Directives for a minimal install

  • ServerType - how apache runs, either daemon or inetd (usually daemon)
  • ServerRoot - the directory under which apache is installed, e.g. /usr/local/apache
  • DocumentRoot - the directory (html) documents are kept in, e.g. /usr/local/apache/htdocs
  • User - the user apache runs as after the initial start up as root, e.g. apache
  • Group - the group apache will run as , e.g. httpd
  • TransferLog - the file the server will record information about requests it receives, e.g. logs/access.log (without a leading / , the path will be interpreted as relative to the ServerRoot ).
  • ErrorLog - the file errors are recorded in
  • Port - the port the server listens on, by default 80 (if the port is below 1024, root has to start the server as it will be a privileged port)
  • ServerName - the name the server identifies itself as and should be the fully qualified hostname, e.g. www.in2nix.com (this should be recorded in /etc/hosts in case of DNS problems)
  • PidFile - Where to record the process number of the parent process (used for communicating with and controlling the server)
  • ServerAdmin - Normally an email address to report problems to

Security

Normally there is a default security entry e.g.

<Directory />
AllowOveride None
Options None
Order deny,allow
Deny from all
</Directory>

This disallows access to all directories, i.e. / downwards . This is then normally overriden with further directives allowing access to specific directories.

Permissions

These are best set as follows (the ServerRoot in this example is /usr/local/ apache):

 1. chown -R root:root /usr/local/apache
 2. chmod -R 740 /usr/local/apache/*
 3. chmod 755 /usr/local/apache/cgi-bin /usr/local/apache/cgi-bin/*
 4. chgrp -R wwwdocs /usr/local/htdocs
 5. chmod -R 775 /usr/local/apache/htdocs

Note: wwwdocs would be a group containing users who can update web pages.

httpd command flags

  • -d - server root directory
  • -f - location of config file
  • -h - list directives
  • -l - list modules
  • -v - echo version
  • -X - for debugging, won't go into daemon mode
  • apachectl start/stop - start or stop the httpd daemon

Authentication directives

The following security related directives can be used (often in conjunction with one another) to control who can access what…

  • Allow from host/network/all - mod_access module
  • Deny from host/network/all - mod_access module
  • Order deny/allow - process the deny first the allow, i.e. if not specifically denied, is allowed
  • Order allow/deny - if not specifically allowed, is denied
  • Order mutual-failure - Must be allowed and not match any deny rules, i.e. both allow and deny rules checked before authenticated
  • AuthType type - e.g. authentication type, type could be basic
  • AuthName realname - A name representing an area users need to be authenticated for
  • Require user username [username] - access will be denied unless the authenticated username is in the list username [username]
  • Require group groupname [groupname] - access will be denied unless the authenticated groupname is in the list groupname [groupname]
  • Require valid-user - acess will be granted if user authenticated
  • Satisfy All - the allow/deny and username, password, group rules must all be satisfied
  • Satisfy Any - Either allow/deny or network identity checks can be met

mod_auth module

Enhanced authentication is provided by running apache with the mod_auth module included. This has the following directives:

  • AuthUser File filename - file containing usernames and encrypted passwords
  • AuthGroup File filename - file containing a group name and users in that group
  • AuthAuthoritive Boolean - either on or off. If on, only AuthUser/AuthGroup used. Otherwise a request is passwed to any other authentication methods installed.
  • mod_auth_db/mod_auth_dbm - allows authentication to be stored in DBM or BerkelyDB database

Other Directives (containers)

  • <Directory directory> - Directives inside apply to this directory only
  • <Files files > - Directives inside apply to these files only
  • <Location location > - Directives inside apply to this URL location only
  • <VirtualHost virtualhost > - Defines a virtual web site. Directives inside apply to the virtual web site only.

Recent Changes

Contribute to this wiki

Why not help others by sharing your knowledge? Contribute something to this wiki and join out hall of fame!
Contact us for a user name and password