developer/ 40755 0 0 0 10422374276 10104 5ustar 0 0 faq/ 40755 0 0 0 10422374276 6666 5ustar 0 0 howto/ 40755 0 0 0 10422374276 7257 5ustar 0 0 images/ 40755 0 0 0 10422374277 7365 5ustar 0 0 misc/ 40755 0 0 0 10422374277 7053 5ustar 0 0 mod/ 40755 0 0 0 10422374277 6677 5ustar 0 0 platform/ 40755 0 0 0 10422374277 7744 5ustar 0 0 programs/ 40755 0 0 0 10422374277 7752 5ustar 0 0 rewrite/ 40755 0 0 0 10422374277 7601 5ustar 0 0 ssl/ 40755 0 0 0 10422374277 6721 5ustar 0 0 style/ 40755 0 0 0 10422374277 7260 5ustar 0 0 style/_generated/ 40755 0 0 0 10422374277 11355 5ustar 0 0 style/css/ 40755 0 0 0 10422374006 10036 5ustar 0 0 style/lang/ 40755 0 0 0 10422374277 10201 5ustar 0 0 style/latex/ 40755 0 0 0 10422374277 10375 5ustar 0 0 style/xsl/ 40755 0 0 0 10422374277 10066 5ustar 0 0 style/xsl/util/ 40755 0 0 0 10422374277 11043 5ustar 0 0 vhosts/ 40755 0 0 0 10422374277 7446 5ustar 0 0 bind.html100644 0 0 16734 10422374276 10051 0ustar 0 0 ּҿ Ʈ (Binding) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ּҿ Ʈ (Binding)

ֽ ƴմϴ. ֱٿ ϼ.

ġ Ư ּҿ Ʈ ϵ ϱ.

top

õ õ þ

ġ ϸ ġ ǻ  Ʈ ּҿ Ͽ, û ٸ. ⺻ ġ ǻ ּҿ ٸ. ׷ ġ Ư Ʈ ּҸ ٸ ؾ 찡 ִ. ġ  ٸ IP ּ, ȣƮ, Ʈ ϴ ȣƮ ɰ õִ.

Listen þ Ư Ʈ ּҿ Ʈ տ û ް Ѵ. Listen þ Ʈ ȣ ϸ, ̽ Ʈ ٸ. Listen þ ٸ ּҿ Ʈ ִ. ּҿ Ʈ û Ѵ.

, 80 8000 Ʈ ο ޵ Ϸ:

Listen 80
Listen 8000

̽ Ʈ ٸ Ϸ,

Listen 192.170.2.1:80
Listen 192.170.2.5:8000

IPv6 ּҴ ȣ Ѵ:

Listen [2001:db8::a00:20ff:fea7:ccea]:80

top

IPv6 Ư

IPv6 ÷ ð ְ APR ̵ ÷ κп IPv6 ϱ⶧, ġ IPv6 ҴϿ IPv6 û ó ִ.

ġ ڿ κ IPv6 IPv4 IPv6 ó ִĴ ̴. κ ÷ IPv4-(mapped) IPv6 ּҸ Ͽ IPv6 Ͽ IPv4 , FreeBSD NetBSD OpenBSD ýü å ⺻ ʴ´. ׷ ⺻ ʴ ý̶ ġ Ư Ķͷ ִ.

ݸ Tru64 Ϻ ÷ IPv4 IPv6 óϷ ּҸ ؾ߸ Ѵ. ġ ּ Ͽ IPv4 IPv6 ޵Ϸ, IPv4- IPv6 ּҸ ϰ configure ɼ --enable-v4-mapped Ѵ.

--enable-v4-mapped FreeBSD, NetBSD, OpenBSD ÷ ⺻̰, Ƹ ġ ̴.

÷ APR ο ġ IPv4 Ḹ ޵Ϸ, Listen þ IPv4 ּҸ Ѵ:

Listen 0.0.0.0:80
Listen 192.170.2.1:80

÷ ϸ ġ ٸ IPv4 IPv6 ޵Ϸ ( IPv4- ּҸ ), configure ɼ --disable-v4-mapped Ѵ. --disable-v4-mapped FreeBSD, NetBSD, OpenBSD ⺻̴.

top

ȣƮ  dz

Listen ȣƮ ʴ´. ̴ ּ  ּҿ Ʈ ٸ ˷ش. <VirtualHost> þ , û Ȱ óѴ. ׷ <VirtualHost> ּҿ Ʈ ٸ ൿ ִ. ȣƮ ּҿ Ʈ ˷ Ѵ. ׸ Ư ּҿ Ʈ ȣƮ ൿ <VirtualHost> ʿϴ. ּ ٸʴ ּҿ Ʈ ϴ <VirtualHost> ϶.

caching.html100644 0 0 112351 10422374276 10541 0ustar 0 0 Caching Guide - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

Caching Guide

This document supplements the mod_cache, mod_disk_cache, mod_mem_cache, mod_file_cache and htcacheclean reference documentation. It describes how to use Apache's caching features to accelerate web and proxy serving, while avoiding common problems and misconfigurations.

top

Introduction

As of Apache HTTP server version 2.2 mod_cache and mod_file_cache are no longer marked experimental and are considered suitable for production use. These caching architectures provide a powerful means to accelerate HTTP handling, both as an origin webserver and as a proxy.

mod_cache and its provider modules mod_mem_cache and mod_disk_cache provide intelligent, HTTP-aware caching. The content itself is stored in the cache, and mod_cache aims to honour all of the various HTTP headers and options that control the cachability of content. It can handle both local and proxied content. mod_cache is aimed at both simple and complex caching configurations, where you are dealing with proxied content, dynamic local content or have a need to speed up access to local files which change with time.

mod_file_cache on the other hand presents a more basic, but sometimes useful, form of caching. Rather than maintain the complexity of actively ensuring the cachability of URLs, mod_file_cache offers file-handle and memory-mapping tricks to keep a cache of files as they were when Apache was last started. As such, mod_file_cache is aimed at improving the access time to local static files which do not change very often.

As mod_file_cache presents a relatively simple caching implementation, apart from the specific sections on CacheFile and MMapStatic, the explanations in this guide cover the mod_cache caching architecture.

To get the most from this document, you should be familiar with the basics of HTTP, and have read the Users' Guides to Mapping URLs to the Filesystem and Content negotiation.

top

Caching Overview

Related ModulesRelated Directives

There are two main stages in mod_cache that can occur in the lifetime of a request. First, mod_cache is a URL mapping module, which means that if a URL has been cached, and the cached version of that URL has not expired, the request will be served directly by mod_cache.

This means that any other stages that might ordinarily happen in the process of serving a request -- for example being handled by mod_proxy, or mod_rewrite -- won't happen. But then this is the point of caching content in the first place.

If the URL is not found within the cache, mod_cache will add a filter to the request handling. After Apache has located the content by the usual means, the filter will be run as the content is served. If the content is determined to be cacheable, the content will be saved to the cache for future serving.

If the URL is found within the cache, but also found to have expired, the filter is added anyway, but mod_cache will create a conditional request to the backend, to determine if the cached version is still current. If the cached version is still current, its meta-information will be updated and the request will be served from the cache. If the cached version is no longer current, the cached version will be deleted and the filter will save the updated content to the cache as it is served.

Improving Cache Hits

When caching locally generated content, ensuring that UseCanonicalName is set to On can dramatically improve the ratio of cache hits. This is because the hostname of the virtual-host serving the content forms a part of the cache key. With the setting set to On virtual-hosts with multiple server names or aliases will not produce differently cached entities, and instead content will be cached as per the canonical hostname.

Because caching is performed within the URL to filename translation phase, cached documents will only be served in response to URL requests. Ordinarily this is of little consequence, but there is one circumstance in which it matters: If you are using Server Side Includes;

<!-- The following include can be cached -->
<!--#include virtual="/footer.html" --> 

<!-- The following include can not be cached -->
<!--#include file="/path/to/footer.html" -->

If you are using Server Side Includes, and want the benefit of speedy serves from the cache, you should use virtual include types.

Expiry Periods

The default expiry period for cached entities is one hour, however this can be easily over-ridden by using the CacheDefaultExpire directive. This default is only used when the original source of the content does not specify an expire time or time of last modification.

If a response does not include an Expires header but does include a Last-Modified header, mod_cache can infer an expiry period based on the use of the CacheLastModifiedFactor directive.

For local content, mod_expires may be used to fine-tune the expiry period.

The maximum expiry period may also be controlled by using the CacheMaxExpire.

A Brief Guide to Conditional Requests

When content expires from the cache and is re-requested from the backend or content provider, rather than pass on the original request, Aoache will use a conditional request instead.

HTTP offers a number of headers which allow a client, or cache to discern between different versions of the same content. For example if a resource was served with an "Etag:" header, it is possible to make a conditional request with an "If-Match:" header. If a resource was served with a "Last-Modified:" header it is possible to make a conditional request with an "If-Modified-Since:" header, and so on.

When such a conditional request is made, the response differs depending on whether the content matches the conditions. If a request is made with an "If-Modified-Since:" header, and the content has not been modified since the time indicated in the request then a terse "304 Not Modified" response is issued.

If the content has changed, then it is served as if the request were not conditional to begin with.

The benefits of conditional requests in relation to caching are twofold. Firstly, when making such a request to the backend, if the content from the backend matches the content in the store, this can be determined easily and without the overhead of transferring the entire resource.

Secondly, conditional requests are usually less strenuous on the backend. For static files, typically all that is involved is a call to stat() or similar system call, to see if the file has changed in size or modification time. As such, even if Apache is caching local content, even expired content may still be served faster from the cache if it has not changed. As long as reading from the cache store is faster than reading from the backend (e.g. an in-memory cache compared to reading from disk).

What Can be Cached?

As mentioned already, the two styles of caching in Apache work differently, mod_file_cache caching maintains file contents as they were when Apache was started. When a request is made for a file that is cached by this module, it is intercepted and the cached file is served.

mod_cache caching on the other hand is more complex. When serving a request, if it has not been cached previously, the caching module will determine if the content is cacheable. The conditions for determining cachability of a response are;

  1. Caching must be enabled for this URL. See the CacheEnable and CacheDisable directives.
  2. The response must have a HTTP status code of 200, 203, 300, 301 or 410.
  3. The request must be a HTTP GET request.
  4. If the request contains an "Authorization:" header, the response will not be cached.
  5. If the response contains an "Authorization:" header, it must also contain an "s-maxage", "must-revalidate" or "public" option in the "Cache-Control:" header.
  6. If the URL included a query string (e.g. from a HTML form GET method) it will not be cached unless the response includes an "Expires:" header, as per RFC2616 section 13.9.
  7. If the response has a status of 200 (OK), the response must also include at least one of the "Etag", "Last-Modified" or the "Expires" headers, unless the CacheIgnoreNoLastMod directive has been used to require otherwise.
  8. If the response includes the "private" option in a "Cache-Control:" header, it will not be stored unless the CacheStorePrivate has been used to require otherwise.
  9. Likewise, if the response includes the "no-store" option in a "Cache-Control:" header, it will not be stored unless the CacheStoreNoStore has been used.
  10. A response will not be stored if it includes a "Vary:" header containing the match-all "*".

What Should Not be Cached?

In short, any content which is highly time-sensitive, or which varies depending on the particulars of the request that are not covered by HTTP negotiation, should not be cached.

If you have dynamic content which changes depending on the IP address of the requester, or changes every 5 minutes, it should almost certainly not be cached.

If on the other hand, the content served differs depending on the values of various HTTP headers, it is possible that it might be possible to cache it intelligently through the use of a "Vary" header.

Variable/Negotiated Content

If a response with a "Vary" header is received by mod_cache when requesting content by the backend it will attempt to handle it intelligently. If possible, mod_cache will detect the headers attributed in the "Vary" response in future requests and serve the correct cached response.

If for example, a response is received with a vary header such as;

Vary: negotiate,accept-language,accept-charset

mod_cache will only serve the cached content to requesters with matching accept-language and accept-charset headers matching those of the original request.

top

Security Considerations

Authorisation, Access & and Control

Using mod_cache is very much like having a built in reverse-proxy. Requests will be served by the caching module unless it determines that the backend should be queried. When caching local resources, this drastically changes the security model of Apache.

As traversing a filesystem hierarchy to examine potential .htaccess files would be a very expensive operation, partially defeating the point of caching (to speed up requests), mod_cache makes no decision about whether a cached entity is authorised for serving. In other words; if mod_cache has cached some content, it will be served from the cache as long as that content has not expired.

If, for example, your configuration permits access to a resource by IP address you should ensure that this content is not cached. You can do this by using the CacheDisable directive, or mod_expires. Left unchecked, mod_cache - very much like a reverse proxy - would cache the content when served and then serve it to any client, on any IP address.

Local exploits

As requests to end-users can be served from the cache, the cache itself can become a target for those wishing to deface or interfere with content. It is important to bear in mind that the cache must at all times be writable by the user which Apache is running as. This is in stark contrast to the usually recommended situation of maintaining all content unwritable by the Apache user.

If the Apache user is compromised, for example through a flaw in a CGI process, it is possible that the cache may be targeted. When using mod_disk_cache, it is relatively easy to insert or modify a cached entity.

This presents a somewhat elevated risk in comparison to the other types of attack it is possible to make as the Apache user. If you are using mod_disk_cache you should bear this in mind - ensure you upgrade Apache when security upgrades are announced and run CGI processes as a non-Apache user using suEXEC if possible.

Cache Poisoning

When running Apache as a caching proxy server, there is also the potential for so-called cache poisoning. Cache Poisoning is a broad term for attacks in which an attacker causes the proxy server to retrieve incorrect (and usually undesirable) content from the backend.

For example if the DNS servers used by your system running Apache are vulnerable to DNS cache poisoning, an attacker may be able to control where Apache connects to when requesting content from the origin server. Another example is so-called HTTP request-smuggling attacks.

This document is not the correct place for an in-depth discussion of HTTP request smuggling (instead, try your favourite search engine) however it is important to be aware that it is possible to make a series of requests, and to exploit a vulnerability on an origin webserver such that the attacker can entirely control the content retrieved by the proxy.

top

File-Handle Caching

Related ModulesRelated Directives

The act of opening a file can itself be a source of delay, particularly on network filesystems. By maintaining a cache of open file descriptors for commonly served files, Apache can avoid this delay. Currently Apache provides two different implementations of File-Handle Caching.

CacheFile

The most basic form of caching present in Apache is the file-handle caching provided by mod_file_cache. Rather than caching file-contents, this cache maintains a table of open file descriptors. Files to be cached in this manner are specified in the configuration file using the CacheFile directive.

The CacheFile directive instructs Apache to open the file when Apache is started and to re-use this file-handle for all subsequent access to this file.

CacheFile /usr/local/apache2/htdocs/index.html

If you intend to cache a large number of files in this manner, you must ensure that your operating system's limit for the number of open files is set appropriately.

Although using CacheFile does not cause the file-contents to be cached per-se, it does mean that if the file changes while Apache is running these changes will not be picked up. The file will be consistently served as it was when Apache was started.

If the file is removed while Apache is running, Apache will continue to maintain an open file descriptor and serve the file as it was when Apache was started. This usually also means that although the file will have been deleted, and not show up on the filesystem, extra free space will not be recovered until Apache is stopped and the file descriptor closed.

CacheEnable fd

mod_mem_cache also provides its own file-handle caching scheme, which can be enabled via the CacheEnable directive.

CacheEnable fd /

As with all of mod_cache this type of file-handle caching is intelligent, and handles will not be maintained beyond the expiry time of the cached content.

top

In-Memory Caching

Related ModulesRelated Directives

Serving directly from system memory is universally the fastest method of serving content. Reading files from a disk controller or, even worse, from a remote network is orders of magnitude slower. Disk controllers usually involve physical processes, and network access is limited by your available bandwidth. Memory access on the other hand can take mere nano-seconds.

System memory isn't cheap though, byte for byte it's by far the most expensive type of storage and it's important to ensure that it is used efficiently. By caching files in memory you decrease the amount of memory available on the system. As we'll see, in the case of operating system caching, this is not so much of an issue, but when using Apache's own in-memory caching it is important to make sure that you do not allocate too much memory to a cache. Otherwise the system will be forced to swap out memory, which will likely degrade performance.

Operating System Caching

Almost all modern operating systems cache file-data in memory managed directly by the kernel. This is a powerful feature, and for the most part operating systems get it right. For example, on Linux, let's look at the difference in the time it takes to read a file for the first time and the second time;

colm@coroebus:~$ time cat testfile > /dev/null
real    0m0.065s
user    0m0.000s
sys     0m0.001s
colm@coroebus:~$ time cat testfile > /dev/null
real    0m0.003s
user    0m0.003s
sys     0m0.000s

Even for this small file, there is a huge difference in the amount of time it takes to read the file. This is because the kernel has cached the file contents in memory.

By ensuring there is "spare" memory on your system, you can ensure that more and more file-contents will be stored in this cache. This can be a very efficient means of in-memory caching, and involves no extra configuration of Apache at all.

Additionally, because the operating system knows when files are deleted or modified, it can automatically remove file contents from the cache when neccessary. This is a big advantage over Apache's in-memory caching which has no way of knowing when a file has changed.

Despite the performance and advantages of automatic operating system caching there are some circumstances in which in-memory caching may be better performed by Apache.

Firstly, an operating system can only cache files it knows about. If you are running Apache as a proxy server, the files you are caching are not locally stored but remotely served. If you still want the unbeatable speed of in-memory caching, Apache's own memory caching is needed.

MMapStatic Caching

mod_file_cache provides the MMapStatic directive, which allows you to have Apache map a static file's contents into memory at start time (using the mmap system call). Apache will use the in-memory contents for all subsequent accesses to this file.

MMapStatic /usr/local/apache2/htdocs/index.html

As with the CacheFile directive, any changes in these files will not be picked up by Apache after it has started.

The MMapStatic directive does not keep track of how much memory it allocates, so you must ensure not to over-use the directive. Each Apache child process will replicate this memory, so it is critically important to ensure that the files mapped are not so large as to cause the system to swap memory.

mod_mem_cache Caching

mod_mem_cache provides a HTTP-aware intelligent in-memory cache. It also uses heap memory directly, which means that even if MMap is not supported on your system, mod_mem_cache may still be able to perform caching.

Caching of this type is enabled via;

# Enable memory caching
CacheEnable mem /

# Limit the size of the cache to 1 Megabyte
MCacheSize 1024
top

Disk-based Caching

Related ModulesRelated Directives

mod_disk_cache provides a disk-based caching mechanism for mod_cache. As with mod_mem_cache this cache is intelligent and content will be served from the cache only as long as it is considered valid.

Typically the module will be configured as so;

CacheRoot   /var/cache/apache/
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1

Importantly, as the cached files are locally stored, operating system in-memory caching will typically be applied to their access also. So although the files are stored on disk, if they are frequently accessed it is likely the operating system will ensure that they are actually served from memory.

Understanding the Cache-Store

To store items in the cache, mod_disk_cache creates a 22 character hash of the url being requested. Thie hash incorporates the hostname, protocol, port, path and any CGI arguments to the URL, to ensure that multiple URLs do not collide.

Each character may be any one of 64-different characters, which mean that overall there are 22^64 possible hashes. For example, a URL might be hashed to xyTGxSMO2b68mBCykqkp1w. This hash is used as a prefix for the naming of the files specific to that url within the cache, however first it is split up into directories as per the CacheDirLevels and CacheDirLength directives.

CacheDirLevels specifies how many levels of subdirectory there should be, and CacheDirLength specifies how many characters should be in each directory. With the example settings given above, the hash would be turned into a filename prefix as /var/cache/apache/x/y/TGxSMO2b68mBCykqkp1w.

The overall aim of this technique is to reduce the number of subdirectories or files that may be in a particular directory, as most file-systems slow down as this number increases. With setting of "1" for CacheDirLength there can at most be 64 subdirectories at any particular level. With a setting of 2 there can be 64 * 64 subdirectories, and so on. Unless you have a good reason not to, using a setting of "1" for CacheDirLength is recommended.

Setting CacheDirLevels depends on how many files you anticipate to store in the cache. With the setting of "2" used in the above example, a grand total of 4096 subdirectories can ultimately be created. With 1 million files cached, this works out at roughly 245 cached urls per directory.

Each url uses at least two files in the cache-store. Typically there is a ".header" file, which includes meta-information about the url, such as when it is due to expire and a ".data" file which is a verbatim copy of the content to be served.

In the case of a content negotiated via the "Vary" header, a ".vary" directory will be created for the url in question. This directory will have multiple ".data" files corresponding to the differently negotiated content.

Maintaining the Disk Cache

Although mod_disk_cache will remove cached content as it is expired, it does not maintain any information on the total size of the cache or how little free space may be left.

Instead, provided with Apache is the htcacheclean tool which, as the name suggests, allows you to clean the cache periodically. Determining how frequently to run htcacheclean and what target size to use for the cache is somewhat complex and trial and error may be needed to select optimal values.

htcacheclean has two modes of operation. It can be run as persistent daemon, or periodically from cron. htcacheclean can take up to an hour or more to process very large (tens of gigabytes) caches and if you are running it from cron it is recommended that you determine how long a typical run takes, to avoid running more than one instance at a time.


Figure 1: Typical cache growth / clean sequence.

Because mod_disk_cache does not itself pay attention to how much space is used you should ensure that htcacheclean is configured to leave enough "grow room" following a clean.

configuring.html100644 0 0 23764 10422374276 11450 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ġ ϴ ϵ Ѵ.

top

ּ

õ õ þ

Ϲ Ͽ þ Ͽ ġ Ѵ. ּ httpd.conf θ. ġ Ͻ , -f ɼ ִ. ٸ Include þ Ͽ ְ, ϵī带 Ͽ ִ. þ  Ͽ ص ȴ. ּ ϸ ġ ϰų Ŀ ݿȴ.

mime Ÿ ϵ д´. ϸ TypesConfig þ ϰ, ⺻ mime.types̴.

top

ġ ٿ þ Ѵ. ڰ 齽 "\"̸ þ ٿ ӵ Ѵ. 齽 ڿ  ڳ 鵵 ȵȴ.

þ ҹڸ , þ ƱԸƮ ҹڸ ϴ 찡 ִ. ؽ "#" ϴ ּ Ѵ. ּ þ ٿ . ٰ þ տ ϹǷ, ϰ ̵ þ ٵ(indent) ִ.

apachectl configtest -t ɼ Ͽ ġ ʰ ˻ ִ.

top

õ õ þ

ġ ȭ . ̴ ſ ⺻ ɸ ٽɿ Ե Ѵ. ġ о鿩 ȮѴ. ⺻ ϸ base Եȴ. о̴ ְ Ͽٸ Ͽ ƹ LoadModule þ ߰ ִ. ׷ ߰ϰų ġ ٽ ؾ Ѵ. þ IfModule μ Ư ִ 쿡 ó ִ.

 ϵִ -l ɼ Ѵ.

top

þ

õ õ þ

ּϿ ִ þ ü ȴ. þ Ϻο ǰ Ϸ þ <Directory>, <DirectoryMatch>, <Files>, <FilesMatch>, <Location>, <LocationMatch> ȿ ξѴ. ǵ ׵ δ þ Ͻý̳ URL Ư ġ Ѵ. , ļ ֱ⶧ ſ ϴ.

ġ ٸ Ʈ ÿ ϴ ɷ ִ. ̸ ȣƮ Ѵ. þ <VirtualHost> ȿ ξ Ư Ʈ þ ִ.

þ κ  ǿ ͵ ,  þ Ư ҿ ǹ̰ . μ ϴ þ ּ ҿ ִ. þ  ǿ ġ ִ ˷ þ Ȯ϶. ڼ  Directory, Location, Files ϳ ϶.

top

.htaccess

õ õ þ

ġ Ư Ͽ (б) ִ. Ư .htaccess θ, ̸ AccessFileName þ ִ. .htaccess Ͽ ִ þ ִ 丮 丮 ȴ. .htaccess ּϰ . .htaccess û б⶧ ϸ ȿ ִ.

 þ .htaccess Ͽ ִ ˷ þ Ȯ϶. ڴ ּ AllowOverride þ .htaccess Ͽ  þ ִ ִ.

.htaccess Ͽ ڼ .htaccess 丮 ϶.

content-negotiation.html100644 0 0 62676 10422374276 13133 0ustar 0 0 (Content Negotiation) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

(Content Negotiation)

ֽ ƴմϴ. ֱٿ ϼ.

ġ HTTP/1.1 Ծ࿡ (content negotiation) Ѵ. media type, , , ڵ  ȣ ڿ ǥ Ѵ. ҿ û óϴ ɵ ִ.

⺻ ϵǴ mod_negotiation Ѵ.

top

ڿ ٸ ǥ ִ. , ٸ  ٸ media type Ȥ ΰ ٸ ǥ ִ. ǥ ϴ Ѱ ڿ ְ ϰ ϴ ̴. ׷ ڵ ϴ ͵ ϴ. ̴ û Ϻη ׵ ȣϴ ǥ ⶧ ϴ. , Ҿ, ׷ ٸ ʹٰ ˷ ִ. û ׵ ȣ Ÿ. Ҿε ǥ ûѴٸ .

