Apache HTTP 服务器版本 2.4
指令快速索引显示指令的用法,默认值,状态和上下文。要获得更多信息,请参见 描述指令的术语。
第一列给出指令的名称与用法。第二列显示指令的默认值(如果有的话)。 如果因为默认值太长而被截断显示,会在最后一个字符之后显示字符 “+”。
第三列显示允许此指令的上下文,第四列显示指令的状态。
A | B | C | D | E | F | G | H | I | K | L | M | N | O | P | Q | R | S | T | U | V | W | X |
|
|
AcceptFilter protocol accept_filter | s | C | |
Configures optimizations for a Protocol's Listener Sockets | |||
AcceptPathInfo On|Off|Default | Default | svdh | C |
Resources accept trailing pathname information | |||
AccessFileName filename [filename] ... | .htaccess | sv | C |
Name of the distributed configuration file | |||
Action action-type cgi-script [virtual] | svdh | B | |
Activates a CGI script for a particular handler or content-type | |||
AddAlt string file [file] ... | svdh | B | |
Alternate text to display for a file, instead of an icon selected by filename | |||
AddAltByEncoding string MIME-encoding [MIME-encoding] ... | svdh | B | |
Alternate text to display for a file instead of an icon selected by MIME-encoding | |||
AddAltByType string MIME-type [MIME-type] ... | svdh | B | |
Alternate text to display for a file, instead of an icon selected by MIME content-type | |||
AddCharset charset extension [extension] ... | svdh | B | |
Maps the given filename extensions to the specified content charset | |||
AddDefaultCharset On|Off|charset | Off | svdh | C |
Default charset parameter to be added when a response
content-type is text/plain or text/html | |||
AddDescription string file [file] ... | svdh | B | |
Description to display for a file | |||
AddEncoding encoding extension [extension] ... | svdh | B | |
Maps the given filename extensions to the specified encoding type | |||
AddHandler handler-name extension [extension] ... | svdh | B | |
Maps the filename extensions to the specified handler | |||
AddIcon icon name [name] ... | svdh | B | |
Icon to display for a file selected by name | |||
AddIconByEncoding icon MIME-encoding [MIME-encoding] ... | svdh | B | |
Icon to display next to files selected by MIME content-encoding | |||
AddIconByType icon MIME-type [MIME-type] ... | svdh | B | |
Icon to display next to files selected by MIME content-type | |||
AddInputFilter filter[;filter...] extension [extension] ... | svdh | B | |
Maps filename extensions to the filters that will process client requests | |||
AddLanguage language-tag extension [extension] ... | svdh | B | |
Maps the given filename extension to the specified content language | |||
AddModuleInfo module-name string | sv | E | |
Adds additional information to the module information displayed by the server-info handler | |||
AddOutputFilter filter[;filter...] extension [extension] ... | svdh | B | |
Maps filename extensions to the filters that will process responses from the server | |||
AddOutputFilterByType filter[;filter...] media-type [media-type] ... | svdh | B | |
assigns an output filter to a particular media-type | |||
AddType media-type extension [extension] ... | svdh | B | |
Maps the given filename extensions onto the specified content type | |||
Alias [URL-path] file-path|directory-path | svd | B | |
Maps URLs to filesystem locations | |||
AliasMatch regex file-path|directory-path | sv | B | |
Maps URLs to filesystem locations using regular expressions | |||
AliasPreservePath OFF|ON | OFF | svd | B |
Map the full path after the alias in a location. | |||
Allow from all|host|env=[!]env-variable [host|env=[!]env-variable] ... | dh | E | |
Controls which hosts can access an area of the server | |||
AllowCONNECT port[-port] [port[-port]] ... | 443 563 | sv | E |
Ports that are allowed to CONNECT through the
proxy | |||
AllowEncodedSlashes On|Off|NoDecode | Off | sv | C |
Determines whether encoded path separators in URLs are allowed to be passed through | |||
AllowMethods reset|HTTP-method [HTTP-method]... | reset | d | X |
Restrict access to the listed HTTP methods | |||
AllowOverride All|None|directive-type [directive-type] ... | None (2.3.9 and lat + | d | C |
Types of directives that are allowed in
.htaccess files | |||
AllowOverrideList None|directive [directive-type] ... | None | d | C |
Individual directives that are allowed in
.htaccess files | |||
Anonymous user [user] ... | dh | E | |
Specifies userIDs that are allowed access without password verification | |||
Anonymous_LogEmail On|Off | On | dh | E |
Sets whether the password entered will be logged in the error log | |||
Anonymous_MustGiveEmail On|Off | On | dh | E |
Specifies whether blank passwords are allowed | |||
Anonymous_NoUserID On|Off | Off | dh | E |
Sets whether the userID field may be empty | |||
Anonymous_VerifyEmail On|Off | Off | dh | E |
Sets whether to check the password field for a correctly formatted email address | |||
AsyncRequestWorkerFactor factor | s | M | |
Limit concurrent connections per process | |||
AuthBasicAuthoritative On|Off | On | dh | B |
Sets whether authorization and authentication are passed to lower level modules | |||
AuthBasicFake off|username [password] | dh | B | |
Fake basic authentication using the given expressions for username and password | |||
AuthBasicProvider provider-name [provider-name] ... | file | dh | B |
Sets the authentication provider(s) for this location | |||
AuthBasicUseDigestAlgorithm MD5|Off | Off | dh | B |
Check passwords against the authentication providers as if Digest Authentication was in force instead of Basic Authentication. | |||
AuthDBDUserPWQuery query | d | E | |
SQL query to look up a password for a user | |||
AuthDBDUserRealmQuery query | d | E | |
SQL query to look up a password hash for a user and realm. | |||
AuthDBMGroupFile file-path | dh | E | |
Sets the name of the database file containing the list of user groups for authorization | |||
AuthDBMType default|SDBM|GDBM|NDBM|DB | default | dh | E |
Sets the type of database file that is used to store passwords | |||
AuthDBMUserFile file-path | dh | E | |
Sets the name of a database file containing the list of users and passwords for authentication | |||
AuthDigestAlgorithm MD5|MD5-sess | MD5 | dh | E |
Selects the algorithm used to calculate the challenge and response hashes in digest authentication | |||
AuthDigestDomain URI [URI] ... | dh | E | |
URIs that are in the same protection space for digest authentication | |||
AuthDigestNonceLifetime seconds | 300 | dh | E |
How long the server nonce is valid | |||
AuthDigestProvider provider-name [provider-name] ... | file | dh | E |
Sets the authentication provider(s) for this location | |||
AuthDigestQop none|auth|auth-int [auth|auth-int] | auth | dh | E |
Determines the quality-of-protection to use in digest authentication | |||
AuthDigestShmemSize size | 1000 | s | E |
The amount of shared memory to allocate for keeping track of clients | |||
AuthFormAuthoritative On|Off | On | dh | B |
Sets whether authorization and authentication are passed to lower level modules | |||
AuthFormBody fieldname | httpd_body | d | B |
The name of a form field carrying the body of the request to attempt on successful login | |||
AuthFormDisableNoStore On|Off | Off | d | B |
Disable the CacheControl no-store header on the login page | |||
AuthFormFakeBasicAuth On|Off | Off | d | B |
Fake a Basic Authentication header | |||
AuthFormLocation fieldname | httpd_location | d | B |
The name of a form field carrying a URL to redirect to on successful login | |||
AuthFormLoginRequiredLocation url | d | B | |
The URL of the page to be redirected to should login be required | |||
AuthFormLoginSuccessLocation url | d | B | |
The URL of the page to be redirected to should login be successful | |||
AuthFormLogoutLocation uri | d | B | |
The URL to redirect to after a user has logged out | |||
AuthFormMethod fieldname | httpd_method | d | B |
The name of a form field carrying the method of the request to attempt on successful login | |||
AuthFormMimetype fieldname | httpd_mimetype | d | B |
The name of a form field carrying the mimetype of the body of the request to attempt on successful login | |||
AuthFormPassword fieldname | httpd_password | d | B |
The name of a form field carrying the login password | |||
AuthFormProvider provider-name [provider-name] ... | file | dh | B |
Sets the authentication provider(s) for this location | |||
AuthFormSitePassphrase secret | d | B | |
Bypass authentication checks for high traffic sites | |||
AuthFormSize size | 8192 | d | B |
The largest size of the form in bytes that will be parsed for the login details | |||
AuthFormUsername fieldname | httpd_username | d | B |
The name of a form field carrying the login username | |||
AuthGroupFile file-path | dh | B | |
Sets the name of a text file containing the list of user groups for authorization | |||
AuthLDAPAuthorizePrefix prefix | AUTHORIZE_ | dh | E |
Specifies the prefix for environment variables set during authorization | |||
AuthLDAPBindAuthoritative off|on | on | dh | E |
Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. | |||
AuthLDAPBindDN distinguished-name | dh | E | |
Optional DN to use in binding to the LDAP server | |||
AuthLDAPBindPassword password | dh | E | |
Password used in conjunction with the bind DN | |||
AuthLDAPCharsetConfig file-path | s | E | |
Language to charset conversion configuration file | |||
AuthLDAPCompareAsUser on|off | off | dh | E |
Use the authenticated user's credentials to perform authorization comparisons | |||
AuthLDAPCompareDNOnServer on|off | on | dh | E |
Use the LDAP server to compare the DNs | |||
AuthLDAPDereferenceAliases never|searching|finding|always | always | dh | E |
When will the module de-reference aliases | |||
AuthLDAPGroupAttribute attribute | member uniqueMember + | dh | E |
LDAP attributes used to identify the user members of groups. | |||
AuthLDAPGroupAttributeIsDN on|off | on | dh | E |
Use the DN of the client username when checking for group membership | |||
AuthLDAPInitialBindAsUser off|on | off | dh | E |
Determines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server | |||
AuthLDAPInitialBindPattern regex substitution | (.*) $1 (remote use + | dh | E |
Specifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup | |||
AuthLDAPMaxSubGroupDepth Number | 10 | dh | E |
Specifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued. | |||
AuthLDAPRemoteUserAttribute uid | dh | E | |
Use the value of the attribute returned during the user query to set the REMOTE_USER environment variable | |||
AuthLDAPRemoteUserIsDN on|off | off | dh | E |
Use the DN of the client username to set the REMOTE_USER environment variable | |||
AuthLDAPSearchAsUser on|off | off | dh | E |
Use the authenticated user's credentials to perform authorization searches | |||
AuthLDAPSubGroupAttribute attribute | member uniqueMember + | dh | E |
Specifies the attribute labels, one value per directive line, used to distinguish the members of the current group that are groups. | |||
AuthLDAPSubGroupClass LdapObjectClass | groupOfNames groupO + | dh | E |
Specifies which LDAP objectClass values identify directory objects that are groups during sub-group processing. | |||
AuthLDAPURL url [NONE|SSL|TLS|STARTTLS] | dh | E | |
URL specifying the LDAP search parameters | |||
AuthMerging Off | And | Or | Off | dh | B |
Controls the manner in which each configuration section's authorization logic is combined with that of preceding configuration sections. | |||
AuthName auth-domain | dh | B | |
Authorization realm for use in HTTP authentication | |||
AuthnCacheContext directory|server|custom-string | directory | d | B |
Specify a context string for use in the cache key | |||
AuthnCacheEnable | s | B | |
Enable Authn caching configured anywhere | |||
