>>># EnableMMAP: Control whether memory-mapping is used
>>>>to deliver
>>>># files (assuming that the underlying OS supports
>>>>it).
>>>># The default is on; turn this off if you serve from
>>>>NFS-mounted
>>>># filesystems.  On some systems, turning it off
>>>>(regardless of
>>>># filesystem) can improve performance; for details,
>>>>please see
>>>>#
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
>>>
>>>
>>>      
>>>
>>>>#
>>>>#EnableMMAP off
>>>>
>>>>#
>>>># EnableSendfile: Control whether the sendfile
>>>>kernel support is
>>>># used to deliver files (assuming that the OS
>>>>supports it).
>>>># The default is on; turn this off if you serve from
>>>>NFS-mounted
>>>># filesystems.  Please see
>>>>#
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
>>>
>>>
>>>      
>>>
>>>>#
>>>>#EnableSendfile off
>>>>
>>>>#
>>>># ErrorLog: The location of the error log file.
>>>># If you do not specify an ErrorLog directive within
>>>>a <VirtualHost>
>>>># container, error messages relating to that virtual
>>>>host will be
>>>># logged here.  If you *do* define an error logfile
>>>>for a <VirtualHost>
>>>># container, that host's errors will be logged there
>>>>and not here.
>>>>#
>>>>ErrorLog "/var/log/httpd/error_log"
>>>>
>>>>#
>>>># LogLevel: Control the number of messages logged to
>>>>the error_log.
>>>># Possible values include: debug, info, notice,
>>>>warn, error, crit,
>>>># alert, emerg.
>>>>#
>>>>LogLevel warn
>>>>
>>>>#
>>>># The following directives define some format
>>>>nicknames for use with
>>>># a CustomLog directive (see below).
>>>>#
>>>>LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>>>>\"%{User-Agent}i\"" combined
>>>>LogFormat "%h %l %u %t \"%r\" %>s %b" common
>>>>LogFormat "%{Referer}i -> %U" referer
>>>>LogFormat "%{User-agent}i" agent
>>>>
>>>>
>>>>#
>>>># The location and format of the access logfile
>>>>(Common Logfile Format).
>>>># If you do not define any access logfiles within a
>>>><VirtualHost>
>>>># container, they will be logged here.
>>>>Contrariwise, if you *do*
>>>># define per-<VirtualHost> access logfiles,
>>>>transactions will be
>>>># logged therein and *not* in this file.
>>>>#
>>>># CustomLog logs/access_log common
>>>>CustomLog logs/access_log combined
>>>>
>>>>#
>>>># If you would like to have agent and referer
>>>>logfiles, uncomment the
>>>># following directives.
>>>>#
>>>>#CustomLog logs/referer_log referer
>>>>#CustomLog logs/agent_log agent
>>>>
>>>>#
>>>># If you prefer a single logfile with access, agent,
>>>>and referer information
>>>># (Combined Logfile Format) you can use the
>>>>following directive.
>>>>#
>>>>#CustomLog logs/access_log combined
>>>>
>>>>#
>>>># Optionally add a line containing the server
>>>>version and virtual host
>>>># name to server-generated pages (error documents,
>>>>FTP directory listings,
>>>># mod_status and mod_info output etc., but not CGI
>>>>generated documents).
>>>># Set to "EMail" to also include a mailto: link to
>>>>the ServerAdmin.
>>>># Set to one of:  On | Off | EMail
>>>>#
>>>>ServerSignature on
>>>>
>>>>#
>>>># Aliases: Add here as many aliases as you need
>>>>(with no limit). The format is
>>>># Alias fakename realname
>>>>#
>>>># Note that if you include a trailing / on fakename
>>>>then the server will
>>>># require it to be present in the URL.  So "/icons"
>>>>isn't aliased in this
>>>># example, only "/icons/".  If the fakename is
>>>>slash-terminated, then the
>>>># realname must also be slash terminated, and if the
>>>>fakename omits the
>>>># trailing slash, the realname must also omit it.
