Dragging over a bunch of changes to the HEAD version. The

  <!--#include virtual="header.html" -->

  <H1 ALIGN="CENTER">Apache Server Frequently Asked Questions</H1>

  <P>

  $Revision: 1.63.2.5 $ ($Date: 1997/06/28 21:51:43 $)

  $Revision: 1.63.2.6 $ ($Date: 1997/07/05 15:37:37 $)

  </P>

  <P>

  The latest version of this FAQ is always available from the main

   <LI><A HREF="#nodelay">Why am I getting &quot;<SAMP>httpd: could not

    set socket option TCP_NODELAY</SAMP>&quot; in my error log?</A>

   </LI>

   <LI><A HREF="#peerreset">Why am I getting &quot;<SAMP>connection

    reset by peer</SAMP>&quot; in my error log?</A>

   </LI>

   <LI><A HREF="#nph-scripts">How can I get my script's output without

    Apache buffering it?</A>

   </LI>

    the server error log.  Sometimes this is enough for you to diagnose 

    & fix the problem yourself (such as file permissions or the like).

    The default location of the error log is 

    <CODE>/usr/local/etc/httpd/logs/error_log</CODE>, but see the 

    <SAMP>/usr/local/etc/httpd/logs/error_log</SAMP>, but see the 

    <A

     HREF="../mod/core.html#errorlog"

    ><SAMP>ErrorLog</SAMP></A>

  </P>

  <HR>

 </LI>

 <LI><A NAME="peerreset">

      <STRONG>Why am I getting &quot;<SAMP>connection reset by

      peer</SAMP>&quot; in my error log?</STRONG>

     </A> 

  <P>

  This is a normal message and nothing about which to be alarmed.  It simply

  means that the client cancelled the connection before it had been

  completely set up - such as by the end-user pressing the "Stop"

  button.  People's patience being what it is, sites with response-time

  problems or slow network links may experiences this more than

  high-capacity ones or those with large pipes to the network.

  </P>

  <HR>

 </LI>

 <LI><A NAME="nph-scripts">

      <STRONG>How can I get my script's output without Apache buffering

      it?</STRONG>

  To resolve this, you can either make sure you use the include files

  and libraries that came with your system or make sure to use the

  new include files and libraries.  Adding <CODE>-lbind</CODE> to the

  <CODE>EXTRA_LFLAGS</CODE> line in your <CODE>Configuration</CODE> 

  file, then re-running <CODE>Configure</CODE>, should resolve the

  problem.

  <CODE>EXTRA_LDFLAGS</CODE> line in your <SAMP>Configuration</SAMP> 

  file, then re-running <SAMP>Configure</SAMP>, should resolve the

  problem.  (Apache versions 1.2.* and earlier use

  <CODE>EXTRA_LFLAGS</CODE> instead.)

  </P>

  <p><b>Note:</b> As of BIND 8.1.1, the bind libraries and files are

  installed under <code>/usr/local/bind</code> by default.  So you

  <P>

  <STRONG>Note:</STRONG>As of BIND 8.1.1, the bind libraries and files are

  installed under <SAMP>/usr/local/bind</SAMP> by default, so you

  should not run into this problem.  Should you want to use the bind

  resolvers you'll have to add the following to the respective lines:

  <blockquote><pre>

  EXTRA_CFLAGS=-I/usr/local/bind/include

  EXTRA_LFLAGS=-L/usr/local/bind/lib

  EXTRA_LIBS=-lbind

  </pre></blockquote>

  </P>

  <P>

  <DL>

   <DD><CODE>EXTRA_CFLAGS=-I/usr/local/bind/include

    <BR>

    EXTRA_LDFLAGS=-L/usr/local/bind/lib

    <BR>

    EXTRA_LIBS=-lbind</CODE>

   </DD>

  </DL>

  </P>

  <HR>

 </LI>

 <LI><A NAME="set-servername">

  </P>

  <P>

  <DL>

   <DD><CODE>deny from all<BR>

    allow from .domain.com<BR>

    AuthType Basic<BR>

    AuthUserFile /usr/local/etc/httpd/conf/htpasswd.users<BR>

    AuthName special directory<BR>

    require valid-user<BR>

   <DD><CODE>deny from all

    <BR>

    allow from .domain.com

    <BR>

    AuthType Basic

    <BR>

    AuthUserFile /usr/local/etc/httpd/conf/htpasswd.users

    <BR>

    AuthName special directory

    <BR>

    require valid-user

    <BR>

    satisfy any</CODE>

   </DD>

  </DL>

  </P>

  <HR>

 </LI>

 <LI><A NAME="linux-shmget">

      <STRONG>When I run it under Linux I get "shmget:

      function not found", what should I do?</STRONG>

  <P>

  Your kernel has been built without SysV IPC support.  You will have to

  rebuild the kernel with that support enabled (it's under the

    "General Setup" submenu).  Documention for

    kernel building is beyond the scope of this FAQ, you should consult

    the <A HREF="http://www.linuxhq.com/HOWTO/Kernel-HOWTO.html">Kernel

    HOWTO</A>, or the documentation provided with your distribution,

    or a <A HREF="http://www.linuxhq.com/HOWTO/META-FAQ.html">Linux

    newsgroup/mailing list</A>.  As a last resort workaround, you can

  "General Setup" submenu).  Documentation for

  kernel building is beyond the scope of this FAQ; you should consult

  the

  <A HREF="http://www.linuxhq.com/HOWTO/Kernel-HOWTO.html"

  >Kernel HOWTO</A>,

  or the documentation provided with your distribution, or a

  <A HREF="http://www.linuxhq.com/HOWTO/META-FAQ.html"

  >Linux newsgroup/mailing list</A>.

  As a last-resort workaround, you can

  comment out the <CODE>#define HAVE_SHMGET</CODE> definition in the

    <CODE>LINUX</CODE> section of

    <CODE>src/conf.h</CODE> and rebuild the server.  This will produce

  <SAMP>LINUX</SAMP> section of

  <SAMP>src/conf.h</SAMP> and rebuild the server.  This will produce

  a server which is slower and less reliable.

  </P>

  <HR>

 </LI>

 <LI><A NAME="authauthoritative">

      <STRONG>Why does my authentification give me a server error?</STRONG>

     </A>

  <P>

    Under normal circumstances, the apache access control modules will

    pass unrecognized userids on to the next access control module in

    line.  Only if the userid is recognized, the password is validated

    (or not) will it give the usual success or authentification failed

    messages.

  </p>

  <p>

    However if the last access module in line 'declines' the validation

    request (because it has never heard of the userid or because it is not

    configured) the http_request handler will give one of the following,

    confusing, errors:

  Under normal circumstances, the Apache access control modules will

  pass unrecognized user IDs on to the next access control module in

  line.  Only if the user ID is recognized and the password is validated

  (or not) will it give the usual success or "authentification

  failed" messages.

  </P>

  <P>

  However, if the last access module in line 'declines' the validation

  request (because it has never heard of the user ID or because it is not

  configured), the <SAMP>http_request</SAMP> handler will give one of

  the following, confusing, errors:

  </P>

  <UL>

    <li> <code>check access</code>

    <li> <code>check user.  No user file? </code>

    <li> <code>check access.  No groups file? </code>

  </ul> 

    This does not mean that you have to add a 'AuthUserFile /dev/null'

    line as some magazines suggest !

  </p>

  <p>

   <LI><SAMP>check access</SAMP>

   </LI>

   <LI><SAMP>check user.  No user file?</SAMP>

   </LI>

   <LI><SAMP>check access.  No groups file?</SAMP>

   </LI>

  </UL>

  <P>

  This does <EM>not</EM> mean that you have to add an

  '<SAMP>AuthUserFile&nbsp;/dev/null</SAMP>' line as some magazines suggest!