AuthnCacheProvideFor authn-provider [...] | dh | B | |
Specify which authn provider(s) to cache for | |||
AuthnCacheSOCache provider-name[:provider-args] | s | B | |
Select socache backend provider to use | |||
AuthnCacheTimeout timeout (seconds) | 300 (5 minutes) | dh | B |
Set a timeout for cache entries | |||
<AuthnProviderAlias baseProvider Alias> ... </AuthnProviderAlias> | s | B | |
Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias | |||
AuthnzFcgiCheckAuthnProvider provider-name|None
option ... | d | E | |
Enables a FastCGI application to handle the check_authn authentication hook. | |||
AuthnzFcgiDefineProvider type provider-name backend-address | s | E | |
Defines a FastCGI application as a provider for authentication and/or authorization | |||
AuthType None|Basic|Digest|Form | dh | B | |
Type of user authentication | |||
AuthUserFile file-path | dh | B | |
Sets the name of a text file containing the list of users and passwords for authentication | |||
AuthzDBDLoginToReferer On|Off | Off | d | E |
Determines whether to redirect the Client to the Referring
page on successful login or logout if a Referer request
header is present | |||
AuthzDBDQuery query | d | E | |
Specify the SQL Query for the required operation | |||
AuthzDBDRedirectQuery query | d | E | |
Specify a query to look up a login page for the user | |||
AuthzDBMType default|SDBM|GDBM|NDBM|DB | default | dh | E |
Sets the type of database file that is used to store list of user groups | |||
<AuthzProviderAlias baseProvider Alias Require-Parameters> ... </AuthzProviderAlias> | s | B | |
Enclose a group of directives that represent an extension of a base authorization provider and referenced by the specified alias | |||
AuthzSendForbiddenOnFailure On|Off | Off | dh | B |
Send '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authentication succeeds but authorization fails | |||
BalancerGrowth # | 5 | sv | E |
Number of additional Balancers that can be added Post-configuration | |||
BalancerInherit On|Off | On | sv | E |
Inherit ProxyPassed Balancers/Workers from the main server | |||
BalancerMember [balancerurl] url [key=value [key=value ...]] | d | E | |
Add a member to a load balancing group | |||
BalancerPersist On|Off | Off | sv | E |
Attempt to persist changes made by the Balancer Manager across restarts. | |||
BrotliAlterETag AddSuffix|NoChange|Remove | AddSuffix | sv | E |
How the outgoing ETag header should be modified during compression | |||
BrotliCompressionMaxInputBlock value | sv | E | |
Maximum input block size | |||
BrotliCompressionQuality value | 5 | sv | E |
Compression quality | |||
BrotliCompressionWindow value | 18 | sv | E |
Brotli sliding compression window size | |||
BrotliFilterNote [type] notename | sv | E | |
Places the compression ratio in a note for logging | |||
BrowserMatch regex [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
Sets environment variables conditional on HTTP User-Agent | |||
BrowserMatchNoCase regex [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
Sets environment variables conditional on User-Agent without respect to case | |||
BufferedLogs On|Off | Off | s | B |
Buffer log entries in memory before writing to disk | |||
BufferSize integer | 131072 | svdh | E |
Maximum size in bytes to buffer by the buffer filter | |||
CacheDefaultExpire seconds | 3600 (one hour) | svdh | E |
The default duration to cache a document when no expiry date is specified. | |||
CacheDetailHeader on|off | off | svdh | E |
Add an X-Cache-Detail header to the response. | |||
CacheDirLength length | 2 | sv | E |
The number of characters in subdirectory names | |||
CacheDirLevels levels | 2 | sv | E |
The number of levels of subdirectories in the cache. | |||
CacheDisable url-string | on | svdh | E | |
Disable caching of specified URLs | |||
CacheEnable cache_type [url-string] | svd | E | |
Enable caching of specified URLs using a specified storage manager | |||
CacheFile file-path [file-path] ... | s | X | |
Cache a list of file handles at startup time | |||
CacheHeader on|off | off | svdh | E |
Add an X-Cache header to the response. | |||
CacheIgnoreCacheControl On|Off | Off | sv | E |
Ignore request to not serve cached content to client | |||
CacheIgnoreHeaders header-string [header-string] ... | None | sv | E |
Do not store the given HTTP header(s) in the cache. | |||
CacheIgnoreNoLastMod On|Off | Off | svdh | E |
Ignore the fact that a response has no Last Modified header. | |||
CacheIgnoreQueryString On|Off | Off | sv | E |
Ignore query string when caching | |||
CacheIgnoreURLSessionIdentifiers identifier [identifier] ... | None | sv | E |
Ignore defined session identifiers encoded in the URL when caching | |||
CacheKeyBaseURL URL | sv | E | |
Override the base URL of reverse proxied cache keys. | |||
CacheLastModifiedFactor float | 0.1 | svdh | E |
The factor used to compute an expiry date based on the LastModified date. | |||
CacheLock on|off | off | sv | E |
Enable the thundering herd lock. | |||
CacheLockMaxAge integer | 5 | sv | E |
Set the maximum possible age of a cache lock. | |||
CacheLockPath directory | /tmp/mod_cache-lock + | sv | E |
Set the lock path directory. | |||
CacheMaxExpire seconds | 86400 (one day) | svdh | E |
The maximum time in seconds to cache a document | |||
CacheMaxFileSize bytes | 1000000 | svdh | E |
The maximum size (in bytes) of a document to be placed in the cache | |||
CacheMinExpire seconds | 0 | svdh | E |
The minimum time in seconds to cache a document | |||
CacheMinFileSize bytes | 1 | svdh | E |
The minimum size (in bytes) of a document to be placed in the cache | |||
CacheNegotiatedDocs On|Off | Off | sv | B |
Allows content-negotiated documents to be cached by proxy servers | |||
CacheQuickHandler on|off | on | sv | E |
Run the cache from the quick handler. | |||
CacheReadSize bytes | 0 | svdh | E |
The minimum size (in bytes) of the document to read and be cached before sending the data downstream | |||
CacheReadTime milliseconds | 0 | svdh | E |
The minimum time (in milliseconds) that should elapse while reading before data is sent downstream | |||
CacheRoot directory | sv | E | |
The directory root under which cache files are stored | |||
CacheSocache type[:args] | sv | E | |
The shared object cache implementation to use | |||
CacheSocacheMaxSize bytes | 102400 | svdh | E |
The maximum size (in bytes) of an entry to be placed in the cache | |||
CacheSocacheMaxTime seconds | 86400 | svdh | E |
The maximum time (in seconds) for a document to be placed in the cache | |||
CacheSocacheMinTime seconds | 600 | svdh | E |
The minimum time (in seconds) for a document to be placed in the cache | |||
CacheSocacheReadSize bytes | 0 | svdh | E |
The minimum size (in bytes) of the document to read and be cached before sending the data downstream | |||
CacheSocacheReadTime milliseconds | 0 | svdh | E |
The minimum time (in milliseconds) that should elapse while reading before data is sent downstream | |||
CacheStaleOnError on|off | on | svdh | E |
Serve stale content in place of 5xx responses. | |||
CacheStoreExpired On|Off | Off | svdh | E |
Attempt to cache responses that the server reports as expired | |||
CacheStoreNoStore On|Off | Off | svdh | E |
Attempt to cache requests or responses that have been marked as no-store. | |||
CacheStorePrivate On|Off | Off | svdh | E |
Attempt to cache responses that the server has marked as private | |||
CGIDScriptTimeout time[s|ms] | svdh | B | |
The length of time to wait for more output from the CGI program | |||
CGIMapExtension cgi-path .extension | dh | C | |
Technique for locating the interpreter for CGI scripts | |||
CGIPassAuth On|Off | Off | dh | C |
Enables passing HTTP authorization headers to scripts as CGI variables | |||
CGIScriptTimeout time[s|ms] | svdh | B | |
The length of time to wait for more output from the CGI program | |||
CGIVar variable rule | dh | C | |
Controls how some CGI variables are set | |||
CharsetDefault charset | svdh | E | |
Charset to translate into | |||
CharsetOptions option [option] ... | ImplicitAdd | svdh | E |
Configures charset translation behavior | |||
CharsetSourceEnc charset | svdh | E | |
Source charset of files | |||
CheckBasenameMatch on|off | On | svdh | E |
Also match files with differing file name extensions. | |||
CheckCaseOnly on|off | Off | svdh | E |
Limits the action of the speling module to case corrections | |||
CheckSpelling on|off | Off | svdh | E |
Enables the spelling module | |||
ChrootDir /path/to/directory | s | B | |
Directory for apache to run chroot(8) after startup. | |||
ContentDigest On|Off | Off | svdh | C |
Enables the generation of Content-MD5 HTTP Response
headers | |||
CookieDomain domain | svdh | E | |
The domain to which the tracking cookie applies | |||
CookieExpires expiry-period | svdh | E | |
Expiry time for the tracking cookie | |||
CookieHTTPOnly on|off | off | svdh | E |
Adds the 'HTTPOnly' attribute to the cookie | |||
CookieName token | Apache | svdh | E |
Name of the tracking cookie | |||
CookieSameSite None|Lax|Strict | svdh | E | |
Adds the 'SameSite' attribute to the cookie | |||
CookieSecure on|off | off | svdh | E |
Adds the 'Secure' attribute to the cookie | |||
CookieStyle Netscape|Cookie|Cookie2|RFC2109|RFC2965 | Netscape | svdh | E |
Format of the cookie header field | |||
CookieTracking on|off | off | svdh | E |
Enables tracking cookie | |||
CoreDumpDirectory directory | s | M | |
Directory where Apache HTTP Server attempts to switch before dumping core | |||
CustomLog file|pipe format|nickname [env=[!]environment-variable| expr=expression] | sv | B | |
Sets filename and format of log file | |||
Dav On|Off|provider-name | Off | d | E |
Enable WebDAV HTTP methods | |||
DavBasePath root-path | d | E | |
Configure repository root path | |||
DavDepthInfinity on|off | off | svd | E |
Allow PROPFIND, Depth: Infinity requests | |||
DavGenericLockDB file-path | svd | E | |
Location of the DAV lock database | |||
DavLockDB file-path | sv | E | |
Location of the DAV lock database | |||
DavLockDiscovery on|off | on | svdh | E |
Enable lock discovery | |||
DavMinTimeout seconds | 0 | svd | E |
Minimum amount of time the server holds a lock on a DAV resource | |||
DBDExptime time-in-seconds | 300 | sv | E |
Keepalive time for idle connections | |||
DBDInitSQL "SQL statement" | sv | E | |
Execute an SQL statement after connecting to a database | |||
DBDKeep number | 2 | sv | E |
Maximum sustained number of connections | |||
DBDMax number | 10 | sv | E |
Maximum number of connections | |||
DBDMin number | 1 | sv | E |
Minimum number of connections | |||
DBDParams param1=value1[,param2=value2] | sv | E | |
Parameters for database connection | |||
DBDPersist On|Off | sv | E | |
Whether to use persistent connections | |||
DBDPrepareSQL "SQL statement" label | sv | E | |
Define an SQL prepared statement | |||
DBDriver name | sv | E | |
Specify an SQL driver | |||
DefaultIcon url-path | svdh | B | |
Icon to display for files when no specific icon is configured | |||
DefaultLanguage language-tag | svdh | B | |
Defines a default language-tag to be sent in the Content-Language header field for all resources in the current context that have not been assigned a language-tag by some other means. | |||
DefaultRuntimeDir directory-path | DEFAULT_REL_RUNTIME + | s | C |
Base directory for the server run-time files | |||
DefaultType media-type|none | none | svdh | C |
This directive has no effect other than to emit warnings
if the value is not none . In prior versions, DefaultType
would specify a default media type to assign to response content for
which no other media type configuration could be found.