Accept-Language: fr

̷ ȣ ǥ  ٸ 쿡 ȴ.

û Ҿ  , Ҿ ȣϰ, media type , Ϲ ؽƮ ٴ HTML, ٸ media type ٴ GIF JPEG ȣѴٰ ˷ش.

Accept-Language: fr; q=1.0, en; q=0.5
Accept: text/html; q=1.0, text/*; q=0.8, image/gif; q=0.6, image/jpeg; q=0.6, image/*; q=0.5, */*; q=0.1

ġ HTTP/1.1 Ծ࿡ ǵ ' ֵ(server driven)' Ѵ. ġ Accept, Accept-Language, Accept-Charset, Accept-Encoding û Ѵ. , ġ RFC 2295 RFC 2296 ǵ 'ڿ(transparent)' û Ѵ. ׷ RFC ǵ ' (feature negotiation)' ʴ´.

ڿ(resource) (RFC 2396) URI ϴ . ġ ڿ ǥ(representations) Ѵ. ǥ media type, , ڵ Ʈ ִ. ڿ ǥ (δ ִ) ȴ. ڿ ǥ ִٸ ڿ 󰡴ϴٰ(negotiable) θ, ̶ ǥ (variant)̶ Ѵ. 󰡴 ڿ (dimension) Ѵ.

top

ġ

ڿ ϱ ʿϴ. ΰ ϳ ´:

type-map ϱ

type map type-map̶ ڵ鷯 (Ȥ ġ ȣȯ MIME type application/x-type-map) . Ϸ type-map ڵ鷯 Ȯڸ ؾ Ѵ. Ͽ ϴ .

AddHandler type-map .var

Type map شϴ ڿ ̸ ƾ ϰ, ׸ ־ Ѵ. ׸ HTTP ٷ ȴ. ׸ ٷ Ѵ. ׸ȿ . (̷ ʿ䰡 , ־ ) ׸ ִ map ϴ ̴. map . ̸ foo.var, foo ڿ Ѵ.

URI: foo

URI: foo.en.html
Content-type: text/html
Content-language: en

URI: foo.fr.de.html
Content-type: text/html;charset=iso-8859-2
Content-language: fr, de

typemap ϸ Ȯ , Multiviews Ͽ, 켱 ϶. ٸ ǰ ٸ, (JPEG, GIF, ASCII-art شϴ) media type "qs" Ķͷ ǰ(source quality) ǥ ִ:

URI: foo

URI: foo.jpeg
Content-type: image/jpeg; qs=0.8

URI: foo.gif
Content-type: image/gif; qs=0.5

URI: foo.txt
Content-type: text/plain; qs=0.01

qs 0.000 1.000 ̴. qs 0.000 õ ϶. 'qs' 1.0 ޵ȴ. qs Ŭ̾Ʈ ɷ° ٸ Ͽ 'ǰ' Ÿ. , Ÿ JPEG ASCII Ϻٴ ׻ ǰ . ׷ ڿ ASCII artٸ ASCII ǥ JPEG ǥ ǰ ִ. ׷Ƿ  qs ǥϷ ڿ ٸ.

ϴ mod_negotation typemap ϶.

Multiviews

MultiViews 丮 ɼ̹Ƿ, httpd.conf <Directory>, <Location>, <Files> Ȥ (AllowOverride Ǿٸ) .htaccess Options þ ִ. Options All MultiViews ϶. Ѵ.

MultiViews ϸ Ͼ: /some/dir/foo û ް /some/dir/foo MultiViews ϸ /some/dir/foo , 丮 ̸ foo.* ϵ ϴ type map . Ŭ̾Ʈ û media type content-encoding ߿ Ѵ.

MultiViews 丮 Ҷ ã DirectoryIndex þ ȴ. ٸ,

DirectoryIndex index

index.html index.html3 ִٸ ̵ ߿ ϳ Ѵ. index.cgi ִٸ, װ Ѵ.

丮 ϳ Charset, Content-Type, Language, Encoding Ǵϴ mod_mime 𸣴 Ȯڸ ٸ, MultiViewsMatch þ ޷Ǵ. þ ڵ鷯, , ٸ Ȯ MultiViews θ Ѵ.

top

ġ type-map ̳ 丮 ִ ϸ ־ ڿ ԵǸ '' ϱ ϳ Ѵ. ġ ϱ Ȯ  Ͼ ڼ ʿ . ׷ ñ Ѵ.

ΰ ִ:

  1. ġ ˰ Ͽ ֵϴ Ϲ 쿡 Ѵ. ġ ˰ Ʒ ڼ Ѵ. ˰ ϸ ġ Ư ǰ(quality factor) 'Ѵ'. ġ ǰ ϴ Ʒ ڼ Ѵ.
  2. ڿ(Transparent) RFC 2295 ǵ û 쿡 Ѵ. '' οѴ. ׷ ˰ ޷ȴ. ڿ ߿ ġ RFC 2296 ǵ ' ˰(remote variant selection algorithm)' û ִ.

Media Type Accept ȣ Ÿ. ׸ ǰ ִ. ǰ ("qs" Ķ) ִ.
Language Accept-Language ȣ Ÿ. ׸ ǰ ִ.  (Ȥ ƹ  ) ִ.
Encoding Accept-Encoding ȣ Ÿ. ׸ ǰ ִ.
Charset Accept-Charset ȣ Ÿ. ׸ ǰ ִ. media type Ķͷ Ÿ ִ.

ġ ˰

ġ '' (ִٸ) ϱ Ʒ ˰ Ѵ. ˰ . Ѵ:

  1. , شϴ Accept* ˻ϰ, ǰ ű.  Accept* ޾Ƶ ʴ ĺ Ѵ.  4 ܰ .
  2. ĺ ϳ Ͽ '' ã´. ˻ Ͼ. ˻翡 õ ܵȴ. ˻ ̸ ϰ 3 ܰ . ˻縦 Ѵ.
    1. Accept ǰ media type ǰ Ͽ Ѵ.
    2. (language) ǰ Ѵ.
    3. Accept-Language (ִٸ) Ȥ LanguagePriority þ (ִٸ)  Ѵ.
    4. (text/html media type Ÿ) 'level' media Ķ͸ Ѵ.
    5. Accept-Charset charset media Ķ͸ ã´. ٸ ISO-8859-1 ȣѴ. text/* media type Ư հ ISO-8859-1 Ѵ.
    6. ISO-8859-1 ƴ charset media Ķ͸ Ѵ. ׷ ٸ, Ѵ.
    7. ڵ Ѵ. user-agent ڵ ִٸ Ѵ. ׷ʰ ڵ ڵȵ ִٸ ڵȵ Ѵ. ڵǾų ڵȵ Ѵ.
    8. content length Ѵ.
    9. ù Ѵ. ̴ type-map տ ԰ų, 丮 ϸ ASCII ڵ Ͽ տ ̴.
  3. ˰ '' ߴ. ̰ . HTTP Vary Ÿ ȴ. ( ij ڿ ijҶ ִ.) .
  4. ܰ迡 ߴٸ ( ϱ )  ȵ . ("No acceptable representation" ϴ) 406 밡 HTML . , HTML Vary Ÿ.
top

ǰ ϱ

ġ ġ ˰ Űʰ ǰ Ѵ. ϰ Ȯ ʴ (˰) ؼ. θ ̴ Ϻδ ߸ ϵ Accept . ϰ ùٸ ٸ, ʴ´.

Media Type ϵī

Accept: û media type ȣ Ÿ. , *  ڿ̶ ϱ⶧ "image/*" "*/*" 'ϵī' media type ִ. ׷ û:

Accept: image/*, */*

"image/" ϴ  type ٸ  type ǹѴ.  ڽ ٷ ִ type ߰ ϵī带 . :

Accept: text/html, text/plain, image/gif, image/jpeg, */*

type ȣ ٸ ǥ ִٸ װ͵ Ÿ ؼ. ǰ ̴.

Accept: text/html, text/plain, image/gif, image/jpeg, */*; q=0.01

type ǰ  ⺻ ( ) 1.0 . ϵī */* ȣ 0.01 Ƿ type ´ 쿡 ٸ type ȴ.

Accept: q "*/*" ִٸ, ġ ٶ ൿ q 0.01 Ѵ. , "type/*" ϵī忡 ("*/*"ٴ ȣϵ) 0.02 Ѵ. Accept: q media type ִٸ ̷ Ư ߰ ʴ´. ׷ û ûѵ óѴ.

(language)

ġ 2.0 ε巴 ϱ ˰ ܸ  ߰ߴ.

Ŭ̾Ʈ û Accept-language ´ Ѱ ã , ׷ Ŭ̾Ʈ "No Acceptable Variant" "Multiple Choices" . ̷ ϱ Accept-language ϰ Ŭ̾Ʈ û Ȯ ġ ִ. ForceLanguagePriority þ ̷ ϳ Ȥ Ѵٸ ϰ LanguagePriority þ Ǵϵ Ѵ.

, ´  ã θ ã ִ. Ŭ̾Ʈ  ϴ en-GB û , HTTP/1.1 ǥؿ enθ ǥõ Ϲ Ѵ. (׷  ϴ ڰ Ϲ  Ƿ Accept-Language en-GB ϰ en Ȯ ߸ ϶. Ŭ̾Ʈ ̷ ⺻ִ.) ٸ  ã Ͽ "No Acceptable Variants" ų LanguagePriority ư Ѵٸ, Ծ ϰ en-GB en Ѵ. Ϲ ġ θ ſ ǰ Ŭ̾Ʈ Ͽ ߰Ѵ. ׷ Ŭ̾Ʈ "en-GB; q=0.9, fr; q=0.8" ûϰ "en" "fr" ִٸ, "fr" õ ϶. ̴ HTTP/1.1 ǥ Ű, ùٷ Ŭ̾Ʈ ȿ ϱ̴.

ڰ ȣϴ  ˾Ƴ (Ű Ư URL- ) ϱ ġ 2.0.47 mod_negotiation prefer-language ȯ溯 νѴ. ȯ溯 ϰ ±׸ Ѵٸ, mod_negotiation شϴ Ϸ õѴ. ׷ ٸ Ϲ Ѵ.

SetEnvIf Cookie "language=(.+)" prefer-language=$1

top

ڿ(transparent) Ȯ

ġ ڿ Ȯ (RFC 2295) ȮѴ. ο {encoding ..} Ư content-encoding ĪѴ. RVSA/1.0 ˰ (RFC 2296) Ͽ ڵ ν ְ, ڵ Accept-Encoding û ´ ڵ 鵵 ĺ ϵ ȮǾ. RVSA/1.0 ã ǰ Ҽ 5ڸ ݿø ʴ´.

top

۸ũ ̸Ģ Ͽ

(language) Ѵٸ Ȯڸ Ȯ Ƿ ϸ ٸ ̸Ģ ִ. (ڼ mod_mime ϶.)

MIME-type Ȯ ( , html), 쿡 encoding Ȯ ( , gz), Ͽ ִ Ȯڸ ( , en) .

:

ϸ Ͽ ȿϰ ȿ ۸ũ δ:

ϸ ȿ ۸ũ ȿ ۸ũ
foo.html.en foo
foo.html		 -
foo.en.html foo foo.html
foo.html.en.gz foo
foo.html		 foo.gz
foo.html.gz
foo.en.html.gz foo foo.html
foo.html.gz
foo.gz
foo.gz.html.en foo
foo.gz
foo.gz.html		 foo.html
foo.html.gz.en foo
foo.html
foo.html.gz		 foo.gz

ǥ ۸ũ  Ȯڵ ̸ ( , foo) ׻ ִ. ־, ̷ũ Ͼʰ html shtml̳ cgi ִٴ ̴.

۸ũ MIME-type ( , foo.html) ϰ ʹٸ (encoding Ȯڰ ִٸ ̰͵ Ͽ) Ȯڸ MIME-type Ȯں ʿ ( , foo.html.en) ξѴ.

top

ij Ͽ

ij ǥ ϸ ǥ û URL Ų. URL ûϸ ij ǥ Ѵ. ׷ ڿ ù° û ijǾ û ij ߸ ִ. ̸ ġ ȯǴ û HTTP/1.0 Ŭ̾Ʈ ij ϵ ǥø Ѵ. , ġ ij ϴ HTTP/1.1 Ѵ.

CacheNegotiatedDocs þ HTTP/1.0 ȣȯ Ŭ̾Ʈ( Ȥ ij) û ij ְ Ѵ. þ ȣƮ ϸ, ƱԸƮ ʴ´. þ HTTP/1.1 Ŭ̾Ʈ û 谡 .

HTTP/1.1 Ŭ̾Ʈ ġ ˷ִ Vary HTTP . Ͽ û ij 纻 ü ִ Ǵ ִ. ij 纻 Ѵٸ force-no-vary ȯ溯 Ѵ.

top

ٸ

ٸ Alan J. Flavell Language Negotiation Notes ϶. ׷ ġ 2.0 ȭ ݿ ִ.

custom-error.html100644 0 0 17406 10422374276 11573 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ʹ ߻ ġ ִ.

߰ ִ.

ũƮ "500 Server Error" ڿ ģ ϰų ٸ ( Ʈ ܺ Ʈ) URL ̷ ִ.

top

ൿ

ൿ

NCSA httpd 1.3 ڿ ǹϰ ´. ߻ α׿ .

ο ൿ

ִ:

  1. NCSA ٸ ְų
  2. Ʈ URL ̷ϰų
  3. ܺ Ʈ URL ̷Ѵ.

ٸ Ʈ URL ̷ϴ , ϰų αϴµ ʿ Ϻθ ޵ȴ.

ϱ ġ CGI ο ȯ溯 Ѵ:

REDIRECT_HTTP_ACCEPT=*/*, image/gif, image/x-xbitmap, image/jpeg
REDIRECT_HTTP_USER_AGENT=Mozilla/1.1b2 (X11; I; HP-UX A.09.05 9000/712)
REDIRECT_PATH=.:/bin:/usr/local/bin:/etc
REDIRECT_QUERY_STRING=
REDIRECT_REMOTE_ADDR=121.345.78.123
REDIRECT_REMOTE_HOST=ooh.ahhh.com
REDIRECT_SERVER_NAME=crash.bang.edu
REDIRECT_SERVER_PORT=80
REDIRECT_SERVER_SOFTWARE=Apache/0.8.15
REDIRECT_URL=/cgi-bin/buggy.pl

REDIRECT_ λ翡 ָ϶.

ּ REDIRECT_URL REDIRECT_QUERY_STRING (cgi-script cgi-include) URL Ѱ. ٸ ߻ϱ (; ̸ REDIRECT_ ȯ溯) 쿡 ִ. ErrorDocument ܺη ( http: Ŵ(scheme) Ѵٸ) ̷Ѵٸ  ͵ ʴ´.

top

AllowOverride Ǿٸ .htaccess Ͽ ErrorDocument ִ.

̴...

ErrorDocument 500 /cgi-bin/crash-recover
ErrorDocument 500 "Sorry, our script crashed. Oh dear"
ErrorDocument 500 http://xxx/
ErrorDocument 404 /Lame_excuses/not_found.html
ErrorDocument 401 /Subscription/how_to_subscribe.html

,

ErrorDocument <3-digit-code> <action>

action,

  1. . ǥ (") տ δ. ڿ ǥ µȴ. : տ ǥ (") µ ʴ´.
  2. ̷ ܺ URL.
  3. ̷ URL.
top

̷

URL ̷ϴ ġ ൿ ũƮ/server-include ȯ溯 Ѱֵ Ǿ.

ൿ

̷ǵǴ ũƮ ǥ CGI Ѿ. 𿡼 ̷ Ͼ .

ο ൿ

̷ǵ ũƮ ο ȯ溯 ִ. տ REDIRECT_ پִ. REDIRECT_ ȯ溯 CGI ȯ溯 տ REDIRECT_ ٿ . , HTTP_USER_AGENT REDIRECT_HTTP_USER_AGENT Ǿ. ̷ ߰ ũƮ URL ˵ ġ REDIRECT_URL REDIRECT_STATUS Ѵ. URL ̷ǵ URL α׿ ִ.

ErrorDocument ִ CGI ũƮ ̷Ѵٸ, ũƮ Ŭ̾Ʈ Ȳ Ȯ ϱ ¿ "Status:" ʵ带 ؾ Ѵ. , Perl ۼ ErrorDocument ũƮ :

...
print "Content-type: text/html\n";
printf "Status: %s Condition Intercepted\n", $ENV{"REDIRECT_STATUS"};
...

404 Not Found Ư Ȳ ũƮ, (; ) Ư ڵ ִ.

(Ŭ̾Ʈ ̷ ûϱ) 信 Location: Ѵٸ, ũƮ ݵ (302 Found ) Status: ؾ ϶. ׷ Location: ƹ ҿ ִ.

developer/API.html100644 0 0 172355 10422374276 11555 0ustar 0 0 Apache 1.3 API notes - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 1.3 API notes

Warning

This document has not been updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

These are some notes on the Apache API and the data structures you have to deal with, etc. They are not yet nearly complete, but hopefully, they will help you get your bearings. Keep in mind that the API is still subject to change as we gain experience with it. (See the TODO file for what might be coming). However, it will be easy to adapt modules to any changes that are made. (We have more modules to adapt than you do).

A few notes on general pedagogical style here. In the interest of conciseness, all structure declarations here are incomplete -- the real ones have more slots that I'm not telling you about. For the most part, these are reserved to one component of the server core or another, and should be altered by modules with caution. However, in some cases, they really are things I just haven't gotten around to yet. Welcome to the bleeding edge.

Finally, here's an outline, to give you some bare idea of what's coming up, and in what order:

top

Basic concepts

We begin with an overview of the basic concepts behind the API, and how they are manifested in the code.

Handlers, Modules, and Requests

Apache breaks down request handling into a series of steps, more or less the same way the Netscape server API does (although this API has a few more stages than NetSite does, as hooks for stuff I thought might be useful in the future). These are:

These phases are handled by looking at each of a succession of modules, looking to see if each of them has a handler for the phase, and attempting invoking it if so. The handler can typically do one of three things:

Most phases are terminated by the first module that handles them; however, for logging, `fixups', and non-access authentication checking, all handlers always run (barring an error). Also, the response phase is unique in that modules may declare multiple handlers for it, via a dispatch table keyed on the MIME type of the requested object. Modules may declare a response-phase handler which can handle any request, by giving it the key */* (i.e., a wildcard MIME type specification). However, wildcard handlers are only invoked if the server has already tried and failed to find a more specific response handler for the MIME type of the requested object (either none existed, or they all declined).

The handlers themselves are functions of one argument (a request_rec structure. vide infra), which returns an integer, as above.

A brief tour of a module

At this point, we need to explain the structure of a module. Our candidate will be one of the messier ones, the CGI module -- this handles both CGI scripts and the ScriptAlias config file command. It's actually a great deal more complicated than most modules, but if we're going to have only one example, it might as well be the one with its fingers in every place.

Let's begin with handlers. In order to handle the CGI scripts, the module declares a response handler for them. Because of ScriptAlias, it also has handlers for the name translation phase (to recognize ScriptAliased URIs), the type-checking phase (any ScriptAliased request is typed as a CGI script).

The module needs to maintain some per (virtual) server information, namely, the ScriptAliases in effect; the module structure therefore contains pointers to a functions which builds these structures, and to another which combines two of them (in case the main server and a virtual server both have ScriptAliases declared).

Finally, this module contains code to handle the ScriptAlias command itself. This particular module only declares one command, but there could be more, so modules have command tables which declare their commands, and describe where they are permitted, and how they are to be invoked.

A final note on the declared types of the arguments of some of these commands: a pool is a pointer to a resource pool structure; these are used by the server to keep track of the memory which has been allocated, files opened, etc., either to service a particular request, or to handle the process of configuring itself. That way, when the request is over (or, for the configuration pool, when the server is restarting), the memory can be freed, and the files closed, en masse, without anyone having to write explicit code to track them all down and dispose of them. Also, a cmd_parms structure contains various information about the config file being read, and other status information, which is sometimes of use to the function which processes a config-file command (such as ScriptAlias). With no further ado, the module itself:

/* Declarations of handlers. */

int translate_scriptalias (request_rec *);
int type_scriptalias (request_rec *);
int cgi_handler (request_rec *);

/* Subsidiary dispatch table for response-phase
 * handlers, by MIME type */

handler_rec cgi_handlers[] = {
{ "application/x-httpd-cgi", cgi_handler },
{ NULL }
 };

/* Declarations of routines to manipulate the
 * module's configuration info. Note that these are
 * returned, and passed in, as void *'s; the server
 * core keeps track of them, but it doesn't, and can't,
 * know their internal structure.
 */

void *make_cgi_server_config (pool *);
void *merge_cgi_server_config (pool *, void *, void *);

/* Declarations of routines to handle config-file commands */

extern char *script_alias(cmd_parms *, void *per_dir_config, char *fake, char *real);

command_rec cgi_cmds[] = {
{ "ScriptAlias", script_alias, NULL, RSRC_CONF, TAKE2,
"a fakename and a realname"},
 { NULL }
 };

module cgi_module = { 

  STANDARD_MODULE_STUFF,
  NULL,                     /* initializer */
  NULL,                     /* dir config creator */
  NULL,                     /* dir merger */
  make_cgi_server_config,   /* server config */
  merge_cgi_server_config,  /* merge server config */
  cgi_cmds,                 /* command table */
  cgi_handlers,             /* handlers */
  translate_scriptalias,    /* filename translation */
  NULL,                     /* check_user_id */
  NULL,                     /* check auth */
  NULL,                     /* check access */
  type_scriptalias,         /* type_checker */
  NULL,                     /* fixups */
  NULL,                     /* logger */
  NULL                      /* header parser */
};
top

How handlers work

The sole argument to handlers is a request_rec structure. This structure describes a particular request which has been made to the server, on behalf of a client. In most cases, each connection to the client generates only one request_rec structure.

A brief tour of the request_rec

The request_rec contains pointers to a resource pool which will be cleared when the server is finished handling the request; to structures containing per-server and per-connection information, and most importantly, information on the request itself.

The most important such information is a small set of character strings describing attributes of the object being requested, including its URI, filename, content-type and content-encoding (these being filled in by the translation and type-check handlers which handle the request, respectively).

Other commonly used data items are tables giving the MIME headers on the client's original request, MIME headers to be sent back with the response (which modules can add to at will), and environment variables for any subprocesses which are spawned off in the course of servicing the request. These tables are manipulated using the ap_table_get and ap_table_set routines.

Note that the Content-type header value cannot be set by module content-handlers using the ap_table_*() routines. Rather, it is set by pointing the content_type field in the request_rec structure to an appropriate string. e.g.,

r->content_type = "text/html";

Finally, there are pointers to two data structures which, in turn, point to per-module configuration structures. Specifically, these hold pointers to the data structures which the module has built to describe the way it has been configured to operate in a given directory (via .htaccess files or <Directory> sections), for private data it has built in the course of servicing the request (so modules' handlers for one phase can pass `notes' to their handlers for other phases). There is another such configuration vector in the server_rec data structure pointed to by the request_rec, which contains per (virtual) server configuration data.

Here is an abridged declaration, giving the fields most commonly used:

struct request_rec {

pool *pool;
conn_rec *connection;
server_rec *server;

/* What object is being requested */

char *uri;
char *filename;
char *path_info; 

char *args;           /* QUERY_ARGS, if any */
struct stat finfo;    /* Set by server core;
                       * st_mode set to zero if no such file */

char *content_type;
char *content_encoding;

/* MIME header environments, in and out. Also,
 * an array containing environment variables to
 * be passed to subprocesses, so people can write
 * modules to add to that environment.
 *
 * The difference between headers_out and
 * err_headers_out is that the latter are printed
 * even on error, and persist across internal
 * redirects (so the headers printed for
 * ErrorDocument handlers will have them).
 */

table *headers_in;
table *headers_out;
table *err_headers_out;
table *subprocess_env;

/* Info about the request itself... */

int header_only;     /* HEAD request, as opposed to GET */
char *protocol;      /* Protocol, as given to us, or HTTP/0.9 */
char *method;        /* GET, HEAD, POST, etc. */
int method_number;   /* M_GET, M_POST, etc. */

/* Info for logging */

char *the_request;
int bytes_sent;

/* A flag which modules can set, to indicate that
 * the data being returned is volatile, and clients
 * should be told not to cache it.
 */

int no_cache;

/* Various other config info which may change
 * with .htaccess files
 * These are config vectors, with one void*
 * pointer for each module (the thing pointed
 * to being the module's business).
 */

void *per_dir_config;   /* Options set in config files, etc. */
void *request_config;   /* Notes on *this* request */


};

Where request_rec structures come from

Most request_rec structures are built by reading an HTTP request from a client, and filling in the fields. However, there are a few exceptions:

Handling requests, declining, and returning error codes

As discussed above, each handler, when invoked to handle a particular request_rec, has to return an int to indicate what happened. That can either be

Note that if the error code returned is REDIRECT, then the module should put a Location in the request's headers_out, to indicate where the client should be redirected to.