>>>>#
>>>># We include the /icons/ alias for FancyIndexed
>>>>directory listings.  If you
>>>># do not use FancyIndexing, you may comment this
>>>>out.
>>>>#
>>>>Alias /icons/ "/var/www/icons/"
>>>>
>>>>#
>>>># This should be changed to the ServerRoot/manual/.
>>>>The alias provides
>>>># the manual, even if you choose to move your
>>>>DocumentRoot.  You may comment
>>>># this out if you do not care for the documentation.
>>>>#
>>>>Alias /manual "/var/www/manual"
>>>>
>>>><IfModule mod_dav_fs.c>
>>>>   # Location of the WebDAV lock database.
>>>>   DAVLockDB /var/lib/dav/lockdb
>>>></IfModule>
>>>>
>>>>#
>>>># ScriptAlias: This controls which directories
>>>>contain server scripts.
>>>># ScriptAliases are essentially the same as Aliases,
>>>>except that
>>>># documents in the realname directory are treated as
>>>>applications and
>>>># run by the server when requested rather than as
>>>>documents sent to the client.
>>>># The same rules about trailing "/" apply to
>>>>ScriptAlias directives as to
>>>># Alias.
>>>>#
>>>>ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>>>>
>>>><IfModule mod_cgid.c>
>>>>#
>>>># Additional to mod_cgid.c settings, mod_cgid has
>>>>Scriptsock <path>
>>>># for setting UNIX socket for communicating with
>>>>cgid.
>>>>#
>>>>#Scriptsock            logs/cgisock
>>>></IfModule>
>>>>
>>>>#Nina added
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>######################################################################
>>>
>>>
>>>      
>>>
>>>><IfModule mod_ssl.c>
>>>>Include conf.d/ssl.conf
>>>></IfModule>
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>######################################################################
>>>
>>>
>>>      
>>>
>>>>#
>>>># Redirect allows you to tell clients about
>>>>documents which used to exist in
>>>># your server's namespace, but do not anymore. This
>>>>allows you to tell the
>>>># clients where to look for the relocated document.
>>>># Example:
>>>># Redirect permanent /foo http://www.example.com/bar
>>>>
>>>>#
>>>># Directives controlling the display of
>>>>server-generated directory listings.
>>>>#
>>>>
>>>>#
>>>># FancyIndexing is whether you want fancy directory
>>>>indexing or standard.
>>>># VersionSort is whether files containing version
>>>>numbers should be
>>>># compared in the natural way, so that
>>>>`apache-1.3.9.tar' is placed before
>>>># `apache-1.3.12.tar'.
>>>>#
>>>>IndexOptions FancyIndexing VersionSort NameWidth=*
>>>>
>>>>#
>>>># AddIcon* directives tell the server which icon to
>>>>show for different
>>>># files or filename extensions.  These are only
>>>>displayed for
>>>># FancyIndexed directories.
>>>>#
>>>>AddIconByEncoding (CMP,/icons/compressed.gif)
>>>>x-compress x-gzip
>>>>
>>>>AddIconByType (TXT,/icons/text.gif) text/*
>>>>AddIconByType (IMG,/icons/image2.gif) image/*
>>>>AddIconByType (SND,/icons/sound2.gif) audio/*
>>>>AddIconByType (VID,/icons/movie.gif) video/*
>>>>
>>>>AddIcon /icons/binary.gif .bin .exe
>>>>AddIcon /icons/binhex.gif .hqx
>>>>AddIcon /icons/tar.gif .tar
>>>>AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm
>>>>.iv
>>>>AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
>>>>AddIcon /icons/a.gif .ps .ai .eps
>>>>AddIcon /icons/layout.gif .html .shtml .htm .pdf
>>>>AddIcon /icons/text.gif .txt
>>>>AddIcon /icons/c.gif .c
>>>>AddIcon /icons/p.gif .pl .py
>>>>AddIcon /icons/f.gif .for
>>>>AddIcon /icons/dvi.gif .dvi
>>>>AddIcon /icons/uuencoded.gif .uu
>>>>AddIcon /icons/script.gif .conf .sh .shar .csh .ksh
>>>>.tcl
>>>>AddIcon /icons/tex.gif .tex
>>>>AddIcon /icons/bomb.gif core
>>>>
>>>>AddIcon /icons/back.gif ..