| |||
Define parameter-name [parameter-value] | svd | C | |
Define a variable | |||
DeflateAlterETag AddSuffix|NoChange|Remove | AddSuffix | sv | E |
How the outgoing ETag header should be modified during compression | |||
DeflateBufferSize value | 8096 | sv | E |
Fragment size to be compressed at one time by zlib | |||
DeflateCompressionLevel value | sv | E | |
How much compression do we apply to the output | |||
DeflateFilterNote [type] notename | sv | E | |
Places the compression ratio in a note for logging | |||
DeflateInflateLimitRequestBody value | svdh | E | |
Maximum size of inflated request bodies | |||
DeflateInflateRatioBurst value | 3 | svdh | E |
Maximum number of times the inflation ratio for request bodies can be crossed | |||
DeflateInflateRatioLimit value | 200 | svdh | E |
Maximum inflation ratio for request bodies | |||
DeflateMemLevel value | 9 | sv | E |
How much memory should be used by zlib for compression | |||
DeflateWindowSize value | 15 | sv | E |
Zlib compression window size | |||
Deny from all|host|env=[!]env-variable [host|env=[!]env-variable] ... | dh | E | |
Controls which hosts are denied access to the server | |||
<Directory directory-path> ... </Directory> | sv | C | |
Enclose a group of directives that apply only to the named file-system directory, sub-directories, and their contents. | |||
DirectoryCheckHandler On|Off | Off | svdh | B |
Toggle how this module responds when another handler is configured | |||
DirectoryIndex disabled | local-url [local-url] ... | index.html | svdh | B |
List of resources to look for when the client requests a directory | |||
DirectoryIndexRedirect on | off | permanent | temp | seeother | 3xx-code | off | svdh | B |
Configures an external redirect for directory indexes. | |||
<DirectoryMatch regex> ... </DirectoryMatch> | sv | C | |
Enclose directives that apply to the contents of file-system directories matching a regular expression. | |||
DirectorySlash On|Off | On | svdh | B |
Toggle trailing slash redirects on or off | |||
DocumentRoot directory-path | "/usr/local/apache/ + | sv | C |
Directory that forms the main document tree visible from the web | |||
DTracePrivileges On|Off | Off | s | X |
Determines whether the privileges required by dtrace are enabled. | |||
DumpIOInput On|Off | Off | s | E |
Dump all input data to the error log | |||
DumpIOOutput On|Off | Off | s | E |
Dump all output data to the error log | |||
<Else> ... </Else> | svdh | C | |
Contains directives that apply only if the condition of a
previous <If> or
<ElseIf> section is not
satisfied by a request at runtime | |||
<ElseIf expression> ... </ElseIf> | svdh | C | |
Contains directives that apply only if a condition is satisfied
by a request at runtime while the condition of a previous
<If> or
<ElseIf> section is not
satisfied | |||
EnableExceptionHook On|Off | Off | s | M |
Enables a hook that runs exception handlers after a crash | |||
EnableMMAP On|Off | On | svdh | C |
Use memory-mapping to read files during delivery | |||
EnableSendfile On|Off | Off | svdh | C |
Use the kernel sendfile support to deliver files to the client | |||
Error message | svdh | C | |
Abort configuration parsing with a custom error message | |||
ErrorDocument error-code document | svdh | C | |
What the server will return to the client in case of an error | |||
ErrorLog file-path|syslog[:[facility][:tag]] | logs/error_log (Uni + | sv | C |
Location where the server will log errors | |||
ErrorLogFormat [connection|request] format | sv | C | |
Format specification for error log entries | |||
Example | svdh | X | |
Demonstration directive to illustrate the Apache module API | |||
ExpiresActive On|Off | Off | svdh | E |
Enables generation of Expires
headers | |||
ExpiresByType MIME-type <code>seconds | svdh | E | |
Value of the Expires header configured
by MIME type | |||
ExpiresDefault <code>seconds | svdh | E | |
Default algorithm for calculating expiration time | |||
ExtendedStatus On|Off | Off[*] | s | C |
Keep track of extended status information for each request | |||
ExtFilterDefine filtername parameters | s | E | |
Define an external filter | |||
ExtFilterOptions option [option] ... | NoLogStderr | d | E |
Configure mod_ext_filter options | |||
FallbackResource disabled | local-url | svdh | B | |
Define a default URL for requests that don't map to a file | |||
FileETag component ... | MTime Size | svdh | C |
File attributes used to create the ETag HTTP response header for static files | |||
<Files filename> ... </Files> | svdh | C | |
Contains directives that apply to matched filenames | |||
<FilesMatch regex> ... </FilesMatch> | svdh | C | |
Contains directives that apply to regular-expression matched filenames | |||
FilterChain [+=-@!]filter-name ... | svdh | B | |
Configure the filter chain | |||
FilterDeclare filter-name [type] | svdh | B | |
Declare a smart filter | |||
FilterProtocol filter-name [provider-name] proto-flags | svdh | B | |
Deal with correct HTTP protocol handling | |||
FilterProvider filter-name provider-name expression | svdh | B | |
Register a content filter | |||
FilterTrace filter-name level | svd | B | |
Get debug/diagnostic information from
mod_filter | |||
FlushMaxPipelined number | 5 | sv | C |
Maximum number of pipelined responses above which they are flushed to the network | |||
FlushMaxThreshold number-of-bytes | 65535 | sv | C |
Threshold above which pending data are flushed to the network | |||
ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback] | Prefer | svdh | B |
Action to take if a single acceptable document is not found | |||
ForceType media-type|None | dh | C | |
Forces all matching files to be served with the specified media type in the HTTP Content-Type header field | |||
ForensicLog filename|pipe | sv | E | |
Sets filename of the forensic log | |||
GlobalLogfile|pipe format|nickname [env=[!]environment-variable| expr=expression] | s | B | |
Sets filename and format of log file | |||
GprofDir /tmp/gprof/|/tmp/gprof/% | sv | C | |
Directory to write gmon.out profiling data to. | |||
GracefulShutdownTimeout seconds | 0 | s | M |
Specify a timeout after which a gracefully shutdown server will exit. | |||
Group unix-group | #-1 | s | B |
Group under which the server will answer requests | |||
H2CopyFiles on|off | off | svdh | E |
Determine file handling in responses | |||
H2Direct on|off | on for h2c, off for + | sv | E |
H2 Direct Protocol Switch | |||
H2EarlyHint name value | svdh | E | |
Add a response header to be picked up in 103 Early Hints | |||
H2EarlyHints on|off | off | sv | E |
Determine sending of 103 status codes | |||
H2MaxDataFrameLen n | 0 | sv | E |
Maximum bytes inside a single HTTP/2 DATA frame | |||
H2MaxSessionStreams n | 100 | sv | E |
Maximum number of active streams per HTTP/2 session. | |||
H2MaxWorkerIdleSeconds n | 600 | s | E |
Maximum number of seconds h2 workers remain idle until shut down. | |||
H2MaxWorkers n | s | E | |
Maximum number of worker threads to use per child process. | |||
H2MinWorkers n | s | E | |
Minimal number of worker threads to use per child process. | |||
H2ModernTLSOnly on|off | on | sv | E |
Require HTTP/2 connections to be "modern TLS" only | |||
H2OutputBuffering on|off | on | sv | E |
Determine buffering behaviour of output | |||
H2Padding numbits | 0 | sv | E |
Determine the range of padding bytes added to payload frames | |||
H2ProxyRequests on|off | off | sv | E |
En-/Disable forward proxy requests via HTTP/2 | |||
H2Push on|off | on | svdh | E |
H2 Server Push Switch | |||
H2PushDiarySize n | 256 | sv | E |
H2 Server Push Diary Size | |||
H2PushPriority mime-type [after|before|interleaved] [weight] | * After 16 | sv | E |
H2 Server Push Priority | |||
H2PushResource [add] path [critical] | svdh | E | |
Declares resources for early pushing to the client | |||
H2SerializeHeaders on|off | off | sv | E |
Serialize Request/Response Processing Switch | |||
H2StreamMaxMemSize bytes | 65536 | sv | E |
Maximum amount of output data buffered per stream. | |||
H2StreamTimeout time-interval[s] | svd | E | |
Maximum time waiting when sending/receiving data to stream processing | |||
H2TLSCoolDownSecs seconds | 1 | sv | E |
Configure the number of seconds of idle time on TLS before shrinking writes | |||
H2TLSWarmUpSize amount | 1048576 | sv | E |
Configure the number of bytes on TLS connection before doing max writes | |||
H2Upgrade on|off | on for h2c, off for + | svdh | E |
H2 Upgrade Protocol Switch | |||
H2WebSockets on|off | off | sv | E |
En-/Disable WebSockets via HTTP/2 | |||
H2WindowSize bytes | 65535 | sv | E |
Size of Stream Window for upstream data. | |||
Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] | svdh | E | |
Configure HTTP response headers | |||
HeaderName filename | svdh | B | |
Name of the file that will be inserted at the top of the index listing | |||
HeartbeatAddress addr:port | s | X | |
Multicast address for heartbeat packets | |||
HeartbeatListen addr:port | s | X | |
multicast address to listen for incoming heartbeat requests | |||
HeartbeatMaxServers number-of-servers | 10 | s | X |
Specifies the maximum number of servers that will be sending heartbeat requests to this server | |||
HeartbeatStorage file-path | logs/hb.dat | s | X |
Path to store heartbeat data when using flat-file storage | |||
HeartbeatStorage file-path | logs/hb.dat | s | X |
Path to read heartbeat data | |||
HostnameLookups On|Off|Double | Off | svd | C |
Enables DNS lookups on client IP addresses | |||
HttpProtocolOptions [Strict|Unsafe] [RegisteredMethods|LenientMethods] [Allow0.9|Require1.0] | Strict LenientMetho + | sv | C |
Modify restrictions on HTTP Request Messages | |||
IdentityCheck On|Off | Off | svd | E |
Enables logging of the RFC 1413 identity of the remote user | |||
IdentityCheckTimeout seconds | 30 | svd | E |
Determines the timeout duration for ident requests | |||
<If expression> ... </If> | svdh | C | |
Contains directives that apply only if a condition is satisfied by a request at runtime | |||
<IfDefine [!]parameter-name> ... </IfDefine> | svdh | C | |
Encloses directives that will be processed only if a test is true at startup | |||
