Re: [mod-security-users] Bug: apachectl -L, SecFilter* missing
Brought to you by:
victorhora,
zimmerletw
From: Chris P. <pe...@re...> - 2006-08-03 03:03:25
|
At 10:55 PM +0100 2006/08/02, Ivan Ristic wrote: >On 8/2/06, Chris Pepper <pe...@re...> wrote: >> I installed mod_security 1.9.4 from source in httpd 2.2.3 via >>apxs (very easy). I am having trouble getting my rules active, and >>was checking to see if the directives were enabled via "apachectl >>-L", which lists available configuration directives. >> >> Unfortunately, the SecFilter* directives do *not* show up in >>"apachectl -L" output (although "apachectl -M" does show the module >>loaded, and I my security log is growing, so I know at least one >>directive is enabled). Another user has confirmed the problem in his >>Apache. >> >> This looks like a bug, with mod_security not properly >>registering its directives. > >I don't think that's an ModSecurity issue. In my tests invoking httpd >with -L shows only directives of statically compiled modules. The >directives of modules loaded as DSOs do not appear on the list. Ivan, I don't have another 2.2.3 installation, but checked on minotaur.apache.org. There dav_fs_module is loaded dynamically, and its DAVLockDB directive shows up in -L output. Regards, Chris Pepper -bash-2.05b$ hostname minotaur.apache.org -bash-2.05b$ pwd /usr/local/apache2-install/people.apache.org/httpd-2.2.3/bin -bash-2.05b$ ./httpd -h Usage: ./httpd [-D name] [-d directory] [-f file] [-C "directive"] [-c "directive"] [-k start|restart|graceful|graceful-stop|stop] [-v] [-V] [-h] [-l] [-L] [-t] [-S] Options: -D name : define a name for use in <IfDefine name> directives -d directory : specify an alternate initial ServerRoot -f file : specify an alternate ServerConfigFile -C "directive" : process directive before reading config files -c "directive" : process directive after reading config files -e level : show startup errors of level (see LogLevel) -E file : log startup errors to file -v : show version number -V : show compile settings -h : list available command line options (this page) -l : list compiled in modules -L : list available configuration directives -t -D DUMP_VHOSTS : show parsed settings (currently only vhost settings) -S : a synonym for -t -D DUMP_VHOSTS -t -D DUMP_MODULES : show all loaded modules -M : a synonym for -t -D DUMP_MODULES -t : run syntax check for config files -bash-2.05b$ ./httpd -M Loaded Modules: core_module (static) authn_file_module (static) authn_default_module (static) authz_host_module (static) authz_groupfile_module (static) authz_user_module (static) authz_default_module (static) auth_basic_module (static) cache_module (static) disk_cache_module (static) include_module (static) filter_module (static) deflate_module (static) log_config_module (static) log_forensic_module (static) env_module (static) setenvif_module (static) ssl_module (static) mpm_prefork_module (static) http_module (static) mime_module (static) dav_module (static) status_module (static) autoindex_module (static) asis_module (static) cgi_module (static) dav_fs_module (static) negotiation_module (static) dir_module (static) actions_module (static) userdir_module (static) alias_module (static) rewrite_module (static) so_module (static) dav_svn_module (shared) authz_svn_module (shared) Syntax OK -bash-2.05b$ ./httpd -L <Directory (core.c) Container for directives affecting resources located in the specified directories Allowed in *.conf only outside <Directory>, <Files> or <Location> <Location (core.c) Container for directives affecting resources accessed through the specified URL paths Allowed in *.conf only outside <Directory>, <Files> or <Location> <VirtualHost (core.c) Container to map directives to a particular virtual host, takes one or more host addresses Allowed in *.conf only outside <Directory>, <Files> or <Location> <Files (core.c) Container for directives affecting files matching specified patterns Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None <Limit (core.c) Container for authentication directives when accessed using specified HTTP methods Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None <LimitExcept (core.c) Container for authentication directives to be applied when any HTTP method other than those specified is used to access the resource Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None <IfModule (core.c) Container for directives based on existance of specified modules Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None <IfDefine (core.c) Container for directives based on existance of command line defines Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None <DirectoryMatch (core.c) Container for directives affecting resources