>>>>AddIcon /icons/hand.right.gif README
>>>>AddIcon /icons/folder.gif ^^DIRECTORY^^
>>>>AddIcon /icons/blank.gif ^^BLANKICON^^
>>>>
>>>>#
>>>># DefaultIcon is which icon to show for files which
>>>>do not have an icon
>>>># explicitly set.
>>>>#
>>>>DefaultIcon /icons/unknown.gif
>>>>
>>>>#
>>>># AddDescription allows you to place a short
>>>>description after a file in
>>>># server-generated indexes.  These are only
>>>>displayed for FancyIndexed
>>>># directories.
>>>># Format: AddDescription "description" filename
>>>>#
>>>>#AddDescription "GZIP compressed document" .gz
>>>>#AddDescription "tar archive" .tar
>>>>#AddDescription "GZIP compressed tar archive" .tgz
>>>>
>>>>#
>>>># ReadmeName is the name of the README file the
>>>>server will look for by
>>>># default, and append to directory listings.
>>>>#
>>>># HeaderName is the name of a file which should be
>>>>prepended to
>>>># directory indexes.
>>>>ReadmeName README.html
>>>>HeaderName HEADER.html
>>>>
>>>>#
>>>># IndexIgnore is a set of filenames which directory
>>>>indexing should ignore
>>>># and not include in the listing.  Shell-style
>>>>wildcarding is permitted.
>>>>#
>>>>IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v
>>>>*,t
>>>>
>>>>#
>>>># AddEncoding allows you to have certain browsers
>>>>(Mosaic/X 2.1+) uncompress
>>>># information on the fly. Note: Not all browsers
>>>>support this.
>>>># Despite the name similarity, the following Add*
>>>>directives have nothing
>>>># to do with the FancyIndexing customization
>>>>directives above.
>>>>#
>>>>AddEncoding x-compress Z
>>>>AddEncoding x-gzip gz tgz
>>>>
>>>>#
>>>># DefaultLanguage and AddLanguage allows you to
>>>>specify the language of
>>>># a document. You can then use content negotiation
>>>>to give a browser a
>>>># file in a language the user can understand.
>>>>#
>>>># Specify a default language. This means that all
>>>>data
>>>># going out without a specific language tag (see
>>>>below) will
>>>># be marked with this one. You probably do NOT want
>>>>to set
>>>># this unless you are sure it is correct for all
>>>>cases.
>>>>#
>>>># * It is generally better to not mark a page as
>>>># * being a certain language than marking it with
>>>>the wrong
>>>># * language!
>>>>#
>>>># DefaultLanguage nl
>>>>#
>>>># Note 1: The suffix does not have to be the same as
>>>>the language
>>>># keyword --- those with documents in Polish (whose
>>>>net-standard
>>>># language code is pl) may wish to use "AddLanguage
>>>>pl .po" to
>>>># avoid the ambiguity with the common suffix for
>>>>perl scripts.
>>>>#
>>>># Note 2: The example entries below illustrate that
>>>>in some cases
>>>># the two character 'Language' abbreviation is not
>>>>identical to
>>>># the two character 'Country' code for its country,
>>>># E.g. 'Danmark/dk' versus 'Danish/da'.
>>>>#
>>>># Note 3: In the case of 'ltz' we violate the RFC by
>>>>using a three char
>>>># specifier. There is 'work in progress' to fix this
>>>>and get
>>>># the reference data for rfc1766 cleaned up.