Special considerations for response handlers

Handlers for most phases do their work by simply setting a few fields in the request_rec structure (or, in the case of access checkers, simply by returning the correct error code). However, response handlers have to actually send a request back to the client.

They should begin by sending an HTTP response header, using the function ap_send_http_header. (You don't have to do anything special to skip sending the header for HTTP/0.9 requests; the function figures out on its own that it shouldn't do anything). If the request is marked header_only, that's all they should do; they should return after that, without attempting any further output.

Otherwise, they should produce a request body which responds to the client as appropriate. The primitives for this are ap_rputc and ap_rprintf, for internally generated output, and ap_send_fd, to copy the contents of some FILE * straight to the client.

At this point, you should more or less understand the following piece of code, which is the handler which handles GET requests which have no more specific handler; it also shows how conditional GETs can be handled, if it's desirable to do so in a particular response handler -- ap_set_last_modified checks against the If-modified-since value supplied by the client, if any, and returns an appropriate code (which will, if nonzero, be USE_LOCAL_COPY). No similar considerations apply for ap_set_content_length, but it returns an error code for symmetry.

int default_handler (request_rec *r)
{
int errstatus;
FILE *f;

if (r->method_number != M_GET) return DECLINED;
if (r->finfo.st_mode == 0) return NOT_FOUND;

if ((errstatus = ap_set_content_length (r, r->finfo.st_size))
    || (errstatus = ap_set_last_modified (r, r->finfo.st_mtime)))
return errstatus;

f = fopen (r->filename, "r");

if (f == NULL) {
log_reason("file permissions deny server access", r->filename, r);
return FORBIDDEN;
 }

register_timeout ("send", r);
ap_send_http_header (r);

if (!r->header_only) send_fd (f, r);
ap_pfclose (r->pool, f);
return OK;
 }

Finally, if all of this is too much of a challenge, there are a few ways out of it. First off, as shown above, a response handler which has not yet produced any output can simply return an error code, in which case the server will automatically produce an error response. Secondly, it can punt to some other handler by invoking ap_internal_redirect, which is how the internal redirection machinery discussed above is invoked. A response handler which has internally redirected should always return OK.

(Invoking ap_internal_redirect from handlers which are not response handlers will lead to serious confusion).

Special considerations for authentication handlers

Stuff that should be discussed here in detail:

Special considerations for logging handlers

When a request has internally redirected, there is the question of what to log. Apache handles this by bundling the entire chain of redirects into a list of request_rec structures which are threaded through the r->prev and r->next pointers. The request_rec which is passed to the logging handlers in such cases is the one which was originally built for the initial request from the client; note that the bytes_sent field will only be correct in the last request in the chain (the one for which a response was actually sent).

top

Resource allocation and resource pools

One of the problems of writing and designing a server-pool server is that of preventing leakage, that is, allocating resources (memory, open files, etc.), without subsequently releasing them. The resource pool machinery is designed to make it easy to prevent this from happening, by allowing resource to be allocated in such a way that they are automatically released when the server is done with them.

The way this works is as follows: the memory which is allocated, file opened, etc., to deal with a particular request are tied to a resource pool which is allocated for the request. The pool is a data structure which itself tracks the resources in question.

When the request has been processed, the pool is cleared. At that point, all the memory associated with it is released for reuse, all files associated with it are closed, and any other clean-up functions which are associated with the pool are run. When this is over, we can be confident that all the resource tied to the pool have been released, and that none of them have leaked.

Server restarts, and allocation of memory and resources for per-server configuration, are handled in a similar way. There is a configuration pool, which keeps track of resources which were allocated while reading the server configuration files, and handling the commands therein (for instance, the memory that was allocated for per-server module configuration, log files and other files that were opened, and so forth). When the server restarts, and has to reread the configuration files, the configuration pool is cleared, and so the memory and file descriptors which were taken up by reading them the last time are made available for reuse.

It should be noted that use of the pool machinery isn't generally obligatory, except for situations like logging handlers, where you really need to register cleanups to make sure that the log file gets closed when the server restarts (this is most easily done by using the function ap_pfopen, which also arranges for the underlying file descriptor to be closed before any child processes, such as for CGI scripts, are execed), or in case you are using the timeout machinery (which isn't yet even documented here). However, there are two benefits to using it: resources allocated to a pool never leak (even if you allocate a scratch string, and just forget about it); also, for memory allocation, ap_palloc is generally faster than malloc.

We begin here by describing how memory is allocated to pools, and then discuss how other resources are tracked by the resource pool machinery.

Allocation of memory in pools

Memory is allocated to pools by calling the function ap_palloc, which takes two arguments, one being a pointer to a resource pool structure, and the other being the amount of memory to allocate (in chars). Within handlers for handling requests, the most common way of getting a resource pool structure is by looking at the pool slot of the relevant request_rec; hence the repeated appearance of the following idiom in module code:

int my_handler(request_rec *r)
{
struct my_structure *foo;
...

foo = (foo *)ap_palloc (r->pool, sizeof(my_structure));
 }

Note that there is no ap_pfree -- ap_palloced memory is freed only when the associated resource pool is cleared. This means that ap_palloc does not have to do as much accounting as malloc(); all it does in the typical case is to round up the size, bump a pointer, and do a range check.

(It also raises the possibility that heavy use of ap_palloc could cause a server process to grow excessively large. There are two ways to deal with this, which are dealt with below; briefly, you can use malloc, and try to be sure that all of the memory gets explicitly freed, or you can allocate a sub-pool of the main pool, allocate your memory in the sub-pool, and clear it out periodically. The latter technique is discussed in the section on sub-pools below, and is used in the directory-indexing code, in order to avoid excessive storage allocation when listing directories with thousands of files).

Allocating initialized memory

There are functions which allocate initialized memory, and are frequently useful. The function ap_pcalloc has the same interface as ap_palloc, but clears out the memory it allocates before it returns it. The function ap_pstrdup takes a resource pool and a char * as arguments, and allocates memory for a copy of the string the pointer points to, returning a pointer to the copy. Finally ap_pstrcat is a varargs-style function, which takes a pointer to a resource pool, and at least two char * arguments, the last of which must be NULL. It allocates enough memory to fit copies of each of the strings, as a unit; for instance:

ap_pstrcat (r->pool, "foo", "/", "bar", NULL);

returns a pointer to 8 bytes worth of memory, initialized to "foo/bar".

Commonly-used pools in the Apache Web server

A pool is really defined by its lifetime more than anything else. There are some static pools in http_main which are passed to various non-http_main functions as arguments at opportune times. Here they are:

permanent_pool
never passed to anything else, this is the ancestor of all pools
pconf
  • subpool of permanent_pool
  • created at the beginning of a config "cycle"; exists until the server is terminated or restarts; passed to all config-time routines, either via cmd->pool, or as the "pool *p" argument on those which don't take pools
  • passed to the module init() functions
ptemp
  • sorry I lie, this pool isn't called this currently in 1.3, I renamed it this in my pthreads development. I'm referring to the use of ptrans in the parent... contrast this with the later definition of ptrans in the child.
  • subpool of permanent_pool
  • created at the beginning of a config "cycle"; exists until the end of config parsing; passed to config-time routines via cmd->temp_pool. Somewhat of a "bastard child" because it isn't available everywhere. Used for temporary scratch space which may be needed by some config routines but which is deleted at the end of config.
pchild
  • subpool of permanent_pool
  • created when a child is spawned (or a thread is created); lives until that child (thread) is destroyed
  • passed to the module child_init functions
  • destruction happens right after the child_exit functions are called... (which may explain why I think child_exit is redundant and unneeded)
ptrans
  • should be a subpool of pchild, but currently is a subpool of permanent_pool, see above
  • cleared by the child before going into the accept() loop to receive a connection
  • used as connection->pool
r->pool
  • for the main request this is a subpool of connection->pool; for subrequests it is a subpool of the parent request's pool.
  • exists until the end of the request (i.e., ap_destroy_sub_req, or in child_main after process_request has finished)
  • note that r itself is allocated from r->pool; i.e., r->pool is first created and then r is the first thing palloc()d from it

For almost everything folks do, r->pool is the pool to use. But you can see how other lifetimes, such as pchild, are useful to some modules... such as modules that need to open a database connection once per child, and wish to clean it up when the child dies.

You can also see how some bugs have manifested themself, such as setting connection->user to a value from r->pool -- in this case connection exists for the lifetime of ptrans, which is longer than r->pool (especially if r->pool is a subrequest!). So the correct thing to do is to allocate from connection->pool.

And there was another interesting bug in mod_include / mod_cgi. You'll see in those that they do this test to decide if they should use r->pool or r->main->pool. In this case the resource that they are registering for cleanup is a child process. If it were registered in r->pool, then the code would wait() for the child when the subrequest finishes. With mod_include this could be any old #include, and the delay can be up to 3 seconds... and happened quite frequently. Instead the subprocess is registered in r->main->pool which causes it to be cleaned up when the entire request is done -- i.e., after the output has been sent to the client and logging has happened.

Tracking open files, etc.

As indicated above, resource pools are also used to track other sorts of resources besides memory. The most common are open files. The routine which is typically used for this is ap_pfopen, which takes a resource pool and two strings as arguments; the strings are the same as the typical arguments to fopen, e.g.,

...
FILE *f = ap_pfopen (r->pool, r->filename, "r");

if (f == NULL) { ... } else { ... }

There is also a ap_popenf routine, which parallels the lower-level open system call. Both of these routines arrange for the file to be closed when the resource pool in question is cleared.

Unlike the case for memory, there are functions to close files allocated with ap_pfopen, and ap_popenf, namely ap_pfclose and ap_pclosef. (This is because, on many systems, the number of files which a single process can have open is quite limited). It is important to use these functions to close files allocated with ap_pfopen and ap_popenf, since to do otherwise could cause fatal errors on systems such as Linux, which react badly if the same FILE* is closed more than once.

(Using the close functions is not mandatory, since the file will eventually be closed regardless, but you should consider it in cases where your module is opening, or could open, a lot of files).

Other sorts of resources -- cleanup functions

More text goes here. Describe the the cleanup primitives in terms of which the file stuff is implemented; also, spawn_process.

Pool cleanups live until clear_pool() is called: clear_pool(a) recursively calls destroy_pool() on all subpools of a; then calls all the cleanups for a; then releases all the memory for a. destroy_pool(a) calls clear_pool(a) and then releases the pool structure itself. i.e., clear_pool(a) doesn't delete a, it just frees up all the resources and you can start using it again immediately.

Fine control -- creating and dealing with sub-pools, with a note on sub-requests

On rare occasions, too-free use of ap_palloc() and the associated primitives may result in undesirably profligate resource allocation. You can deal with such a case by creating a sub-pool, allocating within the sub-pool rather than the main pool, and clearing or destroying the sub-pool, which releases the resources which were associated with it. (This really is a rare situation; the only case in which it comes up in the standard module set is in case of listing directories, and then only with very large directories. Unnecessary use of the primitives discussed here can hair up your code quite a bit, with very little gain).

The primitive for creating a sub-pool is ap_make_sub_pool, which takes another pool (the parent pool) as an argument. When the main pool is cleared, the sub-pool will be destroyed. The sub-pool may also be cleared or destroyed at any time, by calling the functions ap_clear_pool and ap_destroy_pool, respectively. (The difference is that ap_clear_pool frees resources associated with the pool, while ap_destroy_pool also deallocates the pool itself. In the former case, you can allocate new resources within the pool, and clear it again, and so forth; in the latter case, it is simply gone).

One final note -- sub-requests have their own resource pools, which are sub-pools of the resource pool for the main request. The polite way to reclaim the resources associated with a sub request which you have allocated (using the ap_sub_req_... functions) is ap_destroy_sub_req, which frees the resource pool. Before calling this function, be sure to copy anything that you care about which might be allocated in the sub-request's resource pool into someplace a little less volatile (for instance, the filename in its request_rec structure).

(Again, under most circumstances, you shouldn't feel obliged to call this function; only 2K of memory or so are allocated for a typical sub request, and it will be freed anyway when the main request pool is cleared. It is only when you are allocating many, many sub-requests for a single main request that you should seriously consider the ap_destroy_... functions).

top

Configuration, commands and the like

One of the design goals for this server was to maintain external compatibility with the NCSA 1.3 server --- that is, to read the same configuration files, to process all the directives therein correctly, and in general to be a drop-in replacement for NCSA. On the other hand, another design goal was to move as much of the server's functionality into modules which have as little as possible to do with the monolithic server core. The only way to reconcile these goals is to move the handling of most commands from the central server into the modules.

However, just giving the modules command tables is not enough to divorce them completely from the server core. The server has to remember the commands in order to act on them later. That involves maintaining data which is private to the modules, and which can be either per-server, or per-directory. Most things are per-directory, including in particular access control and authorization information, but also information on how to determine file types from suffixes, which can be modified by AddType and DefaultType directives, and so forth. In general, the governing philosophy is that anything which can be made configurable by directory should be; per-server information is generally used in the standard set of modules for information like Aliases and Redirects which come into play before the request is tied to a particular place in the underlying file system.

Another requirement for emulating the NCSA server is being able to handle the per-directory configuration files, generally called .htaccess files, though even in the NCSA server they can contain directives which have nothing at all to do with access control. Accordingly, after URI -> filename translation, but before performing any other phase, the server walks down the directory hierarchy of the underlying filesystem, following the translated pathname, to read any .htaccess files which might be present. The information which is read in then has to be merged with the applicable information from the server's own config files (either from the <Directory> sections in access.conf, or from defaults in srm.conf, which actually behaves for most purposes almost exactly like <Directory />).

Finally, after having served a request which involved reading .htaccess files, we need to discard the storage allocated for handling them. That is solved the same way it is solved wherever else similar problems come up, by tying those structures to the per-transaction resource pool.

Per-directory configuration structures

Let's look out how all of this plays out in mod_mime.c, which defines the file typing handler which emulates the NCSA server's behavior of determining file types from suffixes. What we'll be looking at, here, is the code which implements the AddType and AddEncoding commands. These commands can appear in .htaccess files, so they must be handled in the module's private per-directory data, which in fact, consists of two separate tables for MIME types and encoding information, and is declared as follows:

typedef struct {
    table *forced_types;      /* Additional AddTyped stuff */
    table *encoding_types;    /* Added with AddEncoding... */
} mime_dir_config;

When the server is reading a configuration file, or <Directory> section, which includes one of the MIME module's commands, it needs to create a mime_dir_config structure, so those commands have something to act on. It does this by invoking the function it finds in the module's `create per-dir config slot', with two arguments: the name of the directory to which this configuration information applies (or NULL for srm.conf), and a pointer to a resource pool in which the allocation should happen.

(If we are reading a .htaccess file, that resource pool is the per-request resource pool for the request; otherwise it is a resource pool which is used for configuration data, and cleared on restarts. Either way, it is important for the structure being created to vanish when the pool is cleared, by registering a cleanup on the pool if necessary).

For the MIME module, the per-dir config creation function just ap_pallocs the structure above, and a creates a couple of tables to fill it. That looks like this:

void *create_mime_dir_config (pool *p, char *dummy)
{
mime_dir_config *new =
(mime_dir_config *) ap_palloc (p, sizeof(mime_dir_config));
new->forced_types = ap_make_table (p, 4);
new->encoding_types = ap_make_table (p, 4);

return new;
 }

Now, suppose we've just read in a .htaccess file. We already have the per-directory configuration structure for the next directory up in the hierarchy. If the .htaccess file we just read in didn't have any AddType or AddEncoding commands, its per-directory config structure for the MIME module is still valid, and we can just use it. Otherwise, we need to merge the two structures somehow.

To do that, the server invokes the module's per-directory config merge function, if one is present. That function takes three arguments: the two structures being merged, and a resource pool in which to allocate the result. For the MIME module, all that needs to be done is overlay the tables from the new per-directory config structure with those from the parent:

void *merge_mime_dir_configs (pool *p, void *parent_dirv, void *subdirv)
{
mime_dir_config *parent_dir = (mime_dir_config *)parent_dirv;
mime_dir_config *subdir = (mime_dir_config *)subdirv;
mime_dir_config *new =
(mime_dir_config *)ap_palloc (p, sizeof(mime_dir_config));
new->forced_types = ap_overlay_tables (p, subdir->forced_types,
parent_dir->forced_types);
 new->encoding_types = ap_overlay_tables (p, subdir->encoding_types,
parent_dir->encoding_types);
return new;
 }

As a note -- if there is no per-directory merge function present, the server will just use the subdirectory's configuration info, and ignore the parent's. For some modules, that works just fine (e.g., for the includes module, whose per-directory configuration information consists solely of the state of the XBITHACK), and for those modules, you can just not declare one, and leave the corresponding structure slot in the module itself NULL.

Command handling

Now that we have these structures, we need to be able to figure out how to fill them. That involves processing the actual AddType and AddEncoding commands. To find commands, the server looks in the module's command table. That table contains information on how many arguments the commands take, and in what formats, where it is permitted, and so forth. That information is sufficient to allow the server to invoke most command-handling functions with pre-parsed arguments. Without further ado, let's look at the AddType command handler, which looks like this (the AddEncoding command looks basically the same, and won't be shown here):

char *add_type(cmd_parms *cmd, mime_dir_config *m, char *ct, char *ext)
{
if (*ext == '.') ++ext;
ap_table_set (m->forced_types, ext, ct);
return NULL;
 }

This command handler is unusually simple. As you can see, it takes four arguments, two of which are pre-parsed arguments, the third being the per-directory configuration structure for the module in question, and the fourth being a pointer to a cmd_parms structure. That structure contains a bunch of arguments which are frequently of use to some, but not all, commands, including a resource pool (from which memory can be allocated, and to which cleanups should be tied), and the (virtual) server being configured, from which the module's per-server configuration data can be obtained if required.

Another way in which this particular command handler is unusually simple is that there are no error conditions which it can encounter. If there were, it could return an error message instead of NULL; this causes an error to be printed out on the server's stderr, followed by a quick exit, if it is in the main config files; for a .htaccess file, the syntax error is logged in the server error log (along with an indication of where it came from), and the request is bounced with a server error response (HTTP error status, code 500).

The MIME module's command table has entries for these commands, which look like this:

command_rec mime_cmds[] = {
{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
"a mime type followed by a file extension" },
 { "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
"an encoding (e.g., gzip), followed by a file extension" },
 { NULL }
 };

The entries in these tables are:

Finally, having set this all up, we have to use it. This is ultimately done in the module's handlers, specifically for its file-typing handler, which looks more or less like this; note that the per-directory configuration structure is extracted from the request_rec's per-directory configuration vector by using the ap_get_module_config function.

int find_ct(request_rec *r)
{
int i;
char *fn = ap_pstrdup (r->pool, r->filename);
mime_dir_config *conf = (mime_dir_config *)
ap_get_module_config(r->per_dir_config, &mime_module);
 char *type;

if (S_ISDIR(r->finfo.st_mode)) {
r->content_type = DIR_MAGIC_TYPE;
return OK;
 }

if((i=ap_rind(fn,'.')) < 0) return DECLINED;
++i;

if ((type = ap_table_get (conf->encoding_types, &fn[i])))
{
r->content_encoding = type;

/* go back to previous extension to try to use it as a type */
fn[i-1] = '\0';
if((i=ap_rind(fn,'.')) < 0) return OK;
++i;
 }

if ((type = ap_table_get (conf->forced_types, &fn[i])))
{
r->content_type = type;
 }

return OK; }

Side notes -- per-server configuration, virtual servers, etc.

The basic ideas behind per-server module configuration are basically the same as those for per-directory configuration; there is a creation function and a merge function, the latter being invoked where a virtual server has partially overridden the base server configuration, and a combined structure must be computed. (As with per-directory configuration, the default if no merge function is specified, and a module is configured in some virtual server, is that the base configuration is simply ignored).

The only substantial difference is that when a command needs to configure the per-server private module data, it needs to go to the cmd_parms data to get at it. Here's an example, from the alias module, which also indicates how a syntax error can be returned (note that the per-directory configuration argument to the command handler is declared as a dummy, since the module doesn't actually have per-directory config data):

char *add_redirect(cmd_parms *cmd, void *dummy, char *f, char *url)
{
server_rec *s = cmd->server;
alias_server_conf *conf = (alias_server_conf *)
ap_get_module_config(s->module_config,&alias_module);
 alias_entry *new = ap_push_array (conf->redirects);

if (!ap_is_url (url)) return "Redirect to non-URL";

new->fake = f; new->real = url;
return NULL;
 }

developer/debugging.html100644 0 0 21627 10422374276 13052 0ustar 0 0 Debugging Memory Allocation in APR - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Debugging Memory Allocation in APR

The allocation mechanisms within APR have a number of debugging modes that can be used to assist in finding memory problems. This document describes the modes available and gives instructions on activating them.

top

Available debugging options

Allocation Debugging - ALLOC_DEBUG

Debugging support: Define this to enable code which helps detect re-use of free()d memory and other such nonsense.

The theory is simple. The FILL_BYTE (0xa5) is written over all malloc'd memory as we receive it, and is written over everything that we free up during a clear_pool. We check that blocks on the free list always have the FILL_BYTE in them, and we check during palloc() that the bytes still have FILL_BYTE in them. If you ever see garbage URLs or whatnot containing lots of 0xa5s then you know something used data that's been freed or uninitialized.

Malloc Support - ALLOC_USE_MALLOC

If defined all allocations will be done with malloc() and free()d appropriately at the end.

This is intended to be used with something like Electric Fence or Purify to help detect memory problems. Note that if you're using efence then you should also add in ALLOC_DEBUG. But don't add in ALLOC_DEBUG if you're using Purify because ALLOC_DEBUG would hide all the uninitialized read errors that Purify can diagnose.

Pool Debugging - POOL_DEBUG

This is intended to detect cases where the wrong pool is used when assigning data to an object in another pool.

In particular, it causes the table_{set,add,merge}n routines to check that their arguments are safe for the apr_table_t they're being placed in. It currently only works with the unix multiprocess model, but could be extended to others.

Table Debugging - MAKE_TABLE_PROFILE

Provide diagnostic information about make_table() calls which are possibly too small.

This requires a recent gcc which supports __builtin_return_address(). The error_log output will be a message such as:

table_push: apr_table_t created by 0x804d874 hit limit of 10

Use l *0x804d874 to find the source that corresponds to. It indicates that a apr_table_t allocated by a call at that address has possibly too small an initial apr_table_t size guess.

Allocation Statistics - ALLOC_STATS

Provide some statistics on the cost of allocations.

This requires a bit of an understanding of how alloc.c works.

top

Allowable Combinations

Not all the options outlined above can be activated at the same time. the following table gives more information.

ALLOC DEBUG ALLOC USE MALLOC POOL DEBUG MAKE TABLE PROFILE ALLOC STATS
ALLOC DEBUG -NoYesYesYes
ALLOC USE MALLOC No-NoNoNo
POOL DEBUG YesNo-YesYes
MAKE TABLE PROFILE YesNoYes-Yes
ALLOC STATS YesNoYesYes-

Additionally the debugging options are not suitable for multi-threaded versions of the server. When trying to debug with these options the server should be started in single process mode.

top

Activating Debugging Options

The various options for debugging memory are now enabled in the apr_general.h header file in APR. The various options are enabled by uncommenting the define for the option you wish to use. The section of the code currently looks like this (contained in srclib/apr/include/apr_pools.h)

/*
#define ALLOC_DEBUG
#define POOL_DEBUG
#define ALLOC_USE_MALLOC
#define MAKE_TABLE_PROFILE
#define ALLOC_STATS
*/

typedef struct ap_pool_t {
union block_hdr *first;
union block_hdr *last;
struct cleanup *cleanups;
struct process_chain *subprocesses;
struct ap_pool_t *sub_pools;
struct ap_pool_t *sub_next;
struct ap_pool_t *sub_prev;
struct ap_pool_t *parent;
char *free_first_avail;
 #ifdef ALLOC_USE_MALLOC
void *allocation_list;
 #endif
#ifdef POOL_DEBUG
struct ap_pool_t *joined;
 #endif
int (*apr_abort)(int retcode);
struct datastruct *prog_data;
 } ap_pool_t;

To enable allocation debugging simply move the #define ALLOC_DEBUG above the start of the comments block and rebuild the server.