<IfDirective [!]directive-name> ... </IfDirective> | svdh | C | |
Encloses directives that are processed conditional on the presence or absence of a specific directive | |||
<IfFile [!]filename> ... </IfFile> | svdh | C | |
Encloses directives that will be processed only if file exists at startup | |||
<IfModule [!]module-file|module-identifier> ... </IfModule> | svdh | C | |
Encloses directives that are processed conditional on the presence or absence of a specific module | |||
<IfSection [!]section-name> ... </IfSection> | svdh | C | |
Encloses directives that are processed conditional on the presence or absence of a specific section directive | |||
<IfVersion [[!]operator] version> ... </IfVersion> | svdh | E | |
contains version dependent configuration | |||
ImapBase map|referer|URL | http://servername/ | svdh | B |
Default base for imagemap files | |||
ImapDefault error|nocontent|map|referer|URL | nocontent | svdh | B |
Default action when an imagemap is called with coordinates that are not explicitly mapped | |||
ImapMenu none|formatted|semiformatted|unformatted | formatted | svdh | B |
Action if no coordinates are given when calling an imagemap | |||
Include file-path|directory-path|wildcard | svd | C | |
Includes other configuration files from within the server configuration files | |||
IncludeOptional file-path|directory-path|wildcard | svd | C | |
Includes other configuration files from within the server configuration files | |||
IndexHeadInsert "markup ..." | svdh | B | |
Inserts text in the HEAD section of an index page. | |||
IndexIgnore file [file] ... | "." | svdh | B |
Adds to the list of files to hide when listing a directory | |||
IndexIgnoreReset ON|OFF | svdh | B | |
Empties the list of files to hide when listing a directory | |||
IndexOptions [+|-]option [[+|-]option] ... | svdh | B | |
Various configuration settings for directory indexing | |||
IndexOrderDefault Ascending|Descending Name|Date|Size|Description | Ascending Name | svdh | B |
Sets the default ordering of the directory index | |||
IndexStyleSheet url-path | svdh | B | |
Adds a CSS stylesheet to the directory index | |||
InputSed sed-command | dh | X | |
Sed command to filter request data (typically POST data) | |||
ISAPIAppendLogToErrors on|off | off | svdh | B |
Record HSE_APPEND_LOG_PARAMETER requests from
ISAPI extensions to the error log | |||
ISAPIAppendLogToQuery on|off | on | svdh | B |
Record HSE_APPEND_LOG_PARAMETER requests from
ISAPI extensions to the query field | |||
ISAPICacheFile file-path [file-path] ... | sv | B | |
ISAPI .dll files to be loaded at startup | |||
ISAPIFakeAsync on|off | off | svdh | B |
Fake asynchronous support for ISAPI callbacks | |||
ISAPILogNotSupported on|off | off | svdh | B |
Log unsupported feature requests from ISAPI extensions | |||
ISAPIReadAheadBuffer size | 49152 | svdh | B |
Size of the Read Ahead Buffer sent to ISAPI extensions | |||
KeepAlive On|Off | On | sv | C |
Enables HTTP persistent connections | |||
KeepAliveTimeout num[ms] | 5 | sv | C |
Amount of time the server will wait for subsequent requests on a persistent connection | |||
KeptBodySize maximum size in bytes | 0 | d | B |
Keep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include. | |||
LanguagePriority MIME-lang [MIME-lang] ... | svdh | B | |
The precedence of language variants for cases where the client does not express a preference | |||
LDAPCacheEntries number | 1024 | s | E |
Maximum number of entries in the primary LDAP cache | |||
LDAPCacheTTL seconds | 600 | s | E |
Time that cached items remain valid | |||
LDAPConnectionPoolTTL n | -1 | sv | E |
Discard backend connections that have been sitting in the connection pool too long | |||
LDAPConnectionTimeout seconds | s | E | |
Specifies the socket connection timeout in seconds | |||
LDAPLibraryDebug 7 | s | E | |
Enable debugging in the LDAP SDK | |||
LDAPOpCacheEntries number | 1024 | s | E |
Number of entries used to cache LDAP compare operations | |||
LDAPOpCacheTTL seconds | 600 | s | E |
Time that entries in the operation cache remain valid | |||
LDAPReferralHopLimit number | dh | E | |
The maximum number of referral hops to chase before terminating an LDAP query. | |||
LDAPReferrals On|Off|default | On | dh | E |
Enable referral chasing during queries to the LDAP server. | |||
LDAPRetries number-of-retries | 3 | s | E |
Configures the number of LDAP server retries. | |||
LDAPRetryDelay seconds | 0 | s | E |
Configures the delay between LDAP server retries. | |||
LDAPSharedCacheFile directory-path/filename | s | E | |
Sets the shared memory cache file | |||
LDAPSharedCacheSize bytes | 500000 | s | E |
Size in bytes of the shared-memory cache | |||
LDAPTimeout seconds | 60 | s | E |
Specifies the timeout for LDAP search and bind operations, in seconds | |||
LDAPTrustedClientCert type directory-path/filename/nickname [password] | dh | E | |
Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates. | |||
LDAPTrustedGlobalCert type directory-path/filename [password] | s | E | |
Sets the file or database containing global trusted Certificate Authority or global client certificates | |||
LDAPTrustedMode type | sv | E | |
Specifies the SSL/TLS mode to be used when connecting to an LDAP server. | |||
LDAPVerifyServerCert On|Off | On | s | E |
Force server certificate verification | |||
<Limit method [method] ... > ... </Limit> | dh | C | |
Restrict enclosed access controls to only certain HTTP methods | |||
<LimitExcept method [method] ... > ... </LimitExcept> | dh | C | |
Restrict access controls to all HTTP methods except the named ones | |||
LimitInternalRecursion number [number] | 10 | sv | C |
Determine maximum number of internal redirects and nested subrequests | |||
LimitRequestBody bytes | 1073741824 | svdh | C |
Restricts the total size of the HTTP request body sent from the client | |||
LimitRequestFields number | 100 | sv | C |
Limits the number of HTTP request header fields that will be accepted from the client | |||
LimitRequestFieldSize bytes | 8190 | sv | C |
Limits the size of the HTTP request header allowed from the client | |||
LimitRequestLine bytes | 8190 | sv | C |
Limit the size of the HTTP request line that will be accepted from the client | |||
LimitXMLRequestBody bytes | 1000000 | svdh | C |
Limits the size of an XML-based request body | |||
Listen [IP-address:]portnumber [protocol] | s | M | |
IP addresses and ports that the server listens to | |||
ListenBackLog backlog | 511 | s | M |
Maximum length of the queue of pending connections | |||
ListenCoresBucketsRatio ratio | 0 (disabled) | s | M |
Ratio between the number of CPU cores (online) and the number of listeners' buckets | |||
LoadFile filename [filename] ... | sv | E | |
Link in the named object file or library | |||
LoadModule module filename | sv | E | |
Links in the object file or library, and adds to the list of active modules | |||
<Location URL-path|URL> ... </Location> | sv | C | |
Applies the enclosed directives only to matching URLs | |||
<LocationMatch regex> ... </LocationMatch> | sv | C | |
Applies the enclosed directives only to regular-expression matching URLs | |||
LogFormat format|nickname [nickname] | "%h %l %u %t \"%r\" + | sv | B |
Describes a format for use in a log file | |||
LogIOTrackTTFB ON|OFF | OFF | svdh | E |
Enable tracking of time to first byte (TTFB) | |||
LogLevel [module:]level [module:level] ... | warn | svd | C |
Controls the verbosity of the ErrorLog | |||
LogMessage message [hook=hook] [expr=expression] | d | X | |
Log user-defined message to error log | |||
LuaAuthzProvider provider_name /path/to/lua/script.lua function_name | s | E | |
Plug an authorization provider function into mod_authz_core
| |||
LuaCodeCache stat|forever|never | stat | svdh | E |
Configure the compiled code cache. | |||
LuaHookAccessChecker /path/to/lua/script.lua hook_function_name [early|late] | svdh | E | |
Provide a hook for the access_checker phase of request processing | |||
LuaHookAuthChecker /path/to/lua/script.lua hook_function_name [early|late] | svdh | E | |
Provide a hook for the auth_checker phase of request processing | |||
LuaHookCheckUserID /path/to/lua/script.lua hook_function_name [early|late] | svdh | E | |
Provide a hook for the check_user_id phase of request processing | |||
LuaHookFixups /path/to/lua/script.lua hook_function_name | svdh | E | |
Provide a hook for the fixups phase of a request processing | |||
LuaHookInsertFilter /path/to/lua/script.lua hook_function_name | svdh | E | |
Provide a hook for the insert_filter phase of request processing | |||
LuaHookLog /path/to/lua/script.lua log_function_name | svdh | E | |
Provide a hook for the access log phase of a request processing | |||
LuaHookMapToStorage /path/to/lua/script.lua hook_function_name | svdh | E | |
Provide a hook for the map_to_storage phase of request processing | |||
LuaHookPreTranslate /path/to/lua/script.lua hook_function_name | svdh | E | |
Provide a hook for the pre_translate phase of a request processing | |||
LuaHookTranslateName /path/to/lua/script.lua hook_function_name [early|late] | sv | E | |
Provide a hook for the translate name phase of request processing | |||
LuaHookTypeChecker /path/to/lua/script.lua hook_function_name | svdh | E | |
Provide a hook for the type_checker phase of request processing | |||
LuaInherit none|parent-first|parent-last | parent-first | svdh | E |
Controls how parent configuration sections are merged into children | |||
LuaInputFilter filter_name /path/to/lua/script.lua function_name | s | E | |
Provide a Lua function for content input filtering | |||
LuaMapHandler uri-pattern /path/to/lua/script.lua [function-name] | svdh | E | |
Map a path to a lua handler | |||
LuaOutputFilter filter_name /path/to/lua/script.lua function_name | s | E | |
Provide a Lua function for content output filtering | |||
LuaPackageCPath /path/to/include/?.soa | svdh | E | |
Add a directory to lua's package.cpath | |||
LuaPackagePath /path/to/include/?.lua | svdh | E | |
Add a directory to lua's package.path | |||
LuaQuickHandler /path/to/script.lua hook_function_name | sv | E | |
Provide a hook for the quick handler of request processing | |||