>>>>#
>>>># Danish (da) - Dutch (nl) - English (en) - Estonian
>>>>(et)
>>>># French (fr) - German (de) - Greek-Modern (el)
>>>># Italian (it) - Norwegian (no) - Norwegian Nynorsk
>>>>(nn) - Korean (kr)
>>>># Portugese (pt) - Luxembourgeois* (ltz)
>>>># Spanish (es) - Swedish (sv) - Catalan (ca) -
>>>>Czech(cz)
>>>># Polish (pl) - Brazilian Portuguese (pt-br) -
>>>>Japanese (ja)
>>>># Russian (ru) - Croatian (hr)
>>>>#
>>>>AddLanguage da .dk
>>>>AddLanguage nl .nl
>>>>AddLanguage en .en
>>>>AddLanguage et .et
>>>>AddLanguage fr .fr
>>>>AddLanguage de .de
>>>>AddLanguage he .he
>>>>AddLanguage el .el
>>>>AddLanguage it .it
>>>>AddLanguage ja .ja
>>>>AddLanguage pl .po
>>>>AddLanguage kr .kr
>>>>AddLanguage pt .pt
>>>>AddLanguage nn .nn
>>>>AddLanguage no .no
>>>>AddLanguage pt-br .pt-br
>>>>AddLanguage ltz .ltz
>>>>AddLanguage ca .ca
>>>>AddLanguage es .es
>>>>AddLanguage sv .se
>>>>AddLanguage cz .cz
>>>>AddLanguage ru .ru
>>>>AddLanguage tw .tw
>>>>AddLanguage zh-tw .tw
>>>>AddLanguage hr .hr
>>>>
>>>>#
>>>># LanguagePriority allows you to give precedence to
>>>>some languages
>>>># in case of a tie during content negotiation.
>>>>#
>>>># Just list the languages in decreasing order of
>>>>preference. We have
>>>># more or less alphabetized them here. You probably
>>>>want to change this.
>>>>#
>>>>LanguagePriority en da nl et fr de el it ja kr no pl
>>>>pt pt-br ltz ca es sv tw
>>>>
>>>>#
>>>># ForceLanguagePriority allows you to serve a result
>>>>page rather than
>>>># MULTIPLE CHOICES (Prefer) [in case of a tie] or
>>>>NOT ACCEPTABLE (Fallback)
>>>># [in case no accepted languages matched the
>>>>available variants]
>>>>#
>>>>ForceLanguagePriority Prefer Fallback
>>>>
>>>>#
>>>># Specify a default charset for all pages sent out.
>>>>This is
>>>># always a good idea and opens the door for future
>>>>internationalisation
>>>># of your web site, should you ever want it.
>>>>Specifying it as
>>>># a default does little harm; as the standard
>>>>dictates that a page
>>>># is in iso-8859-1 (latin1) unless specified
>>>>otherwise i.e. you
>>>># are merely stating the obvious. There are also
>>>>some security
>>>># reasons in browsers, related to javascript and URL
>>>>parsing
>>>># which encourage you to always set a default char
>>>>set.
>>>>#
>>>>AddDefaultCharset ISO-8859-1
>>>>
>>>>#
>>>># Commonly used filename extensions to character
>>>>sets. You probably
>>>># want to avoid clashes with the language
>>>>extensions, unless you
>>>># are good at carefully testing your setup after
>>>>each change.