Note

In order to use the various options the server must be rebuilt after editing the header file.

developer/documenting.html100644 0 0 10201 10422374276 13415 0ustar 0 0 Documenting Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Documenting Apache 2.0

Apache 2.0 uses Doxygen to document the APIs and global variables in the the code. This will explain the basics of how to document using Doxygen.

top

Brief Description

To start a documentation block, use /**
To end a documentation block, use */

In the middle of the block, there are multiple tags we can use:

Description of this functions purpose
@param parameter_name description
@return description
@deffunc signature of the function

The deffunc is not always necessary. DoxyGen does not have a full parser in it, so any prototype that use a macro in the return type declaration is too complex for scandoc. Those functions require a deffunc. An example (using &gt; rather than >):

/**
 * return the final element of the pathname
 * @param pathname The path to get the final element of
 * @return the final element of the path
 * @tip Examples:
 * <pre>
 * "/foo/bar/gum" -&gt; "gum"
 * "/foo/bar/gum/" -&gt; ""
 * "gum" -&gt; "gum"
 * "wi\\n32\\stuff" -&gt; "stuff"
 * </pre>
 * @deffunc const char * ap_filename_of_pathname(const char *pathname)
 */

At the top of the header file, always include:

/**
 * @package Name of library header
 */

Doxygen uses a new HTML file for each package. The HTML files are named {Name_of_library_header}.html, so try to be concise with your names.

For a further discussion of the possibilities please refer to the Doxygen site.

developer/filters.html100644 0 0 27701 10422374276 12566 0ustar 0 0 How filters work in Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

How filters work in Apache 2.0

Warning

This is a cut 'n paste job from an email (<022501c1c529$f63a9550$7f00000a@KOJ>) and only reformatted for better readability. It's not up to date but may be a good start for further research.

top

Filter Types

There are three basic filter types (each of these is actually broken down into two categories, but that comes later).

CONNECTION
Filters of this type are valid for the lifetime of this connection. (AP_FTYPE_CONNECTION, AP_FTYPE_NETWORK)
PROTOCOL
Filters of this type are valid for the lifetime of this request from the point of view of the client, this means that the request is valid from the time that the request is sent until the time that the response is received. (AP_FTYPE_PROTOCOL, AP_FTYPE_TRANSCODE)
RESOURCE
Filters of this type are valid for the time that this content is used to satisfy a request. For simple requests, this is identical to PROTOCOL, but internal redirects and sub-requests can change the content without ending the request. (AP_FTYPE_RESOURCE, AP_FTYPE_CONTENT_SET)

It is important to make the distinction between a protocol and a resource filter. A resource filter is tied to a specific resource, it may also be tied to header information, but the main binding is to a resource. If you are writing a filter and you want to know if it is resource or protocol, the correct question to ask is: "Can this filter be removed if the request is redirected to a different resource?" If the answer is yes, then it is a resource filter. If it is no, then it is most likely a protocol or connection filter. I won't go into connection filters, because they seem to be well understood. With this definition, a few examples might help:

Byterange
We have coded it to be inserted for all requests, and it is removed if not used. Because this filter is active at the beginning of all requests, it can not be removed if it is redirected, so this is a protocol filter.
http_header
This filter actually writes the headers to the network. This is obviously a required filter (except in the asis case which is special and will be dealt with below) and so it is a protocol filter.
Deflate
The administrator configures this filter based on which file has been requested. If we do an internal redirect from an autoindex page to an index.html page, the deflate filter may be added or removed based on config, so this is a resource filter.

The further breakdown of each category into two more filter types is strictly for ordering. We could remove it, and only allow for one filter type, but the order would tend to be wrong, and we would need to hack things to make it work. Currently, the RESOURCE filters only have one filter type, but that should change.

top

How are filters inserted?

This is actually rather simple in theory, but the code is complex. First of all, it is important that everybody realize that there are three filter lists for each request, but they are all concatenated together. So, the first list is r->output_filters, then r->proto_output_filters, and finally r->connection->output_filters. These correspond to the RESOURCE, PROTOCOL, and CONNECTION filters respectively. The problem previously, was that we used a singly linked list to create the filter stack, and we started from the "correct" location. This means that if I had a RESOURCE filter on the stack, and I added a CONNECTION filter, the CONNECTION filter would be ignored. This should make sense, because we would insert the connection filter at the top of the c->output_filters list, but the end of r->output_filters pointed to the filter that used to be at the front of c->output_filters. This is obviously wrong. The new insertion code uses a doubly linked list. This has the advantage that we never lose a filter that has been inserted. Unfortunately, it comes with a separate set of headaches.

The problem is that we have two different cases were we use subrequests. The first is to insert more data into a response. The second is to replace the existing response with an internal redirect. These are two different cases and need to be treated as such.

In the first case, we are creating the subrequest from within a handler or filter. This means that the next filter should be passed to make_sub_request function, and the last resource filter in the sub-request will point to the next filter in the main request. This makes sense, because the sub-request's data needs to flow through the same set of filters as the main request. A graphical representation might help:

Default_handler --> includes_filter --> byterange --> ...

If the includes filter creates a sub request, then we don't want the data from that sub-request to go through the includes filter, because it might not be SSI data. So, the subrequest adds the following:

    
Default_handler --> includes_filter -/-> byterange --> ...
                                    /
Default_handler --> sub_request_core

What happens if the subrequest is SSI data? Well, that's easy, the includes_filter is a resource filter, so it will be added to the sub request in between the Default_handler and the sub_request_core filter.

The second case for sub-requests is when one sub-request is going to become the real request. This happens whenever a sub-request is created outside of a handler or filter, and NULL is passed as the next filter to the make_sub_request function.

In this case, the resource filters no longer make sense for the new request, because the resource has changed. So, instead of starting from scratch, we simply point the front of the resource filters for the sub-request to the front of the protocol filters for the old request. This means that we won't lose any of the protocol filters, neither will we try to send this data through a filter that shouldn't see it.

The problem is that we are using a doubly-linked list for our filter stacks now. But, you should notice that it is possible for two lists to intersect in this model. So, you do you handle the previous pointer? This is a very difficult question to answer, because there is no "right" answer, either method is equally valid. I looked at why we use the previous pointer. The only reason for it is to allow for easier addition of new servers. With that being said, the solution I chose was to make the previous pointer always stay on the original request.

This causes some more complex logic, but it works for all cases. My concern in having it move to the sub-request, is that for the more common case (where a sub-request is used to add data to a response), the main filter chain would be wrong. That didn't seem like a good idea to me.

top

Asis

The final topic. :-) Mod_Asis is a bit of a hack, but the handler needs to remove all filters except for connection filters, and send the data. If you are using mod_asis, all other bets are off.

top

Explanations

The absolutely last point is that the reason this code was so hard to get right, was because we had hacked so much to force it to work. I wrote most of the hacks originally, so I am very much to blame. However, now that the code is right, I have started to remove some hacks. Most people should have seen that the reset_filters and add_required_filters functions are gone. Those inserted protocol level filters for error conditions, in fact, both functions did the same thing, one after the other, it was really strange. Because we don't lose protocol filters for error cases any more, those hacks went away. The HTTP_HEADER, Content-length, and Byterange filters are all added in the insert_filters phase, because if they were added earlier, we had some interesting interactions. Now, those could all be moved to be inserted with the HTTP_IN, CORE, and CORE_IN filters. That would make the code easier to follow.

developer/hooks.html100644 0 0 24650 10422374276 12241 0ustar 0 0 Apache 2.0 Hook Functions - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 2.0 Hook Functions

Warning

This document is still in development and may be partially out of date.

In general, a hook function is one that Apache will call at some point during the processing of a request. Modules can provide functions that are called, and specify when they get called in comparison to other modules.

top

Creating a hook function

In order to create a new hook, four things need to be done:

Declare the hook function

Use the AP_DECLARE_HOOK macro, which needs to be given the return type of the hook function, the name of the hook, and the arguments. For example, if the hook returns an int and takes a request_rec * and an int and is called do_something, then declare it like this:

AP_DECLARE_HOOK(int, do_something, (request_rec *r, int n))

This should go in a header which modules will include if they want to use the hook.

Create the hook structure

Each source file that exports a hook has a private structure which is used to record the module functions that use the hook. This is declared as follows:

APR_HOOK_STRUCT(
APR_HOOK_LINK(do_something)
...
 )

Implement the hook caller

The source file that exports the hook has to implement a function that will call the hook. There are currently three possible ways to do this. In all cases, the calling function is called ap_run_hookname().

Void hooks

If the return value of a hook is void, then all the hooks are called, and the caller is implemented like this:

AP_IMPLEMENT_HOOK_VOID(do_something, (request_rec *r, int n), (r, n))

The second and third arguments are the dummy argument declaration and the dummy arguments as they will be used when calling the hook. In other words, this macro expands to something like this:

void ap_run_do_something(request_rec *r, int n)
{
...
do_something(r, n);
 }

Hooks that return a value

If the hook returns a value, then it can either be run until the first hook that does something interesting, like so:

AP_IMPLEMENT_HOOK_RUN_FIRST(int, do_something, (request_rec *r, int n), (r, n), DECLINED)

The first hook that does not return DECLINED stops the loop and its return value is returned from the hook caller. Note that DECLINED is the tradition Apache hook return meaning "I didn't do anything", but it can be whatever suits you.

Alternatively, all hooks can be run until an error occurs. This boils down to permitting two return values, one of which means "I did something, and it was OK" and the other meaning "I did nothing". The first function that returns a value other than one of those two stops the loop, and its return is the return value. Declare these like so:

AP_IMPLEMENT_HOOK_RUN_ALL(int, do_something, (request_rec *r, int n), (r, n), OK, DECLINED)

Again, OK and DECLINED are the traditional values. You can use what you want.

Call the hook callers

At appropriate moments in the code, call the hook caller, like so:

int n, ret;
request_rec *r;

ret=ap_run_do_something(r, n);

top

Hooking the hook

A module that wants a hook to be called needs to do two things.

Implement the hook function

Include the appropriate header, and define a static function of the correct type:

static int my_something_doer(request_rec *r, int n)
{
...
return OK;
 }

Add a hook registering function

During initialisation, Apache will call each modules hook registering function, which is included in the module structure:

static void my_register_hooks()
{
ap_hook_do_something(my_something_doer, NULL, NULL, APR_HOOK_MIDDLE);
 }

mode MODULE_VAR_EXPORT my_module =
{
...
my_register_hooks /* register hooks */
 };

Controlling hook calling order

In the example above, we didn't use the three arguments in the hook registration function that control calling order. There are two mechanisms for doing this. The first, rather crude, method, allows us to specify roughly where the hook is run relative to other modules. The final argument control this. There are three possible values: APR_HOOK_FIRST, APR_HOOK_MIDDLE and APR_HOOK_LAST.

All modules using any particular value may be run in any order relative to each other, but, of course, all modules using APR_HOOK_FIRST will be run before APR_HOOK_MIDDLE which are before APR_HOOK_LAST. Modules that don't care when they are run should use APR_HOOK_MIDDLE. (I spaced these out so people could do stuff like APR_HOOK_FIRST-2 to get in slightly earlier, but is this wise? - Ben)

Note that there are two more values, APR_HOOK_REALLY_FIRST and APR_HOOK_REALLY_LAST. These should only be used by the hook exporter.

The other method allows finer control. When a module knows that it must be run before (or after) some other modules, it can specify them by name. The second (third) argument is a NULL-terminated array of strings consisting of the names of modules that must be run before (after) the current module. For example, suppose we want "mod_xyz.c" and "mod_abc.c" to run before we do, then we'd hook as follows:

static void register_hooks()
{
static const char * const aszPre[] = { "mod_xyz.c", "mod_abc.c", NULL };

ap_hook_do_something(my_something_doer, aszPre, NULL, APR_HOOK_MIDDLE);
 }

Note that the sort used to achieve this is stable, so ordering set by APR_HOOK_ORDER is preserved, as far as is possible.

Ben Laurie, 15th August 1999

developer/index.html100644 0 0 11361 10422374276 12220 0ustar 0 0 Developer Documentation for Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

Developer Documentation for Apache 2.0

Many of the documents on these Developer pages are lifted from Apache 1.3's documentation. While they are all being updated to Apache 2.0, they are in different stages of progress. Please be patient, and point out any discrepancies or errors on the developer/ pages directly to the dev@httpd.apache.org mailing list.

top

Topics

top

External Resources

developer/modules.html100644 0 0 26354 10422374276 12571 0ustar 0 0 Converting Modules from Apache 1.3 to Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Converting Modules from Apache 1.3 to Apache 2.0

This is a first attempt at writing the lessons I learned when trying to convert the mod_mmap_static module to Apache 2.0. It's by no means definitive and probably won't even be correct in some ways, but it's a start.

top

The easier changes ...

Cleanup Routines

These now need to be of type apr_status_t and return a value of that type. Normally the return value will be APR_SUCCESS unless there is some need to signal an error in the cleanup. Be aware that even though you signal an error not all code yet checks and acts upon the error.

Initialisation Routines

These should now be renamed to better signify where they sit in the overall process. So the name gets a small change from mmap_init to mmap_post_config. The arguments passed have undergone a radical change and now look like

Data Types

A lot of the data types have been moved into the APR. This means that some have had a name change, such as the one shown above. The following is a brief list of some of the changes that you are likely to have to make.

top

The messier changes...

Register Hooks

The new architecture uses a series of hooks to provide for calling your functions. These you'll need to add to your module by way of a new function, static void register_hooks(void). The function is really reasonably straightforward once you understand what needs to be done. Each function that needs calling at some stage in the processing of a request needs to be registered, handlers do not. There are a number of phases where functions can be added, and for each you can specify with a high degree of control the relative order that the function will be called in.

This is the code that was added to mod_mmap_static:

static void register_hooks(void)
{
    static const char * const aszPre[]={ "http_core.c",NULL };
    ap_hook_post_config(mmap_post_config,NULL,NULL,HOOK_MIDDLE);
    ap_hook_translate_name(mmap_static_xlat,aszPre,NULL,HOOK_LAST);
};

This registers 2 functions that need to be called, one in the post_config stage (virtually every module will need this one) and one for the translate_name phase. note that while there are different function names the format of each is identical. So what is the format?

ap_hook_phase_name(function_name, predecessors, successors, position);

There are 3 hook positions defined...

To define the position you use the position and then modify it with the predecessors and successors. Each of the modifiers can be a list of functions that should be called, either before the function is run (predecessors) or after the function has run (successors).

In the mod_mmap_static case I didn't care about the post_config stage, but the mmap_static_xlat must be called after the core module had done it's name translation, hence the use of the aszPre to define a modifier to the position HOOK_LAST.

Module Definition

There are now a lot fewer stages to worry about when creating your module definition. The old defintion looked like

module MODULE_VAR_EXPORT module_name_module =
{
    STANDARD_MODULE_STUFF,
    /* initializer */
    /* dir config creater */
    /* dir merger --- default is to override */
    /* server config */
    /* merge server config */
    /* command handlers */
    /* handlers */
    /* filename translation */
    /* check_user_id */
    /* check auth */
    /* check access */
    /* type_checker */
    /* fixups */
    /* logger */
    /* header parser */
    /* child_init */
    /* child_exit */
    /* post read-request */
};

The new structure is a great deal simpler...

module MODULE_VAR_EXPORT module_name_module =
{
    STANDARD20_MODULE_STUFF,
    /* create per-directory config structures */
    /* merge per-directory config structures  */
    /* create per-server config structures    */
    /* merge per-server config structures     */
    /* command handlers */
    /* handlers */
    /* register hooks */
};

Some of these read directly across, some don't. I'll try to summarise what should be done below.

The stages that read directly across :

/* dir config creater */
/* create per-directory config structures */
/* server config */
/* create per-server config structures */
/* dir merger */
/* merge per-directory config structures */
/* merge server config */
/* merge per-server config structures */
/* command table */
/* command apr_table_t */
/* handlers */
/* handlers */

The remainder of the old functions should be registered as hooks. There are the following hook stages defined so far...

ap_hook_post_config
this is where the old _init routines get registered
ap_hook_http_method
retrieve the http method from a request. (legacy)
ap_hook_open_logs
open any specified logs
ap_hook_auth_checker
check if the resource requires authorization
ap_hook_access_checker
check for module-specific restrictions
ap_hook_check_user_id
check the user-id and password
ap_hook_default_port
retrieve the default port for the server
ap_hook_pre_connection
do any setup required just before processing, but after accepting
ap_hook_process_connection
run the correct protocol
ap_hook_child_init
call as soon as the child is started
ap_hook_create_request
??
ap_hook_fixups
last chance to modify things before generating content
ap_hook_handler
generate the content
ap_hook_header_parser
lets modules look at the headers, not used by most modules, because they use post_read_request for this
ap_hook_insert_filter
to insert filters into the filter chain
ap_hook_log_transaction
log information about the request
ap_hook_optional_fn_retrieve
retrieve any functions registered as optional
ap_hook_post_read_request
called after reading the request, before any other phase
ap_hook_quick_handler
called before any request processing, used by cache modules.
ap_hook_translate_name
translate the URI into a filename
ap_hook_type_checker
determine and/or set the doc type
developer/request.html100644 0 0 33224 10422374276 12603 0ustar 0 0 Request Processing in Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Request Processing in Apache 2.0

Warning

Warning - this is a first (fast) draft that needs further revision!

Several changes in Apache 2.0 affect the internal request processing mechanics. Module authors need to be aware of these changes so they may take advantage of the optimizations and security enhancements.

The first major change is to the subrequest and redirect mechanisms. There were a number of different code paths in Apache 1.3 to attempt to optimize subrequest or redirect behavior. As patches were introduced to 2.0, these optimizations (and the server behavior) were quickly broken due to this duplication of code. All duplicate code has been folded back into ap_process_request_internal() to prevent the code from falling out of sync again.

This means that much of the existing code was 'unoptimized'. It is the Apache HTTP Project's first goal to create a robust and correct implementation of the HTTP server RFC. Additional goals include security, scalability and optimization. New methods were sought to optimize the server (beyond the performance of Apache 1.3) without introducing fragile or insecure code.

top

The Request Processing Cycle

All requests pass through ap_process_request_internal() in request.c, including subrequests and redirects. If a module doesn't pass generated requests through this code, the author is cautioned that the module may be broken by future changes to request processing.

To streamline requests, the module author can take advantage of the hooks offered to drop out of the request cycle early, or to bypass core Apache hooks which are irrelevant (and costly in terms of CPU.)

top

The Request Parsing Phase

Unescapes the URL

The request's parsed_uri path is unescaped, once and only once, at the beginning of internal request processing.

This step is bypassed if the proxyreq flag is set, or the parsed_uri.path element is unset. The module has no further control of this one-time unescape operation, either failing to unescape or multiply unescaping the URL leads to security reprecussions.

Strips Parent and This Elements from the URI

All /../ and /./ elements are removed by ap_getparents(). This helps to ensure the path is (nearly) absolute before the request processing continues.

This step cannot be bypassed.

Initial URI Location Walk

Every request is subject to an ap_location_walk() call. This ensures that <Location> sections are consistently enforced for all requests. If the request is an internal redirect or a sub-request, it may borrow some or all of the processing from the previous or parent request's ap_location_walk, so this step is generally very efficient after processing the main request.

translate_name

Modules can determine the file name, or alter the given URI in this step. For example, mod_vhost_alias will translate the URI's path into the configured virtual host, mod_alias will translate the path to an alias path, and if the request falls back on the core, the DocumentRoot is prepended to the request resource.

If all modules DECLINE this phase, an error 500 is returned to the browser, and a "couldn't translate name" error is logged automatically.

Hook: map_to_storage

After the file or correct URI was determined, the appropriate per-dir configurations are merged together. For example, mod_proxy compares and merges the appropriate <Proxy> sections. If the URI is nothing more than a local (non-proxy) TRACE request, the core handles the request and returns DONE. If no module answers this hook with OK or DONE, the core will run the request filename against the <Directory> and <Files> sections. If the request 'filename' isn't an absolute, legal filename, a note is set for later termination.

URI Location Walk

Every request is hardened by a second ap_location_walk() call. This reassures that a translated request is still subjected to the configured <Location> sections. The request again borrows some or all of the processing from its previous location_walk above, so this step is almost always very efficient unless the translated URI mapped to a substantially different path or Virtual Host.

Hook: header_parser

The main request then parses the client's headers. This prepares the remaining request processing steps to better serve the client's request.

top

The Security Phase

Needs Documentation. Code is:

switch (ap_satisfies(r)) {
case SATISFY_ALL:
case SATISFY_NOSPEC:
    if ((access_status = ap_run_access_checker(r)) != 0) {
        return decl_die(access_status, "check access", r);
    }

    if (ap_some_auth_required(r)) {
        if (((access_status = ap_run_check_user_id(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check user.  No user file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }

        if (((access_status = ap_run_auth_checker(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check access.  No groups file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }
    }
    break;

case SATISFY_ANY:
    if (((access_status = ap_run_access_checker(r)) != 0)) {
        if (!ap_some_auth_required(r)) {
            return decl_die(access_status, "check access", r);
        }

        if (((access_status = ap_run_check_user_id(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check user.  No user file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }

        if (((access_status = ap_run_auth_checker(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check access.  No groups file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }
    }
    break;
}
top

The Preparation Phase

Hook: type_checker

The modules have an opportunity to test the URI or filename against the target resource, and set mime information for the request. Both mod_mime and mod_mime_magic use this phase to compare the file name or contents against the administrator's configuration and set the content type, language, character set and request handler. Some modules may set up their filters or other request handling parameters at this time.

If all modules DECLINE this phase, an error 500 is returned to the browser, and a "couldn't find types" error is logged automatically.

Hook: fixups

Many modules are 'trounced' by some phase above. The fixups phase is used by modules to 'reassert' their ownership or force the request's fields to their appropriate values. It isn't always the cleanest mechanism, but occasionally it's the only option.

top

The Handler Phase

This phase is not part of the processing in ap_process_request_internal(). Many modules prepare one or more subrequests prior to creating any content at all. After the core, or a module calls ap_process_request_internal() it then calls ap_invoke_handler() to generate the request.

Hook: insert_filter

Modules that transform the content in some way can insert their values and override existing filters, such that if the user configured a more advanced filter out-of-order, then the module can move its order as need be. There is no result code, so actions in this hook better be trusted to always succeed.

Hook: handler

The module finally has a chance to serve the request in its handler hook. Note that not every prepared request is sent to the handler hook. Many modules, such as mod_autoindex, will create subrequests for a given URI, and then never serve the subrequest, but simply lists it for the user. Remember not to put required teardown from the hooks above into this module, but register pool cleanups against the request pool to free resources as required.

developer/thread_safety.html100644 0 0 36054 10422374276 13741 0ustar 0 0 Apache 2.0 Thread Safety Issues - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 2.0 Thread Safety Issues

When using any of the threaded mpms in Apache 2.0 it is important that every function called from Apache be thread safe. When linking in 3rd party extensions it can be difficult to determine whether the resulting server will be thread safe. Casual testing generally won't tell you this either as thread safety problems can lead to subtle race conditons that may only show up in certain conditions under heavy load.

top

Global and static variables

When writing your module or when trying to determine if a module or 3rd party library is thread safe there are some common things to keep in mind.

First, you need to recognize that in a threaded model each individual thread has its own program counter, stack and registers. Local variables live on the stack, so those are fine. You need to watch out for any static or global variables. This doesn't mean that you are absolutely not allowed to use static or global variables. There are times when you actually want something to affect all threads, but generally you need to avoid using them if you want your code to be thread safe.

In the case where you have a global variable that needs to be global and accessed by all threads, be very careful when you update it. If, for example, it is an incrementing counter, you need to atomically increment it to avoid race conditions with other threads. You do this using a mutex (mutual exclusion). Lock the mutex, read the current value, increment it and write it back and then unlock the mutex. Any other thread that wants to modify the value has to first check the mutex and block until it is cleared.

If you are using APR, have a look at the apr_atomic_* functions and the apr_thread_mutex_* functions.

top

errno

This is a common global variable that holds the error number of the last error that occurred. If one thread calls a low-level function that sets errno and then another thread checks it, we are bleeding error numbers from one thread into another. To solve this, make sure your module or library defines _REENTRANT or is compiled with -D_REENTRANT. This will make errno a per-thread variable and should hopefully be transparent to the code. It does this by doing something like this:

#define errno (*(__errno_location()))

which means that accessing errno will call __errno_location() which is provided by the libc. Setting _REENTRANT also forces redefinition of some other functions to their *_r equivalents and sometimes changes the common getc/putc macros into safer function calls. Check your libc documentation for specifics. Instead of, or in addition to _REENTRANT the symbols that may affect this are _POSIX_C_SOURCE, _THREAD_SAFE, _SVID_SOURCE, and _BSD_SOURCE.

top

Common standard troublesome functions

Not only do things have to be thread safe, but they also have to be reentrant. strtok() is an obvious one. You call it the first time with your delimiter which it then remembers and on each subsequent call it returns the next token. Obviously if multiple threads are calling it you will have a problem. Most systems have a reentrant version of of the function called strtok_r() where you pass in an extra argument which contains an allocated char * which the function will use instead of its own static storage for maintaining the tokenizing state. If you are using APR you can use apr_strtok().

crypt() is another function that tends to not be reentrant, so if you run across calls to that function in a library, watch out. On some systems it is reentrant though, so it is not always a problem. If your system has crypt_r() chances are you should be using that, or if possible simply avoid the whole mess by using md5 instead.

top

Common 3rd Party Libraries

The following is a list of common libraries that are used by 3rd party Apache modules. You can check to see if your module is using a potentially unsafe library by using tools such as ldd(1) and nm(1). For PHP, for example, try this:

% ldd libphp4.so
libsablot.so.0 => /usr/local/lib/libsablot.so.0 (0x401f6000)
libexpat.so.0 => /usr/lib/libexpat.so.0 (0x402da000)
libsnmp.so.0 => /usr/lib/libsnmp.so.0 (0x402f9000)
libpdf.so.1 => /usr/local/lib/libpdf.so.1 (0x40353000)
libz.so.1 => /usr/lib/libz.so.1 (0x403e2000)
libpng.so.2 => /usr/lib/libpng.so.2 (0x403f0000)
libmysqlclient.so.11 => /usr/lib/libmysqlclient.so.11 (0x40411000)
libming.so => /usr/lib/libming.so (0x40449000)
libm.so.6 => /lib/libm.so.6 (0x40487000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x404a8000)
libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x404e7000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40505000)
libssl.so.2 => /lib/libssl.so.2 (0x40532000)
libcrypto.so.2 => /lib/libcrypto.so.2 (0x40560000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40624000)
libdl.so.2 => /lib/libdl.so.2 (0x40634000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40637000)
libc.so.6 => /lib/libc.so.6 (0x4064b000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

In addition to these libraries you will need to have a look at any libraries linked statically into the module. You can use nm(1) to look for individual symbols in the module.

top

Library List

Please drop a note to dev@httpd.apache.org if you have additions or corrections to this list.