located in the specified directories Allowed in *.conf only outside <Directory>, <Files> or <Location> <LocationMatch (core.c) Container for directives affecting resources accessed through the specified URL paths Allowed in *.conf only outside <Directory>, <Files> or <Location> <FilesMatch (core.c) Container for directives affecting files matching specified patterns Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None AuthType (core.c) An HTTP authorization type (e.g., "Basic") Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig AuthName (core.c) The authentication realm (e.g. "Members Only") Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig Require (core.c) Selects which authenticated users or groups may access a protected space Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig Satisfy (core.c) access policy if both allow and require used ('all' or 'any') Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig AddDefaultCharset (core.c) The name of the default charset to add to any Content-Type without one or 'Off' to disable Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AcceptPathInfo (core.c) Set to on or off for PATH_INFO to be accepted by handlers, or default for the per-handler preference Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AccessFileName (core.c) Name(s) of per-directory config files (default: .htaccess) Allowed in *.conf only outside <Directory>, <Files> or <Location> DocumentRoot (core.c) Root directory of the document tree Allowed in *.conf only outside <Directory>, <Files> or <Location> ErrorDocument (core.c) Change responses for HTTP errors Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AllowOverride (core.c) Controls what groups of directives can be configured by per-directory config files Allowed in *.conf only inside <Directory>, <Files> or <Location> Options (core.c) Set a number of attributes for a given directory Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Options DefaultType (core.c) the default MIME type for untypable files Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo FileETag (core.c) Specify components used to construct a file's ETag Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo EnableMMAP (core.c) Controls whether memory-mapping may be used to read files Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo EnableSendfile (core.c) Controls whether sendfile may be used to transmit files Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo Protocol (core.c) Set the Protocol for httpd to use. Allowed in *.conf only outside <Directory>, <Files> or <Location> AcceptFilter (core.c) Set the Accept Filter to use for a protocol Allowed in *.conf only outside <Directory>, <Files> or <Location> Port (core.c) Port was replaced with Listen in Apache 2.0 Allowed in *.conf only outside <Directory>, <Files> or <Location> HostnameLookups (core.c) "on" to enable, "off" to disable reverse DNS lookups, or "double" to enable double-reverse DNS lookups Allowed in *.conf anywhere ServerAdmin (core.c) The email address of the server administrator Allowed in *.conf only outside <Directory>, <Files> or <Location> ServerName (core.c) The hostname and port of the server Allowed in *.conf only outside <Directory>, <Files> or <Location> ServerSignature (core.c) En-/disable server signature (on|off|email) Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None ServerRoot (core.c) Common directory of server-related files (logs, confs, etc.) Allowed in *.conf only outside <Directory>, <Files> or <Location> ErrorLog (core.c) The filename of the error log Allowed in *.conf only outside <Directory>, <Files> or <Location> ServerAlias (core.c) A name or names alternately used to access the server Allowed in *.conf only outside <Directory>, <Files> or <Location> ServerPath (core.c) The pathname the server can be reached at Allowed in *.conf only outside <Directory>, <Files> or <Location> Timeout (core.c) Timeout duration (sec) Allowed in *.conf only outside <Directory>, <Files> or <Location> ContentDigest (core.c) whether or not to send a Content-MD5 header with each request Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Options UseCanonicalName (core.c) How to work out the ServerName : Port when constructing URLs Allowed in *.conf anywhere UseCanonicalPhysicalPort (core.c) Whether to use the physical Port when constructing URLs Allowed in *.conf anywhere Include (core.c) Name of the config file to be included Allowed in *.conf anywhere LogLevel (core.c) Level of verbosity in error logging Allowed in *.conf only outside <Directory>, <Files> or <Location> NameVirtualHost (core.c) A numeric IP address:port, or the name of a host Allowed in *.conf only outside <Directory>, <Files> or <Location> ServerTokens (core.c) Determine tokens displayed in the Server: header - Min(imal), OS or Full Allowed in *.conf only outside <Directory>, <Files> or <Location> LimitRequestLine (core.c) Limit on maximum size of an HTTP request line Allowed in *.conf only outside <Directory>, <Files> or <Location> LimitRequestFieldsize (core.c) Limit on maximum size of an HTTP request header field Allowed in *.conf only outside <Directory>, <Files> or <Location> LimitRequestFields (core.c) Limit (0 = unlimited) on max number of header fields in a request message Allowed in *.conf only outside <Directory>, <Files> or <Location> LimitRequestBody (core.c) Limit (in bytes) on maximum size of request message body Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None LimitXMLRequestBody (core.c) Limit (in bytes) on maximum size of an XML-based request body Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None RLimitCPU (core.c) Soft/hard limits for max CPU usage in seconds Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None RLimitMEM (core.c) Soft/hard limits for max memory usage per process Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None RLimitNPROC (core.c) soft/hard limits for max number of processes per uid Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None LimitInternalRecursion (core.c) maximum recursion depth of internal redirects and subrequests Allowed in *.conf only outside <Directory>, <Files> or <Location> ForceType (core.c) a mime type that overrides other configured type Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo SetHandler (core.c) a handler name that overrides any other configured handler Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo SetOutputFilter (core.c) filter (or ; delimited list of filters) to be run on the request content Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo SetInputFilter (core.c) filter (or ; delimited list of filters) to be run on the request body Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AddOutputFilterByType (core.c) output filter name followed by one or more content-types Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AllowEncodedSlashes (core.c) Allow URLs containing '/' encoded as '%2F' Allowed in *.conf only outside <Directory>, <Files> or <Location> PidFile (core.c) A file for logging the server process ID Allowed in *.conf only outside <Directory>, <Files> or <Location> ScoreBoardFile (core.c) A file for Apache to maintain runtime process management information Allowed in *.conf only outside <Directory>, <Files> or <Location> LockFile (core.c) The lockfile used when Apache needs to lock the accept() call Allowed in *.conf only outside <Directory>, <Files> or <Location> MaxRequestsPerChild (core.c) Maximum number of requests a particular child serves before dying. Allowed in *.conf only outside <Directory>, <Files> or <Location> CoreDumpDirectory (core.c) The location of the directory Apache changes to before dumping core Allowed in *.conf only outside <Directory>, <Files> or <Location> AcceptMutex (core.c) Valid accept mutexes for this platform and MPM are: default, flock, fcntl, sysvsem. Allowed in *.conf only outside <Directory>, <Files> or <Location> MaxMemFree (core.c) Maximum number of 1k blocks a particular childs allocator may hold. Allowed in *.conf only outside <Directory>, <Files> or <Location> TraceEnable (core.c) 'on' (default), 'off' or 'extended' to trace request body content Allowed in *.conf only outside <Directory>, <Files> or <Location> AuthUserFile (mod_authn_file.c) text file containing user IDs and passwords Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig AuthDefaultAuthoritative (mod_authn_default.c) Set to 'Off' to allow access control to be passed along to lower modules if the UserID is not known to this module. (default is On). Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig order (mod_authz_host.c) 'allow,deny', 'deny,allow', or 'mutual-failure' Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes Limit allow (mod_authz_host.c) 'from' followed by hostnames or IP-address wildcards Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes Limit deny (mod_authz_host.c) 'from' followed by hostnames or IP-address wildcards Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes Limit AuthGroupFile (mod_authz_groupfile.c) text file containing group names and member user IDs Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig AuthzGroupFileAuthoritative (mod_authz_groupfile.c) Set to 'Off' to allow access control to be passed along to lower modules if the 'require group' fails. (default is On). Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig AuthzUserAuthoritative (mod_authz_user.c) Set to 'Off' to allow access control to be passed along to lower modules if the 'require user' or 'require valid-user' statement is not met. (default: On). Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig AuthzDefaultAuthoritative (mod_authz_default.c) Set to 'Off' to allow access control to be passed along to lower modules. (default is On.) Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig AuthBasicProvider (mod_auth_basic.c) specify the auth providers for a directory or location Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig AuthBasicAuthoritative (mod_auth_basic.c) Set to 'Off' to allow access control to be passed along to lower modules if the UserID is not known to this module Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig CacheEnable (mod_cache.c) A cache type and partial URL prefix below which caching is enabled Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheDisable (mod_cache.c) A partial URL prefix below which caching is disabled Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheMaxExpire (mod_cache.c) The maximum time in seconds to cache a document Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheDefaultExpire (mod_cache.c) The default time in seconds to cache a document Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheIgnoreNoLastMod (mod_cache.c) Ignore Responses where there is no Last Modified Header Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheIgnoreCacheControl (mod_cache.c) Ignore requests from the client for uncached content Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheStorePrivate (mod_cache.c) Ignore 'Cache-Control: private' and store private content Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheStoreNoStore (mod_cache.c) Ignore 'Cache-Control: no-store' and store sensitive content Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheIgnoreHeaders (mod_cache.c) A space separated list of headers that should not be stored by the cache Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheLastModifiedFactor (mod_cache.c) The factor used to estimate Expires date from LastModified date Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheRoot (mod_disk_cache.c) The directory to store cache files Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheDirLevels (mod_disk_cache.c) The number of levels of subdirectories in the cache Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheDirLength (mod_disk_cache.c) The number of characters in subdirectory names Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheMinFileSize (mod_disk_cache.c) The minimum file size to cache a document Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheMaxFileSize (mod_disk_cache.c) The maximum file size to cache a document Allowed in *.conf only outside <Directory>, <Files> or <Location> XBitHack (mod_include.c) Off, On, or Full Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Options SSIErrorMsg (mod_include.c) a string Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None SSITimeFormat (mod_include.c) a strftime(3) formatted string Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None SSIStartTag (mod_include.c) SSI Start String Tag Allowed in *.conf only outside <Directory>, <Files> or <Location> SSIEndTag (mod_include.c) SSI End String Tag Allowed in *.conf only outside <Directory>, <Files> or <Location> SSIUndefinedEcho (mod_include.c) String to be displayed if an echoed variable is undefined Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None FilterDeclare (mod_filter.c) filter-name [, filter-type] Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Options FilterProvider (mod_filter.c) filter-name, provider-name, dispatch--criterion, dispatch-match Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Options FilterChain (mod_filter.c) list of filter names with optional [+-=!@] Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Options FilterTrace (mod_filter.c) Debug level Allowed in *.conf anywhere FilterProtocol (mod_filter.c) filter-name [provider-name] protocol-args Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Options DeflateFilterNote (mod_deflate.c) Set a note to report on compression ratio Allowed in *.conf only outside <Directory>, <Files> or <Location> DeflateWindowSize (mod_deflate.c) Set the Deflate window size (1-15) Allowed in *.conf only outside <Directory>, <Files> or <Location> DeflateBufferSize (mod_deflate.c) Set the Deflate Buffer Size Allowed in *.conf only outside <Directory>, <Files> or <Location> DeflateMemLevel (mod_deflate.c) Set the Deflate Memory Level (1-9) Allowed in *.conf only outside <Directory>, <Files> or <Location> DeflateCompressionLevel (mod_deflate.c) Set the Deflate Compression Level (1-9) Allowed in *.conf only outside <Directory>, <Files> or <Location> CustomLog (mod_log_config.c) a file name, a custom log format string or format name, and an optional "env=" clause (see docs) Allowed in *.conf only outside <Directory>, <Files> or <Location> TransferLog (mod_log_config.c) the filename of the access log Allowed in *.conf only outside <Directory>, <Files> or <Location> LogFormat (mod_log_config.c) a log format string (see docs) and an optional format name Allowed in *.conf only outside <Directory>, <Files> or <Location> CookieLog (mod_log_config.c) the filename of the cookie log Allowed in *.conf only outside <Directory>, <Files> or <Location> BufferedLogs (mod_log_config.c) Enable Buffered Logging (experimental) Allowed in *.conf only outside <Directory>, <Files> or <Location> ForensicLog (mod_log_forensic.c) the filename of the forensic log Allowed in *.conf only outside <Directory>, <Files> or <Location> PassEnv (mod_env.c) a list of environment variables to pass to CGI. Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo SetEnv (mod_env.c) an environment variable name and optional value to pass to CGI. Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo UnsetEnv (mod_env.c) a list of variables to remove from the CGI environment. Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo SetEnvIf (mod_setenvif.c) A header-name, regex and a list of variables. Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo SetEnvIfNoCase (mod_setenvif.c) a header-name, regex and a list of variables. Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo BrowserMatch (mod_setenvif.c) A browser regex and a list of variables. Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo BrowserMatchNoCase (mod_setenvif.c) A browser regex and a list of variables. Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo SSLMutex (mod_ssl.c) Valid SSLMutex mechanisms are: `none', `default', `flock:/path/to/file', `fcntl:/path/to/file', `sysvsem', `file:/path/to/file', `sem' Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLPassPhraseDialog (mod_ssl.c) SSL dialog mechanism for the pass phrase query (`builtin', `|/path/to/pipe_program`, or `exec:/path/to/cgi_program') Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLSessionCache (mod_ssl.c) SSL Session Cache storage (`none', `nonenotnull', `dbm:/path/to/file') Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLCryptoDevice (mod_ssl.c) SSL external Crypto Device usage (`builtin', `...') Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLRandomSeed (mod_ssl.c) SSL Pseudo Random Number Generator (PRNG) seeding source (`startup|connect builtin|file:/path|exec:/path [bytes]') Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLEngine (mod_ssl.c) SSL switch for the protocol engine (`on', `off') Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLCipherSuite (mod_ssl.c) Colon-delimited list of permitted SSL Ciphers (`XXX:...:XXX' - see manual) Allowed in *.conf anywhere and in .htaccess when AllowOverride includes AuthConfig SSLCertificateFile (mod_ssl.c) SSL Server Certificate file (`/path/to/file' - PEM or DER encoded) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLCertificateKeyFile (mod_ssl.c) SSL Server Private Key file (`/path/to/file' - PEM or DER encoded) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLCertificateChainFile (mod_ssl.c) SSL Server CA Certificate Chain file (`/path/to/file' - PEM encoded) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLCACertificatePath (mod_ssl.c) SSL CA Certificate path (`/path/to/dir' - contains PEM encoded files) Allowed in *.conf anywhere and in .htaccess when AllowOverride includes AuthConfig SSLCACertificateFile (mod_ssl.c) SSL CA Certificate file (`/path/to/file' - PEM encoded) Allowed in *.conf anywhere and in .htaccess when AllowOverride includes AuthConfig SSLCADNRequestPath (mod_ssl.c) SSL CA Distinguished Name path (`/path/to/dir' - symlink hashes to PEM of acceptable CA names to request) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLCADNRequestFile (mod_ssl.c) SSL CA Distinguished Name file (`/path/to/file' - PEM encoded to derive acceptable CA names to request) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLCARevocationPath (mod_ssl.c) SSL CA Certificate Revocation List (CRL) path (`/path/to/dir' - contains PEM encoded files) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLCARevocationFile (mod_ssl.c) SSL CA Certificate Revocation List (CRL) file (`/path/to/file' - PEM encoded) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLVerifyClient (mod_ssl.c) SSL Client verify type (`none', `optional', `require', `optional_no_ca') Allowed in *.conf anywhere and in .htaccess when AllowOverride includes AuthConfig SSLVerifyDepth (mod_ssl.c) SSL Client verify depth (`N' - number of intermediate certificates) Allowed in *.conf anywhere and in .htaccess when AllowOverride includes AuthConfig SSLSessionCacheTimeout (mod_ssl.c) SSL Session Cache object lifetime (`N' - number of seconds) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProtocol (mod_ssl.c) Enable or disable various SSL protocols(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLHonorCipherOrder (mod_ssl.c) Use the server's cipher ordering preference Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLUserName (mod_ssl.c) Set user name to SSL variable value Allowed in *.conf anywhere and in .htaccess when AllowOverride includes AuthConfig SSLProxyEngine (mod_ssl.c) SSL switch for the proxy protocol engine (`on', `off') Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyProtocol (mod_ssl.c) SSL Proxy: enable or disable SSL protocol flavors (`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyCipherSuite (mod_ssl.c) SSL Proxy: colon-delimited list of permitted SSL ciphers (`XXX:...:XXX' - see manual) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyVerify (mod_ssl.c) SSL Proxy: whether to verify the remote certificate (`on' or `off') Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyVerifyDepth (mod_ssl.c) SSL Proxy: maximum certificate verification depth (`N' - number of intermediate certificates) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyCACertificateFile (mod_ssl.c) SSL Proxy: file containing server certificates (`/path/to/file' - PEM encoded certificates) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyCACertificatePath (mod_ssl.c) SSL Proxy: directory containing server certificates (`/path/to/dir' - contains PEM encoded certificates) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyCARevocationPath (mod_ssl.c) SSL Proxy: CA Certificate Revocation List (CRL) path (`/path/to/dir' - contains PEM encoded files) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyCARevocationFile (mod_ssl.c) SSL Proxy: CA Certificate Revocation List (CRL) file (`/path/to/file' - PEM encoded) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyMachineCertificateFile (mod_ssl.c) SSL Proxy: file containing client certificates (`/path/to/file' - PEM encoded certificates) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLProxyMachineCertificatePath (mod_ssl.c) SSL Proxy: directory containing client certificates (`/path/to/dir' - contains PEM encoded certificates) Allowed in *.conf only outside <Directory>, <Files> or <Location> SSLOptions (mod_ssl.c) Set one or more options to configure the SSL engine(`[+-]option[=value] ...' - see manual) Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Options SSLRequireSSL (mod_ssl.c) Require the SSL protocol for the per-directory context (no arguments) Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig SSLRequire (mod_ssl.c) Require a boolean expression to evaluate to true for granting access(arbitrary complex boolean expression - see manual) Allowed in *.conf only inside <Directory>, <Files> or <Location> and in .htaccess when AllowOverride includes AuthConfig SSLLog (mod_ssl.c) SSLLog directive is no longer supported - use ErrorLog. Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None SSLLogLevel (mod_ssl.c) SSLLogLevel directive is no longer supported - use LogLevel. Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None User (prefork.c) Effective user id for this server Allowed in *.conf only outside <Directory>, <Files> or <Location> Group (prefork.c) Effective group id for this server Allowed in *.conf only outside <Directory>, <Files> or <Location> ListenBacklog (prefork.c) Maximum length of the queue of pending connections, as used by listen(2) Allowed in *.conf only outside <Directory>, <Files> or <Location> Listen (prefork.c) A port number or a numeric IP address and a port number, and an optional protocol Allowed in *.conf only outside <Directory>, <Files> or <Location> SendBufferSize (prefork.c) Send buffer size in bytes Allowed in *.conf only outside <Directory>, <Files> or <Location> ReceiveBufferSize (prefork.c) Receive buffer size in bytes Allowed in *.conf only outside <Directory>, <Files> or <Location> StartServers (prefork.c) Number of child processes launched at server startup Allowed in *.conf only outside <Directory>, <Files> or <Location> MinSpareServers (prefork.c) Minimum number of idle children, to handle request spikes Allowed in *.conf only outside <Directory>, <Files> or <Location> MaxSpareServers (prefork.c) Maximum number of idle children Allowed in *.conf only outside <Directory>, <Files> or <Location> MaxClients (prefork.c) Maximum number of children alive at the same time Allowed in *.conf only outside <Directory>, <Files> or <Location> ServerLimit (prefork.c) Maximum value of MaxClients for this run of Apache Allowed in *.conf only outside <Directory>, <Files> or <Location> GracefulShutdownTimeout (prefork.c) Maximum time in seconds to wait for child processes to complete transactions during shutdown Allowed in *.conf only outside <Directory>, <Files> or <Location> KeepAliveTimeout (http_core.c) Keep-Alive timeout duration (sec) Allowed in *.conf only outside <Directory>, <Files> or <Location> MaxKeepAliveRequests (http_core.c) Maximum number of Keep-Alive requests per connection, or 0 for infinite Allowed in *.conf only outside <Directory>, <Files> or <Location> KeepAlive (http_core.c) Whether persistent connections should be On or Off Allowed in *.conf only outside <Directory>, <Files> or <Location> AddCharset (mod_mime.c) a charset (e.g., iso-2022-jp), followed by one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AddEncoding (mod_mime.c) an encoding (e.g., gzip), followed by one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AddHandler (mod_mime.c) a handler name followed by one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AddInputFilter (mod_mime.c) input filter name (or ; delimited names) followed by one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AddLanguage (mod_mime.c) a language (e.g., fr), followed by one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AddOutputFilter (mod_mime.c) output filter name (or ; delimited names) followed by one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AddType (mod_mime.c) a mime type followed by one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo DefaultLanguage (mod_mime.c) language to use for documents with no other language file extension Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo MultiviewsMatch (mod_mime.c) NegotiatedOnly (default), Handlers and/or Filters, or Any Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RemoveCharset (mod_mime.c) one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RemoveEncoding (mod_mime.c) one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RemoveHandler (mod_mime.c) one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RemoveInputFilter (mod_mime.c) one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RemoveLanguage (mod_mime.c) one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RemoveOutputFilter (mod_mime.c) one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RemoveType (mod_mime.c) one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo TypesConfig (mod_mime.c) the MIME types config file Allowed in *.conf only outside <Directory>, <Files> or <Location> ModMimeUsePathInfo (mod_mime.c) Set to 'yes' to allow mod_mime to use path info for type checking Allowed in *.conf only inside <Directory>, <Files> or <Location> DAV (mod_dav.c) specify the DAV provider for a directory or location Allowed in *.conf only inside <Directory>, <Files> or <Location> DAVMinTimeout (mod_dav.c) specify minimum allowed timeout Allowed in *.conf anywhere DAVDepthInfinity (mod_dav.c) allow Depth infinity PROPFIND requests Allowed in *.conf anywhere ExtendedStatus (mod_status.c) "On" to enable extended status information, "Off" to disable Allowed in *.conf only outside <Directory>, <Files> or <Location> AddIcon (mod_autoindex.c) an icon URL followed by one or more filenames Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes AddIconByType (mod_autoindex.c) an icon URL followed by one or more MIME types Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes AddIconByEncoding (mod_autoindex.c) an icon URL followed by one or more content encodings Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes AddAlt (mod_autoindex.c) alternate descriptive text followed by one or more filenames Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes AddAltByType (mod_autoindex.c) alternate descriptive text followed by one or more MIME types Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes AddAltByEncoding (mod_autoindex.c) alternate descriptive text followed by one or more content encodings Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes IndexOptions (mod_autoindex.c) one or more index options [+|-][] Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes IndexOrderDefault (mod_autoindex.c) {Ascending,Descending} {Name,Size,Description,Date} Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes IndexIgnore (mod_autoindex.c) one or more file extensions Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes AddDescription (mod_autoindex.c) Descriptive text followed by one or more filenames Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes HeaderName (mod_autoindex.c) a filename Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes ReadmeName (mod_autoindex.c) a filename Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes FancyIndexing (mod_autoindex.c) The FancyIndexing directive is no longer supported. Use IndexOptions FancyIndexing. Allowed in *.conf anywhere and in .htaccess when AllowOverride isn't None DefaultIcon (mod_autoindex.c) an icon URL Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes IndexStyleSheet (mod_autoindex.c) URL to style sheet Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes ScriptLog (mod_cgi.c) the name of a log for script debugging info Allowed in *.conf only outside <Directory>, <Files> or <Location> ScriptLogLength (mod_cgi.c) the maximum length (in bytes) of the script debug log Allowed in *.conf only outside <Directory>, <Files> or <Location> ScriptLogBuffer (mod_cgi.c) the maximum size (in bytes) to record of a POST request Allowed in *.conf only outside <Directory>, <Files> or <Location> DAVLockDB (mod_dav_fs.c) specify a lock database Allowed in *.conf only outside <Directory>, <Files> or <Location> CacheNegotiatedDocs (mod_negotiation.c) Either 'on' or 'off' (default) Allowed in *.conf only outside <Directory>, <Files> or <Location> LanguagePriority (mod_negotiation.c) space-delimited list of MIME language abbreviations Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo ForceLanguagePriority (mod_negotiation.c) Force LanguagePriority elections, either None, or Fallback and/or Prefer Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo DirectoryIndex (mod_dir.c) a list of file names Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes DirectorySlash (mod_dir.c) On or Off Allowed in *.conf anywhere and in .htaccess when AllowOverride includes Indexes Action (mod_actions.c) a media type followed by a script name Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo Script (mod_actions.c) a method followed by a script name Allowed in *.conf anywhere UserDir (mod_userdir.c) the public subdirectory in users' home directories, or 'disabled', or 'disabled username username...', or 'enabled username username...' Allowed in *.conf only outside <Directory>, <Files> or <Location> Alias (mod_alias.c) a fakename and a realname Allowed in *.conf only outside <Directory>, <Files> or <Location> ScriptAlias (mod_alias.c) a fakename and a realname Allowed in *.conf only outside <Directory>, <Files> or <Location> Redirect (mod_alias.c) an optional status, then document to be redirected and destination URL Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo AliasMatch (mod_alias.c) a regular expression and a filename Allowed in *.conf only outside <Directory>, <Files> or <Location> ScriptAliasMatch (mod_alias.c) a regular expression and a filename Allowed in *.conf only outside <Directory>, <Files> or <Location> RedirectMatch (mod_alias.c) an optional status, then a regular expression and destination URL Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RedirectTemp (mod_alias.c) a document to be redirected, then the destination URL Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RedirectPermanent (mod_alias.c) a document to be redirected, then the destination URL Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RewriteEngine (mod_rewrite.c) On or Off to enable or disable (default) the whole rewriting engine Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RewriteOptions (mod_rewrite.c) List of option strings to set Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RewriteBase (mod_rewrite.c) the base URL of the per-directory context Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RewriteCond (mod_rewrite.c) an input string and a to be applied regexp-pattern Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RewriteRule (mod_rewrite.c) an URL-applied regexp-pattern and a substitution URL Allowed in *.conf anywhere and in .htaccess when AllowOverride includes FileInfo RewriteMap (mod_rewrite.c) a mapname and a filename Allowed in *.conf only outside <Directory>, <Files> or <Location> RewriteLock (mod_rewrite.c) the filename of a lockfile used for inter-process synchronization Allowed in *.conf only outside <Directory>, <Files> or <Location> RewriteLog (mod_rewrite.c) the filename of the rewriting logfile Allowed in *.conf only outside <Directory>, <Files> or <Location> RewriteLogLevel (mod_rewrite.c) the level of the rewriting logfile verbosity (0=none, 1=std, .., 9=max) Allowed in *.conf only outside <Directory>, <Files> or <Location> LoadModule (mod_so.c) a module name and the name of a shared object file to load it from Allowed in *.conf only outside <Directory>, <Files> or <Location> LoadFile (mod_so.c) shared object file or library to load into the server at runtime Allowed in *.conf only outside <Directory>, <Files> or <Location> |