>>>># See
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets
>>>
>>>
>>>      
>>>
>>>>for
>>>># the official list of charset names and their
>>>>respective RFCs
>>>>#
>>>>AddCharset ISO-8859-1  .iso8859-1  .latin1
>>>>AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
>>>>AddCharset ISO-8859-3  .iso8859-3  .latin3
>>>>AddCharset ISO-8859-4  .iso8859-4  .latin4
>>>>AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr
>>>>.iso-ru
>>>>AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
>>>>AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
>>>>AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
>>>>AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
>>>>AddCharset ISO-2022-JP .iso2022-jp .jis
>>>>AddCharset ISO-2022-KR .iso2022-kr .kis
>>>>AddCharset ISO-2022-CN .iso2022-cn .cis
>>>>AddCharset Big5        .Big5       .big5
>>>># For russian, more than one charset is used
>>>>(depends on client, mostly):
>>>>AddCharset WINDOWS-1251 .cp-1251   .win-1251
>>>>AddCharset CP866       .cp866
>>>>AddCharset KOI8-r      .koi8-r .koi8-ru
>>>>AddCharset KOI8-ru     .koi8-uk .ua
>>>>AddCharset ISO-10646-UCS-2 .ucs2
>>>>AddCharset ISO-10646-UCS-4 .ucs4
>>>>AddCharset UTF-8       .utf8
>>>>
>>>># The set below does not map to a specific (iso)
>>>>standard
>>>># but works on a fairly wide range of browsers. Note
>>>>that
>>>># capitalization actually matters (it should not,
>>>>but it
>>>># does for some browsers).
>>>>#
>>>># See
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets
>>>
>>>
>>>      
>>>
>>>># for a list of sorts. But browsers support few.
>>>>#
>>>>AddCharset GB2312      .gb2312 .gb
>>>>AddCharset utf-7       .utf7
>>>>AddCharset utf-8       .utf8
>>>>AddCharset big5        .big5 .b5
>>>>AddCharset EUC-TW      .euc-tw
>>>>AddCharset EUC-JP      .euc-jp
>>>>AddCharset EUC-KR      .euc-kr
>>>>AddCharset shift_jis   .sjis
>>>>
>>>>#
>>>># AddType allows you to add to or override the MIME
>>>>configuration
>>>># file mime.types for specific file types.
>>>>#
>>>>AddType application/x-tar .tgz
>>>>#Nina added this line
>>>>AddType text/html .shtml
>>>>
>>>>#
>>>># AddHandler allows you to map certain file
>>>>extensions to "handlers":
>>>># actions unrelated to filetype. These can be either
>>>>built into the server
>>>># or added with the Action directive (see below)
>>>>#
>>>># To use CGI scripts outside of ScriptAliased
>>>>directories:
>>>># (You will also need to add "ExecCGI" to the
>>>>"Options" directive.)
>>>>#
>>>>#AddHandler cgi-script .cgi
>>>>
>>>>#
>>>># For files that include their own HTTP headers:
>>>>#
>>>>#AddHandler send-as-is asis
>>>>
>>>>#
>>>># For server-parsed imagemap files:
>>>>#
>>>>AddHandler imap-file map
>>>>
>>>>#
>>>># For type maps (negotiated resources):
>>>># (This is enabled by default to allow the Apache
>>>>"It Worked" page
>>>>#  to be distributed in multiple languages.)
>>>>#
>>>>AddHandler type-map var
>>>>
>>>># Filters allow you to process content before it is
>>>>sent to the client.
>>>>#
>>>># To parse .shtml files for server-side includes
>>>>(SSI):
>>>># (You will also need to add "Includes" to the
>>>>"Options" directive.)
>>>>#
>>>>AddOutputFilter INCLUDES .shtml
>>>>
>>>>#
>>>># Action lets you define media types that will
>>>>execute a script whenever
>>>># a matching file is called. This eliminates the
>>>>need for repeated URL
>>>># pathnames for oft-used CGI file processors.
>>>># Format: Action media/type /cgi-script/location
>>>># Format: Action handler-name /cgi-script/location
>>>>#
>>>>
>>>>#
>>>># Customizable error responses come in three
>>>>flavors:
>>>># 1) plain text 2) local redirects 3) external
>>>>redirects
>>>>#
>>>># Some examples:
>>>>#ErrorDocument 500 "The server made a boo boo."