LibraryVersionThread Safe?Notes
ASpell/PSpell ?
Berkeley DB 3.x, 4.x Yes Be careful about sharing a connection across threads.
bzip2 Yes Both low-level and high-level APIs are thread-safe. However, high-level API requires thread-safe access to errno.
cdb ?
C-Client Perhaps c-client uses strtok() and gethostbyname() which are not thread-safe on most C library implementations. c-client's static data is meant to be shared across threads. If strtok() and gethostbyname() are thread-safe on your OS, c-client may be thread-safe.
cpdflib ?
libcrypt ?
Expat Yes Need a separate parser instance per thread
FreeTDS ?
FreeType ?
GD 1.8.x ?
GD 2.0.x ?
gdbm No Errors returned via a static gdbm_error variable
ImageMagick 5.2.2 Yes ImageMagick docs claim it is thread safe since version 5.2.2 (see Change log).
Imlib2 ?
libjpeg v6b ?
libmysqlclient Yes Use mysqlclient_r library variant to ensure thread-safety. For more information, please read http://www.mysql.com/doc/en/Threaded_clients.html.
Ming 0.2a ?
Net-SNMP 5.0.x ?
OpenLDAP 2.1.x Yes Use ldap_r library variant to ensure thread-safety.
OpenSSL 0.9.6g Yes Requires proper usage of CRYPTO_num_locks, CRYPTO_set_locking_callback, CRYPTO_set_id_callback
liboci8 (Oracle 8+) 8.x,9.x ?
pdflib 5.0.x Yes PDFLib docs claim it is thread safe; changes.txt indicates it has been partially thread-safe since V1.91: http://www.pdflib.com/products/pdflib/index.html.
libpng 1.0.x ?
libpng 1.2.x ?
libpq (PostgreSQL) 7.x Yes Don't share connections across threads and watch out for crypt() calls
Sablotron 0.95 ?
zlib 1.1.4 Yes Relies upon thread-safe zalloc and zfree functions Default is to use libc's calloc/free which are thread-safe.
dns-caveats.html100644 0 0 24043 10422374276 11335 0ustar 0 0 DNS ġ õ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

DNS ġ õ

ֽ ƴմϴ. ֱٿ ϼ.

ִ. ġ DNS ʵ ϶. ġ дµ DNS ʿϴٸ ŷڼ ( ȵ ִ) Ȥ 񽺰ź ݰ (ڰ ٸ ڿ ä Ͽ) 񽺵(theft of service) ݿ ô޸ ִ.

top

<VirtualHost www.abc.dom>
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

ġ ϱؼ ȣƮ ΰ ʿϴ. ServerName ٸ ּ Ѱ IP ̴ּ. IP ּҰ ⶧, ġ DNS Ͽ www.abc.dom ּҸ ãƾ Ѵ.  DNS ٸ ȣƮ . ȣƮ û . (ġ 1.2 õ Ѵ.)

www.abc.dom ּҰ 10.0.0.1̶ . ׸ :

<VirtualHost 10.0.0.1>
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

ġ ȣƮ ServerName ã DNS ؾ Ѵ. ãⰡ ϸ ġ ȣƮ κ . (ġ 1.2 õ Ѵ.) , ̸ ȣƮ ȣƮ ʰ, ip̶ κ Ѵ. ׷ ġ Ͽ ü URL Ѵٸ URL Ѵ.

Ʒ ΰ .

<VirtualHost 10.0.0.1>
ServerName www.abc.dom
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

top

񽺰ź (Denial of Service)

(ּ) ΰ 񽺰źΰ ߻ ִ. ġ 1.2  ȣƮ DNS ˻ ϸ ʴ´. DNS ִ. , abc.dom Ʈ̰ ڽ DNS Ѵٸ, www.abc.dom ڵ带 ⸸ ص (1.2 ) Ѵ.

ξ Ȱ ִ. 캸:

<VirtualHost www.abc.dom>
  ServerAdmin webgirl@abc.dom
  DocumentRoot /www/abc
</VirtualHost>

<VirtualHost www.def.dom>
  ServerAdmin webguy@def.dom
  DocumentRoot /www/def
</VirtualHost>

www.abc.dom 10.0.0.1, www.def.dom 10.0.0.2 Ҵߴٰ . , def.dom ü DNS Ѵٰ . Բ def.dom abc.dom ç ִ ҿ ξ. ׷ٸ ׵ www.def.dom 10.0.0.1 ϱ⸸ ϸ ȴ. ׵ ü DNS ϱ⶧ ׵ ϴµ www.def.dom ڵ带 ϴ .

http://www.abc.dom/whatever URL Էϴ 츦 Ͽ) 10.0.0.1 û def.dom ȣƮ ϰ ȴ. ̷ Ͼ Ϸ ġ  ȣƮ û óϴ ʿϴ. 밭 ִ.

top

"ּ" ּ

ġ 1.1 ̸ ȣƮ ԵǾ⶧ ġ ϴ ȣƮ IP ּ() ʿ䰡 . ּҴ (ִٸ) ServerName Ȥ C Լ gethostname (Ʈ "hostname" Է ) ´. ׷ ּҷ DNS ˻ Ѵ. ˻ .

DNS ׾ ˻ ٸ /etc/hosts ȣƮ ִ. (ǻͰ õǾٸ Ƹ ̹ ̴.) ׸ DNS ϸ /etc/hosts ϴ Ȯ϶. ϴ ü /etc/resolv.conf Ȥ /etc/nsswitch.conf ϸ ̴.

 DNS ˻ϸ ȵȴٸ HOSTRESORDER ȯ溯 "local" ϰ ġ ִ. mod_env Ͽ ȯ ʴ´ٸ ȯ溯 CGI ش. ü manpage FAQ ϴ .

top

ϱ

top

η: δ

DNS õ Ȳ ſ ٶ ϴ. ġ 1.2 츮 DNS 쿡 ּ . · Ͽ IP ּҸ 䱸ϴ ȣ ٽ ؾ ͳݿ ſ ٶ ϴ.

񽺵 Ѱ ˻ IP ּҿ ٽ DNS ˻ Ͽ ̸ ϴ ̴. ٸ ȣƮ ִ. DNS ùٷ Ǿ Ѵ. (FTP TCP wrapper "ߺ-" DNS ˻ ϱ⶧ κ ڿ ͼ ̴.)

· IP ּҸ DNS ȣƮ ְ . Ϻθ ϴ Ͱ κ ذå ü ʴ ͺ ִ.

HTTP/1.1 ԰ Ͻð Host Ƿ IP ȣƮ ʴ ̴. ׷ ߿ DNS ˻ ʿ䰡 . ׷ 1997 3 ߿ ̸ ȣƮ θ ʾҴ.

dso.html100644 0 0 32377 10422374276 7723 0ustar 0 0 ü (DSO) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ü (DSO)

ֽ ƴմϴ. ֱٿ ϼ.

ġ ڰ Ͽ ִ ȭ α׷̴. Ҷ httpd Ͽ ִ. ƴϸ httpd ϰ иϿ ü(Dynamic Shared Objects, DSO) ִ. DSO Ҷ ϰų, Apache Extension Tool (apxs) Ͽ ߿ Ͽ ߰ ִ.

DSO ̷ Ѵ.

top

õ õ þ

ġ ٽɿ ؾ mod_so.c ġ о̱ DSO Ѵ. core ϰ DSO ̴. ٸ ġ ġ configure --enable-module=shared ɼ Ͽ DSO ִ. mod_foo.so DSO httpd.conf Ͽ mod_so LoadModule ɾ Ͽ ۽ Ȥ ۽ о ִ.

ġ (Ư ڰ ) DSO apxs (APache eXtenSion) ο α׷ ִ. α׷ ġ ҽ Ʈ ۿ DSO Ҷ Ѵ. . ġ ġҶ configure make install ġ C ġϰ, DSO ϱ ÷ Ư Ϸ ɼǰ Ŀ ɼ apxs α׷ Ѵ. ׷ apxs ϴ ڴ ġ ҽ Ʈ, DSO ÷ Ư Ϸ ɼǿ Ŀ ɼǿ Ű ʰ ڽ ġ ҽ ִ.

top

Apache 2.0 DSO ɿ ª ̴:

  1. ִ ġ ϰ ġϴ . mod_foo.c DSO mod_foo.so:

    $ ./configure --prefix=/path/to/install --enable-foo=shared
    $ make install

  2. ڰ ġ ϰ ġϴ . mod_foo.c DSO mod_foo.so:

    $ ./configure --add-module=module_type:/path/to/3rdparty/mod_foo.c --enable-foo=shared
    $ make install

  3. ߿ ϱ ġ ϴ :

    $ ./configure --enable-so
    $ make install

  4. ڰ ġ ϰ ġϴ . apxs Ͽ ġ ҽ Ʈ ۿ mod_foo.c DSO mod_foo.so:

    $ cd /path/to/3rdparty
    $ apxs -c mod_foo.c
    $ apxs -i -a -n foo mod_foo.la

ϴ ϵǸ, httpd.conf LoadModule þ Ͽ ġ о̰ .

top

н ü (DSO) ŷ/ε(dynamic linking/loading)̶ Ͽ, Ư ڵ α׷ ּҰ о̴ ִ.

ΰ о ִ. ϳ α׷ Ҷ ld.so ý α׷ ڵ о̴ , ٸ ϳ α׷ dlopen()/dlsym() ýȣ н δ(loader) ý ̽ Ͽ о̴ .

ù° DSO ̺귯(shared libraries) Ȥ DSO ̺귯 θ, libfoo.so libfoo.so.1.2 ̸ . ̵ ý 丮( /usr/lib) ְ, Ͻ Ŀ ɾ -lfoo ־ ϰ Ѵ. ̷ ̺귯 Ͽ ǿ, α׷ Ҷ Ŀ ɼ -R , ȯ溯 LD_LIBRARY_PATH Ȥ /usr/lib н δ libfoo.so ã ִ. ׷ α׷ ( ã(unresolved)) ɺ(symbol) DSO ãԵȴ.

DSO α׷ ɺ ãʱ (DSO 밡 Ϲ ڵ ̺귯̹Ƿ) ã ⼭ . н δ ɺ ã⸦ ϹǷ α׷ DSO ɺ ã ʿ䰡 . ( ld.so θ ڵ ƴ α׷ ũǴ ڵ Ϻδ.) ̺귯 ڵ带 о̴ Ȯϴ. ̺귯 ڵ尡 α׷ ߺؼ Ǵ libc.so ý ̺귯 ѹ DZ ũ ȴ.

ι° DSO ü(shared objects) Ȥ DSO ̶ θ, (Ģ ̸ foo.so) Ȯڴ Ӵ. ϵ α׷ ü 丮 ġϰ α׷ ڵ ʴ´. α׷ dlopen() Ͽ DSO ּҰ о鿩 Ѵ. ̶ α׷ DSO ɺ ã ʴ´. տ н δ ڵ ϰ ̹ о DSO ̺귯(Ư ׻ ϴ libc.so ɺ) DSO ( ã) ɺ ã´. ׷ DSO ġ ó α׷ ũȰͰ ɺ ˰Եȴ.

DSO API ̿ϱؼ α׷ dlsym() DSO Ư ɺ ãƼ, ϱ ġ(dispatch) ǥ Ѵ. ٸ α׷ Ǻ ãƾѴ. ̷ α׷ Ϻθ α׷ ʿҶ о ʾƵ (׷ ޸𸮸 ʰ) ȴٴ ̴. ⺻ α׷ Ȯϱ ʿ κ о ִ.

̷ DSO ڿ , ּ Ѱִ. α׷ Ȯϱ DSO Ҷ DSO α׷ ɺ ã ̴. ? DSO α׷ ɺ " ã " (̺귯 ڽ ϴ α׷ 𸥴ٴ) ̺귯 迡 ϸ, ÷ ʰ ǥȭ ʾұ ̴. ɺ(global symbol) ͽƮ(export) ʱ⶧ DSO . DSO Ͽ α׷ ȮϷ Ŀ ɺ ͽƮϵ ϴ ֵ ذå̴.

̺귯 DSO Ģ ̱⶧ ü ϴ ̺귯 Ѵ. ݴ α׷ α׷ Ȯϱ ü ʴ´.

1998 Ȯϱ DSO Ʈ Ű (XS DynaLoader ) Perl 5, Netscape Server 幰. ġ ̹ Ȯϱ ߰ ܺ ġ ٽɱɿ ϱ ġ ̿ ٹ ߱⶧ 1.3 뿭 շߴ. ׷ ġ о̴µ DSO ϵ .

top

տ DSO ϸ ִ:

DSO ִ:

env.html100644 0 0 45465 10422374276 7730 0ustar 0 0 ġ ȯ溯 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ġ ȯ溯

ֽ ƴմϴ. ֱٿ ϼ.

ġ ȯ溯(environment variable) ִ. Ͽ α׳ ۾ Ѵ. , ȯ溯 CGI ũƮ ܺ α׷ ϴ ȴ. ȯ溯 ٷ ϴ پ Ѵ.

ȯ溯 θ, ü ϴ ȯ溯 ٸ. ġ ο ǰ ȴ. ȯ溯 CGI ũƮ Server Side Include ũƮ Ѱ ü ȯ溯 ȴ. ϴ ü ȯ ϰ ʹٸ ü ȯ ؾ Ѵ.

top

ȯ溯 ϱ

õ õ þ

⺻ ȯ漳

ġ ȯ溯 ϴ ⺻ SetEnv þ ϴ ̴. PassEnv þ Ͽ ȯ溯 ִ.

û Ǻ

ϰ, mod_setenvif ϴ þ û û Ư¡ ȯ溯 Ѵ. , Ư (User-Agent) ûϰų Ư Referer ( Ʋ ʾҴ) ִ 쿡 ִ. mod_rewrite ִ RewriteRule [E=...] ɼ Ͽ ϰ ȯ溯 ִ.

ĺ

mod_unique_id û  쿡 "" û߿ Ȯ (ġ) UNIQUE_ID ȯ溯 Ѵ.

ǥ CGI

CGI ũƮ SSI ġ Ͽų ȯ溯 ܿ ߰ CGI Ծ û ˷ִ ȯ溯 ޴´.

top

ȯ溯 ϱ

õ õ þ

CGI ũƮ

ȯ溯 ֵ 뵵 ϳ CGI ũƮ ȯϴ ̴. տ ߵ ġ ܿ û ǥ CGI ũƮ Ѿ. ڼ CGI 丮 ϶.

SSI

mod_include INCLUDES Ͱ óϴ Ľ (SSI) echo Ҹ Ͽ ȯ溯 ְ, ȯ溯 Ͽ û Ư¡ 帧 ҷ Ϻθ ִ. ġ SSI ǥ CGI ȯ溯 Ѵ. ڼ SSI 丮 ϶.

allow from env= deny from env= þ Ͽ ȯ溯 ִ. SetEnvIf ϸ Ŭ̾Ʈ Ư¡ Ӱ ִ. , Ư (User-Agent) ź ִ.

Ǻ α

LogFormat %e ɼ Ͽ ȯ溯 α׿ ִ. , CustomLog þ Ǻ ϸ ȯ溯 Ȳ û α θ ִ. SetEnvIf Ͽ  û α Ӱ ִ. , ϸ gif û α ʰų, ܺ Ʈ ִ Ŭ̾Ʈ û α ִ.

Ǻ

Header þ Ŭ̾Ʈ ȯ溯  HTTP ִ. , Ŭ̾Ʈ û Ư ִ 쿡  ִ.

ܺ ϱ

mod_ext_filter ExtFilterDefine þ ܺ ͸ disableenv= enableenv= ɼ Ͽ ȯ溯 ִ.

URL ۼ(Rewriting)

RewriteCond TestString %{ENV:...} ϸ mod_rewrite ۼ ȯ溯 ٸ ൿѴ. mod_rewrite տ ENV: ʰ ϴ ȯ溯 ƴ ϶. ׵ ٸ ⿡ mod_rewrite .

top

Ư ȯ溯

Ŭ̾Ʈ Ȱ ϱ ġ Ư Ŭ̾Ʈ ڽ ൿ Ѵ. BrowserMatch ȯ溯 Ͽ ̷ ذѴ. ׷ SetEnv PassEnvε ϴ.

downgrade-1.0

û ϴ HTTP/1.0 û óѴ.

force-gzip

DEFLATE ͸ Ҷ ȯ溯 accept-encoding ϰ .

force-no-vary

Ŭ̾Ʈ Vary ʵ带 .  Ŭ̾Ʈ ʵ带 ؼ Ѵ. ̷ ذѴ. , force-response-1.0 Ѵ.

force-response-1.0

HTTP/1.0 û ϴ Ŭ̾Ʈ HTTP/1.0 Ѵ. AOL Ͻÿ ־ .  HTTP/1.0 Ŭ̾Ʈ HTTP/1.1 Ƿ, ذϱ Ѵ.

gzip-only-text/html

"1"̸ text/html ƴ content-type mod_deflate DEFLATE ͸ ʴ´. (gzip Ӹ ƴ϶ "identity" ƴ ڵ) 쿡 mod_negotiation Ѵ.

no-gzip

ɼ ϸ mod_deflate DEFLATE ͸ ʰ, mod_negotiation ڵ ڿ ʴ´.

nokeepalive

KeepAlive Ѵ.

prefer-language

mod_negotiation ൿ ģ. (en, ja, x-klingon ) ±׸ ִٸ, mod_negotiation õѴ. ׷ ٸ Ϲ Ѵ.

redirect-carefully

Ŭ̾Ʈ ̷ . ̷ óϴµ ִ Ŭ̾Ʈ Ѵ. Microsoft WebFolders Ʈ DAV ޽带 丮 ڿ ̷ óϴµ ־ .

suppress-error-charset

2.0.40 ִ

ġ Ŭ̾Ʈ û ̷ Ŭ̾Ʈ ڵ ̷ ϴ(Ȥ ʴ) 쿡 Ͽ 信 ڿ Ѵ. ġ ġ ϴ ISO-8859-1 ǥѴ.

׷ ̷ǵ ٸ  ̻ ƴ϶ ̷ Ϸ Ѵ. , ׸ ̻ϰ ִ.

ȯ溯 ġ ̷ ʵ Ͽ, ̷ ùٷ ϰ .

top

߸ ϴ Ŭ̾Ʈ ൿ ϱ

Ŭ̾Ʈ ̹ ˷ ذϱ httpd.conf ϱ ٶ.

#
#  þ Ϲ HTTP  Ѵ.
# ù° þ Netscape 2.x ̸  
# keepalive  ʴ´. ̵    ִ.
# ι° þ HTTP/1.1  ߸Ǿ 301̳ 302
# (̷) 信  keepalive  
# ϴ Microsoft Internet Explorer 4.0b2  ̴.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

#
#  þ ⺻ HTTP/1.1   Ͽ
# HTTP/1.0 Ծ   HTTP/1.1   ʴ´.
#
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

α׿ ̹ û α ʱ

̹ û α׿ ʴ´. Ư 丮 Ȥ Ư ȣƮ û α ʵ ִ.

SetEnvIf Request_URI \.gif image-request
SetEnvIf Request_URI \.jpg image-request
SetEnvIf Request_URI \.png image-request
CustomLog logs/access_log common env=!image-request

"̹ "

ڰ ִ ̹ ϵ ϴ Ѵ. , ѵ 쿡 Ѵ. 츮 ̹ /web/images 丮 ȿ ִٰ Ѵ.

SetEnvIf Referer "^http://www.example.com/" local_referal
# Referer   ʴ  Ѵ
SetEnvIf Referer "^$" local_referal
<Directory /web/images>
   Order Deny,Allow
   Deny from all
   Allow from env=local_referal
</Directory>

ڼ ApacheToday 丮 " Keeping Your Images from Adorning Other Sites" ϶.

faq/all_in_one.html100644 0 0 22663 10422374276 12001 0ustar 0 0  (FAQ) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > FAQ

 (FAQ)

ֽ ƴմϴ. ֱٿ ϼ.

FAQ ֽ ġ Ʈ <http://httpd.apache.org/docs/2.2/faq/> ִ.

ġ 2.0 ȵǼ 츮  (FAQ) 𸥴. ä ⿡ ش ٸ ġ 1.3 FAQ ϶.

top

 ذϳ?
ΰ?
top

" ... ȵdz? ... ʴ°?"

ġ Ʈ ܰ踦 :

α(errorlog) Ȯ϶!
ġ ַ Ѵ. α׿ ڼ Ѵ. ̰͸ε (ϱ ) ߰ϰ ĥ ִ 찡 . α ⺻ ġ /usr/local/apache2/logs/error_log, Ȯ ġ ErrorLog þ ϶.
FAQ Ȯ϶!
ġ Ʈ ׻ ġ FAQ ֽ ִ.
ġ ͺ̽ Ȯ϶
ġ׷(The Apache Group) κ ͺ̽ ϵȴ. ׸ ߰ϱ , ̹ ˷ų(open) ذ(closed) װ ִ Ȯϱ ٶ. ̹ Ǿٸ " ̷ ִٰ" ʱ ٶ. ذ ʾҴٸ ֱ Ȳ Ȯϱ ٶ. , ͺ̽ ϵ ʰ ̸ ȯ ó غ ִ.
Ѵ

ġ ϱ ϴ Ȱ ü ִ. Ϲ ̷ ü ϴ ̴.

ϸƮ

USENET ׷:

  • comp.infosystems.www.servers.unix [news] [google]
  • comp.infosystems.www.servers.ms-windows [news] [google]
  • comp.infosystems.www.authoring.cgi [news] [google]
ϸ ͺ̽ Ѵ

ܰ踦 õϰ ذå ٸ, ׸ Ͽ ڵ鿡 ˸ ٶ.

core dump ״ (ϸ) backtrace(; Ȯ  ߻Ͽ, α׷  η Ǿ ˷ִ ) ϱ ٶ. ,

# cd ServerRoot
# dbx httpd core
(dbx) where

(ServerRoot, httpd, core ġ ϶. dbx gdb ؾ ִ.)

ϳ?

40 ڹ ڸδ 鸸 ڿ ġ . ϱ Ѵ.

ġ ȸ Ѵ.

top

Invalid argument: core_output_filter: writing data to the network

÷ sendfile ýȣ Ѵٸ, ġ ӵ ϱ ýȣ Ѵ.  ýۿ ġ Ҷ sendfile ۵ ʴµ ۵Ѵٰ Ѵ. Ʈ Ͻý̳ ǥ Ͻý Ҷ ߻Ѵ.

α(error log) ϰų ũⰡ 0 ƴ Ͽ ũⰡ 0 ϴ ̴. Ҷ sendfile ʱ⶧ Ϲ ûҶ ߻Ѵ.

ذϷ sendfile ʵ EnableSendfile þ Ѵ. , ̿ EnableMMAP ϶.

AcceptEx Failed

win32 AcceptEx ýȣ⿡ , Win32DisableAcceptEx þ ϶.

Premature end of script headers

CGI ũƮ Internal Server Error α׿ Ѵ. ̷ Ҷ CGI 丮 ִ.

faq/background.html100644 0 0 13376 10422374276 12022 0ustar 0 0 Background - Frequently Asked Questions - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > FAQ

Background - Frequently Asked Questions

top

Background

What is Apache?

The Apache Software Foundation (ASF) is a 501(c)3 non-profit organization providing support for the Apache community of open-sourced software projects. For more details, please see the Apache Software Foundation FAQ

The Apache HTTP Server -- sometimes called Apache httpd -- is a project of the Apache Software foundation aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. For more information, please see the About Apache page.