  </P>

  <P>

  The solution is to ensure that at least the last module is authoritative

    and <b>CONFIGURED</b>. By default <code>mod_auth</code> is authoritative

    and will give an OK/Denied, but only if it is configured with the

    proper AuthUserFile. Likewise if a valid group is required.  (Remember

    that the modules are processed in the reverse order they appear in

    your compile-time Configuration file.)

  and <STRONG>CONFIGURED</STRONG>. By default, <SAMP>mod_auth</SAMP> is

  authoritative and will give an OK/Denied, but only if it is configured

  with the proper <SAMP>AuthUserFile</SAMP>.  Likewise, if a valid group

  is required.  (Remember that the modules are processed in the reverse

  order from that in which they appear in your compile-time

  <SAMP>Configuration</SAMP> file.)

  </P>

  <p>

  <P>

  A typical situation for this error is when you are using the

    mod_auth_dbm, mod_auth_msql, mod_auth_mysql, mod_auth_anon or

    mod_auth_cookie on their own.  These are by default <b>not</b>

    authoritative, and this will pass the buck on to the (non-existent) next

    authentification module when the user ID is not in their respective

    database.  Just add the appropriate 'XXXAuthoritative yes' line to

    the configuration.

  </p>

  <p>

  <SAMP>mod_auth_dbm</SAMP, <SAMP>mod_auth_msql</SAMP>,

  <SAMP<mod_auth_mysql</SAMP>, <SAMP>mod_auth_anon</SAMP> or

  <SAMP>mod_auth_cookie</SAMP> modules on their own.  These are by

  default <STRONG>not</STRONG> authoritative, and this will pass the

  buck on to the (non-existent) next authentification module when the

  user ID is not in their respective database.  Just add the appropriate

  '<SAMP><EM>XXX</EM>Authoritative yes</SAMP>' line to the configuration.

  </P>

  <P>

  In general it is a good idea (though not terribly efficient) to have the

    file based mod_auth a module of last resort. This allows you to access

    the web server with a few special passwords even if the databases are

    down or corrupted.  This does cost a file-open/seek/close for each

    request in a protected area.

  </p>

  file-based <SAMP>mod_auth</SAMP> a module of last resort. This allows

  you to access the web server with a few special passwords even if the

  databases are down or corrupted.  This does cost a

  file open/seek/close for each request in a protected area.

  </P>

  <HR>

 </LI>

 <LI><A NAME="auth-on-same-machine">

      <STRONG>Do I have to keep the (mSQL) authentification information

      on the same machine?</STRONG>

     </A>

  <p>

  <P>

  Some organizations feel very strongly about keeping the authentification

  information on a different machine than the webserver. With the

    mod_auth_msql, mod_auth_mysql and other SQL modules connecting to

    (R)DBMses this is quite well possible. Just configure an explicit host

    to contact.

  </p>

  <p>

  <SAMP>mod_auth_msql</SAMP>, <SAMP>mod_auth_mysql</SAMP>, and other SQL

  modules connecting to (R)DBMses this is quite possible. Just configure

  an explicit host to contact.

  </P>

  <P>

  Be aware that with mSQL and Oracle, opening and closing these database

  connections is very expensive and time consuming. You might want to

    look at the code in the auth_modules and play with the compile time

    flags to alleviate this somewhat; if your RDBMS licences alows for it.

  </p>

  look at the code in the <SAMP>auth_*</SAMP> modules and play with the

  compile time flags to alleviate this somewhat, if your RDBMS licences

  allow for it.

  </P>

  <HR>

 </LI>

 <LI><A NAME="msql-slow">

      <STRONG>Why is my mSQL authentification terribly slow?</STRONG>

     </A>

  <p>

  <P>

  You have probably configured the Host by specificing a FQHN,

  and thus the libmsql will use a full blown tcp/ip socket to talk to

    the database, rather than a fast internal device. Both the libmsql,

    the mSQL faq and the mod_auth_msql documentation warn you about this. If

    you have to use different hosts, check out the mod_auth_msql code for

    some compile time flags which might, or might not suit you.

  </p>

  the database, rather than a fast internal device.  The

  <SAMP>libmsql</SAMP>, the mSQL FAQ, and the <SAMP>mod_auth_msql</SAMP>

  documentation warn you about this.  If you have to use different

  hosts, check out the <SAMP>mod_auth_msql</SAMP> code for 

  some compile time flags which might - or might not - suit you.

  </P>

 <HR>

 </LI>