>>>>#ErrorDocument 404 /missing.html
>>>>#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
>>>>#ErrorDocument 402
>>>>http://www.example.com/subscription_info.html
>>>>#
>>>>
>>>>
>>>>Alias /error/ "/var/www/error/"
>>>>
>>>>#
>>>># The following directives modify normal HTTP
>>>>response behavior to
>>>># handle known problems with browser
>>>>implementations.
>>>>#
>>>>BrowserMatch "Mozilla/2" nokeepalive
>>>>BrowserMatch "MSIE 4\.0b2;" nokeepalive
>>>>downgrade-1.0 force-response-1.0
>>>>BrowserMatch "RealPlayer 4\.0" force-response-1.0
>>>>BrowserMatch "Java/1\.0" force-response-1.0
>>>>BrowserMatch "JDK/1\.0" force-response-1.0
>>>>
>>>>#
>>>># The following directive disables redirects on
>>>>non-GET requests for
>>>># a directory that does not include the trailing
>>>>slash.  This fixes a
>>>># problem with Microsoft WebFolders which does not
>>>>appropriately handle
>>>># redirects for folders with DAV methods.
>>>>#
>>>>BrowserMatch "Microsoft Data Access Internet
>>>>Publishing Provider" redirect-carefully
>>>>BrowserMatch "^WebDrive" redirect-carefully
>>>>BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
>>>>BrowserMatch "^gnome-vfs" redirect-carefully
>>>>
>>>>#
>>>># Allow server status reports, with the URL of
>>>>http://servername/server-status
>>>># Change the ".your-domain.com" to match your domain
>>>>to enable.
>>>>#
>>>>#<Location /server-status>
>>>>#    SetHandler server-status
>>>>#    Order deny,allow
>>>>#    Deny from all
>>>>#    Allow from .your-domain.com
>>>>#</Location>
>>>>
>>>>#
>>>># Allow remote server configuration reports, with
>>>>the URL of
>>>>#  http://servername/server-info (requires that
>>>>mod_info.c be loaded).
>>>># Change the ".your-domain.com" to match your domain
>>>>to enable.
>>>>#
>>>>#<Location /server-info>
>>>>#    SetHandler server-info
>>>>#    Order deny,allow
>>>>#    Deny from all
>>>>#    Allow from .your-domain.com
>>>>#</Location>
>>>>
>>>># Nina added this in for svn server
>>>># Repository location
>>>><Location /svn1>
>>>>DAV svn
>>>>SVNParentPath /svn1
>>>>
>>>># access control policy
>>>>AuthzSVNAccessFile /etc/svn-access-file
>>>># how to authenticate a user
>>>>AuthType Basic
>>>>AuthName "Subversion repository"
>>>>AuthUserFile /etc/svn-auth-file
>>>>
>>>># only authenticated users may access the
>>>>repository
>>>>Require valid-user
>>>></Location>
>>>>
>>>># Proxy Server directives. Uncomment the following
>>>>lines to
>>>># enable the proxy server:
>>>>#
>>>>#<IfModule mod_proxy.c>
>>>>#ProxyRequests On
>>>>#
>>>>#<Proxy *>
>>>>#    Order deny,allow
>>>>#    Deny from all
>>>>#    Allow from .your-domain.com
>>>>#</Proxy>
>>>>
>>>>#
>>>># Enable/disable the handling of HTTP/1.1 "Via:"
>>>>headers.
>>>># ("Full" adds the server version; "Block" removes
>>>>all outgoing Via: headers)
>>>># Set to one of: Off | On | Full | Block
>>>>#
>>>>#ProxyVia On
>>>>
>>>>#
>>>># To enable the cache as well, edit and uncomment
>>>>the following lines:
>>>># (no cacheing without CacheRoot)
>>>>#
>>>>#CacheRoot "/etc/httpd/proxy"
>>>>#CacheSize 5
>>>>#CacheGcInterval 4
>>>>#CacheMaxExpire 24
>>>>#CacheLastModifiedFactor 0.1
>>>>#CacheDefaultExpire 1
>>>>#NoCache a-domain.com another-domain.edu
>>>>joes.garage-sale.com
>>>>
>>>>#</IfModule>
>>>># End of proxy directives.