What is the Apache HTTP Server?

How thoroughly tested is Apache?

Apache is run on millions of Internet servers. It has been tested thoroughly by both developers and users. The Apache HTTP Server Project maintains rigorous standards before releasing new versions of our server, and our server runs without a hitch on over 70% of all WWW servers available on the Internet. When bugs do show up, we release patches and new versions as soon as they are available.

You may NOT use any original artwork from the Apache Software Foundation, nor make or use modified versions of such artwork, except under the following conditions:

faq/error.html100644 0 0 10203 10422374276 11016 0ustar 0 0 -  (FAQ) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > FAQ

-  (FAQ)

ֽ ƴմϴ. ֱٿ ϼ.
top

Invalid argument: core_output_filter: writing data to the network

÷ sendfile ýȣ Ѵٸ, ġ ӵ ϱ ýȣ Ѵ.  ýۿ ġ Ҷ sendfile ۵ ʴµ ۵Ѵٰ Ѵ. Ʈ Ͻý̳ ǥ Ͻý Ҷ ߻Ѵ.

α(error log) ϰų ũⰡ 0 ƴ Ͽ ũⰡ 0 ϴ ̴. Ҷ sendfile ʱ⶧ Ϲ ûҶ ߻Ѵ.

ذϷ sendfile ʵ EnableSendfile þ Ѵ. , ̿ EnableMMAP ϶.

AcceptEx Failed

win32 AcceptEx ýȣ⿡ , Win32DisableAcceptEx þ ϶.

Premature end of script headers

CGI ũƮ Internal Server Error α׿ Ѵ. ̷ Ҷ CGI 丮 ִ.

faq/index.html100644 0 0 5361 10422374276 10765 0ustar 0 0  (FAQ) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

 (FAQ)

ֽ ƴմϴ. ֱٿ ϼ.

FAQ ֽ ġ Ʈ <http://httpd.apache.org/docs/2.2/faq/> ִ. , ˻ϰ ϱ ϰ FAQ ִ.

ġ 2.0 ȵǼ 츮  (FAQ) 𸥴. ä ⿡ ش ٸ ġ 1.3 FAQ ϶.

top

 ذϳ?
ΰ?
faq/support.html100644 0 0 14525 10422374276 11414 0ustar 0 0 -  (FAQ) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > FAQ

-  (FAQ)

ֽ ƴմϴ. ֱٿ ϼ.
top

" ... ȵdz? ... ʴ°?"

ġ Ʈ ܰ踦 :

α(errorlog) Ȯ϶!
ġ ַ Ѵ. α׿ ڼ Ѵ. ̰͸ε (ϱ ) ߰ϰ ĥ ִ 찡 . α ⺻ ġ /usr/local/apache2/logs/error_log, Ȯ ġ ErrorLog þ ϶.
FAQ Ȯ϶!
ġ Ʈ ׻ ġ FAQ ֽ ִ.
ġ ͺ̽ Ȯ϶
ġ׷(The Apache Group) κ ͺ̽ ϵȴ. ׸ ߰ϱ , ̹ ˷ų(open) ذ(closed) װ ִ Ȯϱ ٶ. ̹ Ǿٸ " ̷ ִٰ" ʱ ٶ. ذ ʾҴٸ ֱ Ȳ Ȯϱ ٶ. , ͺ̽ ϵ ʰ ̸ ȯ ó غ ִ.
Ѵ

ġ ϱ ϴ Ȱ ü ִ. Ϲ ̷ ü ϴ ̴.

ϸƮ

USENET ׷:

  • comp.infosystems.www.servers.unix [news] [google]
  • comp.infosystems.www.servers.ms-windows [news] [google]
  • comp.infosystems.www.authoring.cgi [news] [google]
ϸ ͺ̽ Ѵ

ܰ踦 õϰ ذå ٸ, ׸ Ͽ ڵ鿡 ˸ ٶ.

core dump ״ (ϸ) backtrace(; Ȯ  ߻Ͽ, α׷  η Ǿ ˷ִ ) ϱ ٶ. ,

# cd ServerRoot
# dbx httpd core
(dbx) where

(ServerRoot, httpd, core ġ ϶. dbx gdb ؾ ִ.)

ϳ?

40 ڹ ڸδ 鸸 ڿ ġ . ϱ Ѵ.

ġ ȸ Ѵ.

filter.html100644 0 0 12061 10422374276 10407 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ֽ ƴմϴ. ֱٿ ϼ.

ġ ͸ ϴ Ѵ.

top

õ õ þ

(filter) ų ޴ ڷῡ Ǵ ۾̴. Ŭ̾Ʈ ڷ Է(input filter) óϰ, Ŭ̾Ʈ ڷ (output filter) óѴ. ڷῡ ͸ ְ, ִ.

ġ ̾ޱ(byte-range) û óϱ ͸ Ѵ. , þ Ͽ ð ͸ ϴ ⵵ ִ. SetInputFilter, SetOutputFilter, AddInputFilter, AddOutputFilter, RemoveInputFilter, RemoveOutputFilter þ ڷḦ óϴ ͸ Ѵ.

ġ ڰ ִ ͸ Ѵ.

INCLUDES
mod_include óϴ Server-Side Includes
DEFLATE
mod_deflate Ͽ Ŭ̾Ʈ

, mod_ext_filter Ͽ ܺ α׷ ͷ ִ.

glossary.html100644 0 0 43042 10422374276 10770 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ֽ ƴմϴ. ֱٿ ϼ.

Ϲݿ , Ư ġ õ, Ѵ. 信 ڼ ũ ϶. (; ܾ ѱ ƴ϶, Դϴ. ǥ ϱ ٶϴ.)

top

(Access Control)
Ʈ . ġ Ư URL ϱ Ѵ.
: , Ѻο,
˰ (Algorithm)
ܰ踦 Ǫ Ȯ Ȥ Ģ. ȣȭ ˰ ȣ(Ciphers) θ.
APache eXtension Tool (apxs)
(module) ҽ ü (DSO) ϰ ġ ġϴ ۾ perl ũƮ.
: Manpage: apxs
(Authentication)
, Ŭ̾Ʈ, Ʈ ü Ȯ.
: , Ѻο,
(Certificate)
Ŭ̾Ʈ Ʈ ü ϴ ڷ. (subject ), (Certificate Authority) (issuer ), Ű, CA  X.509 ִ. Ʈ ü CA Ͽ ˻Ѵ.
: SSL/TLS ȣȭ
û (Certificate Signing Request, CSR)
(Certification Authority) Ͽ CA (Certificate) Ű (Private Key) . CSR Ǹ ȴ.
: SSL/TLS ȣȭ
(Certification Authority, CA)
Ʈ ü ϴ ŷϴ . ٸ Ʈ ü CA ڸ ߴ Ȯ ִ.
: SSL/TLS ȣȭ
ȣ (Cipher)
ڷḦ ȣȭϴ ˰̳ ý. , DES, IDEA, RC4 ִ.
: SSL/TLS ȣȭ
ȣ (Ciphertext)
(Plaintext) ȣ (Cipher) ó .
: SSL/TLS ȣȭ
Ʈ ̽ (Common Gateway Interface, CGI)
ܺ α׷ û ֵ ܺ α׷ ̽ ǥ. ̽ NCSA , RFC Ʈ̱⵵ ϴ.
: CGI
þ (Configuration Directive)
: þ
(Configuration File)
ġ ϴ þ (directive) ؽƮ.
:
CONNECT
HTTP ڷ帧 Ͻϴ HTTP ޽ (method). SSL ٸ α Ѵ.
(Context)
(configuration file) Ư þ (directive) ִ .
: ġ þ ϴµ
ڼ (Digital Signature)
ٸ ˻ϴ ȣȭ ڵ. (Certification Authority) (Certificate) Ե Ű (Public Key) ؽ ڽ Ű (Private Key) ȣȭϿ . CA Ű Ǯ ֱ⶧, CA (Certificate) Ʈ ü ִ.
: SSL/TLS ȣȭ
þ (Directive)
ġ ϴ ɾ. þ (Configuration File) Ѵ.
: þ
ü (Dynamic Shared Object) (DSO)
ġ httpd ϰ Ͽ ʿҶ о ִ (Module).
: ü
ȯ溯 (Environment Variable) (env-variable)
ϰ α׷ ü ϴ . ġ ȯ溯 , ȯ ƴ϶ ġ ο ȴ.
: ġ ȯ溯
(Export-Crippled)
̱ (Export Administration Regulations, EAR) ؼϱ ȣ( ) . ȣȭ Ʈ Ű ũⰡ ۰ ѵǾ, ȣ (Ciphertext) (brute force) Ǯ ִ.
: SSL/TLS ȣȭ (SSL/TLS Encryption)
(Filter)
ų ޴ ڷḦ óϴ . Էʹ Ŭ̾Ʈ ڷḦ óϰ, ʹ Ŭ̾Ʈ óѴ. , INCLUDES ʹ Server Side Includes óѴ.
:
θ (Fully-Qualified Domain-Name) (FQDN)
IP ּҿ ϴ, ȣƮ θ Ʈ ü ̸. , www ȣƮ̰ example.com θ϶, www.example.com θ̴.
ڵ鷯 (Handler)
ûҶ ϴ ۾ ġ ǥ. Ϲ Ϲ ڵ鷯 . ,  "óȴ(handled)". , cgi-script ڵ鷯 CGI ó Ѵ.
: ġ ڵ鷯
(Header)
HTTP û 信 κ ϴ ִ.
.htaccess
ȿ ִ (configuration file), þ (directive) ڽ ġ 丮 丮 Ѵ. ̸ ޸ Ͽ ܼ þܿ þ ִ.
:
httpd.conf
ġ (configuration file). ⺻ ġ /usr/local/apache2/conf/httpd.conf, Ҷ Ȥ ϶ ִ.
:
HyperText Transfer Protocol (HTTP)
̵ ϴ ǥ . ġ RFC 2616 HTTP/1.1̶ 1.1 Ѵ.
HTTPS
ȭ̵ ǥ ȣ , HyperText Transfer Protocol (Secure). شܿ SSL HTTP̴.
: SSL/TLS ȣȭ
޽ (Method)
Ŭ̾Ʈ HTTP û ڿ ϵ ൿ. HTTP ޽忡 GET, POST, PUT ִ.
޽ (Message Digest)
޽ ʾ ϱ ޽ ؽ.
: SSL/TLS ȣȭ
MIME-type
ϴ . Multipurpose Internet Mail Extensions Ա⶧ ̷ ̸ . ̿ major type minor type ̷. , text/html, image/gif, application/octet-stream ̴. MIME-type HTTP Content-Type (header) Ѵ.
: mod_mime
(Module)
α׷ κ. ġ Կθ ִ ⿡ ִ. ġ httpd ϰ ̶ ϸ, иǾ о ִ Ȥ DSO Ѵ. ⺻ ϴ base ̶ Ѵ. ġ Ÿ (tarball) ġ ִ. ̵ ڰ (third-party) ̶ Ѵ.
:
(Module Magic Number) (MMN)
ġ ҽڵ尡 , ȣȯ ִ. ȣȯ ̻ ġ Լ ȣ, ٸ API Ϻΰ 쿡 ٲ. MMN ϸ ڰ ּ ٽ ϵǾ Ѵ. ġ µ ؾ 쵵 ִ.
OpenSSL
SSL/TLS ¼ҽ
http://www.openssl.org/
Pass Phrase
Ű ȣϴ . ڰ Ű Ͽ ȣȭ ϵ Ѵ. ȣ (Ciphers) ϴ н ȣ/ص Ű̴.
: SSL/TLS ȣȭ
(Plaintext)
ȣȭ .
Ű (Private Key)
ڷḦ صϰ ڷḦ ϱ Ű ȣȭ (Public Key Cryptography) ý ȣŰ.
: SSL/TLS ȣȭ
Ͻ (Proxy)
Ŭ̾Ʈ ̿ ִ ߰ . Ŭ̾Ʈ û ޾ , Լ ٽ Ŭ̾Ʈ . Ŭ̾Ʈ ûϸ Ͻô Ź ûʰ ij Ͽ ð ִ.
: mod_proxy
Ű (Public Key)
Ű ȣȭ (Public Key Cryptography) ýۿ Ű ڿ ȣȭϰų ڰ Ǯ Ű.
: SSL/TLS ȣȭ
Ű ȣȭ (Public Key Cryptography)
ȣ ص ٸ Ű ϴ Ī(asymmetric) ȣȭ ý Ȱ. ȣ ص ϴ ΰ Ű Ű(key pair) ̷. Ī ȣȭ θ.
: SSL/TLS ȣȭ
ǥ (Regular Expression) (Regex)
ϴ . , " A ϴ ܾ", " 10ε ȭȣ", "ǥ ΰְ 빮 Q " ǥ ִ. ǥ ϸ ſ ϰ ̳ ڿ  ִ. , "images" 丮 Ʒ ִ .gif .jpg "/images/.*(jpg|gif)$" Ī ִ. ġ PCRE ̺귯 Ͽ Perlȣȯ ǥ Ѵ.
Ͻ (Reverse Proxy)
Ŭ̾Ʈ ó ̴ Ͻ (proxy) . Ȼ Ȥ ϸ лϱ Ŭ̾Ʈ 涧 ϴ.
Secure Sockets Layer (SSL)
Netscape Communications簡 TCP/IP Ʈ Ϲ ȣȭ . Ϲ 뵵 HTTPS (HyperText Transfer Protocol (HTTP) over SSL)̴.
: SSL/TLS ȣȭ
Server Side Includes (SSI)
HTML ȿ óþ ϴ .
: Server Side Includes Ұ
(Session)
Ϲ Ȳ(context) .
SSLeay
Eric A. Young SSL/TLS ̺귯
Ī ȣ (Symmetric Cryptography)
ȣ ص ۾ ȣŰ ϴ ȣ (Ciphers) Ȱ.
: SSL/TLS Encryption
Ÿ (Tarball)
tar Ͽ ϵ . ġ tar ϰų pkzip Ͽ ȴ.
Transport Layer Security (TLS)
ͳݱ ǥȭⱸ(Internet Engineering Task Force, IETF) TCP/IP Ʈ Ϲ ȣȭ SSL ļ . TLS 1 SSL 3 ϴ.
: SSL/TLS ȣȭ
Uniform Resource Locator (URL)
ͳݿ ִ ڿ ̸/ּ. δ Uniform Resource Identifier ϴ ϻ Ī̴. URL http https Ŵ(scheme), ȣƮ, η ȴ. URL http://httpd.apache.org/docs/2.2/glossary.html̴.
Uniform Resource Identifier (URI)
߻ ڿ̳ ڿ Īϱ ڿ. RFC 2396 Ѵ. ̵ ϴ URI URL̶ θ.
ȣƮ (Virtual Hosting)
ġ ϳ Ʈ ϱ. IP ȣƮ Ʈ IP ּҰ ٸ. ̸(name-based) ȣƮ ȣƮ ϹǷ IP ּҿ Ʈ ִ.
: ġ ȣƮ
X.509
ſ(International Telecommunication Union, ITU-T) ϴ . SSL/TLS Ѵ.
: SSL/TLS ȣȭ
handler.html100644 0 0 17055 10422374276 10547 0ustar 0 0 ġ ڵ鷯 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ġ ڵ鷯

ֽ ƴմϴ. ֱٿ ϼ.

ġ ڵ鷯 ϴ Ѵ.

top

ڵ鷯 ΰ

õ õ þ

ûҶ ġ ۾ "ڵ鷯(handler)" Ѵ. Ϲ Ϲ ڵ鷯 ִ. ,  "óȴ(handled)".

Apache 1.1 ڵ鷯 ְ Ǿ. ڵ鷯 Ȯڳ ġ ִ. ̴ Ǹ ̰ ڵ鷯 ο ֱ⶧ . ( Ȯڸ )

ڵ鷯 Ͽ, Action þ ߰ ִ. ǥ ִ ⺻ ڵ鷯 :

top

CGI ũƮ Ͽ ϱ

þ Ȯڰ html û footer.pl CGI ũƮ .

Action add-footer /cgi-bin/footer.pl
AddHandler add-footer .html

CGI ũƮ (PATH_TRANSLATED ȯ溯 Īϴ) û .

HTTP ϴ

þ HTTP ϴ Ͽ send-as-is ڵ鷯 Ѵ. /web/htdocs/asis/ 丮 ȿ ִ Ȯڿ send-as-is ڵ鷯 óѴ.

<Directory /web/htdocs/asis>
SetHandler send-as-is
</Directory>

top

α׷Ӹ

ڵ鷯 ϱ Apache API ߰Ǿ. Ư request_rec ü ο ʵ尡 ߰Ǿ:

char *handler

ڵ鷯 Ϸ, û invoke_handler ܰ r->handler ڵ鷯 ̸ ֱ⸸ ϸ ȴ. ڵ鷯 content type ڵ鷯 ̸ ϰ Ǿ. ų ʿ ڵ鷯 ̸ ʰ, ܾ ̿ ȣ ϴ Ϲ̴. ׷ ڵ鷯 ̸ media type ġ ʴ´.

howto/access.html100644 0 0 22510 10422374276 11523 0ustar 0 0 Access Control - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

Access Control

Access control refers to any means of controlling access to any resource. This is separate from authentication and authorization.

top

Related Modules and Directives

Access control can be done by several different modules. The most important of these is mod_authz_host. Other modules discussed in this document include mod_setenvif and mod_rewrite.

top

Access control by host

If you wish to restrict access to portions of your site based on the host address of your visitors, this is most easily done using mod_authz_host.

The Allow and Deny directives let you allow and deny access based on the host name, or host address, of the machine requesting a document. The Order directive goes hand-in-hand with these two, and tells Apache in which order to apply the filters.

The usage of these directives is:

Allow from address

where address is an IP address (or a partial IP address) or a fully qualified domain name (or a partial domain name); you may provide multiple addresses or domain names, if desired.

For example, if you have someone spamming your message board, and you want to keep them out, you could do the following:

Deny from 10.252.46.165

Visitors coming from that address will not be able to see the content covered by this directive. If, instead, you have a machine name, rather than an IP address, you can use that.

Deny from host.example.com

And, if you'd like to block access from an entire domain, you can specify just part of an address or domain name:

Deny from 192.168.205
Deny from phishers.example.com moreidiots.example
Deny from ke

Using Order will let you be sure that you are actually restricting things to the group that you want to let in, by combining a Deny and an Allow directive:

Order deny,allow
Deny from all
Allow from dev.example.com

Listing just the Allow directive would not do what you want, because it will let folks from that host in, in addition to letting everyone in. What you want is to let only those folks in.

top

Access control by environment variable

mod_authz_host, in conjunction with mod_setenvif, can be used to restrict access to your website based on the value of arbitrary environment variables. This is done with the Allow from env= and Deny from env= syntax.

SetEnvIf User-Agent BadBot GoAway=1
Order allow,deny
Allow from all
Deny from env=GoAway

Warning:

Access control by User-Agent is an unreliable technique, since the User-Agent header can be set to anything at all, at the whim of the end user.

In the above example, the environment variable GoAway is set to 1 if the User-Agent matches the string BadBot. Then we deny access for any request when this variable is set. This blocks that particular user agent from the site.

An environment variable test can be negated using the =! syntax:

Allow from env=!GoAway

top

Access control with mod_rewrite

The [F] RewriteRule flag causes a 403 Forbidden response to be sent. Using this, you can deny access to a resource based on arbitrary criteria.

For example, if you wish to block access to a resource between 8pm and 6am, you can do this using mod_rewrite.

RewriteEngine On
RewriteCond %{TIME_HOUR} > 20 [OR]
RewriteCond %{TIME_HOUR} < 07
RewriteRule ^/fridge - [F]

This will return a 403 Forbidden response for any request after 8pm or before 7am. This technique can be used for any criteria that you wish to check. You can also redirect, or otherwise rewrite these requests, if that approach is preferred.

top

More information

You should also read the documentation for mod_auth_basic and mod_authz_host which contain some more information about how this all works. mod_authn_alias can also help in simplifying certain authentication configurations.

See the Authentication and Authorization howto.

howto/auth.html100644 0 0 41675 10422374276 11240 0ustar 0 0 (Authentication), Ѻο(Authorization), (Access Control) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

(Authentication), Ѻο(Authorization), (Access Control)

ֽ ƴմϴ. ֱٿ ϼ.

(authentication) ڽ ϴ Ȯϴ ̴. Ѻο(authorization) Ȥ ϴ 򵵷 ϴ ̴.

top

þ

õ õ þ
top

Ұ

Ʈ ִ Ҽ 鸸 ̰ų ̵鸸 , ۿ ϴ Ͽ ϴ ִ.

Ʈ Ϻθ ȣϱ ϴ "ǥ" ٷ.

top

ۿ ٷ þ ּ(Ϲ <Directory> )̳ 丮 (.htaccess ) Ѵ.

.htaccess Ϸ Ͽ ִ þ ϵ ؾ Ѵ. ̸ 丮 Ͽ  þ ִ ϴ AllowOverride þ Ѵ.

⼭ ٷ , AllowOverride þ ʿϴ.

AllowOverride AuthConfig

Ȥ þ ּϿ ´ٸ, Ͽ ־ Ѵ.

׸ ȣ ִ ˱ 丮 ˾ƾѴ. ʰ, ڼ ̴.

top

⺻ ϱ

丮 ȣ ȣϴ ⺻ Ѵ.

ȣ Ѵ. ־ Ѵ. ٸ ȣ ٿε ϰϱ ؼ. , /usr/local/apache/htdocs ִٸ ȣ() /usr/local/apache/passwd д.

ġ Ե htpasswd Ͽ ȣ . α׷ ġ ġ bin 丮 ִ. ԷѴ.

htpasswd -c /usr/local/apache/passwd/passwords rbowen

htpasswd ȣ , Ȯ ȣ ٽ Է϶ ûѴ.

# htpasswd -c /usr/local/apache/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen

htpasswd ο ٸ ü θ Էؾ Ѵ. ϴ /usr/local/apache/bin/htpasswd ִ.

ȣ ûϵ ϰ,  ˷ Ѵ. httpd.conf ϰų .htaccess Ͽ Ѵ. , /usr/local/apache/htdocs/secret 丮 ȣϷ, Ʒ þ /usr/local/apache/htdocs/secret/.htaccess ̳ httpd.conf <Directory /usr/local/apache/apache/htdocs/secret> ǿ Ѵ.

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen

þ ϳ 캸. AuthType þ ڸ Ѵ. Ϲ Basic, mod_auth_basic Ѵ. ׷ Basic ȣ ȣȭ ʰ . ׷Ƿ ڷḦ ȣϱ ϸ ȵȴ. ġ AuthType Digest Ѵ. mod_auth_digest ϸ, ſ ϴ. ֱ Ŭ̾Ʈ鸸 Digest Ѵٰ Ѵ.

AuthName þ (realm) Ѵ. ΰ Ѵ. ù° Ŭ̾Ʈ ȣ ȭâ ش. ι° Ͽ Ŭ̾Ʈ Ư  ȣ Ѵ.

, ϴ Ŭ̾Ʈ "Restricted Files" Ͽٸ, Ŭ̾Ʈ ڵ "Restricted Files" ǥõ ȣ õѴ. ׷ ϸ ڰ ȣ Է ʾƵ ȴ. Ȼ Ŭ̾Ʈ ȣƮ ٸ ׻ ȣ .

AuthUserFile þ 츮 htpasswd ȣ θ Ѵ. ڰ ٸ û Ź ڸ ϱ Ϲ ˻ϴµ ð ɸ ִ. ġ Ÿ̽ Ͽ ִ. mod_authn_dbm AuthDBMUserFile þ Ѵ. dbmmanage α׷ Ͽ ȣ ٷ. ġ Ÿ̽ ٸ ϴ ڰ ִ.

Require þ Ư ִ ڸ Ͽ Ѻο Ѵ. require þ ϴ پ Ѵ.

top

þ 丮 (ڸ rbowen) 鿩. κ 鿩 ̴. AuthGroupFile .

鿩 ʹٸ ׷ ׷쿡  ڵ ִ ˷ִ ׷ ʿϴ. ſ Ͽ, ƹ γ ִ. ϳ .

GroupName: rbowen dpitts sungo rshersey

׳ ׷ ̴.

ȣϿ ڸ ߰Ϸ ԷѴ

htpasswd /usr/local/apache/passwd/passwords dpitts

, ʰ Ͽ ڸ ߰Ѵ. (-c ɼ ȣ ).

.htaccess Ѵ.

AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group GroupName

׷ GroupName ׷쿡 ϸ password Ͽ ׸ ִ ڰ ùٸ ȣ Էϸ Ѵ.

Ϲ ڸ 鿩 ٸ ִ. ׷ ʿ þ ϱ⸸ ϸ ȴ.

