merge in marc's weblinting changes (605cf12a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

docs/manual/misc/descriptors.html

+7 −7

Original line number	Diff line number	Diff line
		@@ -47,7 +47,7 @@ of files a process can have open.
		<p>To summarize:

		<center><pre>
		#open files <= soft limit <= hard limit <= kernel limit
		#open files <= soft limit <= hard limit <= kernel limit
		</pre></center>

		<p>You control the hard and soft limits using the <code>limit</code> (csh)
		@@ -73,13 +73,13 @@ situation somewhat. Here is a partial list of systems and workarounds
		will run into trouble if more than approximately 240 Listen
		directives are used. This may be cured by rebuilding your kernel
		with a higher FD_SETSIZE.
		</p>
		<p>

		<dt> <b>FreeBSD 2.2, BSDI 2.1+</b>
		<dd> Similar to the BSDI 2.0 case, you should define
		<code>FD_SETSIZE</code> and rebuild. But the extra
		Listen limitation doesn't exist.
		</p>
		<p>

		<dt> <b>Linux</b>
		<dd> By default Linux has a kernel maximum of 256 open descriptors
		@@ -95,7 +95,7 @@ situation somewhat. Here is a partial list of systems and workarounds
		256. As of this writing the patches available for increasing
		the number of descriptors do not take this into account. On a
		dedicated webserver you probably won't run into trouble.
		</p>
		<p>

		<dt> <b>Solaris through 2.5.1</b>
		<dd> Solaris has a kernel hard limit of 1024 (may be lower in earlier
		@@ -107,18 +107,18 @@ situation somewhat. Here is a partial list of systems and workarounds
		build Apache with <code>-DHIGH_SLACK_LINE=256</code> added to
		<code>EXTRA_CFLAGS</code>. You will be limited to approximately
		240 error logs if you do this.
		</p>
		<p>

		<dt> <b>AIX version ??</b>
		<dd> AIX appears to have a hard limit of 128 descriptors. End of
		story.
		</p>
		<p>

		<dt> <b>Others</b>
		<dd> If you have details on another operating system, please submit
		it through our <a href="http://www.apache.org/bug_report.html">Bug
		Report Page</a>.
		</p>
		<p>

		</dl>

docs/manual/misc/security_tips.html

+6 −0

Original line number	Diff line number	Diff line
		@@ -170,7 +170,13 @@ Also be wary of playing games with the
		>UserDir</A>
		directive; setting it to something like <SAMP>"./"</SAMP>
		would have the same effect, for root, as the first example above.
		If you are using Apache 1.3 or above, we strongly recommend that you
		include the following line in your server configuration files:
		</P>
		<DL>
		<DD><SAMP>UserDir disabled root</SAMP>
		</DD>
		</DL>

		<HR>
		<P>Please send any other useful security tips to The Apache Group

docs/manual/mod/mod_rewrite.html

+18 −23

Original line number	Diff line number	Diff line
		@@ -44,7 +44,6 @@ substitution.
		It operates on the full URLs (including the PATH_INFO part) both in
		per-server context (httpd.conf) and per-dir context (.htaccess) and even
		can generate QUERY_STRING parts on result. The rewritten result can lead to internal sub-processing, external request redirection or to internal proxy throughput.
		</b>

		<p>
		The latest version can be found on<br>
		@@ -147,7 +146,7 @@ with a slash ('<tt>/</tt>') then it is assumed to be relative to the
		config.

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		To disable the logging of rewriting actions it is not recommended
		to set <em>Filename</em>
		@@ -161,7 +160,7 @@ To disable logging either remove or comment out the
		</table>

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		SECURITY: See the <a
		href="../misc/security_tips.html">Apache Security
		@@ -198,7 +197,7 @@ To disable the logging of rewriting actions simply set <em>Level</em> to 0.
		This disables all rewrite action logs.