LuaRoot /path/to/a/directory | svdh | E | |
Specify the base path for resolving relative paths for mod_lua directives | |||
LuaScope once|request|conn|thread|server [min] [max] | once | svdh | E |
One of once, request, conn, thread -- default is once | |||
<Macro name [par1 .. parN]> ... </Macro> | svd | B | |
Define a configuration file macro | |||
MaxConnectionsPerChild number | 0 | s | M |
Limit on the number of connections that an individual child server will handle during its life | |||
MaxKeepAliveRequests number | 100 | sv | C |
Number of requests allowed on a persistent connection | |||
MaxMemFree KBytes | 2048 | s | M |
Maximum amount of memory that the main allocator is allowed
to hold without calling free() | |||
MaxRangeOverlaps default | unlimited | none | number-of-ranges | 20 | svd | C |
Number of overlapping ranges (eg: 100-200,150-300 ) allowed before returning the complete
resource | |||
MaxRangeReversals default | unlimited | none | number-of-ranges | 20 | svd | C |
Number of range reversals (eg: 100-200,50-70 ) allowed before returning the complete
resource | |||
MaxRanges default | unlimited | none | number-of-ranges | 200 | svd | C |
Number of ranges allowed before returning the complete resource | |||
MaxRequestWorkers number | s | M | |
Maximum number of connections that will be processed simultaneously | |||
MaxSpareServers number | 10 | s | M |
Maximum number of idle child server processes | |||
MaxSpareThreads number | s | M | |
Maximum number of idle threads | |||
MaxThreads number | 2048 | s | M |
Set the maximum number of worker threads | |||
MDActivationDelay duration | s | X | |
How long to delay activation of new certificates | |||
MDBaseServer on|off | off | s | X |
Control if base server may be managed or only virtual hosts. | |||
MDCAChallenges name [ name ... ] | tls-alpn-01 http-01 + | s | X |
Type of ACME challenge used to prove domain ownership. | |||
MDCertificateAgreement accepted | s | X | |
You confirm that you accepted the Terms of Service of the Certificate Authority. | |||
MDCertificateAuthority url | letsencrypt | s | X |
The URL(s) of the ACME Certificate Authority to use. | |||
MDCertificateCheck name url | s | X | |
Set name and URL pattern for a certificate monitoring sitSet name and URL pattern for a certificate monitoring sitee | |||
MDCertificateFile path-to-pem-file | s | X | |
Specify a static certificate file for the MD. | |||
MDCertificateKeyFile path-to-file | s | X | |
Specify a static private key for for the static cerrtificate. | |||
MDCertificateMonitor name url | crt.sh https://crt. + | s | X |
The URL of a certificate log monitor. | |||
MDCertificateProtocol protocol | ACME | s | X |
The protocol to use with the Certificate Authority. | |||
MDCertificateStatus on|off | on | s | X |
Exposes public certificate information in JSON. | |||
MDChallengeDns01 path-to-command | s | X | |
Set the command for setup/teardown of dns-01 challenges | |||
MDChallengeDns01Version 1|2 | 1 | s | X |
Set the type of arguments to call MDChallengeDns01 with | |||
MDContactEmail address | s | X | |
Email address used for account registration | |||
MDDriveMode always|auto|manual | auto | s | X |
former name of MDRenewMode. | |||
MDExternalAccountBinding key-id hmac-64 | none | file | none | s | X |
Set the external account binding keyid and hmac values to use at CA | |||
MDHttpProxy url | s | X | |
Define a proxy for outgoing connections. | |||
MDMatchNames all|servernames | all | s | X |
Determines how DNS names are matched to vhosts | |||
MDMember hostname | s | X | |
Additional hostname for the managed domain. | |||
MDMembers auto|manual | auto | s | X |
Control if the alias domain names are automatically added. | |||
MDMessageCmd path-to-cmd optional-args | s | X | |
Handle events for Manage Domains | |||
MDMustStaple on|off | off | s | X |
Control if new certificates carry the OCSP Must Staple flag. | |||
MDNotifyCmd path [ args ] | s | X | |
Run a program when a Managed Domain is ready. | |||
MDomain dns-name [ other-dns-name... ] [auto|manual] | s | X | |
Define list of domain names that belong to one group. | |||
<MDomainSet dns-name [ other-dns-name... ]>...</MDomainSet> | s | X | |
Container for directives applied to the same managed domains. | |||
MDPortMap map1 [ map2 ] | http:80 https:443 | s | X |
Map external to internal ports for domain ownership verification. | |||
MDPrivateKeys type [ params... ] | RSA 2048 | s | X |
Set type and size of the private keys generated. | |||
MDRenewMode always|auto|manual | auto | s | X |
Controls if certificates shall be renewed. | |||
MDRenewWindow duration | 33% | s | X |
Control when a certificate will be renewed. | |||
MDRequireHttps off|temporary|permanent | off | s | X |
Redirects http: traffic to https: for Managed Domains. | |||
MDRetryDelay duration | 5s | s | X |
Time length for first retry, doubled on every consecutive error. | |||
MDRetryFailover number | 13 | s | X |
The number of errors before a failover to another CA is triggered | |||
MDServerStatus on|off | on | s | X |
Control if Managed Domain information is added to server-status. | |||
MDStapleOthers on|off | on | s | X |
Enable stapling for certificates not managed by mod_md. | |||
MDStapling on|off | off | s | X |
Enable stapling for all or a particular MDomain. | |||
MDStaplingKeepResponse duration | 7d | s | X |
Controls when old responses should be removed. | |||
MDStaplingRenewWindow duration | 33% | s | X |
Control when the stapling responses will be renewed. | |||
MDStoreDir path | md | s | X |
Path on the local file system to store the Managed Domains data. | |||
MDStoreLocks on|off|duration | off | s | X |
Configure locking of store for updates | |||
MDWarnWindow duration | 10% | s | X |
Define the time window when you want to be warned about an expiring certificate. | |||
MemcacheConnTTL num[units] | 15s | sv | E |
Keepalive time for idle connections | |||
MergeSlashes ON|OFF | ON | sv | C |
Controls whether the server merges consecutive slashes in URLs. | |||
MergeTrailers [on|off] | off | sv | C |
Determines whether trailers are merged into headers | |||
MetaDir directory | .web | svdh | E |
Name of the directory to find CERN-style meta information files | |||
MetaFiles on|off | off | svdh | E |
Activates CERN meta-file processing | |||
MetaSuffix suffix | .meta | svdh | E |
File name suffix for the file containing CERN-style meta information | |||
MimeMagicFile file-path | sv | E | |
Enable MIME-type determination based on file contents using the specified magic file | |||
MinSpareServers number | 5 | s | M |
Minimum number of idle child server processes | |||
MinSpareThreads number | s | M | |
Minimum number of idle threads available to handle request spikes | |||
MMapFile file-path [file-path] ... | s | X | |
Map a list of files into memory at startup time | |||
ModemStandard V.21|V.26bis|V.32|V.34|V.92 | d | X | |
Modem standard to simulate | |||
ModMimeUsePathInfo On|Off | Off | d | B |
Tells mod_mime to treat path_info
components as part of the filename | |||
MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers [Handlers|Filters] | NegotiatedOnly | svdh | B |
The types of files that will be included when searching for a matching file with MultiViews | |||
Mutex mechanism [default|mutex-name] ... [OmitPID] | default | s | C |
Configures mutex mechanism and lock file directory for all or specified mutexes | |||
NameVirtualHost addr[:port] | s | C | |
DEPRECATED: Designates an IP address for name-virtual hosting | |||
NoProxy host [host] ... | sv | E | |
Hosts, domains, or networks that will be connected to directly | |||
NWSSLTrustedCerts filename [filename] ... | s | B | |
List of additional client certificates | |||
NWSSLUpgradeable [IP-address:]portnumber | s | B | |
Allows a connection to be upgraded to an SSL connection upon request | |||
Options [+|-]option [[+|-]option] ... | FollowSymlinks | svdh | C |
Configures what features are available in a particular directory | |||
Order ordering | Deny,Allow | dh | E |
Controls the default access state and the order in which
Allow and Deny are
evaluated. | |||
OutputSed sed-command | dh | X | |
Sed command for filtering response content | |||
PassEnv env-variable [env-variable] ... | svdh | B | |
Passes environment variables from the shell | |||
PidFile filename | logs/httpd.pid | s | M |
File where the server records the process ID of the daemon | |||
PrivilegesMode FAST|SECURE|SELECTIVE | FAST | svd | X |
Trade off processing speed and efficiency vs security against malicious privileges-aware code. | |||
Protocol protocol | sv | C | |
Protocol for a listening socket | |||
ProtocolEcho On|Off | Off | sv | X |
Turn the echo server on or off | |||
Protocols protocol ... | http/1.1 | sv | C |
Protocols available for a server/virtual host | |||
ProtocolsHonorOrder On|Off | On | sv | C |
Determines if order of Protocols determines precedence during negotiation | |||
<Proxy wildcard-url> ...</Proxy> | sv | E | |
Container for directives applied to proxied resources | |||
Proxy100Continue Off|On | On | svd | E |
Forward 100-continue expectation to the origin server | |||
ProxyAddHeaders Off|On | On | svd | E |
Add proxy information in X-Forwarded-* headers | |||
ProxyBadHeader IsError|Ignore|StartBody | IsError | sv | E |
Determines how to handle bad header lines in a response | |||
ProxyBlock *|word|host|domain [word|host|domain] ... | sv | E | |
Words, hosts, or domains that are banned from being proxied | |||
ProxyDomain Domain | sv | E | |
Default domain name for proxied requests | |||
ProxyErrorOverride Off|On [code ...] | Off | svd | E |
Override error pages for proxied content | |||
ProxyExpressDBMFile pathname | sv | E | |
Pathname to DBM file. | |||
ProxyExpressDBMType type | default | sv | E |
DBM type of file. | |||
ProxyExpressEnable on|off | off | sv | E |
Enable the module functionality. | |||
ProxyFCGIBackendType FPM|GENERIC | FPM | svdh | E |
Specify the type of backend FastCGI application | |||
ProxyFCGISetEnvIf conditional-expression [!]environment-variable-name [value-expression] | svdh | E | |