Require valid-user

Require user rbowen þ ϸ ȣϿ ִ ùٸ ȣ Էϱ⸸ ϸ Ѵ. ׷캰 ٸ ȣ Ͽ ׷ ȿ ִ. ġ ΰ(ȣϰ ׷) ƴ Ѱ(ȣ) ˻ϸ ȴٴ ̴. ׷ ȣ ؾ ϰ, AuthUserFile þ Ȯ ȣ ؾ ϴ ̴.

top

߻ ִ

Basic û ڸ ȣ ȮѴ. ħ (׸ ȣ ȣϴ 丮 ִ ) ִ ׸ ٽ ȮѴ. ϵ ӵ . ȣ  ڸ ã ϱ⶧ ȣ ũⰡ Ŀ . ׸ ۾ û Ѵ.

׷ ȣϿ ִ ڼ Ѱ谡 ִ. Ѱ ϴ ɿ ٸ, ׸ 鰳 Ѵ´ٸ ٰ ϰ ٸ ؾ Ѵ.

top

ٸ Ѱ?

ڸ ȣ ٰ ƴϴ. ҿ ٸ ڸ 鿩 ִ.

Allow Deny þ û ǻ ȣƮ Ȥ ȣƮ ּҸ ϰų źѴ. Order þ þ Ͽ, ġ  Ģ ˸.

̵ þ .

Allow from address

address IP ּ(Ȥ IP ּ Ϻ) θ(Ȥ θ Ϻ)̴. Ѵٸ ּҳ θ ִ.

, Խǿ ø ִٸ ִ.

Deny from 205.252.46.165

ּҿ 湮ڴ þ ȣϴ . IP ּ ǻ͸ ִ.

Deny from host.example.com

, ü ּҳ θ Ϻθ Ѵ.

Deny from 192.101.205
Deny from cyberthugs.com moreidiots.com
Deny from ke

Order Deny Allow þ Ͽ ϴ ִ.

Order deny,allow
Deny from all
Allow from dev.example.com

Allow þ ϸ, ش ȣƮ ڸ ϰ ű⿡ ߰ ϹǷ ϴ Ѵ. Ư ϱ Ѵ.

top

mod_auth_basic mod_authz_host  ϴ ִ.

howto/cgi.html100644 0 0 54640 10422374276 11035 0ustar 0 0 ġ 丮: CGI - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

ġ 丮: CGI

ֽ ƴմϴ. ֱٿ ϼ.
top

Ұ

õ õ þ

CGI (Common Gateway Interface) CGI α׷ Ȥ CGI ũƮ θ, ( ) ܺ α׷ ϴ Ѵ. Ʈ ϰ ̴. ġ CGI ϴ Ұϰ, CGI α׷ ۼغ.

top

CGI ϵ ġ ϱ

CGI α׷ ùٷ Ϸ CGI ϵ ġ ؾ Ѵ. ϴ .

ScriptAlias

ScriptAlias þ ϸ ġ Ư 丮 CGI α׷ д. ġ 丮 ִ CGI α׷̶ Ͽ Ŭ̾Ʈ ڿ ûϸ ڿ Ϸ õѴ.

ScriptAlias þ Ѵ.

ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/

ġ ⺻ ҿ ġ httpd.conf Ͽ ִ ̴. ScriptAlias þ Alias þ URL պκ Ư 丮 Ѵ. Alias ScriptAlias DocumentRoot 丮 ۿ ִ 丮 Ѵ. Alias ScriptAlias ScriptAlias ߰ URL պκ ϴ CGI α׷ ϴ ̴. ׷ ġ /cgi-bin/ ϴ ڿ ûϸ /usr/local/apache2/cgi-bin/ 丮 ãƼ CGI α׷ ó϶ ˸.

, URL http://www.example.com/cgi-bin/test.pl ûϸ ġ /usr/local/apache2/cgi-bin/test.pl Ͽ ȯѴ. ϰ డϸ  ε ؾ Ѵ. ׷ ġ .

ScriptAlias 丮 ۿ ִ CGI

Ȼ CGI α׷ ScriptAlias 丮 Ѵ. ׷ ڴ CGI α׷ ִ ִ. ׷ ġ ߴٸ ƹ 丮 CGI α׷ . , UserDir þ Ͽ ڰ ڽ Ȩ丮 츦 . ڰ ڽ CGI α׷ ϰ cgi-bin 丮 ٱ ٸ, ٸ CGI α׷ ϰ ̴.

ƹ 丮 CGI Ϸ ʿϴ. , AddHandler SetHandler þ Ͽ cgi-script ڵ鷯 ۵ؾ Ѵ. ι°, Options þ ExecCGI ؾ Ѵ.

Options Ͽ CGI ϱ

ּϿ Options þ Ͽ Ư 丮 CGI ִ.

<Directory /usr/local/apache2/htdocs/somedir>
Options +ExecCGI
 </Directory>

þ ġ CGI Ѵ.  CGI ˷ Ѵ. AddHandler þ Ȯڰ cgi pl CGI α׷̶ ˸.

AddHandler cgi-script .cgi .pl

.htaccess

.htaccess httpd.conf ٱ 쿡 CGI α׷ ִ ˷ش.

Ʒ ϸ 丮 .cgi CGI α׷ Ѵ.

<Directory /home/*/public_html>
Options +ExecCGI
AddHandler cgi-script .cgi
 </Directory>

ϸ 丮 cgi-bin 丮 ִ CGI α׷ νѴ.

<Directory /home/*/public_html/cgi-bin>
Options ExecCGI
SetHandler cgi-script
 </Directory>

top

CGI α׷ ۼϱ

``Ϲ'' α׷ְ CGI α׷ ̿ ΰ ֵ ִ.

ù° ̴ CGI α׷ ٸ ϱ MIME-type ؾ Ѵٴ ̴. HTTP Ŭ̾Ʈ Ŭ̾Ʈ  ްԵ ̸ ˸. .

Content-type: text/html

ι° ̴ HTML Ȥ ִ ؾ Ѵٴ ̴. κ HTML , gif ׸ HTML ƴ ϴ CGI α׷ ۼϴ 쵵 ִ.

ΰ ϰ CGI α׷ ۼ ̹ ٸ α׷ ſ ϴ.

ó CGI α׷

CGI α׷ . ״ first.pl̶ Ͽ ϰ, cgi-bin 丮 Ѵ.

#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";

Perl ͼ ʴ Ͼ ִ. ù° ġ(Ȥ ϴ ) /usr/bin/perl ġ ִ Ͽ α׷ ϶ ˸. ι° content-type ϰ carriage-return ٹٲ ι Ѵ. ׷ ڿ HTTP ϴ , Ѵ. ° "Hello, World." ڿ Ѵ. ̰ ̴.

ϰ ּҸ ԷѴ

http://www.example.com/cgi-bin/first.pl

Ҹ Էϸ, â Hello, World. δ. е , ѹ ϴ ٸ õ ִ.

top

׷ ʾƿ!

CGI α׷ Ҷ ִ ⺻ װ.

CGI α׷
! Ѵٴ ̴. Ȯ ùٷ ó Ѵٸ, CGI α׷ ùٸ Content-Type Ͽ ȮѴ.
CGI α׷ ҽڵ Ȥ "POST Method Not Allowed"
CGI α׷ ϵ ġ ʾҴٴ ̴. ġ ϱ ٽ а κ ִ ãƺ.
"Forbidden" ϴ
ִٴ ̴. ġ α Ʒ ϱ Ȯ϶.
"Internal Server Error"
ġ α Ƹ CGI α׷ Բ "Premature end of script headers" ̴. Ʒ ϳ ȮϿ  CGI α׷ HTTP ߴ ˾ƺ.

ϱ

Ű ϶. , ϸ Ư ( nobody www) Ѵ. ׷ Ϸ ʿϴ. Ͽ nobody ϱ⿡ ֱ ο ش.

chmod a+x first.pl

, α׷ ٸ аų ٸ Ͽ ʿϴ.

ȯ

࿡ α׷ ϸ ڵ  ޵ȴ. , PATH ã Ҹ ˷ش.

α׷ CGI α׷ Ҷ PATH ٸ ִ. ( , sendmail ) CGI α׷ ȿ ϴ ɾ η ؾ ɾ ã ִ.

CGI α׷ ù° ٿ ũƮ ( perl) ο ߻Ѵ.

#!/usr/bin/perl

ȮѴ.

, CGI α׷ ٸ ȯ溯 Ѵٸ ġ α׷ ؾ Ѵ.

α׷

CGI α׷ ϴ κ α׷ ü ̴. Ư ΰ Ǽ ʾҰ ִٸ ׷. ϱ ࿡ α׷ غ. , Ѵ.

cd /usr/local/apache2/cgi-bin
./first.pl

(perl ͸ . ġ ũƮ ù° ٿ ִ Ͽ ͸ ãƾ Ѵ.)

α׷ Content-Type HTTP ϰ ؾ Ѵ. ٸ Ѵٸ ġ Premature end of script headers ȯѴ. ڼ CGI α׷ ۼϱ ϶.

α

α״ ̴. ߸Ǹ α׿ . α׸ Ѵ. Ʈ ȣϴ α׸ ϰ Ѵٸ, Ƹ ٸ ü ˾ƺ Ѵ. α׸ , κ ľϿ ذ ִ.

Suexec

suexec α׷ ϸ  ȣƮ Ȥ  丮 ִ CGI α׷ ٸ ִ. Suexec ſ ϰ ˻ϸ, ˻縦 ϳ ϸ CGI α׷ ʰ Premature end of script headers ȯѴ.

suexec ϰ ִ ˷ apachectl -V Ͽ SUEXEC_BIN ġ ȮѴ. ġ Ҷ ҿ suexec ߰ϸ, suexec ִ.

suexec ߴٸ ؼ ȵȴ. suexec SUEXEC_BIN ġ ִ suexec (Ȥ ϸ ٲٰ) ϸ ȴ. suexec ׷ ϰ ʹٸ, suexec -V Ͽ suexec α ġ ˾Ƴ αϿ  Ģ ִ ã´.

top

ڿ °?

CGI α׷ֿ ͼ ڿ ϸ ȴ. ü ϴ ϴ ̴. "Hello, World." ϴ α׷ ۼ ̷ α׷ ⶧̴.

ȯ溯

ȯ溯 ǻ͸ ϴ ٴϴ ̴. ȯ溯 path (ǻͰ Է ɾ شϴ ã ), ڸ, ͹̳ . Ϲ ȯ溯 Ʈ env ԷѴ.

CGI Ҷ ȯ溯 ȯѴ. (Netscape, IE, Lynx), (ġ, IIS, WebSite), ϴ CGI α׷ ִ.

CGI α׷Ӵ ̷ ְ, ȯ溯 Ŭ̾Ʈ- ſ Ϻκ Ѵ. ü ʼ http://hoohoo.ncsa.uiuc.edu/cgi/env.html ִ.

Ʒ Perl CGI α׷ ڽſ ޵ ȯ溯 ش. ġ cgi-bin 丮 ̿ α׷ ΰ ִ. ʼ̰ ̴. ׷ Ͽ δ. , ġ ⺻ ϴ ȯ溯 ܿ ȯ溯 ߰ ִ.

#!/usr/bin/perl
print "Content-type: text/html\n\n";
foreach $key (keys %ENV) {
print "$key --> $ENV{$key}<br>";
 }

STDIN STDOUT

, Ŭ̾Ʈ ǥԷ(STDIN) ǥ(STDOUT) Ѵ. ϻ STDIN Ű峪 α׷ óϴ Ÿ, STDOUT ܼ̳ ȭ Ѵ.

CGI α׷ (form) POSTϸ Ŀ Է ڷḦ Ư  CGI α׷ STDIN Ѵ. ׷ α׷ Ű峪 Ͽ ڷḦ óϵ ڷḦ ó ִ.

"Ư " ſ ϴ. ׸ ̸ ȣ(=) ϰ, ׸ ̸ ֵ ۻ(&) Ѵ. , ۻ, ȣ ڿ ڴ ȥ ʵ 16 ȯѴ. ڷ ڿ .

name=Rich%20Bowen&city=Lexington&state=KY&sidekick=Squirrel%20Monkey

URL ڿ ̷ ڿ ȴ. ڿ QUERY_STRING̶ ȯ溯 Ѵ. ̸ GET û̶ Ѵ. FORM ± METHOD Ӽ Ͽ HTML (form) ڷḦ GET POST Ѵ.

α׷ ̷ ڿ ɰ Ѵ. ̷ ڷ ó CGI α׷ ٸ Ǵ ̺귯 ִ.

top

CGI /̺귯

CGI α׷ ۼҶ ۾ ִ ڵ ̺귯 Ȥ غ Ѵ. ̷ ϸ װ ٰ α׷ ִ.

Perl CGI α׷ ۼѴٸ CPAN ã ִ. CGI ߿ θ Ǵ CGI.pm̴. κ α׷ ּ CGI::Lite ִ.

C CGI α׷ ۼѴٸ . ϳ http://www.boutell.com/cgic/ ִ CGIC ̺귯.

top

...

ſ CGI ִ. ׷ comp.infosystems.www.authoring.cgi CGI ִ. HTML Writers Guild -servers ϸƮ ã⿡ Ǹ Ҵ. http://www.hwg.org/lists/hwg-servers/ ִ.

׸ CGI α׷ ۿ CGI Ծ о 𸥴. NCSA ְ, ʾ Common Gateway Interface RFC Ʈ ִ.

ϸƮ ׷쿡 ݰ ִ CGI Ҷ ߻ , ߻  ٸ, ϴ , CGI α׷ ۼ , ϸ ش ڵ带 ڼ . ׷ ذå ã .

ġ ҽڵ尡 ߸Ǿٰ Ȯ ʴ CGI ġ ͺ̽ ø ȵȴ.

howto/htaccess.html100644 0 0 40737 10422374276 12072 0ustar 0 0 ġ 丮: .htaccess - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

ġ 丮: .htaccess

ֽ ƴմϴ. ֱٿ ϼ.

.htaccess Ͽ 丮 ִ.

top

.htaccess

õ õ þ
top

̸/ ϴ°

.htaccess (Ȥ "л ") ϸ 丮 ִ. þ ִ Ư 丮 θ, 丮 丮 þ Ѵ.

:

.htaccess ϸ ٸ ϰ ʹٸ, AccessFileName þ Ͽ ִ. , .config ϸ Ϸ Ͽ ߰Ѵ.

AccessFileName .config

Ϲ .htaccess ּ . AllowOverride þ Ͽ ִ Ѵ. þ .htaccess Ͽ ϴ þ з Ѵ. þ .htaccess Ͽ ִٸ, ش þ Override ׸ þ ϱ AllowOverride ˷ش.

, AddDefaultCharset þ þ .htaccess Ͽ ִ. (þ ࿡ ׸ .) Override ٿ FileInfo ִ. ׷ þ .htaccess Ͽ ϱؼ ּ AllowOverride FileInfo ʿϴ.

:

: ּ, ȣƮ, directory, .htaccess
Override: FileInfo

Ư þ .htaccess Ͽ ִ ñϸ þ ׸ ".htaccess" ִ ȮѴ.

top

.htaccess ϳ (Ȥ ʳ)

Ϲ ּϿ 찡 ƴ϶ .htaccess ϸ ȵȴ. , ׻ .htaccess Ͽ ־ Ѵٴ ߸ ˷ ش. ̴ ƴϴ. ּ ְ, ̷ Ѵ.

.htaccess ڰ 丮 ٸϰ ýۿ root 쿡 Ѵ. ڰ ϰ Ϲ ڰ .htaccess ϵ ϴ ٶϴ. , ǻͿ Ʈ ϴ ISP ڰ ڽ ϰ 찡 ׷ϴ.

׷ Ϲ .htaccess ؾ Ѵ. .htaccess Ͽ ϴ þ ּ <Directory> ǰ ȿ ִ.

ΰ ū .htaccess ؾ Ѵ.

ù° ̴. AllowOverride .htaccess ϵ ϸ, ġ 丮 .htaccess ã´. ׷ .htaccess ϸ ʴ 쿡 ! , .htaccess ûҶ оδ.

Դٰ ؾ ϴ ü þ ġ 丮 .htaccess ã´. ( þ ϳ .) ׷ /www/htdocs/example 丮 ִ ûϸ, ġ ϵ ãƾ Ѵ.

/.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess

׷ 丮 ִ  Ͻý 4 ؾ Ѵ. (/ .htaccess 츦 Ѵ. ʴ´.)

ι° ̴. ڿ ָ ȭ Ͼ ִ. ڿ ̷ ϶. , ڰ ϴ ͺ ָ û ´. ڿ Ȯ ˷. ڿ AllowOverride  Ͽ Ȯ ˸ ϸ ȥ ִ.

þ /www/htdocs/example.htaccess δ Ͱ ּ <Directory /www/htdocs/example> Directory δ .

/www/htdocs/example ִ .htaccess :

/www/htdocs/example ִ .htaccess

AddType text/example .exm

httpd.conf Ͽ ִ

<Directory /www/htdocs/example>
AddType text/example .exm
 </Directory>

׷ û ʰ ġ Ҷ ѹ б⶧ Ͽ ϸ .

AllowOverride þ none ϸ .htaccess .

AllowOverride None

top

 þ ϳ

.htaccess ߰ 丮 丮 丮 .htaccess Ͽ ִ þ Ѵ. ׷ 丮 .htaccess ؾ Ѵ. ߰ þ Ѵ. Ư 丮 ִ .htaccess 丮 ִ .htaccess þ ȿ ְ, 丮 ִ þ 丮 Ȥ ּϿ ִ þ ȿ ִ.

:

/www/htdocs/example1.htaccess ִ.

Options +ExecCGI

(: .htaccess Ͽ "Options" þ Ϸ "AllowOverride Options" ʿϴ.)

/www/htdocs/example1/example2.htaccess ִ.

Options Includes

ι° .htaccess Options Includes ȿ ⶧ /www/htdocs/example1/example2 丮 CGI ʴ´.

top

˱ ٷ ̰ д´ٸ ִ. ȣ Ϸ .htaccess ʿϴٴ ذ θ ִ. ̴ ƴϴ. ּ <Directory> ǿ þ δ ϴ ̰, ּ 쿡 .htaccess ؾ Ѵ. .htaccess ؾ ϴ ƾ ϴ Ͽ.

տ .htaccess ʿϴٰ Ǹ Ʒ ̴.

.htaccess .

AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
Require Group admins

þ ϱؼ AllowOverride AuthConfig þ ʿ ϶.

Ѻο ڼ ٶ.

top

Server Side Includes

Ǵٸ Ϲ .htaccess 뵵 Ư 丮 Server Side Includes ϰ ̴. ϴ 丮 .htaccess Ͽ þ ϸ ȴ.

Options +Includes
AddType text/html shtml
AddHandler server-parsed shtml

þ Ϸ AllowOverride Options AllowOverride FileInfo ʿ ϶.

server-side includes ڼ SSI 丮 ٶ.

top

CGI

.htaccess Ͽ Ư 丮 CGI α׷ ϰ ʹٸ, Ѵ.

Options +ExecCGI
AddHandler cgi-script cgi pl

Ȥ 丮 ִ CGI α׷ óϰ ʹٸ ϴ.

Options +ExecCGI
SetHandler cgi-script

þ Ϸ AllowOverride Options AllowOverride FileInfo ʿ ϶.

CGI α׷ְ ڼ CGI 丮 ٶ.

top

ذ

.htaccess Ͽ þ ϴ ʴ ִ.

Ϲ þ ϰ AllowOverride . Ǵ AllowOverride None ȮѴ. .htaccess ƹԳ ٽ Ͽ ˻غ ִ. Ȯ AllowOverride None .

ݴ Ҷ ߻ϸ ġ α׸ . Ƹ .htaccess Ͽ ִ þ ʴ´ٰ ̴. ƴϰ ִٸ ģ.

howto/index.html100644 0 0 10673 10422374276 11400 0ustar 0 0 How-To / 丮 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

How-To / 丮

ֽ ƴմϴ. ֱٿ ϼ.
top

How-To / 丮

(authentication) ڽ ϴ Ȯϴ ̴. Ѻο(authorization) Ȥ ϴ 򵵷 ϴ ̴.

: , Ѻο,

CGI

CGI (Common Gateway Interface) CGI α׷ Ȥ CGI ũƮϰ θ, ( ) ܺ α׷ ȣۿϴ Ѵ. Ʈ ϰ ̴. ġ CGI ϴ Ұϰ, CGI α׷ ۼغ.

: CGI:

.htaccess

.htaccess Ͽ 丮 ִ. þ ִ Ư 丮 θ, 丮 丮 þ Ѵ.

: .htaccess

Server Side Includes Ұ

SSI (Server Side Includes) HTML ϴ þ, Ҷ óѴ. SSI ϸ CGI α׷̳ ٸ ü  ʰ HTML ߰ ִ.

: Server Side Includes (SSI)

ں 丮

ڰ ִ ýۿ UserDir þ ϸ ڴ ڽ Ȩ丮 ȿ Ʈ ִ. URL http://example.com/~username/ ϸ "username" Ȩ丮 UserDir þ 丮 ִ ȴ.

: 丮 (public_html)

howto/public_html.html100644 0 0 16635 10422374276 12577 0ustar 0 0 ں 丮 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

ں 丮

ڰ ִ ýۿ UserDir þ ϸ ڴ ڽ Ȩ丮 ȿ Ʈ ִ. URL http://example.com/~username/ ϸ "username" Ȩ丮 UserDir þ 丮 ִ ȴ.

top

ں 丮

õ õ þ
top

UserDir ϰ ϱ

UserDir þ ں 丮 Ѵ. þ .

ʴ θ ϸ Ȩ丮 丮 η óѴ. , Ʒ :

UserDir public_html

URL http://example.com/~rbowen/file.html /home/rbowen/public_html/file.html Ѵ.

ϴ θ ϸ 丮 ڸ 丮 θ Ѵ. , Ʒ :

UserDir /var/html

URL http://example.com/~rbowen/file.html /var/html/rbowen/file.html Ѵ.

ǥ (*) θ ϸ ǥ ڸ ü θ Ѵ. , Ʒ :

UserDir /var/www/*/docs

URL http://example.com/~rbowen/file.html /var/www/rbowen/docs/file.html Ѵ.

top

̿ ϱ

UserDir ִ Ͽ ں 丮 ̿ ִ ڸ ִ:

UserDir enabled
UserDir disabled root jro fish

disabled 忡 ϰ ڿ 丮 Ѵ. , ڸ ϰ ִ:

UserDir disabled
UserDir enabled rbowen krietz

UserDir ִ ٸ 鵵 ϶.

top

ں cgi 丮 ϱ

ڸ cgi-bin 丮 οϷ <Directory> þ Ͽ Ȩ丮 Ư 丮 cgi ϰ .

<Directory /home/*/public_html/cgi-bin/>
Options ExecCGI
SetHandler cgi-script
</Directory>

UserDir public_html̶ ϸ, ȿ ִ cgi α׷ example.cgi ִ.

http://example.com/~rbowen/cgi-bin/example.cgi

top

ڰ ֵ

ڰ ڽ Ϸ, .htaccess ־ Ѵ. AllowOverride ڰ ִ þ ϶.  ϴ ڼ .htaccess 丮 ϶.

howto/ssi.html100644 0 0 45420 10422374276 11065 0ustar 0 0 ġ 丮: Server Side Includes Ұ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

ġ 丮: Server Side Includes Ұ

Server-side includes Ͽ HTML ߰ ִ.

top

Ұ

õ õ þ

SSI θ Server Side Includes Ѵ. SSI ϵ ϴ HTML ߰ϴ ⺻ SSI ҰѴ.

޺κ SSI þ ǹ ޱ Ѵ.

top

SSI ΰ?

SSI (Server Side Includes) HTML ϴ þ, Ҷ óѴ. SSI ϸ CGI α׷̳ ٸ ü  ʰ HTML ߰ ִ.

SSI ƴϸ α׷ ü κ ٽ ؾ ޷ȴ. SSI ð ߰ϴµ . ׷ Ҷ κ ؾ Ѵٸ ٸ ãƺ Ѵ.

top

SSI ϵ ϱ

SSI óϷ httpd.conf ̳ .htaccess Ͽ þ ؾ Ѵ.

Options +Includes

׷ ġ Ͽ SSI þ óѴ. Options þ ְ, þ Ἥ ȿ . ׷ þ Ǹ óϱ SSI ϴ Ư 丮 Options Ѵ.

Ͽ SSI þ óϴ ƴϴ. ġ  ó ˷ Ѵ. ΰ ִ. ϳ þ .shtml Ư Ȯڸ óϴ ̴.

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

̹ ִ SSI þ ߰ϴ SSI þ óϱ .shtml Ȯڸ οϱ⶧ ϸ ũ ؾ ϴ ̴.

ٸ XBitHack þ ϴ ̴.

XBitHack on

XBitHack ִ Ͽ SSI þ óѴ. ׷ ̹ ִ SSI þ ߰Ѵٸ ϸ ʰ chmod Ͽ ָ ȴ.

chmod +x pagename.html

ƾ ϳ. .shtml ϸ ġ .html SSI ó϶ ϴ ִ. Ƹ XBitHack 𸣴 . ̷ ϸ ġ Ͽ SSI þ Ŭ̾Ʈ Ѵٴ ̴. ſ , ƴϴ.