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		<b>Notice:</b> Using a high value for <i>Level</i> will slow down your Apache
		server dramatically! Use the rewriting logfile only for debugging or at least
		@@ -289,7 +288,7 @@ RewriteMap real-to-host txt:/path/to/file/map.real-to-user
		<li><b>DBM Hashfile Format</b>
		<p>
		This is a binary NDBM format file containing the
		same contents as the <em>Plain Text Format</b> files. You can create
		same contents as the <em>Plain Text Format</em> files. You can create
		such a file with any NDBM tool or with the <tt>dbmmanage</tt> program
		from the <tt>support</tt> directory of the Apache distribution.
		<p>
		@@ -346,7 +345,7 @@ context it is of course possible to <b>use</b> this map in per-directory
		context.

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		For plain text and DBM format files the looked-up keys are cached in-core
		until the <tt>mtime</tt> of the mapfile changes or the server does a
		@@ -384,7 +383,7 @@ will be usually be wrong!</b> There you have to use the <tt>RewriteBase</tt>
		directive to specify the correct URL-prefix.

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		So, if your webserver's URLs are <b>not</b> directly
		related to physical file paths, you have to use <tt>RewriteBase</tt> in every
		@@ -424,7 +423,7 @@ In the above example, a request to <tt>/xyz/oldstuff.html</tt> gets correctly
		rewritten to the physical file <tt>/abc/def/newstuff.html</tt>.

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		<font size=-1>
		<b>For the Apache hackers:</b><br>
		@@ -437,10 +436,10 @@ Request:
		/xyz/oldstuff.html

		Internal Processing:
		/xyz/oldstuff.html -> /abc/def/oldstuff.html (per-server Alias)
		/abc/def/oldstuff.html -> /abc/def/newstuff.html (per-dir RewriteRule)
		/abc/def/newstuff.html -> /xyz/newstuff.html (per-dir RewriteBase)
		/xyz/newstuff.html -> /abc/def/newstuff.html (per-server Alias)
		/xyz/oldstuff.html -> /abc/def/oldstuff.html (per-server Alias)
		/abc/def/oldstuff.html -> /abc/def/newstuff.html (per-dir RewriteRule)
		/abc/def/newstuff.html -> /xyz/newstuff.html (per-dir RewriteBase)
		/xyz/newstuff.html -> /abc/def/newstuff.html (per-server Alias)

		Result:
		/abc/def/newstuff.html
		@@ -471,7 +470,7 @@ sure the design and implementation is correct.
		<p>

		The <tt>RewriteCond</tt> directive defines a rule condition. Precede a
		<tt>RewriteRule</tt> directive with one or more <t>RewriteCond</tt>
		<tt>RewriteRule</tt> directive with one or more <tt>RewriteCond</tt>
		directives.

		The following rewriting rule is only used if its pattern matches the current
		@@ -562,7 +561,7 @@ IS_SUBREQ<br>


		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		These variables all correspond to the similar named HTTP MIME-headers, C
		variables of the Apache server or <tt>struct tm</tt> fields of the Unix
		@@ -770,7 +769,7 @@ for special cases where it is better to match the negative pattern or as a
		last default rule.

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		<b>Notice!</b> When using the NOT character to negate a pattern you cannot
		have grouped wildcard parts in the pattern. This is impossible because when
		@@ -814,7 +813,7 @@ conjunction with the <b>C</b> (chain) flag to be able to have more than one
		pattern to be applied before a substitution occurs.

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		<b>Notice</b>: There is a special feature. When you prefix a substitution
		field with <tt>http://</tt><em>thishost</em>[<em>:thisport</em>] then
		@@ -962,7 +961,7 @@ comma-separated list of the following flags:
		typical example is the use of <tt>mod_alias</tt> and
		<tt>mod_rewrite</tt>..
		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		<font size=-1>
		<b>For the Apache hackers:</b><br>
		@@ -995,7 +994,7 @@ comma-separated list of the following flags:
		</ul>

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		Remember: Never forget that <em>Pattern</em> gets applied to a complete URL
		in per-server configuration files. <b>But in per-directory configuration
		@@ -1012,7 +1011,7 @@ external redirect or proxy throughput (if flag <b>P</b> is used!) is forced!
		</table>

		<p>
		<table width=70% border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<table width="70%" border=2 bgcolor="#c0c0e0" cellspacing=0 cellpadding=10>
		<tr><td>
		Notice! To enable the rewriting engine for per-directory configuration files
		you need to set ``<tt>RewriteEngine On</tt>'' in these files <b>and</b>
		@@ -1120,10 +1119,6 @@ request ``<tt>GET /somepath/localpath/pathinfo</tt>'':</b><br>
		</table>