Allow variables sent to FastCGI servers to be fixed up | |||
ProxyFtpDirCharset character_set | ISO-8859-1 | svd | E |
Define the character set for proxied FTP listings | |||
ProxyFtpEscapeWildcards on|off | on | svd | E |
Whether wildcards in requested filenames are escaped when sent to the FTP server | |||
ProxyFtpListOnWildcard on|off | on | svd | E |
Whether wildcards in requested filenames trigger a file listing | |||
ProxyHCExpr name {ap_expr expression} | sv | E | |
Creates a named condition expression to use to determine health of the backend based on its response | |||
ProxyHCTemplate name parameter=setting [...] | sv | E | |
Creates a named template for setting various health check parameters | |||
ProxyHCTPsize size | 16 | s | E |
Sets the total server-wide size of the threadpool used for the health check workers | |||
ProxyHTMLBufSize bytes | 8192 | svd | B |
Sets the buffer size increment for buffering inline scripts and stylesheets. | |||
ProxyHTMLCharsetOut Charset | * | svd | B | |
Specify a charset for mod_proxy_html output. | |||
ProxyHTMLDocType HTML|XHTML [Legacy] OR ProxyHTMLDocType fpi [SGML|XML] | svd | B | |
Sets an HTML or XHTML document type declaration. | |||
ProxyHTMLEnable On|Off | Off | svd | B |
Turns the proxy_html filter on or off. | |||
ProxyHTMLEvents attribute [attribute ...] | svd | B | |
Specify attributes to treat as scripting events. | |||
ProxyHTMLExtended On|Off | Off | svd | B |
Determines whether to fix links in inline scripts, stylesheets, and scripting events. | |||
ProxyHTMLFixups [lowercase] [dospath] [reset] | svd | B | |
Fixes for simple HTML errors. | |||
ProxyHTMLInterp On|Off | Off | svd | B |
Enables per-request interpolation of
ProxyHTMLURLMap rules. | |||
ProxyHTMLLinks element attribute [attribute2 ...] | svd | B | |
Specify HTML elements that have URL attributes to be rewritten. | |||
ProxyHTMLMeta On|Off | Off | svd | B |
Turns on or off extra pre-parsing of metadata in HTML
<head> sections. | |||
ProxyHTMLStripComments On|Off | Off | svd | B |
Determines whether to strip HTML comments. | |||
ProxyHTMLURLMap from-pattern to-pattern [flags] [cond] | svd | B | |
Defines a rule to rewrite HTML links | |||
ProxyIOBufferSize bytes | 8192 | sv | E |
Determine size of internal data throughput buffer | |||
<ProxyMatch regex> ...</ProxyMatch> | sv | E | |
Container for directives applied to regular-expression-matched proxied resources | |||
ProxyMaxForwards number | -1 | sv | E |
Maximum number of proxies that a request can be forwarded through | |||
ProxyPass [path] !|url [key=value [key=value ...]] [nocanon] [interpolate] [noquery] | svd | E | |
Maps remote servers into the local server URL-space | |||
ProxyPassInherit On|Off | On | sv | E |
Inherit ProxyPass directives defined from the main server | |||
ProxyPassInterpolateEnv On|Off | Off | svd | E |
Enable Environment Variable interpolation in Reverse Proxy configurations | |||
ProxyPassMatch [regex] !|url [key=value [key=value ...]] | svd | E | |
Maps remote servers into the local server URL-space using regular expressions | |||
ProxyPassReverse [path] url [interpolate] | svd | E | |
Adjusts the URL in HTTP response headers sent from a reverse proxied server | |||
ProxyPassReverseCookieDomain internal-domain public-domain [interpolate] | svd | E | |
Adjusts the Domain string in Set-Cookie headers from a reverse- proxied server | |||
ProxyPassReverseCookiePath internal-path public-path [interpolate] | svd | E | |
Adjusts the Path string in Set-Cookie headers from a reverse- proxied server | |||
ProxyPreserveHost On|Off | Off | svd | E |
Use incoming Host HTTP request header for proxy request | |||
ProxyReceiveBufferSize bytes | 0 | sv | E |
Network buffer size for proxied HTTP and FTP connections | |||
ProxyRemote match remote-server [username:password] | sv | E | |
Remote proxy used to handle certain requests | |||
ProxyRemoteMatch regex remote-server [username:password] | sv | E | |
Remote proxy used to handle requests matched by regular expressions | |||
ProxyRequests On|Off | Off | sv | E |
Enables forward (standard) proxy requests | |||
ProxySCGIInternalRedirect On|Off|Headername | On | svd | E |
Enable or disable internal redirect responses from the backend | |||
ProxySCGISendfile On|Off|Headername | Off | svd | E |
Enable evaluation of X-Sendfile pseudo response header | |||
ProxySet url key=value [key=value ...] | svd | E | |
Set various Proxy balancer or member parameters | |||
ProxySourceAddress address | sv | E | |
Set local IP address for outgoing proxy connections | |||
ProxyStatus Off|On|Full | Off | sv | E |
Show Proxy LoadBalancer status in mod_status | |||
ProxyTimeout seconds | sv | E | |
Network timeout for proxied requests | |||
ProxyVia On|Off|Full|Block | Off | sv | E |
Information provided in the Via HTTP response
header for proxied requests | |||
ProxyWebsocketFallbackToProxyHttp On|Off | On | sv | E |
Instructs this module to let mod_proxy_http handle the request | |||
QualifyRedirectURL On|Off | Off | svd | C |
Controls whether the REDIRECT_URL environment variable is fully qualified | |||
ReadBufferSize bytes | 8192 | svd | C |
Size of the buffers used to read data | |||
ReadmeName filename | svdh | B | |
Name of the file that will be inserted at the end of the index listing | |||
ReceiveBufferSize bytes | 0 | s | M |
TCP receive buffer size | |||
Redirect [status] [URL-path] URL | svdh | B | |
Sends an external redirect asking the client to fetch a different URL | |||
RedirectMatch [status] regex URL | svdh | B | |
Sends an external redirect based on a regular expression match of the current URL | |||
RedirectPermanent URL-path URL | svdh | B | |
Sends an external permanent redirect asking the client to fetch a different URL | |||
RedirectRelative On|Off | Off | svd | B |
Allows relative redirect targets. | |||
RedirectTemp URL-path URL | svdh | B | |
Sends an external temporary redirect asking the client to fetch a different URL | |||
RedisConnPoolTTL num[units] | 15s | sv | E |
TTL used for the connection pool with the Redis server(s) | |||
RedisTimeout num[units] | 5s | sv | E |
R/W timeout used for the connection with the Redis server(s) | |||
ReflectorHeader inputheader [outputheader] | svdh | B | |
Reflect an input header to the output headers | |||
RegexDefaultOptions [none] [+|-]option [[+|-]option] ... | DOTALL DOLLAR_ENDON + | s | C |
Allow to configure global/default options for regexes | |||
RegisterHttpMethod method [method [...]] | s | C | |
Register non-standard HTTP methods | |||
RemoteIPHeader header-field | sv | B | |
Declare the header field which should be parsed for useragent IP addresses | |||
RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ... | sv | B | |
Declare client intranet IP addresses trusted to present the RemoteIPHeader value | |||
RemoteIPInternalProxyList filename | sv | B | |
Declare client intranet IP addresses trusted to present the RemoteIPHeader value | |||
RemoteIPProxiesHeader HeaderFieldName | sv | B | |
Declare the header field which will record all intermediate IP addresses | |||
RemoteIPProxyProtocol On|Off | sv | B | |
Enable or disable PROXY protocol handling | |||
RemoteIPProxyProtocolExceptions host|range [host|range] [host|range] | sv | B | |
Disable processing of PROXY header for certain hosts or networks | |||
RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ... | sv | B | |
Declare client intranet IP addresses trusted to present the RemoteIPHeader value | |||
RemoteIPTrustedProxyList filename | sv | B | |
Declare client intranet IP addresses trusted to present the RemoteIPHeader value | |||
RemoveCharset extension [extension] ... | vdh | B | |
Removes any character set associations for a set of file extensions | |||
RemoveEncoding extension [extension] ... | vdh | B | |
Removes any content encoding associations for a set of file extensions | |||
RemoveHandler extension [extension] ... | vdh | B | |
Removes any handler associations for a set of file extensions | |||
RemoveInputFilter extension [extension] ... | vdh | B | |
Removes any input filter associations for a set of file extensions | |||
RemoveLanguage extension [extension] ... | vdh | B | |
Removes any language associations for a set of file extensions | |||
RemoveOutputFilter extension [extension] ... | vdh | B | |
Removes any output filter associations for a set of file extensions | |||
RemoveType extension [extension] ... | vdh | B | |
Removes any content type associations for a set of file extensions | |||
RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] | svdh | E | |
Configure HTTP request headers | |||
RequestReadTimeout [handshake=timeout[-maxtimeout][,MinRate=rate] [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] | handshake=0 header= + | sv | E |
Set timeout values for completing the TLS handshake, receiving the request headers and/or body from client. | |||
Require [not] entity-name [entity-name] ... | dh | B | |
Tests whether an authenticated user is authorized by an authorization provider. | |||
<RequireAll> ... </RequireAll> | dh | B | |
Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed. | |||
<RequireAny> ... </RequireAny> | dh | B | |
Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed. | |||
<RequireNone> ... </RequireNone> | dh | B | |
Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail. | |||
RewriteBase URL-path | dh | E | |
Sets the base URL for per-directory rewrites | |||
RewriteCond TestString CondPattern [flags] | svdh | E | |
Defines a condition under which rewriting will take place | |||
RewriteEngine on|off | off | svdh | E |
Enables or disables runtime rewriting engine | |||
RewriteMap MapName MapType:MapSource [MapTypeOptions] | sv | E | |
Defines a mapping function for key-lookup | |||
RewriteOptions Options | svdh | E | |
Sets some special options for the rewrite engine | |||
RewriteRule Pattern Substitution [flags] | svdh | E | |
Defines rules for the rewriting engine | |||
RLimitCPU seconds|max [seconds|max] | svdh | C | |
Limits the CPU consumption of processes launched by Apache httpd children | |||
RLimitMEM bytes|max [bytes|max] | svdh | C | |