>>>>
>>>>### Section 3: Virtual Hosts
>>>>#
>>>># VirtualHost: If you want to maintain multiple
>>>>domains/hostnames on your
>>>># machine you can setup VirtualHost containers for
>>>>them. Most configurations
>>>># use only name-based virtual hosts so the server
>>>>doesn't need to worry about
>>>># IP addresses. This is indicated by the asterisks
>>>>in the directives below.
>>>>#
>>>># Please see the documentation at
>>>># <URL:http://httpd.apache.org/docs-2.0/vhosts/>
>>>># for further details before you try to setup
>>>>virtual hosts.
>>>>#
>>>># You may use the command line option '-S' to verify
>>>>your virtual host
>>>># configuration.
>>>>
>>>>#
>>>># Use name-based virtual hosting.
>>>>#
>>>>
>>>>
>>>># Where do we put the lock and pif files?
>>>>LockFile "/var/lock/httpd.lock"
>>>>CoreDumpDirectory "/etc/httpd"
>>>>
>>>># Defaults for virtual hosts
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>># Logs
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>#
>>>># Virtual hosts
>>>>#
>>>>
>>>># Virtual host Default Virtual Host
>>>><VirtualHost *>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>DirectoryIndex index.php index.html index.htm
>>>>index.shtml
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>LogLevel debug
>>>>HostNameLookups off
>>>>
>>>>
>>>>
>>>>
>>>></VirtualHost>
>>>>
>>>>
>>>>
>>>>#
>>>># Each directory to which Apache has access can be
>>>>configured with respect
>>>># to which services and features are allowed and/or
>>>>disabled in that
>>>># directory (and its subdirectories).
>>>>#
>>>># Note that from this point forward you must
>>>>specifically allow
>>>># particular features to be enabled - so if
>>>>something's not working as
>>>># you might expect, make sure that you have
>>>>specifically enabled it
>>>># below.
>>>>#
>>>>
>>>><Directory "/">
>>>>       Options FollowSymLinks
>>>>
>>>>       AllowOverride None
>>>>
>>>>
>>>>
>>>></Directory>
>>>>
>>>><Directory "/var/www/html">
>>>>       Options Indexes Includes FollowSymLinks
>>>>
>>>>       AllowOverride None
>>>>       Allow from all
>>>>
>>>>
>>>>       Order allow,deny
>>>></Directory>
>>>>
>>>><Directory "/var/www/icons">
>>>>       Options Indexes MultiViews
>>>>
>>>>       AllowOverride None
>>>>       Allow from all
>>>>
>>>>
>>>>       Order allow,deny
>>>></Directory>
>>>>
>>>><Directory "/var/www/cgi-bin">
>>>>       Options ExecCGI
>>>>
>>>>       AllowOverride None
>>>>       Allow from all
>>>>
>>>>
>>>>       Order allow,deny
>>>></Directory>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>
>>>
>>>      
>>>
>>>>The official User-To-User support forum of the
>>>>Apache HTTP Server Project.
>>>>See <URL:http://httpd.apache.org/userslist.html> for
>>>>more info.
>>>>To unsubscribe, e-mail:
>>>>users-unsubscribe@httpd.apache.org
>>>>  "   from the digest:
>>>>users-digest-unsubscribe@httpd.apache.org
>>>>For additional commands, e-mail:
>>>>
>>>>
>>>>        
>>>>
>>>users-help@httpd.apache.org
>>>
>>>
>>>
>>>
>>>__________________________________
>>>Do you Yahoo!?
>>>Yahoo! Mail is new and improved - Check it out!
>>>http://promotions.yahoo.com/new_mail
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server
>>>      
>>>
>Project.
>  
>
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>    
>>
>
>  
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message