 ̶ ⶧ ڸ .

̿ ϱ Ʊ⶧ ġ ⺻ SSI ֱټϰ content length HTTP ʴ´. ׷ ij ϰ Ŭ̾Ʈ . ΰ ذ ִ.

  1. XBitHack Full Ѵ. ׷ ġ ϴ(include) ϵ ü û ¥ ֱټ ˾Ƴ.
  2. mod_expires ִ þ Ͽ Ͽ ϸ Ͻð ij ִ.
top

⺻ SSI þ

SSI þ .

<!--#element attribute=value attribute=value ... -->

HTML ּ ⶧ SSI ʾƵ HTML ҽ Ѵ. SSI ùٷ ϸ þ ٲ۴.

element ϳ. ȸ ڼ ̴. SSI ִ  δ

¥

<!--#echo var="DATE_LOCAL" -->

echo element ״ Ѵ. CGI α׷ ϴ ȯ溯 ܿ ǥ ִ. , set element Ͽ ִ.

¥ ʴ´ٸ, config element timefmt attribute Ѵ.

<!--#config timefmt="%A %B %d, %Y" -->
Today is <!--#echo var="DATE_LOCAL" -->

<!--#flastmod file="index.html" --> Ǿ

element timefmt ޷ȴ.

CGI α׷ ϱ

Ϲ SSI ϳ, ̵ ֿϴ ``湮 ī'' CGI α׷ Ѵ.

<!--#include virtual="/cgi-bin/counter.pl" -->

top

߰

HTML ִ  SSI .

Ǿ?

տ SSI Ͽ ڿ ֱټ ˸ ִٰ ߴ. ׷ ˷ ʾҴ. ڵ带 HTML ϸ ð . Ѵ SSI ùٷ ۵ؾ Ѵ.

<!--#config timefmt="%A %B %d, %Y" -->
<!--#flastmod file="ssi.shtml" --> Ǿ;

ssi.shtml ϴ ϸ Ѵ. ƹ ٿ ִ ڵ带 Ѵٸ, ϸ LAST_MODIFIED Ѵ.

<!--#config timefmt="%D" -->
This file last modified <!--#echo var="LAST_MODIFIED" -->

timefmt Ŀ ڼ ˻ strftime ãƺ. .

ǥ ϴ ϱ

ִ Ʈ Ѵٸ ü ϴ , Ư ǥ ܰ ϴ Ӵ.

(header) ϴ(footer) Ϸ Ͽ ̷ δ ִ. include SSI ɾ Ͽ ϴ ϳ ϸ ȴ. include element file attribute virtual attribute Ѵ. file attribute ϰδ. , (/ ϴ) ϰγ ȿ ../ . Ƹ ϴ URL ִ virtual attribute ̴. θ / , Ϸ ϴ ϰ ־ Ѵ.

<!--#include virtual="/footer.html" -->

ΰ ļ ϴ Ͽ LAST_MODIFIED þ ִ´. Ϸ Ͽ SSI þ , ̷ ٸ ϴ ִ.

top

̿ܿ ִ ?

ð config() ܿ ΰ config() ִ.

SSI þ ߸Ǹ ´

[an error occurred while processing this directive]

ϰ ʹٸ config element errmsg attribute Ͽ Ѵ.

<!--#config errmsg="[It appears that you don't know how to use SSI]" -->

Ʈ ϱ SSI þ ذϿ ڰ ̷ ʱ ٶ. (׷?)

׸ sizefmt attribute ȯϴ ũ config() ִ. Ʈ ũ⸦ ַ bytes, Kb Mb ũ⸦ ַ abbrev Ѵ.

top

ɾ ϱ

޿ CGI α׷ SSI ϴ ̴. exec element ִ ٸ ͵ ̴. SSI (Ȯ /bin/sh Win32 Ѵٸ DOS ) Ͽ ɾ Ѵ. , 丮 ش.

<pre>
<!--#exec cmd="ls" -->
</pre>

or, on Windows

<pre>
<!--#exec cmd="dir" -->
</pre>

dir ¿ ȥ ``<dir>'' ڿ Եֱ⶧,  þ ϸ ̻ ̴.

exec ±׿  ɾ ֱ⶧ ſ ϴ. ``'' ڰ ִ ȯ̶, ؼ ȵȴ. Options þ IncludesNOEXEC ƱԸƮ Ͽ SSI exec ִ.

top

SSI

ϴ ܿ ġ SSI ϰ, 񱳹 ǹ ִ.

ۿ ϴ κ ġ 1.2 ĺ ִ. , ġ 1.2 ̻ ʴ´ٸ Ƹ ׷̵ؾ Ѵ. ض. ض. ٸ ̴.

set þ Ͽ ߿ ִ. ʿϱ⶧ Ѵ. .

<!--#set var="name" value="Rich" -->

ڱ״ ʰ ȯ溯 ( , LAST_MODIFIED) ٸ Ͽ ִ. ̶ տ ޷ ǥ($) ٿ ڿ ƴ ǥѴ.

<!--#set var="modified" value="$LAST_MODIFIED" -->

޷ ڸ ״ ԷϷ ޷ ǥ տ 齽 Ѵ.

<!--#set var="cost" value="\$100" -->

ڿ ߰ ϴµ ڿ ִ ڵ Ͽ ȥǴ , ȣ  Ȯ Ѵ. ( ã , ϱ ٶ.)

<!--#set var="date" value="${DATE_LOCAL}_${DATE_GMT}" -->

ǥ

ϰ ǹ ϴ. SSI α׷־ ȴ. mod_include ǹ if, elif, else, endif Ѵ. ִ.

ǹ .

<!--#if expr="test_condition" -->
<!--#elif expr="test_condition" -->
<!--#else -->
<!--#endif -->

test_condition  񱳶 ִ. ٸ ϰų, Ư ``'' ˻Ѵ. (ڿ ̴.) 밡 ڸ , mod_include ϶. ǹ  .

Ͽ ߰Ѵ.

BrowserMatchNoCase macintosh Mac
BrowserMatchNoCase MSIE InternetExplorer

Ŭ̾Ʈ Ųÿ ϴ Internet Explorer ȯ溯 ``Mac'' ``InternetExplorer'' Ѵ.

׸ SSI ´.

<!--#if expr="${Mac} && ${InternetExplorer}" -->
⿡ ´
<!--#else -->
⿡ JavaScript ڵ尡 ´
<!--#endif -->

Ų IE ݰ ִ ƴϴ. ֿ ٸ JavaScript ڵ尡 Ų IE ʾƼ ð ߴ. ӽ ذå̴.

( Ͽ Ϲ ȯ溯̰)  ǹ ִ. ƶġ SetEnvIf ٸ þ ȯ溯 ֱ⶧ CGI ̵ ִ.

top

SSI Ȯ CGI ϴ ٸ ü . ׷ ߰ ۾ ߰ϱ⿡ Ǹ ̴.

images/caching_fig1.gif100644 0 0 40203 10422374006 12460 0ustar 0 0 GIF89aX  %&&+++&'(555469:::7894L(6H'>Y1;G>@B=CK4AQ,Fe3OpDDDEFHMMMNRXUUU]]]IOVIWhO^q]`eLb}ccdkkkgghimqoppssswxxIgLpSkPrOxQzLy~[xkefupXXYZ\`ycwkagfmkcou{tspx~vs{z~΄ێޔܜ֙ٞםܕڐх僳댴㊶댹킶㔹哻뜽䙾钾歼̤ͥԣ۫ҩ٢жƳʻĸȱСޯիڵͽĺ˳ҴۻѾԽٶߣ!,X H*\ȰÇ#JHŋ3jȱǏ CIɓ(S\ɲ˗0cʜI͛8sɳϟ@ JѣH*]ʴӧPJJիXjʵׯ`ÊKٳhӪ]˶۷pʝKݻx˷߿ LÈ+^̸ǐ#KL˘3kg}K& &ͨSwB ɸ'Ei0٢o lѧܵOO`5cV.;cUpw-Md R3F~ɌϭOWJ<}V[?\h`V BjcPߎ @ h`mV ; c PF=e?bhLsA Td`s~'p2IӞqhXh2 ,m Ɉ{S5UeƔa ?[BpFd`߀c{c2n1AnQNa~S?Vd.( dH+ꮳ;^OGC^O; IBy;&$"3JZRQ$%1Ijғ$(EYO &QSfT$Y KN &air%-sa2%)ML]ǔe, Lil6JƬ&5yq^t.pNq{d~u&HԂ`u [u: Zt=޺z':1r}T1[HOvӦb-1z PtS@ `@b:1vZ@M;֡Y³@ zΣJ}>۹BKL9-2t #D(?w΂V -~@(Bjԭcg1)CB@h򥬼M`+Ow ~؃ @W T\~ .~@H_ETBحf{" P @e<܁h(`PE9"g[(KQpe/$@8.d<&9uf(DNPhNI .Y%tlǙ#1EC`'a GAm0?}:4$JQ. @=h@ w -PǥA >RLC8ĩK1%=tzckEþ-o(X9$DARر*܁&ςdֱ&o`h{[Yh#D1nC $ĀZ pw65ŧ\;!в(NQ 5p<-8tWv]=衎qNo?ۭw+AlT{>J x.. BB'`q!pD.&`hOW67~[JK}c \ \[i~7-Fc̛ fa7& 0zv8~zgS3f6yK&^a'eKdoxtA'v|!!" ppCa~tp __EeOw9 ` >G<Ѐ@  DjlTUQdeWdփDzhofzqQ60b6S oC eSc9{F q' 砄AS qӅ 々LVZt c:}v jV ip@ Cpx`*o C@\{eX5W^mphpH)qs#3wԖVqvo p 0 Hx|KF !!`p p`vO1cLdk6_4go6 pjj0|t`*)R lP[6h_8]SVAx ( :K85`ȅ,TRt]Ń`u{ 6l]o :, w Whiu]_L{PYq_z (  `C!_0y7[Q_D  gzj HDiըX_`P aczp0 G׊x!!PI^S)WgW0BeQw0tB(#t~KXaSc*MIE0]Gq}[M_Rh)u@ ט?AVUW0h|Kp@ g P1i8 ` r@ӧ@Q^X_UwpVqXƙɧ x0F9QeWyh^GKwp @w yzjY^8^R`ah @ Ç '" yy 1\%wvkCvQ X8l~Jإ P2 svj7f?XNg `R`^7k(n‡(ixoIUhX5_OeeP zE`* p &W7HXp: >w( dJ oC 0 ~dufyh"8| g2]_R& l(#P G Э*qY@yev{ t0jڟъHDzȀDЋ4vYwR֛ `0zi"A[F7 ^ss'wrws'#[0 pӹkxywqp@ZwP| J9=S-@yp3b%eqzڳ*wcdQgsv_+ L) |ɲ$e _h^cWv@ q* xD RY 7]Z{`{#|yo+[ $U3LP c"Twk,qzfjpoQ xvk7Wsw^Qpu7e?kYquQɛ|)řnEqpvg[V5ixik-e\t[( ;aQY| U^3{sr)Xiq7ܜ&v% xHq4< p9W\Vf%SZ:HA  fpR! _B|ۮROp+`ϣw8)*O`&v f^6{IKGŘLtz qq]w 婩Zb0{ I0 z NE@m{Cw  l u[\Ée4'Buύ,XX9a}h7+l-IŒ {}:S` *79ӹp&Y  : jP` KuH 0^=ƪXi9GYFKZ sF5 v^B|q`xQk sP/p%.ʧװ~pX}{fֵc!QWnҋImLՏ@ r@uPZP_Bhsz?uXck^OokZ) ;XJQu}ʉ  h0{N&sH΀kQhǎ$O xKЏ (7P v:XIO1_R=ߢm+0_i h$5Ǥ{WO_~>t1C!^D;VFD鯢 E_?yAb"B8hQ5ƔQ{'ÌNhSTUIaHYv̂jWj*);I RD.=p" ,*Zc Ռ"PS^p1I4=A) w$//K3e (|(E2qUyY5:=&wx $?p*"(!5t_cK9Ynvz83=HBV3d-p$@fGvy*mGȪe00!܁Ҹlw.wuu.{k'}uRbS.𖱴bE;1&ȁʈr]%_ձb|N@s50+[/[Hn> Z+:nrDԭVx qs9El9W0[J"aȘ73a8Os(0RBq Bu2B;A8="8bP)d:6mB\ q%nvI! `'Ue/u9?v*P7:+ܓ%Ä5hY#ݝ5M4mb7/1{8f#cR|2Lġ-Zjݔ#9\]h:3y|7bվyef43ډnN0 xI V+a"@ >YǽUy T/an jU5S庳]u>99|%?j,ryg?A B4KrʏW<$넎ԉ^؟-!H=ax/|<}q >( +>~;}lׯ\yzL,pC@59 ܠs2BS@R.F@;Iˇ('oRd-Q[Dc"?ߺ[&'@j1:>˓r`:"gLC+> ?VA6ԠCԨMɊ<DT3cDƉB;9b@5"hؓ3kZT U_Ads@1D$3Eb|7䟥{Ba%TLdCIK<@AtBK=P-i c *ʃU?n,EdGF!xK_$c7>Gwƒ\ ,F=}t~$8':MS?FTȘɇd4$xoǯjFﲿQ-dǓly<˜TSGbOLCEb F a$F4r.&x^87ICA+ɢd~]FbJtLHt"zCsxIlJ5$ɡ$[:%J$g~+IMlpzƒPsdļ2ʡJu2& U LG!ZGa!XL :4T գ%xwK4dn<+lwr!DC FR̶Kqd"HTpIL$CL*&(JTْ/v3O޼@PZH/US]+$PJmOM]~K+S6UQSnU-hI-T ݳ4/\T)Lu`="HV8 J3RV8Lg]q1zDV{|##+,VJ4&{.D%ZX\%XTXW/ClցNΕBXEdS+[_-YiOxЅyX,\+PXl~_U < /CQж][(!l5#w]9"0@0t \ut⳪?LvUs]XFm 50ܴuU{X.j0߂51?7sZM(  =4:]?О_ _QkRe[w)`=6%5@Eu-mx\bl `%^Aul[-u.+//M@uW)xsbbq0](xxc[y|42wYUq#aF226.Ѐ-Hy (e@zw؂i)O9v@n@5)؆-0-e23,X9lQ cc(8Q eP2.wP~(4؂zg 3-y 3(VL^y!nߡV 2(2w8 P fcP *@5P2Pf0c.Ї3Ѐx@Xjj( N3 ` .c.x52P,Wֿ+@H0ǃ]f}xz P (gm.eЇi(e0@bRˀ20 02g0PxXk10Ԅj#deaF-mBP͞1K.L^4f}@4~iނ.@kl*h肐il&d5@2@c (j@5ˎ:3Zk%t`aI>j-.: wc60zЀKJ3 } j@de0 xvi ?~jZO`'ЄvXoJmf8*:.4+ (}Ȁ5 *Ȁ0*+ #i0 QȀ?#zf lyp  3>?ɇb}q$NX&~b q~H AW y@A'4 G @?E l S4|}qql$b"_;c \˾{kPWL7'ɹO O^o Z8CD$>Wչ+Y0SwvpnG+3]fOs-ZhC4RHϟțɛ!!mnVoM/,?P 뇥v)hk󸃱wWZ (y#׀d8@+ jHr") yj(i(c5 ؂-+8w w`iL."ifZb_x ߔO-Ȁ~0 0pGjP5~i20jW  X3 y4(w(n(zPtP(>~ȀTgedQ@h{ac ҿ{|g ~ nPȀȝ~0{+Ȁ2fWx0p ؂8 ~524Xw1u!m^}V(hP1 2lp!b$!ƌ7r#Ȑ"GI-Åh%3̅~W&!f,2,˟ٵ-D5: ː4P<%`µSA@)Ԧ+Y:R>Q .}4`[asAA+lWUCxWHSAxqjP< 25nHDx2?)zqeQ@IkIKbJ[I X@P'_zj~5+SN'BHm)WI<`BM護<{w{^x;9?S.y]wIsYgM1.>F'f;; ?<<Ӯ@v;!>髿 `v]R;LA{3_+`V< 2| #'HR`B! r/@j @EB, 8CBuCHԡ%(^3:U mI(HC#.|Gγu͏$ sl_ ЀQPW^  bKgUEoAR;F0$5Fq$Tp Vq 10(bh*c1p pJB (A GM)DH!Րe92#A*( a /{y(/b^3̏#ßy>jRd7 5͎P:¹}X2Å v^Kc /qr$vXl(GQ8t#(''wLVC T]8H>"iS$ 3VI6{b E.vMt !TT#B?2c3ꤦf%BUCY"+{wpb^@TrEVNYwaEEd0zQ*V2D+K'+-!ɇ: ` SkMKi0!mPvyYF ="I>@F2k5V}B*uùa­Qj]@CSF CMTsKb=>$T}n^O~p}}cޛ27NҺ몕 0IYB/G )Ap Sx$͇-`h=")z[p !--My =a#E tRȔLd`8$d1/if<ڠM#6͗('. z$5=0W!1σ=]AzG<֮c.D6l,+zY[N #کTwDjj>#Ж1Q~ F(d |_CB";td8 h_V!kLa`?Q~9bco?lyי~Gx911pC0~aAm=F8t>'oUS0ET-C>`1-?C 2?pC:C0؂ EC-G C}I]^C샞(D0k:`=Y0;' bD?*?-:x&ÑCXM`C1E~1>+B܂8:ܡB '(`'Db8| a Db` `aɠhRZTK.T1BC-:C''܂% ʎr"(?@b =8:DU A"xы/=|B0=p!(=`>"v 5b8C 7t=`:%='>(`>CZW⑞/?YLYV>iP-!%yE5T; `Z[8NlΉWDdF%J"b?DZfkZBlbDZf@.D{m!kN^5_cסY90zUZNmgF̑HUC &fyCD;'yf;&c' {u^/Zy>ݫ ~n{W%sB:V6~/mREp}h{M]f|b%mޓΌb F|Z F+b2rSl&CD4-B!.PMEIPi]eTO/@)?-CIiCi;)[iC{1AITYEu9B驑(L2ix6XI:A䞤>USFCe}*jCbYUL6̥Vb*JxÐ-yJAYBh%y &:B:? Qfi'j{z)nӽ<kƩ2%b hT,8"bkjU(BLJY뿆S],,# kΨ:=SNlŠ8]ټL2[ CcB뼶jݫlbB&ޚkzS2,Af-&lMgzӹ-%ʖ0tƭ6!ޢl)F0jl-UΩ~lqJ-Vn8 *!tFbI[E&f-6Ȑ\1lz|0.H,*WkJL/(6 e>k6RLn*?8 n6%Jm%Vk=Rm~2źlB-'ԝo4z]Zۂ lѾ=HD8,V.b/_APFYɯ=l<<6:1'/17?1GO1WW1T1C/0q'q7q11q_EH1 2/H4h@ $r pPx"O2%W%_2&g&o2'w'2(((@E")r+/+r'2)+_ -/20% dJ4 t]3;3|4a<4G34O54k5W36{6gsAl8w37938899:G 83<23s >3@s;33s5Ss:<t<:/;4E7tEKCY1;G>@B=CK4AQ,Fe3OpDDDEFHMMMNRXUUU]]]IOVIWhO^q]`eLb}ccdkkkgghimqoppssswxxIgLpSkPrOxQzLy~[xkefupXXYZ\`ycwkagfmkcou{tspx~vs{z~΄ێޔܜ֙ٞםܕڐх僳댴㊶댹킶㔹哻뜽䙾钾歼̤ͥԣ۫ҩ٢жƳʻĸȱСޯիڵͽĺ˳ҴۻѾԽٶߣ^\ pHYsHHFk>4\IDATx} t}>"^^)dKzI^ +ʁJ,K2UGJ,ִ(LI})*RH)$'; 9n]ÁNDZc0f  'Z,fgf7 HMr7@P@(R b) HX $B,@!IK$P@(R b) HX $B,@!IK$P@(R !bsav9KHO,^uZiU7jiȍĊ^zܾ0`Y'QX y>O} nVyaP,XXMs1oh49ueoCOWkvw`5;UZ\S:XQ*VƚYJuG@ KWk&Ą65-k_xuOmTTձZuMT$U Z1}5lNRPXN, XMm;+}|sEm8q;4|WUmX&T Xs@4СbVjX%Ċ5oݲy[*?0Xo/ DO Vxc$nw>Dr =ҠR&+(dM, ܘ<jk{/ t3iq mqJ&ci֭ۺee{oo]+oYyIڿ8l۲!X UbmiHѐ|Ұkm{δ_s狴5KgA/䶍 pkܮbJbmIkKRPHXeؑuT1P@(R b b) Hy,X 6 EHX $B,@!IPht~vv>ݒ5-G#l$*wCR-_g ٠i]F/fqHh95j6o|wyl/ v:ەbqff\.cf5ԧ]!LhZpf-'?ش \)k&ٵζ%F,8SSV3C~돭M$uuuoskqZtM(kƗ)-8Tf0:6='VGr-c{7@JACmiӱW]YXC G:euuu  W?1d!xƀPɖa˾~ePAfFu C .}3Z "L P4 7Ƞ5;"oZl zz0~>;ƮSWqʄ%k>䈅||p9Rhxճϟ{rbb}йdyˆWE"M;y[93<~_7hM#{jc:4/]riZPfI,@w F1j( ӧ<1I܂:KλCs#Z%PfSߐP]8}8)Pu*bq@;)Cԥ3W'VS%joNɿ0!7f3S@y7O"5b١ S̨ M$:`mCl6ضvM@2CNp : @g}(.urs7Gg"Cq9MM˘N:r:-i\ 1bJ#9\.tS_ɫ.K :{@]D _pg#KxoU>!~̃e Y\$CS1iG@ۮO"?rc |4^H{sμ :b&H*h#ð۽dyTkQJnWoOYw)Czp1D1 LS`z * 6x;sX]p=]Szxb뗠>ᾑ趷7}Q0>;zgNG{O 7}ɯ3烧mn!&8s=mvlE#3(t1éOr.Kx[˙> l&Stͽ' ?1t.!w :}(JŊÌ:V;uPt7<<[#kb`7r0+ æO&վJ7ͣBp7Ag@hᰟa z`:if)*Bbx6'iONN:pnfKXdAks:} ܧDˠDˀv9+1@;@בG(ٙc΁H0S 25|D¥Nz8|KREF,T\ ck':3^g1qy d:x瑳CՀBM$!Ugi8U&*(thGΌ AC_z *Y""b1*:cwnH{,+z뵴-ˑ9T8?BR1c':s ݸ3]$7 YC%{9?n\n EC,vnV,|^mRhH^kcC:f,+cE:` Üe"AwoX-Glv@(H1A87yp¹ (9 tk@TDFaa=6B)+;e0tQĠ_o@T$c=#):hMdcX7 p,Bzm}N,R1e܃ ω3`XY^׉*8ai0[uh62 *wݰG.Ơ 8A誣l:TBbN,.bhxǁHTa\t%b/[G/Buɦ1Ǻ{:+SA˜vyÁouh;A1 Cl94|~&)š J58}i(949e$yd eKt!@ 'N _jYaώe>j vL4LtMk N>52O-=0Vx2c'}u_|MX{w$Sr|,m>4<Ճd=>p4m݁r[v>:rFr+yO$~x.NrS(w`c^Ls+nܬ;~<V{O)>Gw*0%VtƉcq(جƐDcxдNJfTXC矴| (BOI}BY1+ ݃G.OԘ (/B cN/NNA~ K{TUcn,R[:xqM$,T)0N9J`VI FP,AG1]5){d$b%Q<+ wkiѠc =+`af]zBfbht<2ㄆFg8W' c+ZYY Z#X%lc)pC wխ%Cr !u:![ S(?ܭenV"-cBujdh$!=0ɼr=aNv^sc)}'hgAh:wpx|Pe c(qЄVZcsQNB7}NJ 8?Pgu8Pe R+;@ 2ώo^yDO٧Q 3umeg/Q3p +橈AcHl(?qjթR%R")0z4' =G=m1=eHG,({-!I|6!t5|b6XH{[w?O CZLJo ͞ݔ|x/-,O&Bv&+SqO Jdp`otZ*67y+>Vů}?9wR3k[m D[K}K-{ڷ _.njk63/=ԺlZR`u-v۷ ee5Uing?s 55Mͭ)Z_Vo}[+zf{y#`N'M ?g>/5%-S/o_JH۪~D[m$vj g&֦rG>{}'Ums͛SϿ{O|\Q.G@V⓲?ꊲnH~8NŪjll|1njxa7W?/DC А};@{Zyʣ.۶k>~?gKMmZЎ7!~Wlnus[YJ_/nm[uɭzh2w?w} Ԟ'pÛ\]Hx*Ooy-djBKsKf`Nƪ#2汸Y',j! p= qL LԐ\іgG%5`. cv?z~{ ˙~ EAR_