Limits the memory consumption of processes launched by Apache httpd children | |||
RLimitNPROC number|max [number|max] | svdh | C | |
Limits the number of processes that can be launched by processes launched by Apache httpd children | |||
Satisfy Any|All | All | dh | E |
Interaction between host-level access control and user authentication | |||
ScoreBoardFile file-path | logs/apache_runtime + | s | M |
Location of the file used to store coordination data for the child processes | |||
Script method cgi-script | svd | B | |
Activates a CGI script for a particular request method. | |||
ScriptAlias [URL-path] file-path|directory-path | svd | B | |
Maps a URL to a filesystem location and designates the target as a CGI script | |||
ScriptAliasMatch regex file-path|directory-path | sv | B | |
Maps a URL to a filesystem location using a regular expression and designates the target as a CGI script | |||
ScriptInterpreterSource Registry|Registry-Strict|Script | Script | svdh | C |
Technique for locating the interpreter for CGI scripts | |||
ScriptLog file-path | sv | B | |
Location of the CGI script error logfile | |||
ScriptLogBuffer bytes | 1024 | sv | B |
Maximum amount of PUT or POST requests that will be recorded in the scriptlog | |||
ScriptLogLength bytes | 10385760 | sv | B |
Size limit of the CGI script logfile | |||
ScriptSock file-path | cgisock | s | B |
The filename prefix of the socket to use for communication with the cgi daemon | |||
SecureListen [IP-address:]portnumber Certificate-Name [MUTUAL] | s | B | |
Enables SSL encryption for the specified port | |||
SeeRequestTail On|Off | Off | s | C |
Determine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars. | |||
SendBufferSize bytes | 0 | s | M |
TCP buffer size | |||
ServerAdmin email-address|URL | sv | C | |
Email address that the server includes in error messages sent to the client | |||
ServerAlias hostname [hostname] ... | v | C | |
Alternate names for a host used when matching requests to name-virtual hosts | |||
ServerLimit number | s | M | |
Upper limit on configurable number of processes | |||
ServerName [scheme://]domain-name|ip-address[:port] | sv | C | |
Hostname and port that the server uses to identify itself | |||
ServerPath URL-path | v | C | |
Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser | |||
ServerRoot directory-path | /usr/local/apache | s | C |
Base directory for the server installation | |||
ServerSignature On|Off|EMail | Off | svdh | C |
Configures the footer on server-generated documents | |||
ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full | Full | s | C |
Configures the Server HTTP response
header | |||
Session On|Off | Off | svdh | E |
Enables a session for the current directory or location | |||
SessionCookieName name attributes | svdh | E | |
Name and attributes for the RFC2109 cookie storing the session | |||
SessionCookieName2 name attributes | svdh | E | |
Name and attributes for the RFC2965 cookie storing the session | |||
SessionCookieRemove On|Off | Off | svdh | E |
Control for whether session cookies should be removed from incoming HTTP headers | |||
SessionCryptoCipher name | aes256 | svdh | X |
The crypto cipher to be used to encrypt the session | |||
SessionCryptoDriver name [param[=value]] | s | X | |
The crypto driver to be used to encrypt the session | |||
SessionCryptoPassphrase secret [ secret ... ] | svdh | X | |
The key used to encrypt the session | |||
SessionCryptoPassphraseFile filename | svd | X | |
File containing keys used to encrypt the session | |||
SessionDBDCookieName name attributes | svdh | E | |
Name and attributes for the RFC2109 cookie storing the session ID | |||
SessionDBDCookieName2 name attributes | svdh | E | |
Name and attributes for the RFC2965 cookie storing the session ID | |||
SessionDBDCookieRemove On|Off | On | svdh | E |
Control for whether session ID cookies should be removed from incoming HTTP headers | |||
SessionDBDDeleteLabel label | deletesession | svdh | E |
The SQL query to use to remove sessions from the database | |||
SessionDBDInsertLabel label | insertsession | svdh | E |
The SQL query to use to insert sessions into the database | |||
SessionDBDPerUser On|Off | Off | svdh | E |
Enable a per user session | |||
SessionDBDSelectLabel label | selectsession | svdh | E |
The SQL query to use to select sessions from the database | |||
SessionDBDUpdateLabel label | updatesession | svdh | E |
The SQL query to use to update existing sessions in the database | |||
SessionEnv On|Off | Off | svdh | E |
Control whether the contents of the session are written to the HTTP_SESSION environment variable | |||
SessionExclude path | svdh | E | |
Define URL prefixes for which a session is ignored | |||
SessionExpiryUpdateInterval interval | 0 (always update) | svdh | E |
Define the number of seconds a session's expiry may change without the session being updated | |||
SessionHeader header | svdh | E | |
Import session updates from a given HTTP response header | |||
SessionInclude path | svdh | E | |
Define URL prefixes for which a session is valid | |||
SessionMaxAge maxage | 0 | svdh | E |
Define a maximum age in seconds for a session | |||
SetEnv env-variable [value] | svdh | B | |
Sets environment variables | |||
SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
Sets environment variables based on attributes of the request | |||
SetEnvIfExpr expr [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
Sets environment variables based on an ap_expr expression | |||
SetEnvIfNoCase attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
Sets environment variables based on attributes of the request without respect to case | |||
SetHandler handler-name|none|expression | svdh | C | |
Forces all matching files to be processed by a handler | |||
SetInputFilter filter[;filter...] | svdh | C | |
Sets the filters that will process client requests and POST input | |||
SetOutputFilter filter[;filter...] | svdh | C | |
Sets the filters that will process responses from the server | |||
SSIEndTag tag | "-->" | sv | B |
String that ends an include element | |||
SSIErrorMsg message | "[an error occurred + | svdh | B |
Error message displayed when there is an SSI error | |||
SSIETag on|off | off | dh | B |
Controls whether ETags are generated by the server. | |||
SSILastModified on|off | off | dh | B |
Controls whether Last-Modified headers are generated by the
server. | |||
SSILegacyExprParser on|off | off | dh | B |
Enable compatibility mode for conditional expressions. | |||
SSIStartTag tag | "<!--#" | sv | B |
String that starts an include element | |||
SSITimeFormat formatstring | "%A, %d-%b-%Y %H:%M + | svdh | B |
Configures the format in which date strings are displayed | |||
SSIUndefinedEcho string | "(none)" | svdh | B |
String displayed when an unset variable is echoed | |||
SSLCACertificateFile file-path | sv | E | |
File of concatenated PEM-encoded CA Certificates for Client Auth | |||
SSLCACertificatePath directory-path | sv | E | |
Directory of PEM-encoded CA Certificates for Client Auth | |||
SSLCADNRequestFile file-path | sv | E | |
File of concatenated PEM-encoded CA Certificates for defining acceptable CA names | |||
SSLCADNRequestPath directory-path | sv | E | |
Directory of PEM-encoded CA Certificates for defining acceptable CA names | |||
SSLCARevocationCheck chain|leaf|none [flags ...] | none | sv | E |
Enable CRL-based revocation checking | |||
SSLCARevocationFile file-path | sv | E | |
File of concatenated PEM-encoded CA CRLs for Client Auth | |||
SSLCARevocationPath directory-path | sv | E | |
Directory of PEM-encoded CA CRLs for Client Auth | |||
SSLCertificateChainFile file-path | sv | E | |
File of PEM-encoded Server CA Certificates | |||
SSLCertificateFile file-path|certid | sv | E | |
Server PEM-encoded X.509 certificate data file or token identifier | |||
SSLCertificateKeyFile file-path|keyid | sv | E | |
Server PEM-encoded private key file | |||
SSLCipherSuite [protocol] cipher-spec | DEFAULT (depends on + | svdh | E |
Cipher Suite available for negotiation in SSL handshake | |||
SSLCompression on|off | off | sv | E |
Enable compression on the SSL level | |||
SSLCryptoDevice engine | builtin | s | E |
Enable use of a cryptographic hardware accelerator | |||
SSLEngine on|off|optional | off | sv | E |
SSL Engine Operation Switch | |||
SSLFIPS on|off | off | s | E |
SSL FIPS mode Switch | |||
SSLHonorCipherOrder on|off | off | sv | E |
Option to prefer the server's cipher preference order | |||
SSLInsecureRenegotiation on|off | off | sv | E |
Option to enable support for insecure renegotiation | |||
SSLOCSPDefaultResponder uri | sv | E | |
Set the default responder URI for OCSP validation | |||
SSLOCSPEnable on|leaf|off | off | sv | E |
Enable OCSP validation of the client certificate chain | |||
SSLOCSPNoverify on|off | off | sv | E |
skip the OCSP responder certificates verification | |||
SSLOCSPOverrideResponder on|off | off | sv | E |
Force use of the default responder URI for OCSP validation | |||
SSLOCSPProxyURL url | sv | E | |
Proxy URL to use for OCSP requests | |||
SSLOCSPResponderCertificateFile file | sv | E | |
Set of trusted PEM encoded OCSP responder certificates | |||
SSLOCSPResponderTimeout seconds | 10 | sv | E |
Timeout for OCSP queries | |||
SSLOCSPResponseMaxAge seconds | -1 | sv | E |
Maximum allowable age for OCSP responses | |||
SSLOCSPResponseTimeSkew seconds | 300 | sv | E |
Maximum allowable time skew for OCSP response validation | |||
SSLOCSPUseRequestNonce on|off | on | sv | E |
Use a nonce within OCSP queries | |||
SSLOpenSSLConfCmd command-name command-value | sv | E | |
Configure OpenSSL parameters through its SSL_CONF API | |||
SSLOptions [+|-]option ... | svdh | E | |
Configure various SSL engine run-time options | |||
SSLPassPhraseDialog type | builtin | s | E |
Type of pass phrase dialog for encrypted private keys | |||
SSLProtocol [+|-]protocol ... | all -SSLv3 (up to 2 + | sv | E |
Configure usable SSL/TLS protocol versions | |||
SSLProxyCACertificateFile file-path | sv | E | |
File of concatenated PEM-encoded CA Certificates for Remote Server Auth | |||
SSLProxyCACertificatePath directory-path | sv | E | |