		</td>
		</tr>
		</table>

		<p>
		<b>Example:</b>
		<p>

docs/manual/mod/mod_userdir.html

+55 −26

Original line number	Diff line number	Diff line
		@@ -33,31 +33,60 @@ is compiled in by default. It provides for user-specific directories.
		<strong>Status:</strong> Base<br>
		<strong>Module:</strong> mod_userdir<br>
		<strong>Compatibility:</strong> All forms except the <code>UserDir
		public_html</code> form are only available in Apache 1.1 or above.<p>
		public_html</code> form are only available in Apache 1.1 or above. Use
		of the <SAMP>enabled</SAMP> keyword, or <SAMP>disabled</SAMP> with a
		list of usernames, is only available in Apache 1.3 and above.<p>

		The UserDir directive sets the real directory in a user's home directory
		to use when a request for a document for a user is received.
		<em>Directory</em> is either <code>disabled</code>, to disable this feature,
		or the name of a directory, following one of the following
		patterns. If not disabled, then a request for
		<em>Directory/filename</em> is one of the following:
		</P>
		<UL>
		<LI>The name of a directory or a pattern such as those shown below.
		</LI>
		<LI>The keyword <SAMP>disabled</SAMP>. This turns off <EM>all</EM>
		username-to-directory translations except those explicitly named with
		the <SAMP>enabled</SAMP> keyword (see below).
		</LI>
		<LI>The keyword <SAMP>disabled</SAMP> followed by a space-delimited
		list of usernames. Usernames that appear in such a list will
		<EM>never</EM> have directory translation performed, even if they
		appear in an <SAMP>enabled</SAMP> clause.
		</LI>
		<LI>The keyword <SAMP>enabled</SAMP> followed by a space-delimited list
		of usernames. These usernames will have directory translation
		performed even if a global disable is in effect, but not if they also
		appear in a <SAMP>disabled</SAMP> clause.
		</LI>
		</UL>
		<P>
		If neither the <SAMP>enabled</SAMP> nor the <SAMP>disabled</SAMP>
		keywords appear in the <SAMP>Userdir</SAMP> directive, the argument is
		treated as a filename pattern, and is used to turn the name into a
		directory specification. A request for
		<code>http://www.foo.com/~bob/one/two.html</code> will be translated to:
		<pre>
		UserDir public_html -> ~bob/public_html/one/two.html
		UserDir /usr/web -> /usr/web/bob/one/two.html
		UserDir /home/*/www -> /home/bob/www/one/two.html
		UserDir public_html -> ~bob/public_html/one/two.html
		UserDir /usr/web -> /usr/web/bob/one/two.html
		UserDir /home/*/www -> /home/bob/www/one/two.html
		</pre>
		The following directives will send redirects to the client:
		<pre>
		UserDir http://www.foo.com/users -> http//www.foo.com/users/bob/one/two.html
		UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html
		UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html
		UserDir http://www.foo.com/users -> http//www.foo.com/users/bob/one/two.html
		UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html
		UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html
		</pre>

		<P>
		</P>
		<BLOCKQUOTE>
		<STRONG>
		Be careful when using this directive; for instance, <SAMP>"UserDir
		./"</SAMP> would map <SAMP>"/~root"</SAMP> to
		<SAMP>"/"</SAMP> - which is probably undesirable. See also
		Be careful when using this directive; for instance,
		<SAMP>"UserDir ./"</SAMP> would map
		<SAMP>"/~root"</SAMP> to
		<SAMP>"/"</SAMP> - which is probably undesirable. If you are
		running Apache 1.3 or above, it is strongly recommended that your
		configuration include a
		"<SAMP>UserDir disabled root</SAMP>" declaration.
		See also
		the
		<A
		HREF="core.html#directory"
		@@ -68,7 +97,7 @@ directive and the
		>Security Tips</A>
		page for more information.
		</STRONG>
		</P>
		</BLOCKQUOTE>

		<!--#include virtual="footer.html" -->
		</BODY>