Directory of PEM-encoded CA Certificates for Remote Server Auth | |||
SSLProxyCARevocationCheck chain|leaf|none | none | sv | E |
Enable CRL-based revocation checking for Remote Server Auth | |||
SSLProxyCARevocationFile file-path | sv | E | |
File of concatenated PEM-encoded CA CRLs for Remote Server Auth | |||
SSLProxyCARevocationPath directory-path | sv | E | |
Directory of PEM-encoded CA CRLs for Remote Server Auth | |||
SSLProxyCheckPeerCN on|off | on | sv | E |
Whether to check the remote server certificate's CN field | |||
SSLProxyCheckPeerExpire on|off | on | sv | E |
Whether to check if remote server certificate is expired | |||
SSLProxyCheckPeerName on|off | on | sv | E |
Configure host name checking for remote server certificates | |||
SSLProxyCipherSuite [protocol] cipher-spec | ALL:!ADH:RC4+RSA:+H + | sv | E |
Cipher Suite available for negotiation in SSL proxy handshake | |||
SSLProxyEngine on|off | off | sv | E |
SSL Proxy Engine Operation Switch | |||
SSLProxyMachineCertificateChainFile filename | sv | E | |
File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate | |||
SSLProxyMachineCertificateFile filename | sv | E | |
File of concatenated PEM-encoded client certificates and keys to be used by the proxy | |||
SSLProxyMachineCertificatePath directory | sv | E | |
Directory of PEM-encoded client certificates and keys to be used by the proxy | |||
SSLProxyProtocol [+|-]protocol ... | all -SSLv3 (up to 2 + | sv | E |
Configure usable SSL protocol flavors for proxy usage | |||
SSLProxyVerify level | none | sv | E |
Type of remote server Certificate verification | |||
SSLProxyVerifyDepth number | 1 | sv | E |
Maximum depth of CA Certificates in Remote Server Certificate verification | |||
SSLRandomSeed context source [bytes] | s | E | |
Pseudo Random Number Generator (PRNG) seeding source | |||
SSLRenegBufferSize bytes | 131072 | dh | E |
Set the size for the SSL renegotiation buffer | |||
SSLRequire expression | dh | E | |
Allow access only when an arbitrarily complex boolean expression is true | |||
SSLRequireSSL | dh | E | |
Deny access when SSL is not used for the HTTP request | |||
SSLSessionCache type | none | s | E |
Type of the global/inter-process SSL Session Cache | |||
SSLSessionCacheTimeout seconds | 300 | sv | E |
Number of seconds before an SSL session expires in the Session Cache | |||
SSLSessionTicketKeyFile file-path | sv | E | |
Persistent encryption/decryption key for TLS session tickets | |||
SSLSessionTickets on|off | on | sv | E |
Enable or disable use of TLS session tickets | |||
SSLSRPUnknownUserSeed secret-string | sv | E | |
SRP unknown user seed | |||
SSLSRPVerifierFile file-path | sv | E | |
Path to SRP verifier file | |||
SSLStaplingCache type | s | E | |
Configures the OCSP stapling cache | |||
SSLStaplingErrorCacheTimeout seconds | 600 | sv | E |
Number of seconds before expiring invalid responses in the OCSP stapling cache | |||
SSLStaplingFakeTryLater on|off | on | sv | E |
Synthesize "tryLater" responses for failed OCSP stapling queries | |||
SSLStaplingForceURL uri | sv | E | |
Override the OCSP responder URI specified in the certificate's AIA extension | |||
SSLStaplingResponderTimeout seconds | 10 | sv | E |
Timeout for OCSP stapling queries | |||
SSLStaplingResponseMaxAge seconds | -1 | sv | E |
Maximum allowable age for OCSP stapling responses | |||
SSLStaplingResponseTimeSkew seconds | 300 | sv | E |
Maximum allowable time skew for OCSP stapling response validation | |||
SSLStaplingReturnResponderErrors on|off | on | sv | E |
Pass stapling related OCSP errors on to client | |||
SSLStaplingStandardCacheTimeout seconds | 3600 | sv | E |
Number of seconds before expiring responses in the OCSP stapling cache | |||
SSLStrictSNIVHostCheck on|off | off | sv | E |
Whether to allow non-SNI clients to access a name-based virtual host. | |||
SSLUserName varname | sdh | E | |
Variable name to determine user name | |||
SSLUseStapling on|off | off | sv | E |
Enable stapling of OCSP responses in the TLS handshake | |||
SSLVerifyClient level | none | svdh | E |
Type of Client Certificate verification | |||
SSLVerifyDepth number | 1 | svdh | E |
Maximum depth of CA Certificates in Client Certificate verification | |||
StartServers number | s | M | |
Number of child server processes created at startup | |||
StartThreads number | s | M | |
Number of threads created on startup | |||
StrictHostCheck ON|OFF | OFF | sv | C |
Controls whether the server requires the requested hostname be listed enumerated in the virtual host handling the request | |||
Substitute s/pattern/substitution/[infq] | dh | E | |
Pattern to filter the response content | |||
SubstituteInheritBefore on|off | off | dh | E |
Change the merge order of inherited patterns | |||
SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) | 1m | dh | E |
Set the maximum line size | |||
Suexec On|Off | s | B | |
Enable or disable the suEXEC feature | |||
SuexecUserGroup User Group | sv | E | |
User and group for CGI programs to run as | |||
ThreadLimit number | s | M | |
Sets the upper limit on the configurable number of threads per child process | |||
ThreadsPerChild number | s | M | |
Number of threads created by each child process | |||
ThreadStackSize size | s | M | |
The size in bytes of the stack used by threads handling client connections | |||
TimeOut seconds | 60 | sv | C |
Amount of time the server will wait for certain events before failing a request | |||
TLSCertificate cert_file [key_file] | sv | X | |
adds a certificate and key (PEM encoded) to a server/virtual host. | |||
TLSCiphersPrefer cipher(-list) | sv | X | |
defines ciphers that are preferred. | |||
TLSCiphersSuppress cipher(-list) | sv | X | |
defines ciphers that are not to be used. | |||
TLSEngine [address:]port | s | X | |
defines on which address+port the module shall handle incoming connections. | |||
TLSHonorClientOrder on|off | on | sv | X |
determines if the order of ciphers supported by the client is honored | |||
TLSOptions [+|-]option | svdh | X | |
enables SSL variables for requests. | |||
TLSProtocol version+ | v1.2+ | sv | X |
specifies the minimum version of the TLS protocol to use. | |||
TLSProxyCA file.pem | sv | X | |
sets the root certificates to validate the backend server with. | |||
TLSProxyCiphersPrefer cipher(-list) | sv | X | |
defines ciphers that are preferred for a proxy connection. | |||
TLSProxyCiphersSuppress cipher(-list) | sv | X | |
defines ciphers that are not to be used for a proxy connection. | |||
TLSProxyEngine on|off | sv | X | |
enables TLS for backend connections. | |||
TLSProxyMachineCertificate cert_file [key_file] | sv | X | |
adds a certificate and key file (PEM encoded) to a proxy setup. | |||
TLSProxyProtocol version+ | v1.2+ | sv | X |
specifies the minimum version of the TLS protocol to use in proxy connections. | |||
TLSSessionCache cache-spec | s | X | |
specifies the cache for TLS session resumption. | |||
TLSStrictSNI on|off | on | s | X |
enforces exact matches of client server indicators (SNI) against host names. | |||
TraceEnable [on|off|extended] | on | sv | C |
Determines the behavior on TRACE requests | |||
TransferLog file|pipe | sv | B | |
Specify location of a log file | |||
TypesConfig file-path | conf/mime.types | s | B |
The location of the mime.types file | |||
UNCList hostname [hostname...] | s | C | |
Controls what UNC host names can be accessed by the server | |||
UnDefine parameter-name | s | C | |
Undefine the existence of a variable | |||
UndefMacro name | svd | B | |
Undefine a macro | |||
UnsetEnv env-variable [env-variable] ... | svdh | B | |
Removes variables from the environment | |||
Use name [value1 ... valueN] | svd | B | |
Use a macro | |||
UseCanonicalName On|Off|DNS | Off | svd | C |
Configures how the server determines its own name and port | |||
UseCanonicalPhysicalPort On|Off | Off | svd | C |
Configures how the server determines its own port | |||
User unix-userid | #-1 | s | B |
The userid under which the server will answer requests | |||
UserDir directory-filename [directory-filename] ... | sv | B | |
Location of the user-specific directories | |||
VHostCGIMode On|Off|Secure | On | v | X |
Determines whether the virtualhost can run subprocesses, and the privileges available to subprocesses. | |||
VHostCGIPrivs [+-]?privilege-name [[+-]?privilege-name] ... | v | X | |
Assign arbitrary privileges to subprocesses created by a virtual host. | |||
VHostGroup unix-groupid | v | X | |
Sets the Group ID under which a virtual host runs. | |||
VHostPrivs [+-]?privilege-name [[+-]?privilege-name] ... | v | X | |
Assign arbitrary privileges to a virtual host. | |||
VHostSecure On|Off | On | v | X |
Determines whether the server runs with enhanced security for the virtualhost. | |||
VHostUser unix-userid | v | X | |
Sets the User ID under which a virtual host runs. | |||
VirtualDocumentRoot interpolated-directory|none | none | sv | E |
Dynamically configure the location of the document root for a given virtual host | |||
VirtualDocumentRootIP interpolated-directory|none | none | sv | E |
Dynamically configure the location of the document root for a given virtual host | |||
<VirtualHost addr[:port] [addr[:port]] ...> ... </VirtualHost> | s | C | |
Contains directives that apply only to a specific hostname or IP address | |||
VirtualScriptAlias interpolated-directory|none | none | sv | E |
Dynamically configure the location of the CGI directory for a given virtual host | |||
VirtualScriptAliasIP interpolated-directory|none | none | sv | E |
Dynamically configure the location of the CGI directory for a given virtual host | |||
WatchdogInterval time-interval[s] | 1 | s | B |
Watchdog interval in seconds | |||
XBitHack on|off|full | off | svdh | B |
Parse SSI directives in files with the execute bit set | |||
xml2EncAlias charset alias [alias ...] | s | B | |
Recognise Aliases for encoding values | |||
xml2EncDefault name | svdh | B | |
Sets a default encoding to assume when absolutely no information can be automatically detected | |||
xml2StartParse element [element ...] | svdh | B | |
Advise the parser to skip leading junk. |